Docs update tracker

Updates from: 07/18/2023 04:17:01

Category	Microsoft Docs article	Related commit history on GitHub	Change details
includes	Defender Content Updates	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/includes/defender-content-updates.md	- Previously updated : 06/25/2022- <!-- This file is generated automatically each week. Changes made to this file will be overwritten.--> -## Week of January 30, 2023 +## Week of July 10, 2023 \| Published On \|Topic title \| Change \| \|\|\|--\| -\| 2/2/2023 \| [What is Microsoft Defender Threat Intelligence (Defender TI)?](/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti) \| added \| +\| 7/14/2023 \| [What is Microsoft Defender Threat Intelligence (Defender TI)?](/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti) \| added \|
commerce	Manage Payment Methods	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/manage-payment-methods.md	If you have an MOSA billing account type, you can replace the payment method for 1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. - If you're using the Simplified view, select Subscriptions, then select View payment methods. - - If you're using the Dashboard view, go to the Billing > <a href="https://go.microsoft.com/fwlink/p/?linkid=848039" target="_blank">Bills & payments</a> page, and select the Payment methods tab. + - If you're using the Dashboard view, go to the Billing > <a href="https://go.microsoft.com/fwlink/p/?linkid=848039" target="_blank">Bills & payments</a> page, and select the Payment methods tab. 2. Select Add a payment method. 3. On the Add a payment method page, enter the information for the new payment method, then select Save. 4. To use the new payment method to pay for all subscriptions currently paid for with another payment method, select Replace an existing payment method.
compliance	Audit Log Search	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-log-search.md	Title: "Search the audit log in the Microsoft Purview compliance portal" + Title: "Search the audit log with Classic Search" description: "Use the Microsoft Purview compliance portal to search the unified audit log to view user and administrator activity in your organization." f1.keywords: - NOCSH - admindeeplinkMAC -# Search the audit log in the Microsoft Purview compliance portal - -Need to find if a user viewed a specific document or purged an item from their mailbox? If so, you can use the audit log search tool in Microsoft Purview compliance portal to search the unified audit log to view user and administrator activity in your organization. Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded, and retained in your organization's unified audit log. Users in your organization can use the audit log search tool to search for, view, and export (to a CSV file) the audit records for these operations. -- -## Microsoft 365 services that support auditing - -Why a unified audit log? Because you can search the audit log for activities performed in different Microsoft 365 services. The following table lists the Microsoft 365 services, apps, and features that are supported by the unified audit log. - -\|Microsoft 365 service or feature\|Record types\| -\|:-\|:--\| -\|Azure Active Directory\|AzureActiveDirectory, AzureActiveDirectoryAccountLogon, AzureActiveDirectoryStsLogon\| -\|Azure Information Protection\|AipDiscover, AipSensitivityLabelAction, AipProtectionAction, AipFileDeleted, AipHeartBeat\| -\|Communication compliance\|ComplianceSupervisionExchange\| -\|Content explorer\|LabelContentExplorer\| -\|Data connectors\|ComplianceConnector\| -\|Data loss prevention (DLP)\|ComplianceDLPSharePoint, ComplianceDLPExchange, DLPEndpoint\| -\|Dynamics 365\|CRM\| -\|eDiscovery (Standard + Premium)\|Discovery, AeD\| -\|Encrypted message portal\|OMEPortal\| -\|Exact Data Match\|MipExactDataMatch\| -\|Exchange Online\|ExchangeAdmin, ExchangeItem, ExchangeItemAggregated\| -\|Forms\|MicrosoftForms\| -\|Information barriers\|InformationBarrierPolicyApplication\| -\|Microsoft 365 Defender\|AirInvestigation, AirManualInvestigation, AirAdminActionInvestigation, MS365DCustomDetection\| -\|Microsoft Defender Experts\|DefenderExpertsforXDRAdmin\| -\|Microsoft Defender for Identity (MDI)\|MicrosoftDefenderForIdentityAudit\| -\|Microsoft Planner\|PlannerCopyPlan, PlannerPlan, PlannerPlanList, PlannerRoster, PlannerRosterSensitivityLabel, PlannerTask, PlannerTaskList, PlannerTenantSettings \| -\|Microsoft Project for the web\|ProjectAccessed, ProjectCreated, ProjectDeleted, ProjectTenantSettingsUpdated, ProjectUpdated, RoadmapAccessed,RoadmapCreated, RoadmapDeleted, RoadmapItemAccessed,RoadmapItemCreated,RoadmapItemDeleted, RoadmapItemUpdated, RoadmapTenantSettingsUpdated, RoadmapUpdated, TaskAccessed, TaskCreated,TaskDeleted, TaskUpdated\| -\|Microsoft Purview Information Protection (MIP) labels\|MIPLabel, MipAutoLabelExchangeItem, MipAutoLabelSharePointItem, MipAutoLabelSharePointPolicyLocation\| -\|Microsoft Teams\|MicrosoftTeams\| -\|Microsoft To Do\|MicrosoftToDo, MicrosoftToDoAudit\| -\|MyAnalytics\|MyAnalyticsSettings\| -\|OneDrive for Business\|OneDrive\| -\|Power Apps\|PowerAppsApp, PowerAppsPlan\| -\|Power Automate\|MicrosoftFlow\| -\|Power BI\|PowerBIAudit\| -\|Quarantine\|Quarantine\| -\|Sensitive information types\|DlpSensitiveInformationType\| -\|Sensitivity labels\|MIPLabel, SensitivityLabelAction, SensitivityLabeledFileAction, SensitivityLabelPolicyMatch\| -\|SharePoint Online\|SharePoint, SharePointFileOperation,SharePointSharingOperation, SharePointListOperation, SharePointCommentOperation\| -\|Stream\|MicrosoftStream\| -\|SystemSync\|DataShareCreated, DataShareDeleted, GenerateCopyOfLakeData, DownloadCopyOfLakeData\| -\|Threat Intelligence\|ThreatIntelligence, ThreatIntelligenceUrl, ThreatFinder, ThreatIntelligenceAtpContent\| -\|Viva Goals\|VivaGoals\| -\|Viva Insights\|VivaInsights\| -\|Viva Engage\|Viva Engage\| - -For more information about the operations that are audited in each of the services listed in the previous table, see the [Audit log activities](audit-log-activities.md) article. - -The previous table also identifies the record type value to use to search the audit log for activities in the corresponding service using the Search-UnifiedAuditLog cmdlet in Exchange Online PowerShell or by using a PowerShell script. Some services have multiple record types for different types of activities within the same service. For a more complete list of auditing record types, see [Office 365 Management Activity API schema](/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype). - - For more information about using PowerShell to search the audit log, see: --- [Search-UnifiedAuditLog](/powershell/module/exchange/search-unifiedauditlog)-- [Use a PowerShell script to search the audit log](audit-log-search-script.md) +# Search the audit log with Classic Search + +> [!IMPORTANT] +> Starting October 2023, Classic Search will be retired in place of [New Search](audit-new-search.md), which includes enhancements such as faster search times, additional search options, ability to save searches, and more. ## Before you search the audit log Here's the process for searching the audit log in Microsoft 365. > [!NOTE] > If the Start recording user and admin activity link is displayed, select it to turn on auditing. If you don't see this link, auditing is turned on for your organization. -3. On the Search tab, configure the following search criteria: +3. On the Classic Search tab, configure the following search criteria: 1. Start date and End date: The last seven days are selected by default. Select a date and time range to display the events that occurred within that period. The date and time are presented in Coordinated Universal Time (UTC). The maximum date range that you can specify is 90 days. An error is displayed if the selected date range is greater than 90 days.
compliance	Audit Premium Setup	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-premium-setup.md	If your organization has a subscription and end-user licensing that supports Aud ## Step 1: Set up Audit (Premium) for users -Audit (Premium) features such as the ability to log crucial events such as MailItemsAccessed and Send require an appropriate E5 license assigned to users. Additionally, the Advanced Auditing app/service plan must be enabled for those users. To verify that the Advanced Auditing app is assigned to users, perform the following steps for each user: +Audit (Premium) features such as the ability to log intelligent insights such as MailItemsAccessed and Send require an appropriate E5 license assigned to users. Additionally, the Advanced Auditing app/service plan must be enabled for those users. To verify that the Advanced Auditing app is assigned to users, perform the following steps for each user: 1. In the Microsoft 365 admin center, go to Users > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">Active users</a>, and select a user.
compliance	Audit Premium	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-premium.md	search.appverid: # Microsoft Purview Audit (Premium) -The [Audit functionality](audit-log-search.md) in Microsoft Purview provides organizations with visibility into many types of audited activities across many different services in Microsoft 365. Microsoft Purview Audit (Premium) helps organizations to conduct forensic and compliance investigations by increasing audit log retention required to conduct an investigation, providing access to crucial events (by using Audit log search in the Microsoft Purview compliance portal and the Office 365 Management Activity API) that help determine scope of compromise, and faster access to Office 365 Management Activity API. +The [Audit functionality](audit-log-search.md) in Microsoft Purview provides organizations with visibility into many types of audited activities across many different services in Microsoft 365. Microsoft Purview Audit (Premium) helps organizations to conduct forensic and compliance investigations by increasing audit log retention required to conduct an investigation, providing access to intelligent insights (by using Audit log search in the Microsoft Purview compliance portal and the Office 365 Management Activity API) that help determine scope of compromise, and faster access to Office 365 Management Activity API. > [!NOTE] > Audit (Premium) is available for organizations with an Office 365 E5/A5/G5 or Microsoft 365 Enterprise E5/A5/G5 subscription. A Microsoft 365 E5/A5/G5 Compliance or E5/A5/G5 eDiscovery and Audit add-on license should be assigned to users for Audit (Premium) features such as long-term retention of audit logs and the generation of Audit (Premium) events for investigations. For more information about licensing, see:<br/>- [Audit (Premium) licensing requirements](audit-solutions-overview.md#licensing-requirements)<br/>- [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#advanced-audit).
compliance	Audit Solutions Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-solutions-overview.md	f1.keywords: Previously updated : 01/01/2023 Last updated : 06/27/2023 audience: Admin Microsoft Purview Audit (Standard) provides with you with the ability to log and - Access to audit logs via Office 365 Management Activity API. A third method for accessing and retrieving audit records is to use the Office 365 Management Activity API. This lets organizations retain auditing data for longer periods than the default 90 days and lets them import their auditing data to a SIEM solution. For more information, see [Office 365 Management Activity API reference](/office/office-365-management-api/office-365-management-activity-api-reference). - 90-day audit log retention. When an audited activity is performed by a user or admin, an audit record is generated and stored in the audit log for your organization. In Audit (Standard), records are retained for 90 days, which means you can search for activities that occurred within the past three months. +> [!IMPORTANT] +> Starting October 2023, Classic Search will be retired in place of [New Search](audit-new-search.md), which includes enhancements such as faster search times, additional search options, ability to save searches, and more. + ## Audit (Premium) -Audit (Premium) builds on the capabilities of Audit (Standard) by providing audit log retention policies, longer retention of audit records, high-value crucial events, and higher bandwidth access to the Office 365 Management Activity API. +Audit (Premium) builds on the capabilities of Audit (Standard) by providing audit log retention policies, longer retention of audit records, high-value intelligent insights, and higher bandwidth access to the Office 365 Management Activity API. - Audit log retention policies. You can create customized audit log retention policies to retain audit records for longer periods of time up to one year (and up to 10 years for users with required add-on license). You can create a policy to retain audit records based the service where the audited activities occur, specific audited activities, or the user who performs an audited activity. - Longer retention of audit records. Azure Active Directory, Exchange, OneDrive, and SharePoint audit records are retained for one year by default. Audit records for all other activities are retained for 90 days by default, or you can use audit log retention policies to configure longer retention periods.-- High-value, crucial Audit (Premium) events. Audit records for crucial events can help your organization conduct forensic and compliance investigations by providing visibility to events such as when mail items were accessed, or when mail items were replied to and forwarded, or when and what a user searched for in Exchange Online and SharePoint Online. These crucial events can help you investigate possible breaches and determine the scope of compromise. +- Audit (Premium) intelligent insights. Audit records for intelligent insights can help your organization conduct forensic and compliance investigations by providing visibility to events such as when mail items were accessed, or when mail items were replied to and forwarded, or when and what a user searched for in Exchange Online and SharePoint Online. These intelligent insights can help you investigate possible breaches and determine the scope of compromise. - Higher bandwidth to the Office 365 Management Activity API. Audit (Premium) provides organizations with more bandwidth to access auditing logs through the Office 365 Management Activity API. Although all organizations (that have Audit (Standard) or Audit (Premium)) are initially allocated a baseline of 2,000 requests per minute, this limit will dynamically increase depending on an organization's seat count and their licensing subscription. This results in organizations with Audit (Premium) getting about twice the bandwidth as organizations with Audit (Standard). For more detailed information about Audit (Premium) features, see [Audit (Premium) in Microsoft 365](audit-premium.md). The following table compares the key capabilities available in Audit (Standard) \|1-year audit log retention\|\|![Supported.](../media/check-mark.png)\| \|10-year audit log retention <sup>2</sup>\|\|![Supported](../media/check-mark.png)\| \|Audit log retention policies\|\|![Supported](../media/check-mark.png)\| -\|High-value, crucial events\|\|![Supported](../media/check-mark.png)\| +\|Intelligent insights\|\|![Supported](../media/check-mark.png)\| > [!NOTE] > <sup>1</sup> Audit (Premium) includes higher bandwidth access to the Office 365 Management Activity API, which provides faster access to audit data.<br/><sup>2</sup> In addition to the required licensing for Audit (Premium) (described in the next section), a user must be assigned a 10-Year Audit Log Retention add-on license to retain their audit records for 10 years. -## Licensing requirements +## Microsoft 365 services that support auditing + +You can search the unified audit log for activities performed in different Microsoft 365 services. The following table lists the Microsoft 365 services, apps, and features that are supported by the unified audit log. + +\|Microsoft 365 service or feature\|Record types\| +\|:-\|:--\| +\|Azure Active Directory\|AzureActiveDirectory, AzureActiveDirectoryAccountLogon, AzureActiveDirectoryStsLogon\| +\|Azure Information Protection\|AipDiscover, AipSensitivityLabelAction, AipProtectionAction, AipFileDeleted, AipHeartBeat\| +\|Communication compliance\|ComplianceSupervisionExchange\| +\|Content explorer\|LabelContentExplorer\| +\|Data connectors\|ComplianceConnector\| +\|Data loss prevention (DLP)\|ComplianceDLPSharePoint, ComplianceDLPExchange, DLPEndpoint\| +\|Dynamics 365\|CRM\| +\|eDiscovery (Standard + Premium)\|Discovery, AeD\| +\|Encrypted message portal\|OMEPortal\| +\|Exact Data Match\|MipExactDataMatch\| +\|Exchange Online\|ExchangeAdmin, ExchangeItem, ExchangeItemAggregated\| +\|Forms\|MicrosoftForms\| +\|Information barriers\|InformationBarrierPolicyApplication\| +\|Microsoft 365 Defender\|AirInvestigation, AirManualInvestigation, AirAdminActionInvestigation, MS365DCustomDetection\| +\|Microsoft Defender Experts\|DefenderExpertsforXDRAdmin\| +\|Microsoft Defender for Identity (MDI)\|MicrosoftDefenderForIdentityAudit\| +\|Microsoft Planner\|PlannerCopyPlan, PlannerPlan, PlannerPlanList, PlannerRoster, PlannerRosterSensitivityLabel, PlannerTask, PlannerTaskList, PlannerTenantSettings \| +\|Microsoft Project for the web\|ProjectAccessed, ProjectCreated, ProjectDeleted, ProjectTenantSettingsUpdated, ProjectUpdated, RoadmapAccessed,RoadmapCreated, RoadmapDeleted, RoadmapItemAccessed,RoadmapItemCreated,RoadmapItemDeleted, RoadmapItemUpdated, RoadmapTenantSettingsUpdated, RoadmapUpdated, TaskAccessed, TaskCreated,TaskDeleted, TaskUpdated\| +\|Microsoft Purview Information Protection (MIP) labels\|MIPLabel, MipAutoLabelExchangeItem, MipAutoLabelSharePointItem, MipAutoLabelSharePointPolicyLocation\| +\|Microsoft Teams\|MicrosoftTeams\| +\|Microsoft To Do\|MicrosoftToDo, MicrosoftToDoAudit\| +\|MyAnalytics\|MyAnalyticsSettings\| +\|OneDrive for Business\|OneDrive\| +\|Power Apps\|PowerAppsApp, PowerAppsPlan\| +\|Power Automate\|MicrosoftFlow\| +\|Power BI\|PowerBIAudit\| +\|Quarantine\|Quarantine\| +\|Sensitive information types\|DlpSensitiveInformationType\| +\|Sensitivity labels\|MIPLabel, SensitivityLabelAction, SensitivityLabeledFileAction, SensitivityLabelPolicyMatch\| +\|SharePoint Online\|SharePoint, SharePointFileOperation,SharePointSharingOperation, SharePointListOperation, SharePointCommentOperation\| +\|Stream\|MicrosoftStream\| +\|SystemSync\|DataShareCreated, DataShareDeleted, GenerateCopyOfLakeData, DownloadCopyOfLakeData\| +\|Threat Intelligence\|ThreatIntelligence, ThreatIntelligenceUrl, ThreatFinder, ThreatIntelligenceAtpContent\| +\|Viva Goals\|VivaGoals\| +\|Viva Insights\|VivaInsights\| +\|Yammer\|Yammer\| + +For more information about the operations that are audited in each of the services listed in the previous table, see the [Audit log activities](audit-log-activities.md) article. + +The previous table also identifies the record type value to use to search the audit log for activities in the corresponding service using the Search-UnifiedAuditLog cmdlet in Exchange Online PowerShell or by using a PowerShell script. Some services have multiple record types for different types of activities within the same service. For a more complete list of auditing record types, see [Office 365 Management Activity API schema](/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype). + + For more information about using PowerShell to search the audit log, see: + +- [Search-UnifiedAuditLog](/powershell/module/exchange/search-unifiedauditlog) +- [Use a PowerShell script to search the audit log](audit-log-search-script.md) -The following sections identify the licensing requirements for Audit (Standard) and Audit (Premium). Audit (Standard) functionality is included with Audit (Premium). +## Licensing requirements ### Audit (Standard) The following sections identify the licensing requirements for Audit (Standard) ### Audit (Premium) -- Microsoft 365 Enterprise E5 subscription-- Microsoft 365 Enterprise E3 subscription + the Microsoft 365 E5 Compliance add-on-- Microsoft 365 Enterprise E3 subscription + the Microsoft 365 E5 eDiscovery and Audit add-on-- Microsoft 365 Education A5 subscription-- Microsoft 365 Education A3 subscription + the Microsoft 365 A5 Compliance add-on-- Microsoft 365 Education A3 subscription + the Microsoft 365 A5 eDiscovery and Audit add-on-- Microsoft 365 Government G5 subscription-- Microsoft 365 Government G3 subscription + the Microsoft 365 G5 Compliance add-on-- Microsoft 365 Government G3 subscription + the Microsoft 365 G5 eDiscovery and Audit add-on-- Microsoft 365 Frontline F5 Compliance or F5 Security & Compliance add-on-- Office 365 Enterprise A5/E5 subscriptions +Microsoft Purview Audit (Premium) capabilities are included with Microsoft Purview. The licensing requirements may vary even within capabilities, depending on configuration options. For licensing requirements, guidance, and options, see the [Microsoft 365 guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-audit-premium). ## Set up Microsoft Purview auditing solutions If your organization has a subscription that supports Audit (Premium), perform t - Verifying that users are assigned the appropriate license or add-on license for Audit (Premium). - Turning on the Audit (Premium) app/service plan must be for those users. - - Enabling the auditing of crucial events and then turning on the Audit (Premium) app/service plan for those users. + - Enabling the auditing of intelligent insights and then turning on the Audit (Premium) app/service plan for those users. 2. Enable Audit (Premium) events to be logged when users perform searches in Exchange Online and SharePoint Online.
compliance	Audit Standard Setup	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-standard-setup.md	Now you're ready to search the audit log in the Microsoft Purview compliance por 2. In the left navigation pane of the compliance portal, select Show all and then select Audit. -3. On the Audit page, configure the search using the following conditions on the Search tab. +3. On the Audit page, configure the search using the following conditions on the Classic Search tab. + + > [!IMPORTANT] + > Starting October 2023, Classic Search will be retired in place of [New Search](audit-new-search.md), which includes enhancements such as faster search times, additional search options, ability to save searches, and more. 1. Date and time range. Select a date and time range to display the events that occurred within that period. The date and time are presented in Coordinated Universal Time (UTC). The last seven days are selected by default.
compliance	Compliance Easy Trials Compliance Playbook	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-easy-trials-compliance-playbook.md	Use the [eDiscovery (Premium) collection workflow](ediscovery-create-draft-colle Conduct investigations -Audit (Premium) helps organizations to conduct forensic and compliance investigations by increasing audit log retention required to conduct an investigation, providing access to crucial events that help determine scope of compromise, and providing faster access to the Office 365 Management Activity API. +Audit (Premium) helps organizations to conduct forensic and compliance investigations by increasing audit log retention required to conduct an investigation, providing access to intelligent insights that help determine scope of compromise, and providing faster access to the Office 365 Management Activity API. ### Step 1: Apply the E5 license to each user for which youΓÇÖd like to generate E5 events -Audit (Premium) features such as the ability to log crucial events such as MailItemsAccessed and Send require an appropriate E5 license assigned to users. Additionally, the Advanced Auditing app/service plan must be enabled for those users. +Audit (Premium) features such as the ability to log intelligent insights such as MailItemsAccessed and Send require an appropriate E5 license assigned to users. Additionally, the Advanced Auditing app/service plan must be enabled for those users. Set up Audit (Premium) for users - to verify that the Advanced Auditing app is assigned to users, [perform the following steps for each user](audit-premium-setup.md#step-1-set-up-audit-premium-for-users).
compliance	Compliance Easy Trials	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-easy-trials.md	The Purview solutions trial includes the solutions listed below. - Audit - Microsoft Purview Audit (Premium) helps organizations to conduct forensic and compliance investigations by increasing audit log retention required to conduct an investigation, providing access to crucial events that help determine scope of compromise, and faster access to Office 365 Management Activity API. Learn more about [Audit (Premium)](audit-premium.md) + Microsoft Purview Audit (Premium) helps organizations to conduct forensic and compliance investigations by increasing audit log retention required to conduct an investigation, providing access to intelligent insights that help determine scope of compromise, and faster access to Office 365 Management Activity API. Learn more about [Audit (Premium)](audit-premium.md) - Communication Compliance
compliance	Data Classification Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-overview.md	The point of the data classification reporting is to provide visibility into the > If this card displays the message, "No locations detected, it means you haven't created or published any sensitivity labels or no content has had a retention label applied. To get started with sensitivity labels, see: >- [Sensitivity labels](sensitivity-labels.md) -## Public preview release notes +<!-- + +## Public preview release notes > [!NOTE] > Exchange mailbox count: The point of the data classification reporting is to provide visibility into the > OneDrive remains in preview: >Thanks for your valuable feedback on OneDrive integration during our preview program. As we work through the specifics, you may run into inconsistent data / flows. We'll continue to showcase OneDrive in preview until all fixes are in place. We appreciate your continued support. +--> + ## See also - [View label activity](data-classification-activity-explorer.md)
compliance	Import Insider Risk Indicators	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-insider-risk-indicators.md	To run the sample script: \| Parameter \| Description \| \| :-\|:-\| \| `tenantId` \| This is the ID for your Microsoft 365 organization that you obtained in Step 1. You can also obtain the tenant ID for your organization on the Overview blade in the Azure AD admin center. This is used to identify your organization. \| - \| `appId` \| This is the Azure AD application ID for the app that you created in Azure AD in Step 1. This is used by Azure AD for authentication when the script attempts to access your Microsoft 365 organization. \| \| + \| `appId` \| This is the Azure AD application ID for the app that you created in Azure AD in Step 1. This is used by Azure AD for authentication when the script attempts to access your Microsoft 365 organization. \| \| `appSecret` \| This is the Azure AD application secret for the app that you created in Azure AD in Step 1. This is also used for authentication. \| \| `jobId` \| This is the job ID for the connector that you created in Step 3. This is used to associate the data that is uploaded to the Microsoft cloud with the connector. \| \| `filePath` \| This is the file path for the file (stored on the same system as the script) that you created in Step 1. Try to avoid spaces in the file path; otherwise use single quotation marks. \|
compliance	Information Barriers Sharepoint	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/information-barriers-sharepoint.md	Audit events are available in the Microsoft Purview compliance portal to help yo - Changed information barriers mode of site - Disabled information barriers for SharePoint and OneDrive -For more information about SharePoint segment auditing in Office 365, see [Search the audit log in the compliance portal](audit-log-search.md#microsoft-365-services-that-support-auditing). +For more information about SharePoint segment auditing in Office 365, see [Search the audit log in the compliance portal](audit-solutions-overview.md#microsoft-365-services-that-support-auditing). ## Site creation and management by site owners
compliance	Purview Adaptive Scopes	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/purview-adaptive-scopes.md	When you create a [communication compliance policy](/microsoft-365/compliance/co The advantages of using adaptive scopes include: - No limits on the number of items per policy. Although adaptive policies are still subject to the maximum number of policies per tenant limitations, the more flexible configuration will likely result in far fewer policies.-- Powerful targeting for your policy requirements. For example, you can create an adaptive scope to define a custom distribution group for a specific policy. +- More powerful targeting for your policies. For example, you can assign different settings to users according to their geographical location without the administrative overhead of creating and maintaining groups. - Query-based scopes provide resilience against business changes that might not be reliably reflected in group membership or external processes that rely on cross-department communication. - A single policy can include locations for both Microsoft Teams and Viva Engage, whereas when you donΓÇÖt use an adaptive scope, each location requires its own policy. - Support for [Azure AD administrative units](/azure/active-directory/roles/administrative-units).
compliance	Sit Defn Amazon S3 Client Secret Access Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-amazon-s3-client-secret-access-key.md	for example: ## Credential example -`AWS Secret: abcdefghijklmnopqrst0123456789/+ABCDEFGH;` +\|Confidence Band\|Example\| +\|-\|-\| +\|High\| `Amazon AWS Access Key: abcdefghijklmnopqrst0123456789/+ABCDEFGH;` \| +\|Medium\| `Client secret (AWS): abcdefghijklmnopqrst0123456789/+ABCDEFGH;` \| +\|Low\| N/A \| ## Checksum
compliance	Sit Defn Azure Ad Client Access Token	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-ad-client-access-token.md	for example: ## Credential example -`Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ing0Nzh4eU9wbHNNMUg3TlhrN1N4MTd4MX...` +\|Confidence Band\|Example\| +\|-\|-\| +\|High\| `Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIm5vbmNlIjoibm9uY2UifQ.eyJhdWQiOiJodHRwczovL2hvc3QiLCJleHAiOjk5OTk5OTk5OTksImFwcGlkIjoiaWQiLCJ2ZXIiOiIxLjAifQ.UVQYT1FBt5J_` \| +\|Medium\| `Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2hvc3QiLCJleHAiOjk5OTk5OTk5OTksImFwcGlkIjoiaWQiLCJ2ZXIiOiIxLjAifQ.UVQYT1FBt5J_` \| +\|Low\| `Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2hvc3QiLCJleHAiOjk5OTk5OTk5OTl9.UVQYT1FBt5J_` \| -> [!IMPORTANT] -> This example has been truncated. ItΓÇÖs not a detectable example of this SIT. ## Checksum
compliance	Sit Defn Azure Ad Client Secret	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-azure-ad-client-secret.md	for example: ## Credential example -`"AppId=01234567-abcd-abcd-abcd-abcdef012345;AppSecret=abc7Q~defghijklmnopqrstuvwxyz-_.~0123"` +\|Confidence Band\|Example\| +\|-\|-\| +\|High\| `"TenentId=01234567-abcd-abcd-abcd-abcdef012345;AppId=01234567-abcd-abcd-abcd-abcdef012345;AppSecret=abc8Q~defghijklmnopqrstuvwxyz-_.~0123456;"` \| +\|Medium\| `AppId=01234567-abcd-abcd-abcd-abcdef012345;AppSecret=abcdefghijklmnopqrstuvwxyz-_012345; ` \| +\|Low\| N/A \| ## Checksum
compliance	Sit Defn General Password	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-general-password.md	for example: ## Credential example -`<secret>ZYXWVU_3</secret>` +\|Confidence Band\|Example\| +\|-\|-\| +\|High\| `password = D3m0P@sswd!` \| +\|Medium\| `secret : DemoPasswd!` \| +\|Low\| `password = demopasswd2` \| ## Checksum
compliance	Sit Defn General Symmetric Key	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-general-symmetric-key.md	for example: ## Credential example -`key=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=;` +\|Confidence Band\|Example\| +\|-\|-\| +\|High\| `N/A` \| +\|Medium\| `N/A` \| +\|Low\| `key=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=;` \| ## Checksum SITs that have checksums use a unique calculation to check if the information is ## Definition -This SIT is designed to match the security information that's used in [general authentication process.](/dotnet/api/system.security.cryptography.aes?view=net-5.0) +This SIT is designed to match the security information that's used in [general authentication process.](/dotnet/api/system.security.cryptography.aes?view=net-5.0&preserve-view=true) It uses several primary resources:
compliance	Sit Defn User Login Credentials	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-defn-user-login-credentials.md	for example: ## Credential example -`{ "user": "user_name", "password": "ZYXWVU_2" }` +\|Confidence Band\|Example\| +\|-\|-\| +\|High\| `initial catalog=host_name;database=db_name;uid=user_name;password=ZYXWVU_2;` \| +\|Medium\| `user=user_name;password=ZYXWVU_2` \| +\|Low\| N/A \| ## Checksum
compliance	Whats New	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md	f1.keywords: Previously updated : 07/12/2023 Last updated : 07/17/2023 audience: Admin Whether it be adding new solutions to the [Microsoft Purview compliance portal]( ## June 2023 +### Compliance Manager + +- Update to clarify that some [automatically tested actions](compliance-manager-improvement-actions.md#testing-work) might show a status of "Out of scope" within the first 24 hours of setup with Microsoft Defender for Cloud monitoring. +- Update to reflect that the link to [export an assessment report](compliance-manager-assessments.md#export-an-assessment-report) is now called "Export actions." + ### Data lifecycle management and records management - General availability (GA): Auto-labeling retention policies for [cloud attachments](apply-retention-labels-automatically.md#auto-apply-labels-to-cloud-attachments) that are shared via Viva Engage are now in general availability. Whether it be adding new solutions to the [Microsoft Purview compliance portal]( - Assign an alert feature: Ability to [assign an alert to a specific admin](insider-risk-management-activities.md#assign-an-alert) makes it easier for admins to prioritize and triage alerts. - Update to clarify that there's [no limit on the number of users for forensic evidence policies](insider-risk-management-policy-templates.md#policy-template-limits). +### Microsoft Priva + +- Updates to clarify that adding a collaborator automatically gives them a Privacy Management Contributors role, on [Review data for a subject rights request](/privacy/priva/subject-rights-requests-data-review#collaboration-for-data-review) and [Set user permissions and assign roles](/privacy/priva/priva-permissions#learn-more-about-role-groups-and-roles). + ### Sensitivity labels - General availability (GA): Now rolling out, Outlook for Android and Outlook for iOS support a setting for mandatory labeling that you can configure with Microsoft Intune to [prompt users to select a sensitivity label when they first compose an email](sensitivity-labels-office-apps.md#for-outlook-mobile-change-when-users-are-prompted-for-a-label) instead of when they send it. Whether it be adding new solutions to the [Microsoft Purview compliance portal]( ### Audit - Updates for audit log support for [Microsoft Project for the web](/microsoft-365/compliance/audit-log-activities#microsoft-project-for-the-web-activities), [Microsoft To Do](/microsoft-365/compliance/audit-log-activities#microsoft-to-do-activities),and [Microsoft Defender Experts](/microsoft-365/compliance/audit-log-activities#microsoft-defender-experts-activities) activities.-- Updates to clarify [audit log rentention policies](/microsoft-365/compliance/audit-log-retention-policies) and duration options. +- Updates to clarify [audit log retention policies](/microsoft-365/compliance/audit-log-retention-policies) and duration options. ### Compliance Manager Whether it be adding new solutions to the [Microsoft Purview compliance portal]( - In preview: Scan for sensitive information in images with support for [optical character recognition](ocr-learn-about.md) when you use auto-apply retention label policies. - In preview: Auto-labeling retention policies for [cloud attachments](apply-retention-labels-automatically.md#auto-apply-labels-to-cloud-attachments) that were already in preview now include attachments and links shared in Viva Engage.-- In preview: Support for Azure Active Directory administrative unitsΓÇöfor both [data lifecycle managment](get-started-with-data-lifecycle-management.md#support-for-administrative-units) and [records management](get-started-with-records-management.md#support-for-administrative-units)ΓÇöis starting to roll out. +- In preview: Support for Azure Active Directory administrative unitsΓÇöfor both [data lifecycle management](get-started-with-data-lifecycle-management.md#support-for-administrative-units) and [records management](get-started-with-records-management.md#support-for-administrative-units)ΓÇöis starting to roll out. - In preview: You can now optionally configure [auto-approval](disposition.md#auto-approval-for-disposition) when you configure a retention label for disposition review. ### Data loss prevention
includes	Microsoft 365 Content Updates	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md	+## Week of July 10, 2023 ++ +\| Published On \|Topic title \| Change \| +\|\|\|--\| +\| 7/10/2023 \| [Manage endpoint security policies in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/manage-security-policies?view=o365-worldwide) \| added \| +\| 7/10/2023 \| [Get started with your Microsoft Defender for Endpoint deployment](/microsoft-365/security/defender-endpoint/mde-planning-guide?view=o365-worldwide) \| added \| +\| 7/10/2023 \| [List of fixed customer reported inaccuracies](/microsoft-365/security/defender-vulnerability-management/fixed-reported-inaccuracies?view=o365-worldwide) \| added \| +\| 7/10/2023 \| [Get started with collecting files that match data loss prevention policies from devices (preview)](/microsoft-365/compliance/dlp-copy-matched-items-get-started?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Identify priority physical assets for insider risk management policies](/microsoft-365/compliance/insider-risk-management-settings-priority-physical-assets?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Onboard Windows devices using a local script](/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| Microsoft Defender for Endpoint deployment overview \| removed \| +\| 7/10/2023 \| Deploy Microsoft Defender for Endpoint in rings \| removed \| +\| 7/10/2023 \| [Identify Defender for Endpoint architecture and deployment method](/microsoft-365/security/defender-endpoint/deployment-strategy?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Investigate Microsoft Defender for Endpoint files](/microsoft-365/security/defender-endpoint/investigate-files?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Investigate devices in the Defender for Endpoint Devices list](/microsoft-365/security/defender-endpoint/investigate-machines?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Onboard to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboarding?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Assign roles and permissions](/microsoft-365/security/defender-endpoint/prepare-deployment?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Set up Microsoft Defender for Endpoint deployment](/microsoft-365/security/defender-endpoint/production-deployment?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Supported Microsoft Defender for Endpoint capabilities by platform](/microsoft-365/security/defender-endpoint/supported-capabilities-by-platform?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/anti-phishing-policies-eop-configure?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Use DMARC to validate email, setup steps](/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Set up Microsoft Syntex per-user licensing](/microsoft-365/syntex/set-up-content-understanding) \| modified \| +\| 7/10/2023 \| [Pay-as-you-go services and pricing for Microsoft Syntex](/microsoft-365/syntex/syntex-pay-as-you-go-services) \| modified \| +\| 7/10/2023 \| [Test your DLP policies](/microsoft-365/compliance/dlp-test-dlp-policies?view=o365-worldwide) \| modified \| +\| 7/10/2023 \| [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Microsoft 365 for business security best practices](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Understand your Microsoft business billing profile](/microsoft-365/commerce/billing-and-payments/manage-billing-profiles?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Understand your Microsoft business billing account](/microsoft-365/commerce/manage-billing-accounts?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Get help and support for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-get-help-and-support?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Manage your tenant list in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-tenant-list?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Overview of the Users page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-users-page-overview?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Investigate data loss alerts with Microsoft 365 Defender](/microsoft-365/security/defender/dlp-investigate-alerts-defender?view=o365-worldwide) \| added \| +\| 7/11/2023 \| [Investigate data loss prevention alerts with Microsoft Sentinel](/microsoft-365/security/defender/dlp-investigate-alerts-sentinel?view=o365-worldwide) \| added \| +\| 7/11/2023 \| [Overview of Syntex File Q&A for Microsoft 365 Copilot (Preview)](/microsoft-365/syntex/copilot-syntex) \| added \| +\| 7/11/2023 \| [Set up, review, and edit your security policies and settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Configure advanced features in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-features?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Security Operations Guide for Defender for Endpoint](/microsoft-365/security/defender-endpoint/mde-sec-ops-guide?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| [Microsoft Defender for Endpoint Device Control Printer Protection](/microsoft-365/security/defender-endpoint/printer-protection?view=o365-worldwide) \| modified \| +\| 7/11/2023 \| Investigate data loss incidents with Microsoft 365 Defender \| removed \| +\| 7/11/2023 \| [Anti-phishing policies](/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Increase Classifier Accuracy](/microsoft-365/compliance/data-classification-increase-accuracy?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Enable sensitivity labels for Office files](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Configure Microsoft Defender Antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Identify internet-facing devices in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/internet-facing-devices?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Device control for macOS](/microsoft-365/security/defender-endpoint/mac-device-control-overview?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Tamper resiliency with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/tamper-resiliency?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [How to use the Microsoft Defender Experts for XDR service](/microsoft-365/security/defender/start-using-mdex-xdr?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Understanding detection technology within the email entity page in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/understand-detection-technology-in-email-entity?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Microsoft 365 admin center Viva Engage activity reports](/microsoft-365/admin/activity-reports/viva-engage-activity-report-ww?view=o365-worldwide) \| renamed \| +\| 7/12/2023 \| [Microsoft 365 admin center Viva Engage device usage reports](/microsoft-365/admin/activity-reports/viva-engage-device-usage-report-ww?view=o365-worldwide) \| added \| +\| 7/12/2023 \| [Microsoft 365 admin center Viva Engage groups activity reports](/microsoft-365/admin/activity-reports/viva-engage-groups-activity-report-ww?view=o365-worldwide) \| added \| +\| 7/12/2023 \| [Learn about retention for Viva Engage](/microsoft-365/compliance/retention-policies-viva-engage?view=o365-worldwide) \| added \| +\| 7/12/2023 \| [End of lifecycle options for groups, teams, and Viva Engage](/microsoft-365/solutions/end-life-cycle-groups-teams-sites-viva-engage?view=o365-worldwide) \| renamed \| +\| 7/12/2023 \| Microsoft 365 admin center Yammer device usage reports \| removed \| +\| 7/12/2023 \| Microsoft 365 admin center Yammer groups activity reports \| removed \| +\| 7/12/2023 \| [Let users reset their own passwords](/microsoft-365/admin/add-users/let-users-reset-passwords?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Reset passwords](/microsoft-365/admin/add-users/reset-passwords?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Set an individual user's password to never expire](/microsoft-365/admin/add-users/set-password-to-never-expire?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [About the Microsoft 365 admin mobile app](/microsoft-365/admin/admin-overview/admin-mobile-app?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Microsoft Adoption Score - Communication](/microsoft-365/admin/adoption/communication?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Microsoft Adoption Score - Mobility](/microsoft-365/admin/adoption/mobility?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Share calendars with external users](/microsoft-365/admin/manage/share-calendars-with-external-users?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Customize the reports in Microsoft 365 usage analytics](/microsoft-365/admin/usage-analytics/customize-reports?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Microsoft 365 usage analytics data model](/microsoft-365/admin/usage-analytics/usage-analytics-data-model?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Microsoft Bookings Frequently Asked Questions](/microsoft-365/bookings/bookings-faq?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Case study - Contoso configures a communication compliance policy to identify potentially inappropriate text](/microsoft-365/compliance/communication-compliance-case-study?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Feature reference for Content search](/microsoft-365/compliance/ediscovery-content-search-reference?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Create eDiscovery holds in a eDiscovery (Standard) case](/microsoft-365/compliance/ediscovery-create-holds?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Document metadata fields in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-document-metadata-fields?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Identify the available PowerShell cmdlets for retention](/microsoft-365/compliance/retention-cmdlets?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| Learn about retention for Yammer \| removed \| +\| 7/12/2023 \| [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Special considerations for Stream and live events in VPN environments](/microsoft-365/enterprise/microsoft-365-vpn-stream-and-live-events?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Engage your frontline employees and focus on wellbeing](/microsoft-365/frontline/flw-wellbeing-engagement?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [A collaboration governance framework for Microsoft 365](/microsoft-365/solutions/collaboration-governance-overview?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Groups services interactions](/microsoft-365/solutions/groups-services-interactions?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Microsoft 365 group expiration policy](/microsoft-365/solutions/microsoft-365-groups-expiration-policy?view=o365-worldwide) \| modified \| +\| 7/12/2023 \| [Overview of optical character recognition in Microsoft Syntex](/microsoft-365/syntex/ocr-overview) \| added \| +\| 7/12/2023 \| [Set up and manage prebuilt document processing in Microsoft Syntex](/microsoft-365/syntex/prebuilt-setup) \| added \| +\| 7/12/2023 \| [Set up and manage unstructured document processing in Microsoft Syntex](/microsoft-365/syntex/unstructured-setup) \| added \| +\| 7/12/2023 \| [Set up and manage optical character recognition in Microsoft Syntex](/microsoft-365/syntex/ocr) \| modified \| +\| 7/12/2023 \| [Set up Microsoft Syntex](/microsoft-365/syntex/set-up-microsoft-syntex) \| modified \| +\| 7/13/2023 \| [Query the content in a review set](/microsoft-365/compliance/ediscovery-review-set-search?view=o365-worldwide) \| modified \| +\| 7/13/2023 \| [Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) \| modified \| +\| 7/13/2023 \| [Configure Microsoft Defender Antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/13/2023 \| [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) \| modified \| +\| 7/13/2023 \| [Manage payment methods for Microsoft business accounts](/microsoft-365/commerce/billing-and-payments/manage-payment-methods?view=o365-worldwide) \| modified \| +\| 7/13/2023 \| [Turn auditing on or off](/microsoft-365/compliance/audit-log-enable-disable?view=o365-worldwide) \| modified \| +\| 7/13/2023 \| [Configure Microsoft Defender for Endpoint on Android features](/microsoft-365/security/defender-endpoint/android-configure?view=o365-worldwide) \| modified \| +\| 7/13/2023 \| [Configure local overrides for Microsoft Defender Antivirus settings](/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/13/2023 \| [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) \| modified \| +\| 7/13/2023 \| [Overview of Microsoft Syntex](/microsoft-365/syntex/syntex-overview) \| modified \| +\| 7/13/2023 \| [Get started with oversharing pop ups](/microsoft-365/compliance/dlp-osp-get-started?view=o365-worldwide) \| added \| +\| 7/13/2023 \| [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Set up a connector to import third-party insider risk detections (preview)](/microsoft-365/compliance/import-insider-risk-indicators?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Audit New Search](/microsoft-365/compliance/audit-new-search?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create eDiscovery holds in a eDiscovery (Standard) case](/microsoft-365/compliance/ediscovery-create-holds?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage holds in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-managing-holds?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure policy indicators in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-policy-indicators?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Troubleshoot license issues for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-support-license?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Train a structured or freeform document processing model in Microsoft Syntex](/microsoft-365/syntex/create-a-form-processing-model) \| modified \| +\| 7/14/2023 \| [Overview of structured and freeform document processing in Microsoft Syntex](/microsoft-365/syntex/form-processing-overview) \| modified \| +\| 7/14/2023 \| [Create blocked sender lists](/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Understand the proposal workflow](/microsoft-365/commerce/understand-proposal-workflow?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Investigate and remediate communication compliance alerts](/microsoft-365/compliance/communication-compliance-investigate-remediate?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) \| modified \| +\| 5/12/2022 \| [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) \| modified \| +\| 5/12/2022 \| [Enable archive mailboxes for Microsoft 365](/microsoft-365/compliance/enable-archive-mailboxes?view=o365-worldwide) \| modified \| +\| 5/12/2022 \| [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide) \| modified \| +\| 5/12/2022 \| [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications](/microsoft-365/compliance/how-smtp-dane-works?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Minification and bundling in SharePoint Online](/microsoft-365/enterprise/minification-and-bundling-in-sharepoint-online?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with the Microsoft Compliance Extension](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about the default data loss prevention policy in Microsoft Teams (preview)](/microsoft-365/compliance/dlp-teams-default-policy?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Double Key Encryption (DKE)](/microsoft-365/compliance/double-key-encryption?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage Microsoft Defender for Endpoint after initial setup or migration](/microsoft-365/security/defender-endpoint/manage-mde-post-migration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Migration and setup guides to move to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/migration-guides?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [View your Azure Active Directory roles in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-your-roles?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 3 - Wipe and block a former employee's mobile device](/microsoft-365/admin/add-users/remove-former-employee-step-3?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 4 - Forward a former employee's email to another employee or convert to a shared mailbox](/microsoft-365/admin/add-users/remove-former-employee-step-4?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 5 - Give another employee access to OneDrive and Outlook data](/microsoft-365/admin/add-users/remove-former-employee-step-5?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Visit the Action center to see remediation actions](/microsoft-365/security/defender-endpoint/auto-investigation-action-center?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use automated investigations to investigate and remediate threats](/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Automation levels in automated investigation and remediation](/microsoft-365/security/defender-endpoint/automation-levels?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure automated investigation and remediation capabilities](/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with troubleshooting mode in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Review remediation actions following automated investigations](/microsoft-365/security/defender-endpoint/manage-auto-investigation?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Change your organization's address, technical contact, and more](/microsoft-365/admin/manage/change-address-contact-and-more?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Custom Sensitive Information Type Filters Reference](/microsoft-365/compliance/sit-custom-sit-filters?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Top scoring in industry tests - Microsoft 365 Defender](/microsoft-365/security/defender/top-scoring-industry-tests?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Assess the Microsoft 365 Active Users report](/microsoft-365/admin/activity-reports/active-users-ww?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 admin center email activity reports](/microsoft-365/admin/activity-reports/email-activity-ww?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 admin center email apps usage reports](/microsoft-365/admin/activity-reports/email-apps-usage-ww?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 admin center forms activity reports](/microsoft-365/admin/activity-reports/forms-activity-ww?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Dynamics 365 customer voice activity reports](/microsoft-365/admin/activity-reports/forms-pro-activity-ww?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 admin center mailbox usage reports](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 admin center apps usage reports](/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 OneDrive for Business usage reports](/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 feature descriptions](/microsoft-365/admin/m365-feature-descriptions?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Apply encryption using sensitivity labels](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about the default labels and policies to protect your data](/microsoft-365/compliance/mip-easy-trials?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Customer Lockbox Requests](/microsoft-365/compliance/customer-lockbox-requests?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Choose your scenarios for Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-choose-scenarios?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Start with a pilot deployment of Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-pilot?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 for frontline workers - scenario posters](/microsoft-365/frontline/flw-scenario-posters?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Frontline team collaboration](/microsoft-365/frontline/flw-team-collaboration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Message delegation](/microsoft-365/frontline/hc-delegates?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with Microsoft 365 for healthcare organizations](/microsoft-365/frontline/teams-in-hc?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Attack surface reduction rules reporting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Compare device compliance policy settings in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-compare-compliance-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage multifactor authentication in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-mfa?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage your tenant list in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-tenant-list?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Mitigate threats in Microsoft 365 Lighthouse with Microsoft Defender Antivirus](/microsoft-365/lighthouse/m365-lighthouse-mitigate-threats?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Overview of Quarantined Messages in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-quarantine-messages-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Overview of the Tenants page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Compare groups](/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about the default labels and policies for Microsoft Information Protection](/microsoft-365/compliance/mip-easy-trials?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How to configure Exchange Server on-premises to use Hybrid Modern Authentication](/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [MRS service alerts](/microsoft-365/enterprise/microsoft-365-mrs-source-delays-service-alerts?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [View or edit policies in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Train your security staff for Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender-train-security-staff?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [All credentials entity definition](/microsoft-365/compliance/sit-defn-all-creds?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage insider risk management forensic evidence](/microsoft-365/compliance/insider-risk-management-forensic-evidence-manage?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use PowerShell to connect Shifts to Blue Yonder Workforce Management](/microsoft-365/frontline/shifts-connector-blue-yonder-powershell-setup?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use PowerShell to connect Shifts to UKG Dimensions](/microsoft-365/frontline/shifts-connector-ukg-powershell-setup?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use the Shifts connector wizard to connect Shifts to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-wizard-ukg?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use the Shifts connector wizard to connect Shifts to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-wizard?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Understanding deployment insights in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deployment-insights-overview?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Manage tenants using insights in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-tenants-using-deployment-insights?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Set up, review, and edit your security policies and settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Understand policy order in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-policy-order?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [View or edit policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage tamper protection for your organization using Microsoft Intune](/microsoft-365/security/defender-endpoint/manage-tamper-protection-intune?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Enable attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Campaigns in Microsoft Defender for Office 365 Plan](/microsoft-365/security/office-365-security/campaigns?view=o365-worldwide) \| modified \| +\| 1/10/2022 \| [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) \| modified \| +\| 1/10/2022 \| [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise \\| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-worldwide) \| modified \| +\| 1/10/2022 \| [Step 4. Deploy endpoint management for your devices, PCs, and other endpoints](/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints?view=o365-worldwide) \| modified \| +\| 1/10/2022 \| [Step 2. Provide remote access to on-premises apps and services](/microsoft-365/solutions/empower-people-to-work-remotely-remote-access?view=o365-worldwide) \| modified \| +\| 1/10/2022 \| [Set up your infrastructure for hybrid work with Microsoft 365](/microsoft-365/solutions/empower-people-to-work-remotely?view=o365-worldwide) \| modified \| +\| 12/15/2022 \| [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| +\| 12/15/2022 \| [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide) \| modified \| +\| 12/15/2022 \| [Block sign-in for shared mailbox accounts in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-block-signin-shared-mailboxes?view=o365-worldwide) \| added \| +\| 12/15/2022 \| [Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance](/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Labeling actions reported in Activity explorer](/microsoft-365/compliance/data-classification-activity-explorer-available-events?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Add a new employee to Microsoft 365](/microsoft-365/admin/add-users/add-new-employee?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Delete a user from your organization](/microsoft-365/admin/add-users/delete-a-user?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 admin center - Overview](/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Adoption Score - Content collaboration](/microsoft-365/admin/adoption/content-collaboration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Idle session timeout for Microsoft 365](/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Troubleshoot Microsoft Defender Antivirus while migrating from a third-party solution](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating?view=o365-worldwide) \| added \| +\| 2/23/2023 \| [Block vulnerable applications](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-worldwide) \| modified \| +\| 2/23/2023 \| [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Cancel your business subscription](/microsoft-365/commerce/subscriptions/cancel-your-subscription?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Block at First Sight (BAFS) demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-block-at-first-sight-bafs?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Cloud-delivered protection demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-cloud-delivered-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Controlled folder access (CFA) demonstration test tool](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access-test-tool?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Controlled folder access (CFA) demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Exploit protection (EP) demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-exploit-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Network protection demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-network-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Potentially unwanted applications (PUA) demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-potentially-unwanted-applications?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint SmartScreen URL reputation demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint demonstration scenarios](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstrations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use Content search for targeted collections](/microsoft-365/compliance/ediscovery-use-content-search-for-targeted-collections?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Purview setup guides](/microsoft-365/compliance/purview-fast-track-setup-guides?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Search the audit log for events in Microsoft Teams](/microsoft-365/compliance/audit-teams-audit-log-events?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Increase Classifier Accuracy](/microsoft-365/compliance/data-classification-increase-accuracy?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Advanced deployment guides for Microsoft 365 and Office 365 products](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-worldwide) \| modified \| +\| 12/14/2022 \| [Define your Bookings service offerings](/microsoft-365/bookings/define-service-offerings?view=o365-worldwide) \| modified \| +\| 12/14/2022 \| [Trainable classifiers definitions](/microsoft-365/compliance/classifier-tc-definitions?view=o365-worldwide) \| modified \| +\| 12/14/2022 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| +\| 12/14/2022 \| [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) \| modified \| +\| 12/14/2022 \| [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) \| modified \| +\| 12/14/2022 \| [Analyzing the Causes of Regressions](/microsoft-365/test-base/analyze-regression-causes?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Determining Relevant Processes for Regression Detection](/microsoft-365/test-base/determine-relevant-processes-regression-detection?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Downloading and Analyzing Test Result Files](/microsoft-365/test-base/download-analyze-test-result-files?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Understanding CPU Regression Analysis](/microsoft-365/test-base/learn-cpu-regression-analysis?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Understanding Memory Regression Analysis](/microsoft-365/test-base/learn-memory-regression-analysis?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Memory and CPU Regression Results Overview](/microsoft-365/test-base/memory-cpu-regressions-results-overview?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Monitoring Test Status](/microsoft-365/test-base/monitor-test-status?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Viewing Application Reliability Results](/microsoft-365/test-base/view-application-liability-results?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Viewing Log Files](/microsoft-365/test-base/view-log-files?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Viewing Script Execution Results](/microsoft-365/test-base/view-script-execution-results?view=o365-worldwide) \| added \| +\| 12/14/2022 \| [Viewing Test Results](/microsoft-365/test-base/view-test-results?view=o365-worldwide) \| added \| +\| 9/16/2022 \| [Try and evaluate Defender for Office 365](/microsoft-365/security/office-365-security/try-microsoft-defender-for-office-365?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint for US Government customers](/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Teams in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-teams?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Sensitive information type REGEX validators and additional checks](/microsoft-365/compliance/sit-regex-validators-additional-checks?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use the Microsoft 365 admin center to manage your Shifts connection to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-blue-yonder-admin-center-manage?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use the Microsoft 365 admin center to manage your Shifts connection to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-ukg-admin-center-manage?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Investigate Microsoft Defender for Endpoint files](/microsoft-365/security/defender-endpoint/investigate-files?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 6. Monitor device risk and compliance to security baselines](/microsoft-365/solutions/manage-devices-with-intune-monitor-risk?view=o365-worldwide) \| modified \| +\| 4/12/2023 \| [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) \| modified \| +\| 4/12/2023 \| [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Paying for your subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Bulk import external contacts to Exchange Online](/microsoft-365/compliance/bulk-import-external-contacts?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage Protection](/microsoft-365/security/defender-endpoint/device-control-removable-storage-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Submit files for analysis by Microsoft](/microsoft-365/security/intelligence/submission-guide?view=o365-worldwide) \| modified \| +\| 6/29/2022 \| [Onboard previous versions of Windows on Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-downlevel?view=o365-worldwide) \| modified \| +\| 6/29/2022 \| [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide) \| modified \| +\| 6/29/2022 \| [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Maintain your environment](/microsoft-365/business-premium/m365bp-mdb-maintain-environment?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Administering Exchange Online mailboxes in a multi-geo environment](/microsoft-365/enterprise/administering-exchange-online-multi-geo?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Review or edit your next-generation protection policies Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-generation-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Office 365 support for Microsoft Teams (Preview)](/microsoft-365/security/office-365-security/mdo-support-teams-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Help your clients and customers use virtual appointments](/microsoft-365/frontline/virtual-appointments-toolkit?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Migrating servers from Microsoft Monitoring Agent to the unified solution](/microsoft-365/security/defender-endpoint/application-deployment-via-mecm?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Admin review for user reported messages](/microsoft-365/security/office-365-security/submissions-admin-review-user-reported-messages?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Extract text from images using the OCR service in Microsoft Syntex](/microsoft-365/syntex/ocr) \| added \| +\| 7/14/2023 \| [Advanced data residency in Microsoft 365](/microsoft-365/enterprise/advanced-data-residency?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [OneDrive Cross-Tenant User Data Migration Step 7](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step7?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Migrate to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Troubleshooting issues when moving to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Buy a domain name](/microsoft-365/admin/get-help-with-domains/buy-a-domain-name?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Top 10 ways to secure your business data with Microsoft 365 for business](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Add, update or delete a scan definition](/microsoft-365/security/defender-endpoint/add-a-new-scan-definition?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy and manage Removable Storage Access Control using Intune](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Printer Protection Overview](/microsoft-365/security/defender-endpoint/printer-protection-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Migrate to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Security Operations Guide for Defender for Office 365](/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Responding to a Compromised Email Account](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Secure your business data with Microsoft 365 for business](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard macOS devices into Microsoft 365 overview](/microsoft-365/compliance/device-onboarding-macos-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard Windows 10 and Windows 11 devices using Mobile Device Management tools](/microsoft-365/compliance/device-onboarding-mdm?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard and offboard macOS devices into Compliance solutions using Microsoft Intune for Microsoft Defender for Endpoint customers](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune-mde?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard and offboard macOS devices into Microsoft Purview solutions using Microsoft Intune](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard and offboard macOS devices into Compliance solutions using JAMF Pro for Microsoft Defender for Endpoint customers](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro-mde?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard and offboard macOS devices into Microsoft Purview solutions using JAMF Pro](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [IPv6 support in Microsoft 365 services](/microsoft-365/enterprise/ipv6-support?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 data locations](/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with troubleshooting mode in Microsoft Defender for Endpoint (preview)](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Multi-factor authentication for users](/microsoft-365/business-premium/m365bp-mfa-for-users?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Secure managed devices with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-managed-devices?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Set up information protection capabilities in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-set-up-compliance?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Install Microsoft 365 Apps on your devices with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-users-install-m365-apps?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Protect unmanaged computers with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-users-protect-unmanaged-devices?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Set up GDAP for your customers](/microsoft-365/lighthouse/m365-lighthouse-setup-gdap?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Troubleshoot error messages and problems in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-troubleshoot?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365-whats-new?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 Group mailbox size management](/microsoft-365/admin/create-groups/group-mailbox-size-management?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 Health Dashboard](/microsoft-365/admin/manage/health-dashboard-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Launch your portal using the Portal launch scheduler](/microsoft-365/enterprise/portallaunchscheduler?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create an enterprise model in Microsoft Syntex](/microsoft-365/syntex/create-syntex-model) \| modified \| +\| 7/14/2023 \| [Overview of model types in Microsoft Syntex](/microsoft-365/syntex/model-types-overview) \| modified \| +\| 7/14/2023 \| [Use a prebuilt model to extract information from contracts in Microsoft Syntex](/microsoft-365/syntex/prebuilt-model-contract) \| added \| +\| 7/14/2023 \| [Overview of prebuilt models in Microsoft Syntex](/microsoft-365/syntex/prebuilt-overview) \| modified \| +\| 7/14/2023 \| [Requirements and limitations for models in Microsoft Syntex](/microsoft-365/syntex/requirements-and-limitations) \| modified \| +\| 7/14/2023 \| [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Attack surface reduction (ASR) rules reporting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Connect your DNS records at GoDaddy to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-godaddy?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use Office 365 Content Delivery Network (CDN) with SharePoint Online](/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use the command line to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Map fields of a modern template to library columns in Microsoft Syntex](/microsoft-365/syntex/content-assembly-map-fields) \| added \| +\| 11/14/2022 \| [What's new in Microsoft 365 Business Premium and Microsoft Defender for Business](/microsoft-365/business-premium/m365bp-mdb-whats-new?view=o365-worldwide) \| modified \| +\| 11/14/2022 \| [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) \| modified \| +\| 11/14/2022 \| [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) \| modified \| +\| 11/14/2022 \| [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) \| modified \| +\| 11/14/2022 \| [Deploy and manage Removable Storage Access Control using group policy](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-group-policy?view=o365-worldwide) \| modified \| +\| 11/14/2022 \| [Deploy and manage Removable Storage Access Control using Intune](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune?view=o365-worldwide) \| modified \| +\| 11/14/2022 \| [Server migration scenarios for the new version of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Adaptive scopes](/microsoft-365/compliance/purview-adaptive-scopes?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance](/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How-to deploy and configure the report message add-in](/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Admin review for user reported messages](/microsoft-365/security/office-365-security/submissions-admin-review-user-reported-messages?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Report false positives and false negatives in Outlook](/microsoft-365/security/office-365-security/submissions-outlook-report-messages?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Report spam, non-spam, phishing, suspicious emails and files to Microsoft](/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [User reported settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Enable the Report Message or the Report Phishing add-ins](/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Enable sensitivity labels for Office files](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [All credentials entity definition](/microsoft-365/compliance/sit-defn-all-creds?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Amazon S3 client secret access key entity definition](/microsoft-365/compliance/sit-defn-amazon-s3-client-secret-access-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [ASP.NET machine key entity definition](/microsoft-365/compliance/sit-defn-asp-net-machine-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure AD client access token entity definition](/microsoft-365/compliance/sit-defn-azure-ad-client-access-token?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure AD client secret entity definition](/microsoft-365/compliance/sit-defn-azure-ad-client-secret?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure AD user credentials entity definition](/microsoft-365/compliance/sit-defn-azure-ad-user-credentials?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure App Service Deployment Password entity definition](/microsoft-365/compliance/sit-defn-azure-app-service-deployment-password?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Batch Shared Access Key entity definition](/microsoft-365/compliance/sit-defn-azure-batch-shared-access-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Bot Framework secret key entity definition](/microsoft-365/compliance/sit-defn-azure-bot-framework-secret-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Bot service app secret entity definition](/microsoft-365/compliance/sit-defn-azure-bot-service-app-secret?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Cognitive search API key entity definition](/microsoft-365/compliance/sit-defn-azure-cognitive-search-api-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Cognitive Service key entity definition](/microsoft-365/compliance/sit-defn-azure-cognitive-service-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Container Registry access key entity definition](/microsoft-365/compliance/sit-defn-azure-container-registry-access-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure COSMOS DB account access key entity definition](/microsoft-365/compliance/sit-defn-azure-cosmos-db-account-access-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Databricks personal access token entity definition](/microsoft-365/compliance/sit-defn-azure-databricks-personal-access-token?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure DevOps app secret entity definition](/microsoft-365/compliance/sit-defn-azure-devops-app-secret?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure DevOps personal access token entity definition](/microsoft-365/compliance/sit-defn-azure-devops-personal-access-token?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure EventGrid access key entity definition](/microsoft-365/compliance/sit-defn-azure-eventgrid-access-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Function Master / API key entity definition](/microsoft-365/compliance/sit-defn-azure-function-master-api-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure IoT connection string entity definition](/microsoft-365/compliance/sit-defn-azure-iot-connection-string?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Logic App shared access signature entity definition](/microsoft-365/compliance/sit-defn-azure-logic-app-shared-access-signature?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Machine Learning web service API key entity definition](/microsoft-365/compliance/sit-defn-azure-machine-learning-web-service-api-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Maps subscription key entity definition](/microsoft-365/compliance/sit-defn-azure-maps-subscription-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Redis cache connection string password entity definition](/microsoft-365/compliance/sit-defn-azure-redis-cache-connection-string-password?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure service bus shared access signature entity definition](/microsoft-365/compliance/sit-defn-azure-service-bus-shared-access-signature?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Shared Access key / Web Hook token signature entity definition](/microsoft-365/compliance/sit-defn-azure-shared-access-key-web-hook-token?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure SignalR access key entity definition](/microsoft-365/compliance/sit-defn-azure-signalr-access-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure SQL connection string entity definition](/microsoft-365/compliance/sit-defn-azure-sql-connection-string?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure storage account access key entity definition](/microsoft-365/compliance/sit-defn-azure-storage-account-access-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Storage account shared access signature for high risk resources entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-storage-account-shared-access-signature-high-risk-resources?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Storage account shared access signature entity definition](/microsoft-365/compliance/sit-defn-azure-storage-account-shared-access-signature?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure subscription management certificate entity definition](/microsoft-365/compliance/sit-defn-azure-subscription-management-certificate?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Client secret / API key entity definition](/microsoft-365/compliance/sit-defn-client-secret-api-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [General password entity definition](/microsoft-365/compliance/sit-defn-general-password?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [General Symmetric key entity definition](/microsoft-365/compliance/sit-defn-general-symmetric-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [GitHub personal access token entity definition](/microsoft-365/compliance/sit-defn-github-personal-access-token?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Google API key entity definition](/microsoft-365/compliance/sit-defn-google-api-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Http authorization header entity definition](/microsoft-365/compliance/sit-defn-http-authorization-header?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Bing maps key entity definition](/microsoft-365/compliance/sit-defn-microsoft-bing-maps-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Slack access token entity definition](/microsoft-365/compliance/sit-defn-slack-access-token?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [User login credentials entity definition](/microsoft-365/compliance/sit-defn-user-login-credentials?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [X.509 certificate private key entity definition (preview)](/microsoft-365/compliance/sit-defn-x-509-certificate-private-key?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure advanced features in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-features?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure and manage Microsoft Threat Experts capabilities](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Endpoint Attack Notifications](/microsoft-365/security/defender-endpoint/endpoint-attack-notifications?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Experts on Demand](/microsoft-365/security/defender-endpoint/experts-on-demand?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Change the hold duration for an inactive mailbox](/microsoft-365/compliance/change-the-hold-duration-for-an-inactive-mailbox?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Purview solutions trial user guide](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Analyze data in a review set in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-analyzing-data-in-review-set?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Assign eDiscovery permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/ediscovery-assign-permissions?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [CJK/Double Byte support for eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-cjk-support?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Overview of collections in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-collections?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Configure search and analytics settings - eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-configure-search-and-analytics-settings?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Feature reference for Content search](/microsoft-365/compliance/ediscovery-content-search-reference?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Create and run a Content search in the Microsoft Purview compliance portal](/microsoft-365/compliance/ediscovery-content-search?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Review conversations in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-conversation-review-sets?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Create and manage an eDiscovery (Premium) case](/microsoft-365/compliance/ediscovery-create-and-manage-cases?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Create a collection estimate](/microsoft-365/compliance/ediscovery-create-draft-collection?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Create eDiscovery holds in a eDiscovery (Standard) case](/microsoft-365/compliance/ediscovery-create-holds?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [eDiscovery solution series Data spillage scenario - Search and purge](/microsoft-365/compliance/ediscovery-data-spillage-search-and-purge?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Advanced indexing of custodian data](/microsoft-365/compliance/ediscovery-indexing-custodian-data?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Keyword queries and search conditions for eDiscovery](/microsoft-365/compliance/ediscovery-keyword-queries-and-search-conditions?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Legacy eDiscovery tools retired](/microsoft-365/compliance/ediscovery-legacy-retirement?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Limits for Content search and eDiscovery (Standard) in the Microsoft Purview compliance portal](/microsoft-365/compliance/ediscovery-limits-for-content-search?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Manage legal investigations in Microsoft 365](/microsoft-365/compliance/ediscovery-manage-legal-investigations?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Work with custodians in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-managing-custodians?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Manage jobs in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-managing-jobs?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Manage review sets in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-managing-review-sets?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Configure permissions filtering for eDiscovery](/microsoft-365/compliance/ediscovery-permissions-filtering-for-content-search?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Predictive coding in eDiscovery (Premium) - Quick start](/microsoft-365/compliance/ediscovery-predictive-coding-quick-start?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Search for and delete chat messages in Teams](/microsoft-365/compliance/ediscovery-search-and-delete-teams-chat-messages?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Search for content in a eDiscovery (Standard) case](/microsoft-365/compliance/ediscovery-search-for-content?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Set up compliance boundaries for eDiscovery investigations](/microsoft-365/compliance/ediscovery-set-up-compliance-boundaries?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Get started with eDiscovery (Standard) cases in Microsoft Purview](/microsoft-365/compliance/ediscovery-standard-get-started?view=o365-worldwide) \| renamed \| +\| 7/14/2023 \| [Microsoft Purview eDiscovery solutions](/microsoft-365/compliance/ediscovery?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about inactive mailboxes](/microsoft-365/compliance/inactive-mailboxes-in-office-365?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Choose Microsoft Purview Information Protection built-in labeling for Office apps over the Azure Information Protection (AIP) add-in](/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Enable autoexpanding archiving](/microsoft-365/compliance/enable-autoexpanding-archiving?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Take response actions on a device in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Purview Compliance Manager templates list](/microsoft-365/compliance/compliance-manager-templates-list?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage tamper protection using tenant attach with Configuration Manager, version 2006](/microsoft-365/security/defender-endpoint/manage-tamper-protection-configuration-manager?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage tamper protection on an individual device](/microsoft-365/security/defender-endpoint/manage-tamper-protection-individual-device?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage tamper protection for your organization using Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/manage-tamper-protection-microsoft-365-defender?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Compare Microsoft Defender Vulnerability Management plans and capabilities](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Set up Microsoft Syntex per-user licensing](/microsoft-365/syntex/set-up-content-understanding) \| modified \| +\| 7/14/2023 \| [Set up Microsoft Syntex](/microsoft-365/syntex/set-up-microsoft-syntex) \| added \| +\| 7/14/2023 \| [Configure Microsoft Syntex for pay-as-you-go billing in Azure](/microsoft-365/syntex/syntex-azure-billing) \| modified \| +\| 7/14/2023 \| [Licensing for Microsoft Syntex](/microsoft-365/syntex/syntex-licensing) \| modified \| +\| 7/14/2023 \| [Pay-as-you-go services and pricing for Microsoft Syntex](/microsoft-365/syntex/syntex-pay-as-you-go-services) \| added \| +\| 3/3/2022 \| [Microsoft 365 global tenant performance optimization for China users](/microsoft-365/enterprise/microsoft-365-networking-china?view=o365-worldwide) \| modified \| +\| 3/3/2022 \| [Common VPN split tunneling scenarios for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-common-scenarios?view=o365-worldwide) \| added \| +\| 3/3/2022 \| [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) \| modified \| +\| 3/3/2022 \| [Securing Teams media traffic for VPN split tunneling](/microsoft-365/enterprise/microsoft-365-vpn-securing-teams?view=o365-worldwide) \| added \| +\| 3/3/2022 \| [Overview: VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-split-tunnel?view=o365-worldwide) \| modified \| +\| 3/3/2022 \| [Special considerations for Stream and live events in VPN environments](/microsoft-365/enterprise/microsoft-365-vpn-stream-and-live-events?view=o365-worldwide) \| added \| +\| 3/3/2022 \| [Networking roadmap for Microsoft 365](/microsoft-365/enterprise/networking-roadmap-microsoft-365?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage Microsoft feedback for your organization](/microsoft-365/admin/manage/manage-feedback-ms-org?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Payloads in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Security incident management](/microsoft-365/business-premium/m365bp-security-incident-management?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Business Premium trial playbook](/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft security portals and admin centers](/microsoft-365/security/defender/portals?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Purview solutions trial playbook](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in Microsoft Purview](/microsoft-365/compliance/whats-new?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard devices to Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create safe sender lists](/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Boost your security protection with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What DLP policy templates include](/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Guest users in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-guest-users?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get help and support for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-get-help?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Visit the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Requirements for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-requirements?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Email analysis in investigations for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-analysis-investigations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Continuous access evaluation for Microsoft 365 - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-continuous-access-evaluation?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Remove yourself from the blocked senders list and address 5.7.511 Access denied errors](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Teams Advanced Virtual Appointments activity report](/microsoft-365/frontline/advanced-virtual-appointments-activity-report?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Quarantine notifications (end-user spam notifications) in Microsoft 365](/microsoft-365/security/office-365-security/quarantine-quarantine-notifications?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Contracts Frequently Asked Questions](/microsoft-365/commerce/licenses/license-summary-faq?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Use Cost management in the Microsoft 365 admin center](/microsoft-365/commerce/use-cost-mgmt?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Understand the analyst report section in threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics-analyst-reports?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with the Microsoft Purview Chrome Extension](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about the Microsoft Purview Chrome Extension](/microsoft-365/compliance/dlp-chrome-learn-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with the Microsoft Purview Firefox Extension](/microsoft-365/compliance/dlp-firefox-extension-get-started?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Learn about the Microsoft Purview Firefox Extension](/microsoft-365/compliance/dlp-firefox-extension-learn?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Get started with the Microsoft Purview Data Loss Prevention migration assistant for Symantec](/microsoft-365/compliance/dlp-migration-assistant-for-symantec-get-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Identify the available PowerShell cmdlets for retention](/microsoft-365/compliance/retention-cmdlets?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use attack surface reduction rules to prevent malware infection](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Upgrade or change to a different Microsoft 365 for business plan](/microsoft-365/commerce/subscriptions/upgrade-to-different-plan?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-premium-get-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with eDiscovery (Standard)](/microsoft-365/compliance/ediscovery-standard-get-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Changing from a Microsoft 365 E plan to a Microsoft 365 F plan](/microsoft-365/frontline/switch-from-enterprise-to-frontline?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Why do I need Microsoft Defender for Office 365?](/microsoft-365/security/office-365-security/why-do-i-need-microsoft-defender-for-office-365?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender Antivirus in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Advanced indexing of custodian and non-custodial data sources](/microsoft-365/compliance/ediscovery-indexing-custodian-data?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create a Microsoft 365 Group with a specific preferred data location](/microsoft-365/enterprise/multi-geo-add-group-with-pdl?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [SharePoint Server 2007 end of support roadmap](/microsoft-365/enterprise/sharepoint-2007-end-of-support?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [The Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Threat Explorer and Real-time detections basics in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/real-time-detections?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Migrate business email and calendar from Google Workspace](/microsoft-365/admin/moveto-microsoft-365/migrate-email?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How Sender Policy Framework (SPF) prevents spoofing](/microsoft-365/security/office-365-security/email-authentication-anti-spoofing?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Overview of freeform document processing in Microsoft Syntex](/microsoft-365/syntex/freeform-document-processing-overview) \| modified \| +\| 7/14/2023 \| [Import a term set using a SKOS-based format](/microsoft-365/syntex/import-term-set-skos) \| modified \| +\| 7/14/2023 \| [Push content types to a hub](/microsoft-365/syntex/push-content-type-to-hub) \| modified \| +\| 7/14/2023 \| [SKOS format reference for SharePoint taxonomy](/microsoft-365/syntex/skos-format-reference) \| modified \| +\| 7/14/2023 \| [Term store reports](/microsoft-365/syntex/term-store-analytics) \| modified \| +\| 1/10/2023 \| [Troubleshooting issues when switching to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting?view=o365-worldwide) \| modified \| +\| 3/23/2023 \| [Microsoft Teams SMS notifications usage report](/microsoft-365/frontline/sms-notifications-usage-report?view=o365-worldwide) \| added \| +\| 3/23/2023 \| [Overview of the Vulnerability management page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-vulnerability-management-page-overview?view=o365-worldwide) \| added \| +\| 3/23/2023 \| [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) \| modified \| +\| 3/23/2023 \| [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-worldwide) \| modified \| +\| 3/23/2023 \| [Deploy, manage, and report on Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Anti-phishing policies](/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Endpoint detection and response in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Other endpoints not included in the Office 365 IP Address and URL Web service](/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Find Microsoft 365 for business support phone numbers by country or region](/microsoft-365/admin/support-contact-info?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about auto-expanding archiving](/microsoft-365/compliance/autoexpanding-archiving?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Service advisories for auto-expanding archive utilization in Exchange Online monitoring](/microsoft-365/enterprise/microsoft-365-exo-archive-advisory?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Plan attack surface reduction (ASR) rules deployment](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-plan?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Connect your DNS records at IONOS by 1&1 to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-1-1-internet?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 admin center Teams usage activity reports](/microsoft-365/admin/activity-reports/microsoft-teams-usage-activity?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Capabilities of Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/capabilities?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Choose between Basic Mobility and Security and Intune](/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create an APNs certificate for iOS devices](/microsoft-365/admin/basic-mobility-security/create-an-apns-certificate-for-ios-devices?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Basic Mobility and Security frequently-asked questions (FAQ)](/microsoft-365/admin/basic-mobility-security/frequently-asked-questions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage device access settings in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/manage-device-access-settings?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage devices enrolled in Mobile Device Management in Microsoft 365](/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Overview of Basic Mobility and Security for Microsoft 365](/microsoft-365/admin/basic-mobility-security/overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Set up Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/set-up?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Turn off Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/turn-off?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Wipe a mobile device in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/wipe-mobile-device?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Connect your DNS records at Namecheap to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-namecheap?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Connect your DNS records at Network Solutions to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-network-solutions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Connect your DNS records at OVH to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-ovh?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage email app access in Microsoft 365 admin center](/microsoft-365/admin/email/manage-email-app-access?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Transfer a domain from Microsoft to another host](/microsoft-365/admin/get-help-with-domains/transfer-a-domain-from-microsoft-to-another-host?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Minors and acquiring add-ins from the Store](/microsoft-365/admin/manage/minors-and-acquiring-addins-from-the-store?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Azure Information Protection support for Office 365 operated by 21Vianet](/microsoft-365/admin/services-in-china/parity-between-azure-information-protection?view=o365-21vianet) \| modified \| +\| 7/14/2023 \| [Office 365 operated by 21Vianet](/microsoft-365/admin/services-in-china/services-in-china?view=o365-21vianet) \| modified \| +\| 7/14/2023 \| [Customize the theme for your organization](/microsoft-365/admin/setup/customize-your-organization-theme?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Migrate data to my Microsoft 365 Business Standard subscription](/microsoft-365/admin/simplified-signup/migrate-data-business-standard?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard and offboard macOS devices into Microsoft 365 Compliance solutions using JAMF Pro (preview)](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Design a Data loss prevention policy](/microsoft-365/compliance/dlp-policy-design?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Investigate insider risk management activities](/microsoft-365/compliance/insider-risk-management-activities?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Limits for retention policies and retention label policies](/microsoft-365/compliance/retention-limits?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Server migration scenarios for the new version of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 6. Identify SOC maintenance tasks](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-tasks?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 5. Develop and test use cases](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Virus Initiative](/microsoft-365/security/intelligence/virus-initiative-criteria?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How to retrain a classifier in content explorer](/microsoft-365/compliance/classifier-how-to-retrain-content-explorer?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-support-perf?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 admin center help # < 60 chars](/microsoft-365/admin/index?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 Health Dashboard](/microsoft-365/admin/manage/health-dashboard-overview?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Work with a partner to archive third-party data](/microsoft-365/compliance/archive-partner-third-party-data?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Purview extensibility](/microsoft-365/compliance/compliance-extensibility?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about optical character recognition in Microsoft Purview (preview)](/microsoft-365/compliance/ocr-learn-about?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Get started with privileged access management](/microsoft-365/compliance/privileged-access-management-configuration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure anti-malware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Anti-malware protection](/microsoft-365/security/office-365-security/anti-malware-protection-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/anti-phishing-policies-eop-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure spam filter policies](/microsoft-365/security/office-365-security/anti-spam-policies-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [End-user notifications for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-end-user-notifications?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Insights and reports Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Landing pages in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-landing-pages?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Login pages in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-login-pages?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Payload automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payload-automations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Simulate a phishing attack with Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Teams in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-teams?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Training modules for Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-modules?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure the default connection filter policy](/microsoft-365/security/office-365-security/connection-filter-policies-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure outbound spam policies](/microsoft-365/security/office-365-security/outbound-spam-policies-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/quarantine-end-user?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Test your DLP policies](/microsoft-365/compliance/dlp-test-dlp-policies?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Errors during admin submissions](/microsoft-365/security/office-365-security/submissions-error-messages?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Create a rule to move or copy a file from one document library to another in Microsoft Syntex](/microsoft-365/syntex/content-processing-create-rules) \| added \| +\| 7/14/2023 \| [Delete an inactive mailbox](/microsoft-365/compliance/delete-an-inactive-mailbox?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Free trial - Microsoft Purview compliance solutions](/microsoft-365/compliance/compliance-easy-trials?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Optimize search requests in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-search-optimization?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Configure Microsoft Defender for Endpoint risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure Microsoft 365 retention settings to automatically retain or delete content](/microsoft-365/compliance/retention-settings?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Integration with Microsoft Defender for Cloud](/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure Microsoft Defender Antivirus on a remote desktop or virtual desktop infrastructure environment](/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Web content filtering](/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Work with query results in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-results?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Hunt for threats across devices, emails, apps, and identities with advanced hunting](/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn the advanced hunting query language in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-language?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use shared queries in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-shared-queries?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Take action on advanced hunting query results in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-take-action?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Alert grading playbooks](/microsoft-365/security/defender/alert-grading-playbooks?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Automatic attack disruption in Microsoft 365 Defender](/microsoft-365/security/defender/automatic-attack-disruption?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure automatic attack disruption capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/configure-attack-disruption?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create custom roles with Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/create-custom-rbac-roles?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Edit or delete roles Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/edit-delete-rbac-roles?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 4. Evaluate Microsoft Defender for Endpoint overview, including reviewing the architecture](/microsoft-365/security/defender/eval-defender-endpoint-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Review architecture requirements and the technical framework for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-architecture?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Enable the evaluation environment for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-enable-eval?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Run an attack simulation in a Microsoft 365 Defender pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond-simulate-attack?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Review architecture requirements and the structure for Microsoft Defender for Cloud Apps](/microsoft-365/security/defender/eval-defender-mcas-architecture?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 5. Evaluate Microsoft Defender for Cloud Apps overview](/microsoft-365/security/defender/eval-defender-mcas-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Redirecting accounts from Microsoft Defender for Endpoint to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mde-redirection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How to subscribe to Microsoft Defender Experts for Hunting](/microsoft-365/security/defender/onboarding-defender-experts-for-hunting?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Detecting human-operated ransomware attacks with Microsoft 365 Defender](/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Set up your Microsoft 365 Defender trial lab or pilot environment](/microsoft-365/security/defender/setup-m365deval?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create a rule to move or copy a file from one document library to another in Microsoft Syntex](/microsoft-365/syntex/content-processing-create-rules) \| modified \| +\| 7/14/2023 \| [Overview of content processing in Microsoft Syntex](/microsoft-365/syntex/content-processing-overview) \| added \| +\| 7/14/2023 \| [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy Microsoft Whiteboard on Windows 10 devices](/microsoft-365/whiteboard/deploy-on-windows-organizations?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Manage clients for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-clients-gcc-high?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Manage data for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-data-gcc-high?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Manage sharing for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-sharing-gcc-high?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Manage sharing for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-sharing-organizations?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Microsoft 365 Lighthouse and Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-lighthouse-integration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Resources for Microsoft partners using Microsoft Defender for Business and Microsoft 365 Business Premium](/microsoft-365/security/defender-business/mdb-partners?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [View your bill or invoice](/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Compare device compliance policy settings](/microsoft-365/lighthouse/m365-lighthouse-compare-compliance-policies?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Review remediation actions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-review-remediation-actions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How to schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/schedule-antivirus-scan-in-mde?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Select the domain to use for email from Microsoft 365 products](/microsoft-365/admin/email/select-domain-to-use-for-email-from-microsoft-365-products?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Train your custom model in Microsoft Syntex](/microsoft-365/syntex/train-model) \| modified \| +\| 7/14/2023 \| [Bookings in Outlook](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Enhancing mail flow with MTA-STS ](/microsoft-365/compliance/enhancing-mail-flow-with-mta-sts?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Allow cookies for LMS URLs in your browser](/microsoft-365/lti/browser-cookies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage Microsoft LMS Gateway for any LMS](/microsoft-365/lti/manage-microsoft-one-lti?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Integrate Microsoft Teams classes and meetings with Moodle](/microsoft-365/lti/teams-classes-meetings-with-moodle?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Submit files in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with troubleshooting mode in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Security baselines assessment configurations](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-configurations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Security baselines assessment profiles](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-profiles?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Troubleshooting mode scenarios in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshooting-mode-scenarios?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Block vulnerable applications (beta)](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Browser extensions assessment](/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Certificate inventory](/microsoft-365/security/defender-vulnerability-management/tvm-certificate-inventory?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 Business Premium trial playbook](/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [View or edit device protection policies](/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Integrate Microsoft OneDrive LTI with Canvas](/microsoft-365/lti/onedrive-lti?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy and manage Removable Storage Access Control using group policy](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-group-policy?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Deploy and manage Removable Storage Access Control using Intune](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Overview of importing your organization's PST files](/microsoft-365/compliance/importing-pst-files-to-office-365?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create indicators for IPs and URLs/domains](/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Block user sign-in](/microsoft-365/lighthouse/m365-lighthouse-block-user-signin?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-worldwide) \| modified \| +\| 3/28/2023 \| [Manage and monitor priority accounts](/microsoft-365/admin/setup/priority-accounts?view=o365-worldwide) \| modified \| +\| 3/28/2023 \| [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) \| modified \| +\| 3/28/2023 \| [France national ID card (CNI) entity definition](/microsoft-365/compliance/sit-defn-france-national-id-card?view=o365-worldwide) \| modified \| +\| 3/28/2023 \| [Indonesia identity card (KTP) number entity definition](/microsoft-365/compliance/sit-defn-indonesia-identity-card-number?view=o365-worldwide) \| modified \| +\| 3/28/2023 \| [Portugal citizen card number entity definition](/microsoft-365/compliance/sit-defn-portugal-citizen-card-number?view=o365-worldwide) \| modified \| +\| 3/28/2023 \| [Add several users at the same time to Microsoft 365 - Admin Help](/microsoft-365/enterprise/add-several-users-at-the-same-time?view=o365-worldwide) \| modified \| +\| 3/28/2023 \| [Specify the cloud protection level for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 3/28/2023 \| [Configure teams with protection for highly sensitive data](/microsoft-365/solutions/configure-teams-highly-sensitive-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Migrate Exchange Online DLP policies to Microsoft Purview compliance portal](/microsoft-365/compliance/dlp-migrate-exo-policy-to-unified-dlp?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use the Microsoft Purview Data Loss Prevention migration assistant for Symantec](/microsoft-365/compliance/dlp-migration-assistant-for-symantec-use?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-get-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-learn?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-use?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Plan for data loss prevention](/microsoft-365/compliance/dlp-overview-plan-for-dlp?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Data loss prevention policy tip reference for Outlook on the Web](/microsoft-365/compliance/dlp-owa-policy-tips?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Data Loss Prevention policy tips reference](/microsoft-365/compliance/dlp-policy-tips-reference?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with DLP for Power BI](/microsoft-365/compliance/dlp-powerbi-get-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use sensitivity labels as conditions in DLP policies](/microsoft-365/compliance/dlp-sensitivity-label-as-condition?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Share DLP alerts](/microsoft-365/compliance/dlp-share-alerts?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Test your DLP policies](/microsoft-365/compliance/dlp-test-dlp-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use DLP policies for non-Microsoft cloud apps](/microsoft-365/compliance/dlp-use-policies-non-microsoft-cloud-apps?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with the default DLP policy](/microsoft-365/compliance/get-started-with-the-default-dlp-policy?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How DLP works with Compliance portal & Exchange admin center](/microsoft-365/compliance/how-dlp-works-between-admin-centers?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use information barriers with SharePoint](/microsoft-365/compliance/information-barriers-sharepoint?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use named entities in DLP policies](/microsoft-365/compliance/named-entities-use?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create a DLP policy to protect documents](/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Common usage scenarios for sensitive information types](/microsoft-365/compliance/sit-common-scenarios?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage your exact data match schema](/microsoft-365/compliance/sit-use-exact-data-manage-schema?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Device health Microsoft Defender Antivirus health report](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Install Microsoft 365 apps](/microsoft-365/admin/setup/install-applications?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Remove yourself from the blocked senders list](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Collaborate and share securely in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-collaborate-share-securely?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Increase security in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Welcome to Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-setup-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy, manage, and report on Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage mailbox auditing](/microsoft-365/compliance/audit-mailboxes?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Exchange Multi-Geo](/microsoft-365/enterprise/multi-geo-capabilities-in-exchange-online?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy frontline dynamic teams at scale](/microsoft-365/frontline/deploy-dynamic-teams-at-scale?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Deploy frontline static teams at scale with PowerShell for frontline workers](/microsoft-365/frontline/deploy-teams-at-scale?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How to find the best frontline team solution for your organization](/microsoft-365/frontline/frontline-team-options?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Manage devices in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Set up web content filtering in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-web-content-filtering?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Secure by default in Office 365](/microsoft-365/security/office-365-security/secure-by-default?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [SIEM integration with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/siem-integration-with-office-365-ti?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [SIEM server integration with Microsoft 365 services and applications](/microsoft-365/security/office-365-security/siem-server-integration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Errors during admin submissions](/microsoft-365/security/office-365-security/submissions-error-messages?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Report phishing and suspicious emails in Outlook for admins](/microsoft-365/security/office-365-security/submissions-outlook-report-messages?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Submit malware and good files to Microsoft for analysis](/microsoft-365/security/office-365-security/submissions-submit-files-to-microsoft?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [User reported settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure your Microsoft 365 tenant for increased security](/microsoft-365/security/office-365-security/tenant-wide-setup-for-increased-security?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Threat hunting in Threat Explorer for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/threat-explorer-threat-hunting?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use Trusted ARC senders for legitimate devices and services between the sender and receiver](/microsoft-365/security/office-365-security/use-arc-exceptions-to-mark-trusted-arc-senders?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Migrate from the MDE SIEM API to the Microsoft 365 Defender alerts API](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Investigate malicious email that was delivered in Microsoft 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Configure shared mailbox settings](/microsoft-365/admin/email/configure-a-shared-mailbox?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Address compromised user accounts with automated investigation and response](/microsoft-365/security/office-365-security/address-compromised-users-quickly?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How EOP validates the From address to prevent phishing](/microsoft-365/security/office-365-security/anti-phishing-from-email-address-validation?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Anti-phishing protection](/microsoft-365/security/office-365-security/anti-phishing-protection-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Anti-spoofing protection](/microsoft-365/security/office-365-security/anti-phishing-protection-spoofing-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Tune anti-phishing protection](/microsoft-365/security/office-365-security/anti-phishing-protection-tuning?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Backscatter in EOP](/microsoft-365/security/office-365-security/anti-spam-backscatter-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Bulk complaint level values](/microsoft-365/security/office-365-security/anti-spam-bulk-complaint-level-bcl-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [ASF settings in EOP](/microsoft-365/security/office-365-security/anti-spam-policies-asf-settings-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Spam confidence level](/microsoft-365/security/office-365-security/anti-spam-spam-confidence-level-scl-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's the difference between junk email and bulk email?](/microsoft-365/security/office-365-security/anti-spam-spam-vs-bulk-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Spoof intelligence insight](/microsoft-365/security/office-365-security/anti-spoofing-spoof-intelligence?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Increased Microsoft 365 security for your Microsoft 365 for enterprise test environment](/microsoft-365/enterprise/increased-o365-security-microsoft-365-enterprise-dev-test-environment?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy Microsoft 365 Enterprise for your organization](/microsoft-365/enterprise/setup-overview-for-enterprises?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Optimize ASR rule deployment and detections](/microsoft-365/security/defender-endpoint/configure-machines-asr?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How to protect against phishing attacks](/microsoft-365/security/intelligence/phishing?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Prevent malware infection](/microsoft-365/security/intelligence/prevent-malware-infection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Office 365 documentation # < 60 chars](/microsoft-365/security/office-365-security/index?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 2. Deploy attack detection and response](/microsoft-365/solutions/ransomware-protection-microsoft-365-attack-detection-response?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Protect your organization's data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Deploy Microsoft Defender for Endpoint on macOS with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Migrate to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-worldwide) \| modified \| +\| 1/31/2023 \| [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) \| added \| +\| 1/31/2023 \| [Training modules for Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-modules?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Secure managed and unmanaged devices](/microsoft-365/business-premium/m365bp-managed-unmanaged-devices?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Detailed properties in the audit log](/microsoft-365/compliance/audit-log-detailed-properties?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Search the audit log to troubleshoot common scenarios](/microsoft-365/compliance/audit-troubleshooting-scenarios?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Free trial of Microsoft Purview compliance solutions](/microsoft-365/compliance/compliance-easy-trials?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about the DLP alerts dashboard](/microsoft-365/compliance/dlp-alerts-dashboard-learn?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/anti-malware-protection-for-spo-odfb-teams-about?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Anti-spoofing protection FAQ](/microsoft-365/security/office-365-security/anti-phishing-protection-spoofing-faq?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Anti-spam protection FAQ](/microsoft-365/security/office-365-security/anti-spam-protection-faq?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Respond to a compromised connector in Microsoft 365](/microsoft-365/security/office-365-security/connectors-detect-respond-to-compromise?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [EOP general FAQ](/microsoft-365/security/office-365-security/eop-faq?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Zero Trust identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/priority-accounts-security-recommendations?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Connect Microsoft Defender for Office 365 to Microsoft Sentinel](/microsoft-365/security/office-365-security/step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Getting started with defense in-depth configuration for email security](/microsoft-365/security/office-365-security/step-by-step-guides/defense-in-depth-guide?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Steps to quickly set up the Standard or Strict preset security policies for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How to configure quarantine permissions and policies](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-configure-quarantine-permissions-with-quarantine-policies?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [How to prioritize, Manage, Investigate & Respond to Incidents in Microsoft 365 Defender](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-prioritize-manage-investigate-and-respond-to-incidents-in-microsoft-365-defender?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Protect your c-suite with Priority account protection in Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/step-by-step-guides/protect-your-c-suite-with-priority-account-protection?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Review and remove unnecessary allow list entries with Advanced Hunting in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/review-allow-entries?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Search for emails and remediate threats using Threat Explorer in Microsoft 365 Defender](/microsoft-365/security/office-365-security/step-by-step-guides/search-for-emails-and-remediate-threats?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Steps to set up a weekly digest email of message center changes for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/stay-informed-with-message-center?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Office 365 step-by-step guides and how to use them](/microsoft-365/security/office-365-security/step-by-step-guides/step-by-step-guide-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Assess and tune your filtering for bulk mail in Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/tune-bulk-mail-filtering-walkthrough?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Set up Customer Key](/microsoft-365/compliance/customer-key-set-up?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Get started using the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Exclude devices in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/exclude-devices?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [How to schedule scans with Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-schedule-scan-mde?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Device inventory](/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [CloudAppEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Migrate advanced hunting queries from Microsoft Defender for Endpoint](/microsoft-365/security/defender/advanced-hunting-migrate-from-mde?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Work with advanced hunting query results in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-results?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Alert grading for suspicious email forwarding activity](/microsoft-365/security/defender/alert-grading-playbook-email-forwarding?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Alert grading for suspicious inbox forwarding rules](/microsoft-365/security/defender/alert-grading-playbook-inbox-forwarding-rules?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Alert grading for suspicious inbox manipulation rules](/microsoft-365/security/defender/alert-grading-playbook-inbox-manipulation-rules?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Deploy services supported by Microsoft 365 Defender](/microsoft-365/security/defender/deploy-supported-services?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Step 1. Triage and analyze your first incident](/microsoft-365/security/defender/first-incident-analyze?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Prepare your security posture for your first incident](/microsoft-365/security/defender/first-incident-prepare?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Incident response with Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Step 1. Plan for Microsoft 365 Defender operations readiness](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-plan?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Step 5. Develop and test use cases](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Fileless threats](/microsoft-365/security/intelligence/fileless-threats?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [How to protect against phishing attacks](/microsoft-365/security/intelligence/phishing?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Troubleshoot MSI portal errors caused by admin block](/microsoft-365/security/intelligence/portal-submission-troubleshooting?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Rootkits](/microsoft-365/security/intelligence/rootkits-malware?view=o365-worldwide) \| modified \| +\| 4/5/2022 \| [Submit files for analysis by Microsoft](/microsoft-365/security/intelligence/submission-guide?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Create a group in the admin center](/microsoft-365/admin/create-groups/create-groups?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Perform an internal admin takeover](/microsoft-365/admin/misc/become-the-admin?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Remove a domain from another account](/microsoft-365/admin/misc/remove-a-domain-from-another-account?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [How to schedule scans with Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Stream Microsoft Defender for Endpoint events to Azure Event Hubs](/microsoft-365/security/defender-endpoint/raw-data-export-event-hub?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Stream Microsoft Defender for Endpoint events to your Storage account](/microsoft-365/security/defender-endpoint/raw-data-export-storage?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft 365 admin center Teams app usage reports](/microsoft-365/admin/activity-reports/microsoft-teams-apps-usage?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use communication compliance with SIEM solutions](/microsoft-365/compliance/communication-compliance-siem?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Integrate Microsoft OneDrive LTI with Desire2Learn Brightspace](/microsoft-365/lti/onedrive-lti-brightspace?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender Antivirus Device Health export device antivirus health reporting](/microsoft-365/security/defender-endpoint/device-health-export-antivirus-health-report-api?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Investigate domains and URLs associated with a Microsoft Defender for Endpoint alert](/microsoft-365/security/defender-endpoint/investigate-domain?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use network protection to help prevent Linux connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-linux?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Professional services supported by Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/professional-services?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Technological partners of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/technological-partners?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Alert grading for malicious exchange connectors](/microsoft-365/security/defender/alert-grading-for-malicious-exchange-connectors?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Alert grading for session cookie theft alert](/microsoft-365/security/defender/session-cookie-theft-alert?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy and manage Office Add-ins](/microsoft-365/admin/manage/office-addins?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [SaaS linked apps](/microsoft-365/admin/manage/saas-linked-apps?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Teams apps that work on Outlook and Microsoft 365](/microsoft-365/admin/manage/teams-apps-work-on-outlook-and-m365?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Teams apps that only work on Teams](/microsoft-365/admin/manage/teams-apps-work-only-on-teams?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Get started with Integrated apps](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Case study - Contoso configures a communication compliance policy to identify potentially inappropriate text](/microsoft-365/compliance/communication-compliance-case-study?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Plan for communication compliance](/microsoft-365/compliance/communication-compliance-plan?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Enable admin notifications in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-admin-notifications?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Export insider risk management alert information](/microsoft-365/compliance/insider-risk-management-settings-alerts?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Enable analytics in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-analytics?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Configure inline alert customization in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-inline-alert-customization?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Configure intelligent detections in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-intelligent-detections?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Configure policy indicators in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-policy-indicators?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Set policy timeframes in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-policy-timeframes?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Automate insider risk management actions with Microsoft Power Automate flows (preview)](/microsoft-365/compliance/insider-risk-management-settings-power-automate?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Identify priority physical assets for insider risk management policies](/microsoft-365/compliance/insider-risk-management-settings-priority-physical-assets?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Prioritize user groups for insider risk management policies](/microsoft-365/compliance/insider-risk-management-settings-priority-user-groups?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Manage username privacy in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-privacy?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Enable Microsoft Teams for collaborating on insider risk management cases](/microsoft-365/compliance/insider-risk-management-settings-teams?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Learn about insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Enable controlled folder access](/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Use DMARC Reports to protect against spoofing and phishing in Microsoft Office 365](/microsoft-365/security/office-365-security/email-authentication-dmarc-reports?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Microsoft Defender for Office 365 permissions in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/mdo-portal-permissions?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Contextual file and folder exclusions](/microsoft-365/security/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Review architecture requirements and planning concepts for Microsoft Defender for Office 365](/microsoft-365/security/defender/eval-defender-office-365-architecture?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Enable the evaluation environment for Microsoft Defender for Office 365 in your production environment](/microsoft-365/security/defender/eval-defender-office-365-enable-eval?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Step 3. Evaluate Microsoft Defender for Office 365 overview](/microsoft-365/security/defender/eval-defender-office-365-overview?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Pilot Microsoft Defender for Office 365, use the evaluation in your production environment](/microsoft-365/security/defender/eval-defender-office-365-pilot?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Getting started with defense in-depth configuration for email security](/microsoft-365/security/office-365-security/step-by-step-guides/defense-in-depth-guide?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Use Microsoft Teams for collaboration](/microsoft-365/business-premium/create-teams-for-collaboration?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Setup overview for Microsoft 365 for Campaigns](/microsoft-365/business-premium/m365-campaigns-setup?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Threats detected by Microsoft Defender Antivirus](/microsoft-365/business-premium/m365bp-threats-detected-defender-av?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Microsoft Defender for Business Premium trial playbook](/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Locations of Microsoft Online Services Personnel with Remote Access to Data](/microsoft-365/enterprise/personnel-loc/m365-personnel-location?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Offboard a device from Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-offboard-devices?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Manage the workflow with the insider risk management users dashboard](/microsoft-365/compliance/insider-risk-management-users?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Delete items in the Recoverable Items folder](/microsoft-365/compliance/ediscovery-delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Tamper resiliency with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/tamper-resiliency?view=o365-worldwide) \| added \| +\| 7/14/2023 \| [Add a domain to Microsoft 365](/microsoft-365/admin/setup/add-domain?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Case study - Contoso configures an inappropriate text policy](/microsoft-365/compliance/communication-compliance-case-study?view=o365-worldwide) \| modified \| +\| 7/18/2022 \| [What's new in Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-worldwide) \| modified \| +\| 3/7/2022 \| [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-worldwide) \| modified \| +\| 3/7/2022 \| [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) \| modified \| +\| 7/14/2023 \| [Learn about and configure insider risk management browser signal detection](/microsoft-365/compliance/insider-risk-management-browser-support?view=o365-worldwide) \| modified \| ++ ## Week of July 03, 2023 \| 6/16/2023 \| [Common usage scenarios for sensitive information types](/microsoft-365/compliance/sit-common-scenarios?view=o365-worldwide) \| modified \| \| 6/16/2023 \| [Manage your exact data match schema](/microsoft-365/compliance/sit-use-exact-data-manage-schema?view=o365-worldwide) \| modified \| \| 6/16/2023 \| [Device health Microsoft Defender Antivirus health report](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health?view=o365-worldwide) \| modified \|-- -## Week of June 05, 2023 -- -\| Published On \|Topic title \| Change \| -\|\|\|--\| -\| 6/5/2023 \| [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) \| modified \| -\| 6/5/2023 \| Mail flow map \| removed \| -\| 6/6/2023 \| [Understanding deployment insights in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deployment-insights-overview?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Submit files in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Get baseline profile configurations](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-configurations?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Advanced Hunting API](/microsoft-365/security/defender-endpoint/run-advanced-query-api?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Microsoft 365 Defender advanced hunting API](/microsoft-365/security/defender/api-advanced-hunting?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Manage incidents and alerts from Defender for Office 365 in Microsoft 365 Defender](/microsoft-365/security/office-365-security/mdo-sec-ops-manage-incidents-and-alerts?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Admin review for user reported messages](/microsoft-365/security/office-365-security/submissions-admin-review-user-reported-messages?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Errors during admin submissions](/microsoft-365/security/office-365-security/submissions-error-messages?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Report phishing and suspicious emails in Outlook for admins](/microsoft-365/security/office-365-security/submissions-outlook-report-messages?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Report spam, non-spam, phishing, suspicious emails and files to Microsoft](/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Submit malware and good files to Microsoft for analysis](/microsoft-365/security/office-365-security/submissions-submit-files-to-microsoft?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [User reported message settings in Teams](/microsoft-365/security/office-365-security/submissions-teams?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [User reported settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-about?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Manage library settings in Microsoft Syntex](/microsoft-365/syntex/manage-library-settings) \| added \| -\| 6/6/2023 \| [Set up Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/set-up?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Configure remediation for Microsoft Defender Antivirus detections](/microsoft-365/security/defender-endpoint/configure-remediation-microsoft-defender-antivirus?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Protect Dev Drive using performance mode](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-antivirus-performance-mode?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) \| modified \| -\| 6/6/2023 \| [Overview of Microsoft Syntex](/microsoft-365/syntex/syntex-overview) \| modified \| -\| 6/7/2023 \| [Use sensitivity labels to protect calendar items, Teams meetings, and chat](/microsoft-365/compliance/sensitivity-labels-meetings?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [How to search the audit logs for actions performed by Defender Experts](/microsoft-365/security/defender/auditing?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Before you begin using Defender Experts for XDR](/microsoft-365/security/defender/before-you-begin-xdr?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Get started with Microsoft Defender Experts for XDR](/microsoft-365/security/defender/get-started-xdr?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [How to use the Microsoft Defender Experts for XDR service](/microsoft-365/security/defender/start-using-mdex-xdr?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Accessibility mode in Microsoft Syntex](/microsoft-365/syntex/accessibility-mode) \| modified \| -\| 6/7/2023 \| [Discover other trained models in Microsoft Syntex](/microsoft-365/syntex/discover-other-trained-models) \| modified \| -\| 6/7/2023 \| [Overview of unstructured document processing in Microsoft Syntex](/microsoft-365/syntex/document-understanding-overview) \| modified \| -\| 6/7/2023 \| [Get started with the Microsoft Purview extension for Chrome](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Learn about the Microsoft Purview extension for Chrome](/microsoft-365/compliance/dlp-chrome-learn-about?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Get started with the Microsoft Purview extension for Firefox](/microsoft-365/compliance/dlp-firefox-extension-get-started?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Learn about the Microsoft Purview extension for Firefox](/microsoft-365/compliance/dlp-firefox-extension-learn?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Microsoft 365 data locations](/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [What's new in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365-whats-new?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) \| modified \| -\| 6/7/2023 \| [Try and evaluate Defender for Office 365](/microsoft-365/security/office-365-security/try-microsoft-defender-for-office-365?view=o365-worldwide) \| modified \| -\| 6/8/2023 \| [Room and equipment mailboxes](/microsoft-365/admin/manage/room-and-equipment-mailboxes?view=o365-worldwide) \| modified \| -\| 6/8/2023 \| [Create organization-wide signatures and disclaimers](/microsoft-365/admin/setup/create-signatures-and-disclaimers?view=o365-worldwide) \| modified \| -\| 6/8/2023 \| [Troubleshoot license issues for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-support-license?view=o365-worldwide) \| modified \| -\| 6/8/2023 \| [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) \| modified \| -\| 6/8/2023 \| [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Cancel your Microsoft business subscription](/microsoft-365/commerce/subscriptions/cancel-your-subscription?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Learn about data loss prevention](/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Microsoft 365 data locations](/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Overview of Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Delete a model in Microsoft Syntex](/microsoft-365/syntex/delete-a-model) \| modified \| -\| 6/9/2023 \| [Configure shared mailbox settings](/microsoft-365/admin/email/configure-a-shared-mailbox?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Address compromised user accounts with automated investigation and response](/microsoft-365/security/office-365-security/address-compromised-users-quickly?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Configure anti-malware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Anti-malware protection](/microsoft-365/security/office-365-security/anti-malware-protection-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [How EOP validates the From address to prevent phishing](/microsoft-365/security/office-365-security/anti-phishing-from-email-address-validation?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Anti-phishing policies](/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Anti-phishing protection](/microsoft-365/security/office-365-security/anti-phishing-protection-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Anti-spoofing protection](/microsoft-365/security/office-365-security/anti-phishing-protection-spoofing-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Tune anti-phishing protection](/microsoft-365/security/office-365-security/anti-phishing-protection-tuning?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Backscatter in EOP](/microsoft-365/security/office-365-security/anti-spam-backscatter-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Bulk complaint level values](/microsoft-365/security/office-365-security/anti-spam-bulk-complaint-level-bcl-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [ASF settings in EOP](/microsoft-365/security/office-365-security/anti-spam-policies-asf-settings-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Configure spam filter policies](/microsoft-365/security/office-365-security/anti-spam-policies-configure?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Spam confidence level](/microsoft-365/security/office-365-security/anti-spam-spam-confidence-level-scl-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [What's the difference between junk email and bulk email?](/microsoft-365/security/office-365-security/anti-spam-spam-vs-bulk-about?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Spoof intelligence insight](/microsoft-365/security/office-365-security/anti-spoofing-spoof-intelligence?view=o365-worldwide) \| modified \| -\| 6/9/2023 \| [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) \| modified \|
lighthouse	M365 Lighthouse Get Access To Sales Advisor	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-get-access-to-sales-advisor.md	+ + Title: "Get access to Sales Advisor in Microsoft 365 Lighthouse" +f1.keywords: NOCSH ++++ Last updated : 07/17/2023 +audience: Admin ++ +ms.localizationpriority: medium + +- Tier1 +- scotvorg +- M365-subscription-management +- Adm_O365 + +- AdminSurgePortfolib +- M365-Lighthouse +search.appverid: MET150 +description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to get access to Sales Advisor." ++ +# Get access to Sales Advisor in Microsoft 365 Lighthouse + +This article provides instructions for how to sign up for Microsoft 365 Lighthouse Sales Advisor. Even if you have access to Lighthouse, additional role in Partner Center is required to gain access to Sales Advisor. + +Sales Advisor is built for sellers. Customer-facing roles in partnerΓÇÖs organization who are focused on business development, customer success, and sales can benefit from directly accessing the sales advisor experience. + +## Before you begin + +- Your partner tenant must be onboarded to Microsoft 365 Lighthouse. +- You must be a Global Administrator in the partner tenant that youΓÇÖre signing in to. If you arenΓÇÖt a Global Administrator, reach out to a Global Administrator from your organization to conduct the following steps for you. + +### Appropriate roles in Partner Center + +- Executive report viewer gives access to all reporting data sets. +- Report viewer gives access to most reporting data sets but not too sensitive data, such as revenue and customer or employee personal information. +- A Global admin or an Account admin can assign users these roles, which are assigned either for an entire company or for a specific Microsoft Cloud Partner Program location. + +For more information, see [CPP role-based access](/partner-center/insights-roles). + +## Get access to Sales Advisor + +1. Go to Microsoft 365 Partner Center at [https://partner.microsoft.com/dashboard/home](https://partner.microsoft.com/dashboard/home). + +2. Go to Account Settings \> User management. + +3. Under Users, select the user account to edit permissions. + +4. Under User details, navigate to Roles applicable to partner programs and select View data and reports for one or more locations (select the locations where the user needs to be able to view data and reports.) + +5. Assign Report viewer or Executive report viewer role using one of the two methods. + +- Select Entire organization if you want the user to have access to all locations listed plus any other new locations that will be added in the future. + +- Select One or more locations listed below and assign Report viewer or Executive report viewer from the dropdown in Report viewer roles column to grant access by location. + +## Next steps + +Once you have access to Sales Advisor, you can start reviewing insights on the Opportunities page. In the left navigation pane in Lighthouse, select Sales Advisor \> Opportunities. To learn more about opportunities, see [Understanding opportunities and data in Sales Advisor](m365-lighthouse-understanding-opportunities-and-data.md). + +## Related content + +[Overview of Sales Advisor](m365-lighthouse-sales-advisor-overview.md) (article)\ +[Understanding opportunities and data in Sales Advisor](m365-lighthouse-understanding-opportunities-and-data.md) (article)\ +[CPP role-based access](/partner-center/insights-roles) (article)\ +[Roles with access to the Insights dashboard](/partner-center/partner-center-insights) (article)
lighthouse	M365 Lighthouse Known Issues	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-known-issues.md	Previously updated : 07/03/2023 Last updated : 07/17/2023 audience: Admin Either granular delegated admin privileges (GDAP) plus an indirect reseller rela \| - \| - \| - \| \| Translation issues \| Users may experience language translation issues when the language of their browser, or their language selection in Lighthouse, is anything other than English. \| To minimize translation issues in Lighthouse, make sure that the browser's language selection matches that of the language setting in the Lighthouse portal. To change the language selection in Lighthouse, sign in to Lighthouse and select the gear icon at the top of the page to open the Portal settings page, select Language + region, and then select the appropriate language and regional formats. \| +## Sales Advisor + +\| Issue \| Description \| Solution \| +\| - \| - \| - \| +\| Total tenants and total seats count mismatch with Partner Center \| Total seats and tenants displayed in the summary view of Customer acquisition, Customer retention, and Customer growth tabs are mismatched between the Lighthouse experience and Partner Center experience. \| No workaround is required. This issue doesn't impact the number of opportunities visible in the recommendation table or the export. You'll still have access to the full list of opportunities available across your customer tenants. \| +\| Filtering and sorting experience in Lighthouse is different than in Partner Center \| Column sorting, Recommendation filter, Product filter, and MPN ID filter are unavailable in the Lighthouse experience. \| No workaround is required. You still have access to the full list of opportunities. \| + ## Related content [Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)\
lighthouse	M365 Lighthouse Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-overview.md	Previously updated : 06/09/2023 Last updated : 07/14/2023 audience: Admin description: "For Managed Service Providers (MSPs), learn how Microsoft 365 Ligh # Overview of Microsoft 365 Lighthouse -Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSPs) secure and manage devices, data, and users at scale for small- and medium-sized business (SMB) customers. +Microsoft 365 Lighthouse helps Managed Service Providers (MSPs) grow theirΓÇ»business and deliver services to customers at scale from a single portal. With Lighthouse, you can standardize configurations, manage risk, identify artificial intelligence (AI)-driven sales opportunities, and engage with customers in an unprecedented manner, allowing you to anticipate customer needs and maximize their investment in Microsoft 365. -Lighthouse simplifies onboarding of customer tenants by recommending security configuration baselines tailored to SMB customers and providing multi-tenant views across all customer environments. With Lighthouse, MSPs can scale the management of their customers, focus on what's most important, quickly find and investigate risks, and take action to get their customers to a healthy and secure state. +For MSPs with delegated access, Lighthouse simplifies onboarding of customer tenants by recommending security configuration baselines tailored to SMB customers and providing multi-tenant views across all customer environments. With Lighthouse, Service Engineers can scale the management of their customers, focus on what's most important, quickly find and investigate risks, and take action to get their customers to a healthy and secure state. -No additional costs are associated with using Lighthouse to manage Microsoft 365 services and connected devices. Lighthouse is available to MSPs enrolled in the Cloud Solution Provider (CSP) program that service SMB customers. This includes CSP partners transacting directly with Microsoft and those transacting through an indirect provider (distributor). +Lighthouse also provides capabilities for account managers. With AI-driven insights, Lighthouse delivers proactive, actionable, and personalized recommendations to help acquire new customers, improve customer retention, and expand business with premium offers. + +No additional costs are associated with using Lighthouse to manage Microsoft 365 services and connected devices. Lighthouse is available to partners enrolled in the Cloud Solution Provider (CSP) program, including both Direct-Bill and Indirect Resellers. > [!IMPORTANT] > To use Lighthouse, MSPs and their customer tenants must meet the requirements listed in [Microsoft 365 Lighthouse requirements](m365-lighthouse-requirements.md). For more information about the CSP program, see the [Cloud Solution Provider pro ## Microsoft 365 Lighthouse benefits -Lighthouse helps MSPs secure and manage Microsoft 365 services and connected endpoints at scale by: +Lighthouse helps MSPs grow secure and manage Microsoft 365 services and connected endpoints at scale by: +- Presenting AI-driven recommendations to better acquire and retain customers and grow your business. - Providing tenant deployment journeys so technicians can follow a consistent set of steps to secure and configure customer tenants. - Using a default SMB security baseline that prescribes best practices targeted to small- and medium-sized business tenants.-- Providing multi-tenant insights on device compliance for a clear view of how devices are being evaluated across all organizations, tools to compare policies, and the top settings that aren't being met. +- Providing multi-tenant insights on device compliance for a clear view of how devices are being evaluated across all organizations, tools to compare policies, and the top settings that aren't being met. - Simplifying common tasks like resetting a password. - Configuring multifactor authentication and self-service password reset (SSPR), including tools to help drive adoption by users. - Understanding and protecting against risky sign-ins.
lighthouse	M365 Lighthouse Requirements	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-requirements.md	Previously updated : 06/09/2023 Last updated : 07/14/2023 audience: Admin description: "For Managed Service Providers (MSPs), get a list of requirements t # Requirements for Microsoft 365 Lighthouse -Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSPs) secure and manage devices, data, and users at scale for small- and medium-sized business (SMB) customers. +Microsoft 365 Lighthouse is a portal that helps Managed Service Providers (MSPs) grow their business and deliver services at scale for small- and medium-sized business (SMB) customers. Lighthouse provides multi-tenant views across customer devices, data, users, and sales opportunities to help customers get the most value from Microsoft 365. -MSPs must be enrolled in the Cloud Solution Provider (CSP) program as an Indirect Reseller or Direct Bill partner to use Lighthouse. +Lighthouse is available to partners enrolled in the Cloud Solution Provider (CSP) program, including both Direct-Bill and Indirect Resellers. > [!NOTE] > Only MSPs are required to enroll in the CSP program; the customers they manage do not need to enroll in the CSP program. In addition, each MSP customer tenant must meet the following requirements to be - Must have delegated access set up for the Managed Service Provider (MSP) to be able to manage the customer tenant > [!NOTE] > Either granular delegated admin privileges (GDAP) or a delegated admin privileges (DAP) relationship is required to onboard customers to Lighthouse. An indirect reseller relationship is no longer required to onboard to Lighthouse. If DAP and GDAP coexist in a customer tenant, GDAP permissions take precedence for MSP technicians in GDAP-enabled security groups. + > [!NOTE] + > To use Lighthouse to view opportunities in Sales advisor, you donΓÇÖt need additional delegated access permissions from the customer. - Must have at least one license of Microsoft 365 Business Premium, Microsoft 365 E3, Microsoft 365 E5, Windows 365 Business, or Microsoft Defender for Business - Must have no more than 2500 licensed users - Must reside in the same geographic region (Americas, European Union, or Asia plus Australia) as the partner organization that manages them Microsoft Defender Antivirus is part of the Windows operating system and is enab > [!NOTE] > If you're using a non-Microsoft antivirus solution and not Microsoft Defender Antivirus, Microsoft Defender Antivirus is disabled automatically. When you uninstall the non-Microsoft antivirus solution, Microsoft Defender Antivirus is activated automatically to protect your Windows devices from threats. +## Requirements for enabling Sales Advisor + +To use Sales Advisor to view customer opportunities, you must hold either the Executive report viewer or Report viewer role in Partner Center. + +> [!NOTE] +> Only a Global admin in Partner Center can assign the Executive report viewer or Report viewer roles. + +For more information, see [Get access to Sales advisor](m365-lighthouse-get-access-to-sales-advisor.md). + ## Related content [Configure Microsoft 365 Lighthouse portal security](m365-lighthouse-configure-portal-security.md) (article)\
lighthouse	M365 Lighthouse Sales Advisor Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-sales-advisor-overview.md	+ + Title: "Overview of Sales Advisor in Microsoft 365 Lighthouse" +f1.keywords: NOCSH ++++ Last updated : 07/17/2023 +audience: Admin ++ +ms.localizationpriority: medium + +- Tier1 +- scotvorg +- M365-subscription-management +- Adm_O365 + +- AdminSurgePortfolib +- M365-Lighthouse +search.appverid: MET150 +description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn about Sales Advisor and how it can help you grow your business." ++ +# Overview of Sales Advisor in Microsoft 365 Lighthouse + +Sales Advisor is a customer lifecycle management (CLM) experience that provides AI-driven customer insights, actionable recommendations, and prescriptive guidance across the customer lifecycle. Sales Advisor is based on a set of business rules, customer usage, and licensing positions. It enables a technique called "propensity modeling" to present dynamic opportunities for partners to better acquire, retain, and grow their customers. + +To view Sales Advisor, select Sales Advisor \> Opportunities in the left navigation pane in Lighthouse. + +IMPORTANT: To use Sales Advisor, users must have the appropriate roles listed in [Get access to Sales Advisor](m365-lighthouse-get-access-to-sales-advisor.md). + +## Watch: What is Sales Advisor? + +Video: [Preview: Microsoft 365 Lighthouse Sales Advisory](https://cloudpartners.transform.microsoft.com/download?assetname=assets%2FM365-Lighthouse-Sales-Advisor-Sizzle-Video.mp4) + +## Sales Advisor benefits + +Ensure your customersΓÇÖ success by using AI-driven customer insights, actionable recommendations, and prescriptive guidance. Maximize your customersΓÇÖ investment in Microsoft 365 and deliver value at every stage of their journey. ++ +- Understand your customers better: Sales Advisor analyzes your customers' behavior, preferences, needs, and feedback across multiple channels and sources. It gives you a holistic view of your customers' health and interests, so you can tailor your communication and offers accordingly. + +- Nurture your customers proactively: Sales Advisor identifies the best opportunities for engaging with your customers based on their potential value, risk, and readiness. It helps you prioritize your actions and outreach, so you can focus on the most impactful activities that can drive retention, growth, and advocacy. + +- Deliver value consistently: Sales Advisor guides you through the best practices and steps for delivering value to your customers throughout their lifecycle. It helps you align your offerings with their goals and challenges, demonstrate the benefits of your solutions, and address any issues or concerns effectively. + +- Identify the right customer to engage with at the right time. + +- Get early warning of customers who are at risk of churning. + +- Tap into contextual insights to better understand the opportunity. + +- Know your customers and where they are in their cloud journey. + +- Take advantage of MicrosoftΓÇÖs best-practice recommendations. + +- Access┬áopportunity-specific resources to drive action. + +## Available languages + +Sales Advisor is offered in multiple languages. For those countries where the local language isn't listed, the fallback is English, but Partner Center does allow the user to set their preferred language. More languages may be available in the future. + +Sales Advisor currently supports the following languages: + +- English (United States) +- French (France) +- Spanish (Spain) +- German +- Italian +- Korean +- Dutch +- Portuguese (Brazil) +- Turkish + +## Privacy + +Sales Advisor is offered in multiple languages. For those countries where the local language isn't listed, the fallback is English, but Partner Center does allow the user to set their preferred language. More languages may be available in the future. + +Sales Advisor currently supports the following languages: + +- English (United States) +- French (France) +- Spanish (Spain) +- German +- Italian +- Korean +- Dutch +- Portuguese (Brazil) +- Turkish + +## Getting access to Sales Advisor + +To use Sales Advisor, you must hold either the Executive report viewer or report viewer role in Partner Center. For more information, see Get access to Sales Advisor. + +## Related content + +[Get access to Sales Advisor](m365-lighthouse-get-access-to-sales-advisor.md) (article)\ +[Understanding opportunities and data in Sales Advisor](m365-lighthouse-understanding-opportunities-and-data.md) (article)\ +[Microsoft 365 Lighthouse ΓÇô Transform](https://cloudpartners.transform.microsoft.com/partner-gtm/smb/m365-lighthouse) (Blog)
lighthouse	M365 Lighthouse Sign Up	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-sign-up.md	Previously updated : 06/09/2023 Last updated : 07/17/2023 audience: Admin description: "For Managed Service Providers (MSPs), learn how to sign up for Mic # Sign up for Microsoft 365 Lighthouse -This article provides instructions for how to sign up for Microsoft 365 Lighthouse. Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSPs) secure and manage devices, data, and users at scale for small- and medium-sized business (SMB) customers. +This article provides instructions for how to sign up for Microsoft 365 Lighthouse. Microsoft 365 Lighthouse is an admin portal that helps Managed Service Providers (MSPs) grow their business and deliver managed services at scale for small-and medium-sized business (SMB) customers. Lighthouse provides multi-tenant views across customer devices, data, users, and sales opportunities to help customers get the most value from Microsoft 365. ## Before you begin -- Microsoft 365 Lighthouse is deployed in the partner tenant only—not in the customer tenants, but make sure you and your customer tenants meet the requirements listed in [Microsoft 365 Lighthouse requirements](m365-lighthouse-requirements.md). +- Microsoft 365 Lighthouse is deployed in the partner tenant only—not in the customer tenants, but make sure you and your tenants meet the requirements listed in [Microsoft 365 Lighthouse requirements](m365-lighthouse-requirements.md). - You must be a Global Administrator in the partner tenant that you're signing in to. This article provides instructions for how to sign up for Microsoft 365 Lighthou ## Next steps -[Configure Microsoft 365 Lighthouse portal security](m365-lighthouse-configure-portal-security.md) +Lighthouse comes with both required and optional capabilities to help you configure Lighthouse portal security. For more information, see [Configure Microsoft 365 Lighthouse portal security](m365-lighthouse-configure-portal-security.md). + +To access the Sales Advisor feature in Lighthouse, you must set up additional roles in Partner Center. For more information, see [Get access to Sales Advisor](m365-lighthouse-get-access-to-sales-advisor.md). ## Related content -[Overview of Microsoft 365 Lighthouse](m365-lighthouse-overview.md) (article) -[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article) +[Overview of Microsoft 365 Lighthouse](m365-lighthouse-overview.md) (article)\ +[Overview of Sales Advisor](m365-lighthouse-sales-advisor-overview.md) (article)\ +[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)\ [Microsoft 365 Lighthouse and Microsoft Defender for Business](../security/defender-business/mdb-lighthouse-integration.md) (article)
lighthouse	M365 Lighthouse Troubleshoot	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-troubleshoot.md	This article describes error messages and problems that you might encounter whil ## Partner onboarding -### Message when trying to access Lighthouse: "Microsoft 365 Lighthouse doesn't support indirect providers at this time, you must be an indirect reseller or direct bill partner to use this service" +### Message when trying to access Lighthouse: "Microsoft 365 Lighthouse doesn't support indirect providers at this time, you must be an indirect reseller or direct-bill partner to use this service" Cause: You attempted to access Lighthouse as an indirect-bill partner. At this time, Lighthouse supports only indirect resellers and direct-bill partners. You should also make sure Conditional Access policies configured in the customer If data is still not appearing on the Device compliance and Threat management pages after following the resolution instructions, contact Support. For more information, see [Get help and support for Microsoft 365 Lighthouse](m365-lighthouse-get-help-and-support.md). +## Sales Advisor + +### Message when viewing the Sales Advisor Opportunities page in Lighthouse: "You don't have permission to view the information on this page" + +Cause: You don't have the correct permissions in Partner Center to view the Sales Advisor pages in Lighthouse. + +Resolution: Verify that you have either the Report viewer or Executive report viewer role for one or more Microsoft Cloud Partner Program locations in Partner Center. Only someone with the Global admin role in Partner Center can assign these roles. For more information, see [Get access to Sales Advisor within Microsoft 365 Lighthouse](m365-lighthouse-get-access-to-sales-advisor.md). + +### Message when viewing the Sales Advisor Opportunities page in Lighthouse: "There are no opportunities" + +Cause 1: Sales Advisor's propensity model may not be generating new recommendations for your customers. This means that there are currently no opportunities for you to view or act on. + +Resolution: Check back in two weeks to see if any new recommendations have been generated. + +Cause 2: There's a technical problem on our backend that's preventing opportunities from being displayed. + +Resolution: Open a service request by following the instructions in [Get help and support for Microsoft 365 Lighthouse](m365-lighthouse-get-help-and-support.md). To create a Lighthouse service request, make sure you have a partner tenant role and at least one Azure AD role assigned to you with the following property set: microsoft.office365.supportTickets/allEntities/allTasks. For a complete list of Azure AD roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). + +### Message when trying to access Lighthouse from the Partner Insights tab of Sales advisor: "You must be an indirect reseller or direct-bill partner to use this service" or I'm redirected to the Lighthouse Home page but can't sign in + +Cause 1: Microsoft 365 Lighthouse hasn't been deployed in your partner tenant yet. + +Resolution: Work with a Global Administrator in your partner tenant to deploy Lighthouse. For more information, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md). + +Cause 2: Your organization has multiple partner tenants and you attempted to access Lighthouse using credentials for a partner tenant that hasn't yet deployed Lighthouse. + +Resolution: Use the same Azure AD credentials that you used to sign in to Partner Center to access Lighthouse. If you're unsure, reach out to a Global Administrator in your partner tenant to confirm which partner tenants have deployed Lighthouse. If needed, have them deploy Lighthouse to the partner tenant that you're trying to use. For more information, see [Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md). + +Cause 3: You attempted to access Lighthouse from a partner tenant that isn't qualified to use Lighthouse. At this time, Lighthouse supports only indirect resellers and direct-bill partners. + +Resolution: For a complete list of qualifications and requirements, see [Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md). If you're not an indirect provider and believe you received this message in error, contact Support. For more information, see [Get help and support for Microsoft 365 Lighthouse](m365-lighthouse-get-help-and-support.md). + +### Data or opportunities displayed on Sales Advisor pages seem inaccurate + +Cause: If you see an opportunity with a customer that you don't recognize, you may have incomplete or incorrect information regarding the partner relationship that your organization has with that customer. + +Resolution: Open a service request by following the instructions in [Get help and support for Microsoft 365 Lighthouse](m365-lighthouse-get-help-and-support.md). To create a Lighthouse service request, make sure you have a partner tenant role and at least one Azure AD role assigned to you with the following property set: microsoft.office365.supportTickets/allEntities/allTasks. For a complete list of Azure AD roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). + ## Related content [Known issues with Microsoft 365 Lighthouse](m365-lighthouse-known-issues.md) (article)\
lighthouse	M365 Lighthouse Understanding Opportunities And Data	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-understanding-opportunities-and-data.md	+ + Title: "Understanding opportunities and data in Sales Advisor in Microsoft 365 Lighthouse" +f1.keywords: NOCSH ++++ Last updated : 07/17/2023 +audience: Admin ++ +ms.localizationpriority: medium + +- Tier1 +- scotvorg +- M365-subscription-management +- Adm_O365 + +- AdminSurgePortfolib +- M365-Lighthouse +search.appverid: MET150 +description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn more about sales opportunities using Sales Advisor." +++ +# Understanding opportunities and data in Sales Advisor in Microsoft 365 Lighthouse + +Sales Advisor focuses on producing recommendations that help drive the conversations partners have with customers throughout the customer lifecycle. It uses machine learning (ML) models to provide recommended actions and the reasoning behind each recommendation. The data used in the models combine insights about the customer, the current subscriptions, and the usage and engagement of each product. + +The current machine learning models recommend growth, retention, and acquisition opportunities. + +## Opportunities + +Opportunities are specific, actionable recommendations generated by Sales Advisor. Each opportunity contains a recommendation for a particular customer, insights, suggested actions, resources, subscriptions, and usage data to guide you. Each opportunity contains the following data: + +- Customer: Name of customer + +- Recommendation: Recommended action for this opportunity + +- Probability Status: The probability that a prediction is correct. Possible values are High, Medium, or Low. + +- Opportunity type: Indicates the general category of opportunities being presented. + + - Customer acquisition + + - Customer retention + + - Customer growth + +- Product: Product associated with the opportunity (not visible for Customer retention opportunities) + +- Seats: Number of paid licenses in the customer tenant + +- Date Added/Created: Date the opportunity was first created for the customer. Recommendations are refreshed regularly to capture the most recent customer signals, so an opportunity will continue to show up if the customer signals remain the same, regardless of when it was first created. + +NOTE: Each customer can have zero, one, or more opportunities. Only customers with one or more opportunities will be populated into the opportunities table. Within each opportunity type, there will be only up to one opportunity per customer. + +## Opportunities page + +The Opportunities page displays opportunities across all opportunity types, customer acquisition, customer retention, and customer growth. The Opportunities page summarizes the highest value opportunities within a partnerΓÇÖs Microsoft 365 install base. The All opportunities tab is divided into three areas: + +- Opportunities overview - a summary view that contains the number of total customer tenants and the number of opportunities by opportunity type. + +- Prioritized opportunities - a summary view that breaks down the number of high-propensity opportunities and medium-propensity opportunities by opportunity type. + +- Recommendation table ΓÇô contains Customer Tenant, Recommendation, Probability status, Opportunity type, Seats, Date Added, and Provide feedback. By default, the table is sorted to display the newest recommendation first. The recommendation table view displays each opportunity as a separate row. + +The Customer acquisition, Customer retention, and Customer growth tabs are a view of the same opportunity data filtered by opportunity category. ++ +The Opportunities page also includes the following options: + +- Export: Select to export opportunities data to an Excel comma-separated values (.csv) file. + +- Search: Enter keywords to quickly locate a specific tenant in the list. + +## Opportunity Category + +There are three categories of opportunities to cover the stages of a customerΓÇÖs lifecycle ΓÇô customer acquisition, customer retention, and customer growth. These types align with the three tabs on the Opportunities page. + +### Customer acquisition + +Opportunity type that is designed to accelerate customer acquisition using trials and trial conversion conversations to sell Microsoft 365 more efficiently. Partners can discover opportunities to acquire new users by converting trial subscriptions to paid offerings. + +### Customer retention + +Opportunity type that is designed to get early warnings where direct engagement can avoid future Microsoft 365 churn to serve better and retain customers. Partners can discover opportunities to increase adoption and mitigate customersΓÇÖ risk of churning. + +### Customer growth + +Opportunity type that is designed to know which customers are ready for the next step in their digital transformation based on usage patterns and behaviors of similar customers. Partners can discover opportunities to grow your business by upgrading customers to higher-value subscriptions. + +### Models available by opportunity type + +Below are the data models currently available in Sales Advisor as recommendations by opportunity category. + +\| Opportunity model \| Opportunity category \| Based on \| SKUs/Products covered \| +\|--\|-\|\|--\| +\| B-SKU: Microsoft 365 Business SKUs \| Customer growth \| Machine Learning \| Standalone, Business Basic, Business Standard, Business Premium \| +\| E-SKU: Microsoft 365 Enterprise SKUs \| Customer growth \| Machine Learning \| Office 365 E3, Microsoft 365 E3, Microsoft 365 E5, EMS E5 \| +\| Churn Risk \| Customer retention \| Machine Learning \| Core Apps, Teams, SMB Tenants \| +\| SMB Tenant Engagement \| Customer retention \| Business rule \| Email, Core Apps, Teams, SharePoint, OneDrive for Business \| +\| MDO Growth Recommendation \| Customer growth \| Decision Tree \| Microsoft 365 Business Premium or Microsoft Defender for Office 365 P2 \| +\| MFA Engagement Recommendation \| Customer engagement \| Decision Tree \| Multi-Factor Authentication in Azure AD \| +\| MDB Growth Recommendation \| Customer growth \| Decision Tree \| Microsoft Defender for Business (MDB) \| +\| Trials \| Customer acquisition \| Business rule \| Teams Exploratory \| + +## Sales Advisor Terminology + +The following list provides important terms and definitions used within Sales Advisor. ++ +\| Term \|Definition \| +\|--\|-\| +\| Active Usage \| Active Usage aggregates the number of active users or devices based on intentional actions, which varies on each application. Active usage data can help calculate usage metrics such as Daily Active Users (DAU) and Monthly Active Users (MAU). \| +\| Active users \| Number of users actively using the workload. \| +\| Assigned users \| Number of seats containing the workload assigned to a user. \| +\| Customer acquisition \| Opportunity category that is designed to accelerate customer acquisition using trials and trial conversion conversations to sell Microsoft 365 more efficiently. \| +\| Customer growth \| Opportunity category that is designed to know which customers are ready for the next step in their digital transformation based on usage patterns and behaviors of similar customers. \| +\| Customer insights \| The characteristics of the selected customer based on historical data and correlation explain why we're suggesting the specific recommendation. \| +\| Customer retention \| Opportunity category that is designed to get early warnings where direct engagement can avoid future Microsoft 365 churn to serve better and retain customers. \| +\| Customer usage information \| Tab within the Customer Recommendation flyout that displays how people are using Microsoft 365 services for all products owned. The graph shows usage per user, and the table shows the number of assigned users, active users, and trends. \| +\| Customers with opportunities \| Summary of customers that have one or more opportunities. \| +\| Opportunity \| Opportunities are specific, actionable actions generated from Sales Advisor's propensity modeling. Each opportunity contains a recommendation for a particular customer, insights, suggested actions, resources, subscriptions, and usage data to guide the partner. \| +\| Opportunity Category \| Type of opportunity. There are three opportunity categories: Customer acquisition, Customer retention, and Customer growth. Indicates the general category of opportunities presented. \| +\| Opportunities by category \| Summary of opportunities across customer lifecycle stage (Customer acquisition, Customer retention, Customer growth). \| +\| Probability Status \| The probability that the prediction is correct, with possible values of High or Low. \| +\| Product \| Microsoft Product associated with the opportunity. \| +\| Recommendation \| Recommended action for this opportunity. \| +\| Resources \| Within a customer recommendation, resources are documents such as a playbook, demo, cheat sheets, and email templates to help prepare partners for the conversation with the customer regarding the opportunity. \| +\| Seats \| Number of paid licenses in the customer tenant. \| +\| Subscriptions \| Tab within the Customer Recommendation flyout that displays the product name, purchased quantity, and subscription status of products purchased by the customer from the partnerΓÇÖs organization or from Microsoft directly. \| +\| Suggested actions \| Specific actions, such as running a workshop, are suggested to enforce the recommendation. \| +\| Trend \| The trend in monthly active usage over the previous three months. No change, Positive, or Negative. \| +\| Usage per user \| History of the Monthly Active Usage per workload \| +\| Workload \| Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, etc. \| + +## Frequently Asked Questions (FAQs) for Sales Advisor + +Refer to the Managing opportunities with Sales Advisor section of [Frequently asked questions (FAQs)](m365-lighthouse-faq.yml) to learn more about Sales Advisor. + +## Related content + +[View opportunities in Sales Advisor](m365-lighthouse-view-opportunities.md) (article) +[Overview of Sales Advisor](m365-lighthouse-sales-advisor-overview.md) (article)
lighthouse	M365 Lighthouse View Opportunities	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-view-opportunities.md	+ + Title: "View opportunities in Sales Advisor in Microsoft 365 Lighthouse" +f1.keywords: NOCSH ++++ Last updated : 07/17/2023 +audience: Admin ++ +ms.localizationpriority: medium + +- Tier1 +- scotvorg +- M365-subscription-management +- Adm_O365 + +- AdminSurgePortfolib +- M365-Lighthouse +search.appverid: MET150 +description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to view sales opportunities using Sales Advisor." ++ +# View opportunities in Sales Advisor in Microsoft 365 Lighthouse + +Sales Advisor provides actionable recommendations to manage your customer and grow your business. To understand what an opportunity is, see [Understanding opportunities and data in Sales Advisor](m365-lighthouse-understanding-opportunities-and-data.md). + +Each customer can have zero, one, or more opportunities. Only customers with one or more opportunities are populated into the opportunities table. Within each opportunity type, there will be only up to one opportunity per customer. + +## Before you begin + +You must hold the Executive report viewer or Report viewer role in Partner Center to access Sales Advisor. To learn more, see [Get access to Sales Advisor](m365-lighthouse-get-access-to-sales-advisor.md). + +## View opportunities + +1. In the left navigation pane in Lighthouse, select Sales Advisor \> Opportunities. + +2. On the All opportunities tab, select the tenant you want to research. + +3. From the tenant details pane, review each of the tabs for specific tenant details and possible action. + +\|Tab \|Description \| +\|\|\| +\|Recommendation \| Contains the following: <br>Customer insights - characteristics of the selected customer based on historical data and correlation, explains why we're suggesting the specific recommendation. <br>Suggested actions - specific suggestions to enforce the recommendation (such as running a workshop). <br>Related Resources - marketing materials such as playbook, demo, cheat sheets, and email templates to help prepare partners for the conversation with the customer regarding the opportunity. \| +\|Subscription \| Contains subscription information about the products purchased by the customer from the partnerΓÇÖs organization or from Microsoft directly, including product name, purchase quantity, and subscription status (Active/Inactive). \| +\|Usage \| Shows how users use Microsoft 365 services for all products the customer owns. Includes a usage per-user graph that can be filtered by workload. In addition, a table view with the following information:<br>Workload - Exchange Online, OneDrive for Business, Azure Active Directory, etc.<br>Assigned users - Number of seats containing the workload assigned to a user.<br>Active users - Number of users actively using the workload.<br>Trend - The trend in monthly active usage over the previous three months is defined as No change, Positive or Negative. \| + +## View opportunities by opportunity type + +1. In the left navigation pane in Lighthouse, select Sales Advisor \> Opportunities. +2. Select the desired opportunity type you want to review. + +For a definition of each opportunity type, see the Opportunity Type section in [Understanding opportunities and data in Sales Advisor](m365-lighthouse-understanding-opportunities-and-data.md). + +## Export opportunities out of Sales Advisor + +1. In the left navigation pane in Lighthouse, select Sales Advisor \> Opportunities. +2. Select the view you want to export (All opportunities, Customer acquisition, Customer retention, or Customer growth). +3. Filter the list as needed using the filters (Probability, Opportunity type, and Date created). +4. Select Export. + +Lighthouse exports the data displayed into a CSV file that you can integrate into internal tools and create custom reports. If youΓÇÖve applied filters to the table, the exported data reflect the selected filters. The downloaded CSV file contains the following data: + +- Customer ID +- TPID +- Customer Name +- Opportunity Type +- Customer Insight +- Suggested Actions +- Related Resources +- Growth Propensity +- Recommended Product +- Seats +- Date added +- Link (a unique URL for each opportunity) + +## Related content + +[Overview of Sales Advisor](m365-lighthouse-sales-advisor-overview.md) (article)\ +[Get access to Sales Advisor](m365-lighthouse-get-access-to-sales-advisor.md) (article)\ +[Understanding opportunities and data in Sales Advisor](m365-lighthouse-understanding-opportunities-and-data.md) (article)
loop	Loop Compliance Summary	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-compliance-summary.md	+ Last updated : 06/19/2023 + Title: "Summary of compliance capabilities for Loop experiences" ++++ +recommendations: true +audience: Admin +f1.keywords: +- NOCSH + +ms.localizationpriority: medium ++ +- Strat_SP_admin +- Microsoft 365-collaboration +- Tier3 +search.appverid: +- SPO160 +- MET150 +description: "Learn about the compliance how to manage Loop components capabilities for Loop experiences." ++ +# Summary of compliance capabilities for Loop + +Loop experiences offer many compliance features. This article provides a summary of the compliance features frequently requested that are not available yet in Loop. + +## Summary of compliance capabilities for Loop components + +Loop components created outside of the Loop app in other Microsoft 365 apps (such as [Teams](https://support.microsoft.com/office/first-things-to-know-about-loop-components-in-microsoft-teams-ee2a584b-5785-4dd6-8a2d-956131a29c81), [Outlook](https://support.microsoft.com/office/use-loop-components-in-outlook-9b47c279-011d-4042-bd7f-8bbfca0cb136), [Whiteboard](https://support.microsoft.com/office/loop-components-in-whiteboard-c5f08f54-995e-473e-be6e-7f92555da347), [Word for the web](https://support.microsoft.com/office/use-loop-components-in-word-for-the-web-645cc20d-5c98-4bdb-b559-380c5a27c5e5)) are stored in the creator's OneDrive. For example, if User A creates a Loop component within a Teams chat with User B, that Loop component is stored in User A's OneDrive and is shared with User B. + +Because Loop components are stored as files in OneDrive, there are many capabilities you're already familiar with that function just like any other file in OneDrive of SharePoint. Here are the notable differences from Office files in OneDrive that are not available yet for Loop components: + +- [Sensitivity Labeling](/microsoft-365/compliance/information-protection) (Microsoft Information Protection) at the File-level +- [Data Loss Prevention (DLP)](/microsoft-365/compliance/dlp-learn-about-dlp) +- Graph API to convert .loop file content into HTML +- [Conditional Access](/azure/active-directory/conditional-access/overview) + +## Summary of compliance capabilities for content created in Loop workspaces + +Content created in a Loop workspace is stored in Syntex repository services. You can learn more about it here: [Introducing Syntex repository + +Syntex repository services has many of the same compliance capabilities as the rest of SharePoint and OneDrive. However, the capabilities below are not available yet for content created in Loop workspaces. While we continue to improve rapidly in this area, if you require any of these capabilities, Microsoft recommends proactively disabling Loop workspaces using the instructions here: [Manage Loop workspaces in Syntex repository services](/microsoft-365/loop/loop-workspaces-configuration): + +- [Intune Device Management Support](/mem/intune/remote-actions/device-management) +- Third-party tools for discovery workflows and Graph API export +- Full eDiscovery export using Purview +- Tenant admin experience: Discovery of all Loop workspaces in Purview or SPO Tenant Admin center +- Tenant admin experience: Restoring a deleted workspace or pages +- [Retention Policies, Retention Labels, and Preservation Hold](/microsoft-365/compliance/retention-policies-sharepoint) +- [Legal Hold](/sharepoint/governance/ediscovery-and-in-place-holds-in-sharepoint-server) +- [Sensitivity Labeling](/microsoft-365/compliance/information-protection) (Microsoft Information Protection) at the File-level and Container-level +- Multiple owners on a workspace +- [Data Loss Prevention (DLP)](/microsoft-365/compliance/dlp-learn-about-dlp) +- Granular audit logs that describe all activity related to item/entity creation, access, alteration, and deletion +- [Stream audit log data](/microsoft-365/compliance/audit-log-activities) to 1st and 3rd-party systems for ingestion and analysis +- [Alerting](/microsoft-365/compliance/alert-policies) on unusual data movement or access patterns +- [Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo) support +- [Conditional Access](/azure/active-directory/conditional-access/overview) + +This list of capabilities is not exhaustive + +> [!NOTE] +> The list of capabilities in this section applies to content created in Loop workspaces (Syntex repository services). It does not apply to Loop components created in either Teams, Outlook, Whiteboard or Word for the web (which are created in OneDrive). + +## Related topics + +- [Overview of Loop components in Microsoft 365](/microsoft-365/loop/loop-components-teams) +- [Overview of Loop workspaces storage and permissions](/microsoft-365/loop/loop-workspaces-storage-permission)
scheduler	Scheduler Faqs	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-faqs.md	- Title: "Scheduler for Microsoft 365 FAQ"--- Previously updated : 04/15/2021-- -description: "Scheduler for Microsoft 365 FAQ" -- -# Scheduler for Microsoft 365 FAQ - -> [!IMPORTANT] -> Scheduler for Microsoft 365 will stop working in August 2023. After that date, Scheduler won't be able to create or modify any meeting requests. - -Question: How does Scheduler integrate with other Cortana features, such as Cortana for Windows, Daily Briefing Email, and Play My Emails?</br> -Scheduler is an independent service from other Cortana features. Other Cortana features can be disabled at the tenant level, and Scheduler can still be enabled by using the cortana@yourdomain.com email address. Currently, users can only interact with Scheduler via email. - -Question: Does this work only with Outlook? Are other email products supported?</br> -As long as you have a license, other than the three requirements above, users can email cortana@yourdomain.com from any email client on any device. - -Question: Can contacts be in a personal contact list on Outlook and GAL or other company equivalent?</br> -Meeting attendees can be anyone with an email address inside or outside the company. Unfortunately, Scheduler cannot automatically translate names to email addresses / alias by looking it up in the GAL today. - -Question: Can I use Scheduler with my installed version (on-premises) version of Outlook?</br> -Scheduler requires Exchange Online. Does not work with Exchange Server (On-prem). Works with any email client, Outlook Desktop, OWA, iOS, android, gmail, and so on. - -Question: Does Outlook have to be open in the background?</br> -Outlook doesn't need to be open in the background. All you need to do is send Cortana a mail and rely on it to do the bulk of the work. - -## Frequently Asked Trust and Privacy Questions - -Question: How does Scheduler work?</br> -Scheduler uses Scheduling Intelligence (AI) augmented with human assistants. If AI models generate a need for support in the natural language of communication with Cortana, the meeting request escalates to a human for review and completion. - -Question: Who are the humans that review escalated requests? </br> -Scheduler assistants are Microsoft Supplier Security and Privacy Assurance (SSPA) certified for personal and highly confidential information. - -Question: What can SSPA Assistants view?</br> -Scheduler and the SSPA Assistants can view the emails that are addressed to Cortana. In a threaded email exchange, only the emails that include CortanaΓÇÖs email address will be processed, not the previous emails in the thread before Cortana was added. - -Question: Is customer data retained in the Scheduler's Data Flow? </br> -Scheduler stores all customer content within the tenant boundaries and retains data in accordance with GDPR guidelines, Microsoft 365 Trust & Privacy policies, and tenant email policies. - -Question: How does Scheduler process the free/busy data of internal attendees? </br> -Scheduler's automation uses the findMeetingTimes service to identify times that are mutually available for attendees and the organizer. This service powers other Outlook experiences such as Suggested Times in the Outlook meeting form. Free/busy attendee information is not consumed explicitly as free/busy blocks. - -Question: Is Scheduler GDPR Compliant? </br> -Yes. - -Question: Who has access to the Cortana mailbox? </br> -Scheduler processes meeting requests and associated emails that are sent to your tenantΓÇÖs Cortana mailbox. Microsoft does not have any other access to the Cortana mailbox except through Lockbox approval at the request of the tenant admin. - -Question: Is customer data used for training AI models?</br> -No customer content from Scheduler for Microsoft 365 can be used for data training sets. All customer content resides in the customer tenant. - -Question: Will Scheduler process encrypted mail?</br> -No, encrypted mail will be rejected by the Scheduler workflow.
scheduler	Scheduler Overview	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-overview.md	- Title: "Scheduler for Microsoft 365 Overview"--- Previously updated : 04/15/2021-- -description: "Overview of Scheduler for Microsoft 365." -- -# Welcome to Scheduler for Microsoft 365 - -> [!IMPORTANT] -> Scheduler for Microsoft 365 will stop working in August 2023. After that date, Scheduler won't be able to create or modify any meeting requests. - -Scheduler for Microsoft 365 is a service that lets you delegate meeting and appointment scheduling to Cortana, your digital personal assistant. - -Scheduler uses natural language processing to interpret emails sent to Cortana (cortana@yourdomain.com) to find a time to meet and send calendar invitations for the meeting organizer. - -Scheduler: --- Communicates with the meeting organizer and attendees by email in natural language.-- Finds a time to meet when everyone is available.-- Coordinates between external attendees based on the organizerΓÇÖs availability.-- Keeps the meeting organizer informed on scheduling progress and asks the organizer for guidance when needed.-- Negotiates times to meet across up to two different time zones.-- Sends the invitation to the meeting from the organizer.-- Adds a Teams link to every meeting.-- Reschedules or cancels meetings booked by Cortana.-- Works from any device with access to email.- -## Who can benefit from Scheduler for Microsoft 365? - -Scheduler takes care of the time-consuming hassle of scheduling meetings so users can focus on more important things. - -If you regularly schedule small meetings with fewer than five attendees, you'll save time with Scheduler. Departments such as recruiting, sales, procurement, and legal can benefit from delegating meeting coordination to Scheduler. - -## How does Scheduler for Microsoft 365 work? - -Scheduler uses a combination of artificial intelligence and human intelligence to complete scheduling requests that are received by emailing Cortana (Cortana@yourdomain.com). - -To use Scheduler, add CortanaΓÇÖs email address to an email with the people you want to meet with and ask Cortana to book a meeting in natural language. - -In your request, tell Cortana how long and when you want to meet. For example, ΓÇ£Cortana, find 45 minutes for us to meet next week.ΓÇ¥ - -After a user sends a meeting request to Cortana, the Scheduler service: --- Finds a time to meet based on the availability of the organizer and attendees in the same tenant.-- If the organizer does not have access to availability of the attendees, Cortana negotiates a time to meet with those attendees by email. -- Once a mutually agreeable time has been found, Cortana adds a Teams meeting and sends out the calendar invites. - -## Pricing and licensing - -Learn more: [Scheduler for Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/meeting-scheduler-pricing) - ->[Note: ->Meeting attendees do not need a Scheduler or Microsoft 365 license. <br>The Scheduler assistant mailbox does not require a Microsoft 365 or a Scheduler license.
scheduler	Scheduler Preferences	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-preferences.md	- Title: Adjust scheduling preferences for Scheduler for Microsoft 365 Overview--- Previously updated : 05/17/2022-- -description: Learn how to adjust scheduling preferences for Scheduler for Microsoft 365. -- -# Scheduling preferences used by Scheduler - -> [!IMPORTANT] -> Scheduler for Microsoft 365 will stop working in August 2023. After that date, Scheduler won't be able to create or modify any meeting requests. - -Scheduler uses several Outlook preferences to schedule a meeting for an organizer. Any changes to the preference settings in Outlook clients will affect how Scheduler handles requests sent to Cortana. For instance, if an organizer changes the time zone preference on the settings page in Outlook Web, all requests by the organizer that follow will default to the new time zone. - -## Supported settings --- Time zone. The time zone Scheduler uses to determine an appropriate time for meetings. See [Add, remove, or change time zones](https://support.microsoft.com/en-us/office/add-remove-or-change-time-zones-5ab3e10e-5a6c-46af-ab48-156fedf70c04) for information.--- Work hours and days. For most meeting types, Scheduler selects a time according to the organizer's work week and meeting hours preferences. See [Change your work hours and days in Outlook](https://support.microsoft.com/en-us/office/change-your-work-hours-and-days-in-outlook-a27f261d-0681-415f-8ac1-388ab21e833f) for information.--- Online meetings. You can turn on a Calendar option so that all the meetings you schedule from Outlook and Scheduler will be held online with conference details. Scheduler currently supports Teams and Skype as meeting providers. See [Make all meetings Teams meetings](https://support.microsoft.com/en-us/office/schedule-a-teams-meeting-from-outlook-883cc15c-580f-441a-92ea-0992c00a9b0f#bkmk_makeallteamsmtngs) for information.--- Default meeting duration. If the organizer doesn't specify the desired meeting duration in the request, Scheduler will use the preferred meeting duration for the request. This setting is only available in the Windows Outlook client.- - 1. Select File > Options to see the Outlook Options dialog. - - 2. Select Calendar from the list on the left of the dialog. - - 3. In Calendar options settings on the right of the dialog, select Default duration for new appointments and meetings. - - :::image type="content" source="../media/OutlookOptions.png" alt-text="Outlook Calendar options dialog in Windows where you can set up work time, default meeting duration, and select shorten meetings for Scheduler to use."::: --- Avoid back-to-back meetings. An Outlook setting can start meetings late or end meetings early to avoid back-to-back meetings. Also, Scheduler can shorten the meeting duration according to the preference you set. See [Change default meeting length](https://techcommunity.microsoft.com/t5/hybrid-work/change-default-meeting-length-in-outlook-avoid-back-to-back/m-p/1247361) for information.- -> [!NOTE] -> If you use the Windows client, you must select Store my Outlook settings in the cloud to sync your preferences across Scheduler and other Outlook clients. -> :::image type="content" source="../media/OutlookOptions2.png" alt-text="Outlook Calendar options dialog in Windows. Select Store my Outlook settings in the cloud to sync scheduling preferences across clients.":::
scheduler	Scheduler Recurring Meetings	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-recurring-meetings.md	- Title: Scheduling Dynamic Recurring Meetings------ Previously updated : 11/02/2021 -description: "Users can learn more about scheduling dynamic recurring meetings." -- -# Scheduling Dynamic Recurring Meetings - -> [!IMPORTANT] -> Scheduler for Microsoft 365 will stop working in August 2023. After that date, Scheduler won't be able to create or modify any meeting requests. - -Scheduler's dynamic meetings work around the user's busy schedule. Recurring meetings managed by Scheduler behave differently than traditional recurring meetings in Outlook. To keep your future calendar open and minimize conflicts with attendees, Scheduler will schedule one instance of a recurring meeting at a time. - -As an example, asking Cortana to "Schedule 30 minutes of focus time every day" will initially create one 30-minute appointment for the next available date on your calendar. Once that appointment time has passed, Scheduler will proceed to book another instance on the following date. If the original time slot isn't currently available, then Scheduler will adjust the time based on your availability. - -The same heuristic can be applied to meetings with invitees. You can include attendees in your request and ask Cortana to "Schedule a meeting every two weeks". The first and each successive meeting will get scheduled dynamically based on the current availability of all attendees within your organization. If you or an attendee is unavailable or out of the office on the next date, the meeting time will automatically adjust to when everyone is available, and the desired cadence is preserved for follow-on meeting instances based on the newly scheduled date. - -## Booking with attendees outside your organization - -When scheduling with attendees outside of your organization, your virtual assistant will send the external attendees time options for the first meeting. All future meetings are automatically scheduled based on the availability of the organizer and internal attendees. - -Scheduler supports daily, weekly, and monthly intervals. - -## Examples of How to Request Recurring Meetings - -Here are some examples of how you can email Cortana to schedule recurring meetings: --- "Cortana, schedule a meeting every two weeks."-- "Book 30 minutes monthly for a review."-- "Cortana will find 30 minutes for us to meet every Tuesday."-- "Cortana, schedule 30 minutes every Friday at 3:30pm"- -## Changing Recurring Frequency - -You can change the frequency of any recurring meeting or a non-recurring meeting that is managed by Scheduler. Reply to Cortana from the last confirmation email in the meeting thread and tell Cortana: --- "Change this to once every month."-- "Cortana, make this meeting biweekly."- -## Cancelling Recurring Meetings - -You can reply to Cortana's latest confirmation message and ask to "cancel this meeting" to cancel the scheduled instance. However, Scheduler will continue to schedule future meetings at the same frequency. Alternatively, you can just ask Scheduler to reschedule the next instance to the desired date or time. If you wish to cancel the entire recurring series, respond with "cancel this series", and no future instances will be scheduled. - -## Recurring Meeting Limitations - -Note that there are some technical limitations on the types of recurrences Scheduler can understand and support: --- Multiple occurrences within the same interval aren't supported (for example: "twice a week").-- End dates for recurrence aren't supported (for example: "every day until December 20"). Since each meeting is scheduled upon completion of the previous meeting, just reply to the latest message from Cortana with "cancel this meeting series".-- Scheduler currently doesn't support recurrence frequencies greater than 90 days.
scheduler	Scheduler Setup	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-setup.md	- Title: "Setting up Scheduler for Microsoft 365."--- Previously updated : 04/15/2021-- -description: "Setting up Scheduler for Microsoft 365." - -# Setting up Scheduler for Microsoft 365 - -> [!IMPORTANT] -> Scheduler for Microsoft 365 will stop working in August 2023. After that date, Scheduler won't be able to create or modify any meeting requests. - -Tenant admins need to set up a Scheduler assistant mailbox and obtain Scheduler licenses for meeting organizers to enable the Scheduler for Microsoft 365 service. - -## Licensing - -Learn more: [Scheduler for Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/meeting-scheduler-pricing) - -> [!NOTE] -> Meeting attendees do not need a Scheduler or Microsoft 365 license. -> -> The Scheduler assistant mailbox does not require a Microsoft 365 or a Scheduler license. - -## Prerequisites - -\|Prerequisite\|Description\| -\|\|\| -\|A Scheduler assistant mailbox for the tenant \|An Exchange equipment type resource mailbox that acts as the Scheduler assistant mailbox for your tenant to send and receive emails to and from Cortana. All emails sent to Cortana are retained in your tenant's Cortana mailbox based on your retention policy. The Scheduler assistant mailbox is typically named "Cortana" or "Cortana Scheduler" since all the emails from the assistant will be signed Cortana. <ul><li>Create an equipment type Exchange resource mailbox</li><li>Name the mailbox's display name and primary SMTP address `Cortana <cortana@yourdomain.com>` or `Cortana Scheduler <cortana.scheduler@yourdomain.com>`.</li></ul> <br/> Note: The Scheduler assistant mailbox does not require a Microsoft 365 or a Scheduler license.\| -\|Exchange Online mailbox \|Meeting organizers must have an Exchange Online mailbox and calendar typically as part of their Microsoft 365 license. In addition, meeting organizers must have a Scheduler license. The Scheduler license enables the Scheduler assistant to use the meeting organizer's mailbox and calendar to schedule meetings for them. <br/><br/> See Scheduler for Microsoft 365 for licensing and pricing information. <br/><br/> Note: Meeting attendees do not need a Scheduler or Microsoft 365 license. Meeting attendees can be internal or external to the tenant. Meeting attendees only need access to an email address.\| - -## Setting up the Scheduler assistant mailbox - -Scheduler assistant mailbox is an Exchange equipment type mailbox that does not require an additional Microsoft 365 or Scheduler license. The display name and the primary SMTP address of the mailbox should contain Cortana since all the emails from the Scheduler assistant will be signed Cortana (i.e., `Cortana <cortana@yourdomain.com>` or `Cortana Scheduler <cortana.scheduler@yourdomain.com>`). After the Scheduler assistant mailbox has been created, you must designate the mailbox as the Scheduler assistant mailbox. After you designate the Scheduler assistant mailbox, Cortana will be available to schedule meetings on behalf of your users. --- Use the Microsoft 365 admin center to create a user mailbox. A 30-day retention policy is recommended. -- Use the name Cortana in your mailbox's primary SMTP address. Names such as `Cortana@yourdomain.com`, `CortanaScheduler@contoso.com`, or `Cortana.Scheduler@yourdomain.com` are recommended.- -## Designate the mailbox as the Scheduler Assistant - -After a unique mailbox for Cortana Scheduler has been created, you must designate the mailbox to Microsoft 365 formally. After you designate the Cortana Scheduler mailbox, it will be available to schedule meetings on behalf of your users. - -### Connect to PowerShell - -Use the Microsoft 365 admin center to create a user mailbox. A 30-day retention policy is recommended. -Use the name Cortana in your mailbox's primary SMTP address. Names such as `Cortana@yourdomain.com`, `CortanaScheduler@contoso.com`, or `Cortana.Scheduler@yourdomain.com` are recommended. - -```PowerShell -$domain="yourdomain.com" -$tenantAdmin="<tenantadmin>@$domain" -Import-Module ExchangeOnlineManagement -Connect-ExchangeOnline -UserPrincipalName $tenantAdmin -``` - -### Create the Scheduler Assistant Mailbox - -```PowerShell -New-Mailbox -Name Cortana -Organization $domain -DisplayName "Cortana Scheduler" -Equipment -Set-CalendarProcessing Cortana@$domain -DeleteNonCalendarItems $false -``` - -### Designate the Scheduler Assistant Mailbox - -```PowerShell -Set-mailbox cortana@$domain -SchedulerAssistant:$true -``` - -After running this "set" command on the Cortana Scheduler assistant mailbox, a new "PersistedCapability" is set on the mailbox to note that this mailbox is the "SchedulerAssistant". - -> [!NOTE] -> To learn how to connect your organization to PowerShell, see: -[Connect to Microsoft 365 with PowerShell](/microsoft-365/enterprise/connect-to-microsoft-365-powershell) - -### Verifying the Scheduler assistant mailbox - -To verify the Scheduler assistant mailbox has been created - -```PowerShell -Get-CalendarProcessing cortana@$domain \| fl DeleteNonCalendarItems -``` - -The result should be "false". - -```PowerShell -Get-Mailbox -Identity cortana@$domain \| fl type -``` - -The result should be --- ResourceType: Equipment-- Remote RecipientType: None-- RecipientType: UserMailbox-- RecipientTypeDetails: EquipmentMailbox- -### To discover which mailbox is the Scheduler assistant mailbox - -```PowerShell -Get-Mailbox -ResultSize Unlimited \| where {$_.PersistedCapabilities -Match "SchedulerAssistant"} -``` - -> [!IMPORTANT] -> It might take several hours for the Scheduler assistant mailbox to complete full provisioning to set the SchedulerAssistant capability. - -## Exchange Online mailbox - -A Scheduler license is an add-on to Microsoft 365, which enables the meeting organizer to delegate their meeting scheduling tasks to their Scheduler assistant. In addition to designating a mailbox as a Scheduler assistant mailbox, meeting organizers will also need a Scheduler license and Exchange Online mailbox and calendar, typically through Microsoft 365 license for Scheduler to work. Meeting attendees do not need a Scheduler license or a Microsoft 365 license. - -To purchase the Scheduler add-on, you require one of the following licenses: --- Microsoft 365 E3, A3, E5, A5-- Business Basic, Business, Business Standard, Business Premium-- Office 365 E1, A1, E3, A3, E5, A5-- Business Essentials, Business Premium-- Exchange Online Plan 1 or Plan 2 license.- -> [!NOTE] -> Scheduler for Microsoft 365 is available in worldwide multi-tenant environments in English only. Scheduler for Microsoft 365 isn't available to users of: -> -> - Microsoft 365 operated by 21Vianet in China -> - Microsoft 365 with German cloud that uses the data trustee German Telekom -> - Government cloud including GCC, Consumer, GCC High, or DoD -> -> Scheduler does support users in Germany whose data location is not the German datacenter.
scheduler	Scheduler Trust Privacy	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-trust-privacy.md	- Title: "Understanding Trust and Privacy in Scheduler for Microsoft 365."--- Previously updated : 04/15/2021-- -description: "Understanding Trust and Privacy in Scheduler for Microsoft 365 are used with AI models and human assisted AI." - -# Trust and Privacy in Scheduler for Microsoft 365 - -> [!IMPORTANT] -> Scheduler for Microsoft 365 will stop working in August 2023. After that date, Scheduler won't be able to create or modify any meeting requests. - -Scheduler is a unique offering whose artificial intelligence is augmented with human assistance when the AI models are not confident in the userΓÇÖs intent, often due to ambiguity or contextual references. - -## Policies --- All customer content is stored in the customerΓÇÖs tenant.-- Scheduler is General Data Protection Regulation (GDPR) compliant.-- All customer data is processed in the Microsoft 365 Trust and Privacy Boundaries.-- SchedulerΓÇÖs human assistants are Supplier Security & Privacy Assurance certified for personal information and highly confidential information by Microsoft analogous to Microsoft support personnel / data processors. -- Email attachments are not consumed or processed by the Scheduler service.-- Encrypted emails are not consumed or processed by the Scheduler service.-- Scheduler does not monitor the meeting organizerΓÇÖs or attendeeΓÇÖs calendar or inbox.
scheduler	Scheduler Using	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-using.md	- Title: "Using Scheduler for Microsoft 365"--- Previously updated : 04/15/2021-- -description: "Using Scheduler for Microsoft 365." - -# How to use Scheduler for Microsoft 365 - -> [!IMPORTANT] -> Scheduler for Microsoft 365 will stop working in August 2023. After that date, Scheduler won't be able to create or modify any meeting requests. - -Cortana understands natural language. Include cortana@yourdomain.com in an email with other attendees, and Cortana will take over from there. Cortana will send email notifications confirming meeting times and keep you up to date on progress. - -To use Scheduler, add CortanaΓÇÖs email address to your email in addition to the people you want to meeting with. In your email to Cortana and the other attendees, tell Cortana to schedule a meeting using natural language. - -## When to use Scheduler? --- Scheduling meetings with internal attendees -Use Cortana to schedule your meetings with 5 or fewer attendees. Cortana has the same access to free/busy information that you see for others in Outlook calendar. It will pick a time that works for everyone and send an invite on your behalf. Cortana will automatically Teams-enable all the meetings that it schedules. Anyone on the CC line will receive the invite as an optional attendee. --- Scheduling meetings with external attendees -Cortana communicates with external invitees to negotiate times that you are available to meet. After confirming a time to meet, Cortana sends an invite to attendees and notifies you that the meeting has been scheduled. - -## What to say to Cortana? - -Cortana understands natural language, but concise language is recommended. - -Use the following pattern to request a meeting: Schedule a [length of time] meeting [time frame]. --- ΓÇ£Schedule a 30-minute meeting next week.ΓÇ¥ -- ΓÇ£Find 1 hour for us to meet in January.ΓÇ¥ -- ΓÇ£Find 45 minutes the first week of May that works for India Standard Time.ΓÇ¥ - -If you don't specify a time range, Cortana will book the meeting as soon as the next business day. - -## Scheduling across multiple time zones - -Use the following pattern to request a multi-time zone meeting: -"Schedule a [length of time] meeting in [time frame] that works for [time zone]." - -Cortana will accommodate attendees in another time zone if you request it in the first email to Cortana. - -You cannot change time zone(s) after sending the initial request to Cortana. As some time zone abbreviations are the same, use the full time zone name for best results. - -## Organizer guidance - -Occasionally, Cortana may ask you for guidance as the organizer. Follow the directions in CortanaΓÇÖs email and reply using the reply buttons in Cortana emails. - -## Reschedule or Cancel - -If you need to reschedule or cancel, just reply to an email in the thread with Cortana regarding the meeting and ask to ΓÇ£RescheduleΓÇ¥ or ΓÇ£Cancel.ΓÇ¥ - -> [!NOTE] -> Cortana can't reschedule or cancel meetings that were not scheduled by Scheduler.
security	Access Mssp Portal	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/access-mssp-portal.md	Last updated 12/18/2020 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-mssp-support-abovefoldlink) +> [!IMPORTANT] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + > [!NOTE] > These set of steps are directed towards the MSSP. Use the following steps to obtain the MSSP customer tenant ID and then use the I 2. Switch directory to the MSSP customer's tenant. 3. Select Azure Active Directory > Properties. You'll find the tenant ID in the Tenant ID field. 4. Access the MSSP customer portal by replacing the `customer_tenant_id` value in the following URL: `https://security.microsoft.com/?tid=customer_tenant_id`. +5. Access a Unified View for MSSP (Preview) in `https://mto.security.microsoft.com/` ## Related topics
security	Configure Automated Investigations Remediation	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation.md	Title: Configure automated investigation and remediation capabilities description: Set up your automated investigation and remediation capabilities in Microsoft Defender for Endpoint. -keywords: configure, setup, automated, investigation, detection, alerts, remediation, response search.appverid: met150 Previously updated : 04/03/2023 Last updated : 07/14/2023 # Configure automated investigation and remediation capabilities in Microsoft Defender for Endpoint Last updated 04/03/2023 If your organization is using [Defender for Endpoint](/windows/security/threat-protection/) (or [Defender for Business](../defender-business/mdb-overview.md)), [automated investigation and remediation capabilities](/microsoft-365/security/defender-endpoint/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](/microsoft-365/security/defender-endpoint/automated-investigations). -If you're using Defender for Endpoint, you can specify an automation level so that when a thread is detected on a device, the entity can be remediated automatically or only upon approval by your security team. You can configure automated investigation and remediation with device groups. +If you're using Defender for Endpoint, you can specify an automation level so that when a threat is detected on a device, the entity can be remediated automatically or only upon approval by your security team. You can configure automated investigation and remediation with device groups. > [!NOTE] > In Defender for Business, automated investigation is configured automatically. See [advanced features](/microsoft-365/security/defender-business/mdb-configure-security-settings#review-settings-for-advanced-features).
security	Tvm Browser Extensions	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions.md	Last updated 04/11/2022 A browser extension is a small software application that adds functionality to a web browser. Visibility into the browser extensions installed can help you ensure the safe usage of extensions in your organization. -The Browser extensions page displays a list of the browser extensions installed across different browsers in your organization. For each installed extension, you can see the devices it's installed on and if it's turned on or off on these devices. The information available will not only help you learn about the installed extensions, but it can help you make decisions on how you would like to manage the extensions. +The Browser extensions page displays a list of the browser extensions installed across different browsers in your organization. For each installed extension, you can see the devices it's installed on and if it's turned on or off on these devices. You can also filter the view by users to see which browser extensions they're using on which device. The information available will not only help you learn about the installed extensions, but it can help you make decisions on how you want to manage the extensions. > [!TIP] > Did you know you can try all the features in Microsoft Defender Vulnerability Management for free? Find out how to [sign up for a free trial](../defender-vulnerability-management/defender-vulnerability-management-trial.md). You can also view a list of extensions installed on a device: :::image type="content" source="../../media/defender-vulnerability-management/browser_extensions_devicepage.png" alt-text="Screenshot of the Browser extensions in the devices page" lightbox="../../media/defender-vulnerability-management/browser_extensions_devicepage.png"::: +### Browser extensions for each user + +You can view a list of browser extensions for each user. + +1. Select a browser extension from the list. +1. In the browser extension flyout, select the User tab. The list of browser extensions appear. + + :::image type="content" source="../../media/defender-vulnerability-management/tvm-browser-ext-user-filter.png" alt-text="Screenshot of the Browser extensions user filter." lightbox="../../media/defender-vulnerability-management/tvm-browser-ext-user-filter.png"::: + ### Browser extension APIs You can use APIs to view all browser extensions installed in your organization, including installed versions, permissions requested, and associated risk. For more information, see:
security	Tvm Weaknesses	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses.md	To see the rest of the vulnerabilities in the Weaknesses page, type CVE, the ## Weaknesses overview +The Weaknesses page lists the software vulnerabilities your devices are exposed to by listing the Common Vulnerabilities and Exposures (CVE) ID. You can also view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more. + Remediate the vulnerabilities in exposed devices to reduce the risk to your assets and organization. If the Exposed Devices column shows 0, that means you aren't at risk. :::image type="content" source="../../media/defender-vulnerability-management/tvm-weaknesses-overview.png" alt-text="Screenshot of the weaknesses landing page" lightbox="../../media/defender-vulnerability-management/tvm-weaknesses-overview.png"::: The threat insights icon is highlighted if there are associated exploits in the ![Threat insights text that that could show up when hovering over icon. This one has multiple bullet points and linked text.](../../media/defender-vulnerability-management/tvm-threat-insights.png) +### Security advisory + +Security advisories provide an efficient way to view, track, and monitor firmware advisories for affected devices. You can filter on exposed devices and view advisories that affect specific devices. By monitoring these advisories, security teams can take action more quickly to prevent attackers from targeting firmware vulnerabilities. + +> [!NOTE] +> To use this feature you'll require Microsoft Defender Vulnerability Management Standalone or if you're already a Microsoft Defender for Endpoint Plan 2 customer, the Defender Vulnerability Management add-on. + +> [!NOTE] +> This capability is currently available in public preview and may be substantially modified before it's commercially released. + +To view firmware security advisories, click Security advisories tab. ++ +Security advisories include information about specific version of affected devices or software in your organization that are affected and, if available, instructions for how to update the firmware to address the vulnerability. + +> [!NOTE] +> Security Advisories are available for the following vendors: Lenovo, Dell, HP. + +For each published advisory, you can see the following information: + +- Advisory ID +- Severity (provided by the vendor) +- Related CVEs +- Advisory link +- Vendor +- Age +- Published on +- Updated on +- Exposed devices + ### Gain vulnerability insights If you select a CVE, a flyout panel will open with more information such as the vulnerability description, details and threat insights. For each CVE, you can see a list of the exposed devices and the software affected.
security	Microsoft Secure Score Whats New	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-new.md	The more improvement actions you take, the higher your Secure Score will be. For Microsoft Secure Score can be found at <https://security.microsoft.com/securescore> in the [Microsoft 365 Defender portal](microsoft-365-defender-portal.md). +## July 2023 + +The following Microsoft Defender for Identity recommendations will be added as Microsoft Secure Score improvement actions: + +- Remove the attribute 'password never expires' from accounts in your domain +- Remove access rights on suspicious accounts with the Admin SDHolder permission +- Manage accounts with passwords more than 180 days old +- Remove local admins on identity assets +- Remove non-admin accounts with DCSync permissions +- Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers + +The following Google workspace recommendation will be added as a Microsoft Secure Score improvement action: + +- Enable multi-factor authentication (MFA) + +In order to view this new control, Google workspace connector in Microsoft Defender for Cloud Apps must be configured via the App connectors settings page. + ## May 2023 A new Microsoft Exchange Online recommendation is now available as Secure Score improvement action: New Microsoft Information Protection recommendations are now available as Secure - Labeling - Extend M365 sensitivity labeling to assets in Azure Purview data map - - Ensure Auto-labeling data classification policies are setup and used + - Ensure Auto-labeling data classification policies are set up and used - Publish M365 sensitivity label data classification policies - Create Data Loss Prevention (DLP) policies
security	Attack Simulation Training Get Started	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/attack-simulation-training-get-started.md	description: Admins can learn how to use Attack simulation training to run simulated phishing and password attacks in their Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2 organizations. Previously updated : 6/14/2023 Last updated : 7/17/2023 appliesto: - Γ£à <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview" target="_blank">Microsoft Defender for Office 365 plan 2</a> Watch this short video to learn more about Attack simulation training. - There are no corresponding PowerShell cmdlets for Attack simulation training. -- Attack simulation and training related data is stored with other customer data for Microsoft 365 services. For more information, see [Microsoft 365 data locations](../../enterprise/o365-data-locations.md). Attack simulation training is available in the following regions: APC, EUR, and NAM, and also in the following countries: ARE, AUS, BRA, CAN, CHE, DEU, FRA, GBR, IND, JPN, KOR, LAM, NOR, QAT, SGP, SWE, and ZAF. +- Attack simulation and training related data is stored with other customer data for Microsoft 365 services. For more information, see [Microsoft 365 data locations](../../enterprise/o365-data-locations.md). Attack simulation training is available in the following regions: APC, EUR, and NAM. Countries within these regions where Attack simulation training is available include ARE, AUS, BRA, CAN, CHE, DEU, FRA, GBR, IND, JPN, KOR, LAM, NOR, QAT, SGP, SWE, and ZAF. > [!NOTE] > NOR, ZAF, ARE and DEU are the latest additions. All features except reported email telemetry will be available in these regions. We are working to enable the features and will notify our customers as soon as reported email telemetry becomes available. In Attack simulation training, multiple types of social engineering techniques a - OAuth Consent Grant: An attacker creates a malicious Azure Application that seeks to gain access to data. The application sends an email request that contains a URL. When the recipient clicks on the URL, the consent grant mechanism of the application asks for access to the data (for example, the user's Inbox). -The URLs that are used by Attack simulation training are described in the following list: --- <https://www.attemplate.com>-- <https://www.bankmenia.com>-- <https://www.bankmenia.de>-- <https://www.bankmenia.es>-- <https://www.bankmenia.fr>-- <https://www.bankmenia.it>-- <https://www.bankmenia.org>-- <https://www.banknown.de>-- <https://www.banknown.es>-- <https://www.banknown.fr>-- <https://www.banknown.it>-- <https://www.banknown.org>-- <https://www.browsersch.com>-- <https://www.browsersch.de>-- <https://www.browsersch.es>-- <https://www.browsersch.fr>-- <https://www.browsersch.it>-- <https://www.browsersch.org>-- <https://www.docdeliveryapp.com>-- <https://www.docdeliveryapp.net>-- <https://www.docstoreinternal.com>-- <https://www.docstoreinternal.net>-- <https://www.doctorican.de>-- <https://www.doctorican.es>-- <https://www.doctorican.fr>-- <https://www.doctorican.it>-- <https://www.doctorican.org>-- <https://www.doctrical.com>-- <https://www.doctrical.de>-- <https://www.doctrical.es>-- <https://www.doctrical.fr>-- <https://www.doctrical.it>-- <https://www.doctrical.org>-- <https://www.doctricant.com>-- <https://www.doctrings.com>-- <https://www.doctrings.de>-- <https://www.doctrings.es>-- <https://www.doctrings.fr>-- <https://www.doctrings.it>-- <https://www.doctrings.org>-- <https://www.exportants.com>-- <https://www.exportants.de>-- <https://www.exportants.es>-- <https://www.exportants.fr>-- <https://www.exportants.it>-- <https://www.exportants.org>-- <https://www.financerta.com>-- <https://www.financerta.de>-- <https://www.financerta.es>-- <https://www.financerta.fr>-- <https://www.financerta.it>-- <https://www.financerta.org>-- <https://www.financerts.com>-- <https://www.financerts.de>-- <https://www.financerts.es>-- <https://www.financerts.fr>-- <https://www.financerts.it>-- <https://www.financerts.org>-- <https://www.hardwarecheck.net>-- <https://www.hrsupportint.com>-- <https://www.mcsharepoint.com>-- <https://www.mesharepoint.com>-- <https://www.officence.com>-- <https://www.officenced.com>-- <https://www.officences.com>-- <https://www.officentry.com>-- <https://www.officested.com>-- <https://www.passwordle.de>-- <https://www.passwordle.fr>-- <https://www.passwordle.it>-- <https://www.passwordle.org>-- <https://www.payrolltooling.com>-- <https://www.payrolltooling.net>-- <https://www.prizeably.com>-- <https://www.prizeably.de>-- <https://www.prizeably.es>-- <https://www.prizeably.fr>-- <https://www.prizeably.it>-- <https://www.prizeably.org>-- <https://www.prizegiveaway.net>-- <https://www.prizegives.com>-- <https://www.prizemons.com>-- <https://www.prizesforall.com>-- <https://www.prizewel.com>-- <https://www.prizewings.com>-- <https://www.resetts.de>-- <https://www.resetts.es>-- <https://www.resetts.fr>-- <https://www.resetts.it>-- <https://www.resetts.org>-- <https://www.salarytoolint.com>-- <https://www.salarytoolint.net>-- <https://www.securembly.com>-- <https://www.securembly.de>-- <https://www.securembly.es>-- <https://www.securembly.fr>-- <https://www.securembly.it>-- <https://www.securembly.org>-- <https://www.securetta.de>-- <https://www.securetta.es>-- <https://www.securetta.fr>-- <https://www.securetta.it>-- <https://www.shareholds.com>-- <https://www.sharepointen.com>-- <https://www.sharepointin.com>-- <https://www.sharepointle.com>-- <https://www.sharesbyte.com>-- <https://www.sharession.com>-- <https://www.sharestion.com>-- <https://www.supportin.de>-- <https://www.supportin.es>-- <https://www.supportin.fr>-- <https://www.supportin.it>-- <https://www.supportres.de>-- <https://www.supportres.es>-- <https://www.supportres.fr>-- <https://www.supportres.it>-- <https://www.supportres.org>-- <https://www.techidal.com>-- <https://www.techidal.de>-- <https://www.techidal.fr>-- <https://www.techidal.it>-- <https://www.techniel.de>-- <https://www.techniel.es>-- <https://www.techniel.fr>-- <https://www.techniel.it>-- <https://www.templateau.com>-- <https://www.templatent.com>-- <https://www.templatern.com>-- <https://www.windocyte.com>- +The URLs that are used by Attack simulation training are described in the following table: + +\| \| \| \| +\|\|\|\| +\|<https://www.attemplate.com>\|<https://www.exportants.it>\|<https://www.resetts.it>\| +\|<https://www.bankmenia.com>\|<https://www.exportants.org>\|<https://www.resetts.org>\| +\|<https://www.bankmenia.de>\|<https://www.financerta.com>\|<https://www.salarytoolint.com>\| +\|<https://www.bankmenia.es>\|<https://www.financerta.de>\|<https://www.salarytoolint.net>\| +\|<https://www.bankmenia.fr>\|<https://www.financerta.es>\|<https://www.securembly.com>\| +\|<https://www.bankmenia.it>\|<https://www.financerta.fr>\|<https://www.securembly.de>\| +\|<https://www.bankmenia.org>\|<https://www.financerta.it>\|<https://www.securembly.es>\| +\|<https://www.banknown.de>\|<https://www.financerta.org>\|<https://www.securembly.fr>\| +\|<https://www.banknown.es>\|<https://www.financerts.com>\|<https://www.securembly.it>\| +\|<https://www.banknown.fr>\|<https://www.financerts.de>\|<https://www.securembly.org>\| +\|<https://www.banknown.it>\|<https://www.financerts.es>\|<https://www.securetta.de>\| +\|<https://www.banknown.org>\|<https://www.financerts.fr>\|<https://www.securetta.es>\| +\|<https://www.browsersch.com>\|<https://www.financerts.it>\|<https://www.securetta.fr>\| +\|<https://www.browsersch.de>\|<https://www.financerts.org>\|<https://www.securetta.it>\| +\|<https://www.browsersch.es>\|<https://www.hardwarecheck.net>\|<https://www.shareholds.com>\| +\|<https://www.browsersch.fr>\|<https://www.hrsupportint.com>\|<https://www.sharepointen.com>\| +\|<https://www.browsersch.it>\|<https://www.mcsharepoint.com>\|<https://www.sharepointin.com>\| +\|<https://www.browsersch.org>\|<https://www.mesharepoint.com>\|<https://www.sharepointle.com>\| +\|<https://www.docdeliveryapp.com>\|<https://www.officence.com>\|<https://www.sharesbyte.com>\| +\|<https://www.docdeliveryapp.net>\|<https://www.officenced.com>\|<https://www.sharession.com>\| +\|<https://www.docstoreinternal.com>\|<https://www.officences.com>\|<https://www.sharestion.com>\| +\|<https://www.docstoreinternal.net>\|<https://www.officentry.com>\|<https://www.supportin.de>\| +\|<https://www.doctorican.de>\|<https://www.officested.com>\|<https://www.supportin.es>\| +\|<https://www.doctorican.es>\|<https://www.passwordle.de>\|<https://www.supportin.fr>\| +\|<https://www.doctorican.fr>\|<https://www.passwordle.fr>\|<https://www.supportin.it>\| +\|<https://www.doctorican.it>\|<https://www.passwordle.it>\|<https://www.supportres.de>\| +\|<https://www.doctorican.org>\|<https://www.passwordle.org>\|<https://www.supportres.es>\| +\|<https://www.doctrical.com>\|<https://www.payrolltooling.com>\|<https://www.supportres.fr>\| +\|<https://www.doctrical.de>\|<https://www.payrolltooling.net>\|<https://www.supportres.it>\| +\|<https://www.doctrical.es>\|<https://www.prizeably.com>\|<https://www.supportres.org>\| +\|<https://www.doctrical.fr>\|<https://www.prizeably.de>\|<https://www.techidal.com>\| +\|<https://www.doctrical.it>\|<https://www.prizeably.es>\|<https://www.techidal.de>\| +\|<https://www.doctrical.org>\|<https://www.prizeably.fr>\|<https://www.techidal.fr>\| +\|<https://www.doctricant.com>\|<https://www.prizeably.it>\|<https://www.techidal.it>\| +\|<https://www.doctrings.com>\|<https://www.prizeably.org>\|<https://www.techniel.de>\| +\|<https://www.doctrings.de>\|<https://www.prizegiveaway.net>\|<https://www.techniel.es>\| +\|<https://www.doctrings.es>\|<https://www.prizegives.com>\|<https://www.techniel.fr>\| +\|<https://www.doctrings.fr>\|<https://www.prizemons.com>\|<https://www.techniel.it>\| +\|<https://www.doctrings.it>\|<https://www.prizesforall.com>\|<https://www.templateau.com>\| +\|<https://www.doctrings.org>\|<https://www.prizewel.com>\|<https://www.templatent.com>\| +\|<https://www.exportants.com>\|<https://www.prizewings.com>\|<https://www.templatern.com>\| +\|<https://www.exportants.de>\|<https://www.resetts.de>\|<https://www.windocyte.com>\| +\|<https://www.exportants.es>\|<https://www.resetts.es>\|\| +\|<https://www.exportants.fr>\|<https://www.resetts.fr>\|\| > [!NOTE] > Check the availability of the simulated phishing URL in your supported web browsers before you use the URL in a phishing campaign. While we work with many URL reputation vendors to always allow these simulation URLs, we don't always have full coverage (for example, Google Safe Browsing). Most vendors provide guidance that allows you to always allow specific URLs (for example, <https://support.google.com/chrome/a/answer/7532419>).
security	Mdo Sec Ops Guide	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-sec-ops-guide.md	If your organization uses a third-party reporting tool that allows users to inte - Simplified triage. - Reduced investigation and response time. -Designate the reporting mailbox where user reported messages are sent on the User reported page in the Microsoft 365 Defender portal at <https://security.microsoft.com/securitysettings/userSubmission>. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md). +Designate the reporting mailbox where user reported messages are sent on the User reported settings page in the Microsoft 365 Defender portal at <https://security.microsoft.com/securitysettings/userSubmission>. For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md). > [!NOTE] > > - The reporting mailbox must be an Exchange Online mailbox. -> - The third-party reporting tool must include the original reported message as an uncompressed .EML or .MSG attachment in the message that's sent to the reporting mailbox (don't just forward the original message to the reporting mailbox). +> - The third-party reporting tool must include the original reported message as an uncompressed .EML or .MSG attachment in the message that's sent to the reporting mailbox (don't just forward the original message to the reporting mailbox). For more information, see [Message submission format for third-party reporting tools](submissions-user-reported-messages-custom-mailbox.md#message-submission-format-for-third-party-reporting-tools). > - The reporting mailbox requires specific prerequisites to allow potentially bad messages to be delivered without being filtered or altered. For more information, see [Configuration requirements for the reporting mailbox](submissions-user-reported-messages-custom-mailbox.md#configuration-requirements-for-the-reporting-mailbox). When a user reported message arrives in the reporting mailbox, Defender for Office 365 automatically generates the alert named Email reported by user as malware or phish. This alert launches an [AIR playbook](air-about-office.md#example-a-user-reported-phish-message-launches-an-investigation-playbook). The playbook performs a series of automated investigations steps:
security	Mdo Support Teams About	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mdo-support-teams-about.md	With the increased use of collaboration tools like Microsoft Teams, the possibil - Zero-Hour Auto Purge (ZAP): ZAP is an existing email protection feature that proactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered. For read or unread messages that are found to contain malware after delivery, ZAP quarantines the message that contains the malware attachment. Currently, ZAP for Teams takes action on malware or high confidence phishing messages, not spam. For more information, see [Zero-hour auto purge in Microsoft Defender for Office 365](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-in-microsoft-teams). -- Quarantine: Admins are able to review quarantined messages that are identified as malicious by ZAP. Admins can also release messages that are determined to be safe. For more information, see [Manage quarantined Teams messages](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-quarantined-messages-in-microsoft-teams). +- Quarantine: Admins are able to review quarantined messages that are identified as malicious by ZAP. Admins can also release messages that are determined to be safe. For more information, see [Manage quarantined Teams messages](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-microsoft-teams-quarantined-messages). - The Teams Message Entity Panel is one single place to store all of Teams message metadata that allows for immediate SecOps review. Any threat coming from chats, group or meeting chats, and other channels can be found in one place as soon as it's assessed. For more information, see [Teams Message Entity Panel for Microsoft Teams](teams-message-entity-panel.md). Get-TeamsSecurityPreview ## See also - [Microsoft Teams](/microsoftteams/teams-overview)-- [Managing Teams quarantined messages](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-quarantined-messages-in-microsoft-teams) +- [Managing Teams quarantined messages](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-microsoft-teams-quarantined-messages) - [Get started using Attack simulation training in Defender for Office 365](attack-simulation-training-get-started.md)
security	Migrate To Defender For Office 365 Setup	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-setup.md	You should also confirm that all users in the pilot have a supported way to repo - [The built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web) - [The Report Message and Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook)-- Supported third party reporting tools as described [here](submissions-user-reported-messages-custom-mailbox.md#message-submission-format). +- Supported third party reporting tools as described [here](submissions-user-reported-messages-custom-mailbox.md#message-submission-format-for-third-party-reporting-tools). Don't underestimate the importance of this step. Data from user reported messages will give you the feedback loop that you need to verify a good, consistent end-user experience before and after the migration. This feedback helps you to make informed policy configuration decisions, and provide data-backed reports to management that the migration went smoothly.
security	Quarantine Admin Manage Messages Files	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files.md	description: Admins can learn how to view and manage quarantined messages for all users in Exchange Online Protection (EOP). Admins in organizations with Microsoft Defender for Office 365 can also manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams. Previously updated : 6/30/2023 Last updated : 7/7/2023 appliesto: - Γ£à <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a> - Γ£à <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> In Microsoft 365 organizations with mailboxes in Exchange Online or Microsoft Te Admins can view, release, and delete all types of quarantined messages and files for all users. -Admins in organizations with Microsoft Defender for Office 365 can also manage files that were quarantined by [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](safe-attachments-for-spo-odfb-teams-about.md) and Microsoft Teams messages that were [quarantined by zero-hour auto purge (ZAP)](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-in-microsoft-teams) (currently in Preview). +Admins in organizations with Microsoft Defender for Office 365 can also manage files that were quarantined by [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](safe-attachments-for-spo-odfb-teams-about.md) and Microsoft Teams messages that were [quarantined by zero-hour auto purge (ZAP)](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-in-microsoft-teams). Users can manage most quarantined email messages based on the _quarantine policy_ for [supported email protection features](quarantine-policies.md#step-2-assign-a-quarantine-policy-to-supported-features). For more information about quarantine policies, see [Anatomy of a quarantine policy](quarantine-policies.md#anatomy-of-a-quarantine-policy). When you select multiple quarantined files on the Files tab by selecting the :::image type="content" source="../../media/quarantine-file-bulk-actions.png" alt-text="The Bulk actions dropdown list for files in quarantine" lightbox="../../media/quarantine-file-bulk-actions.png"::: -## Use the Microsoft 365 Defender portal to manage quarantined messages in Microsoft Teams +## Use the Microsoft 365 Defender portal to manage Microsoft Teams quarantined messages -> [!NOTE] -> This section lists new features which are currently in preview. -> -> Quarantine in Microsoft Teams is available only in organizations with Microsoft Defender for Office 365 Plan 2 (add-on licenses or included in subscriptions like Microsoft 365 E5) +Quarantine in Microsoft Teams is available only in organizations with Microsoft Defender for Office 365 Plan 2 (add-on licenses or included in subscriptions like Microsoft 365 E5) When a potentially malicious chat message is detected in Microsoft Teams, zero-hour auto purge (ZAP) removes the message and quarantines it. Admins can view and manage these quarantined Teams messages. The message is quarantined for 30 days. After that the Teams message is permanently removed. -For the preview release, this feature is enabled by default. +This feature is enabled by default. ### View quarantined messages in Microsoft Teams On the Teams messages tab, you can decrease the vertical spacing in the list You can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): -- Teams message text: Contains the subject for the teams message.<sup>\</sup> +- Teams message text: Contains the subject for the Teams message.<sup>\</sup> - Time received: The time the message was received by the recipient.<sup>\</sup> - Release status: Shows whether the message is already reviewed and released or needs review. <sup>\</sup> - Participants: The total number of users who received the message.<sup>\</sup>
security	Submissions Admin Review User Reported Messages	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-admin-review-user-reported-messages.md	Admins can mark messages and notify users of review results only if the user [re ## What do you need to know before you begin? -- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. To go directly to the User reported page, use <https://security.microsoft.com/securitysettings/userSubmission>. +- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. To go directly to the User reported settings page, use <https://security.microsoft.com/securitysettings/userSubmission>. - You need to be assigned permissions before you can do the procedures in this article. You have the following options: - [Email & collaboration RBAC in the Microsoft 365 Defender portal](mdo-portal-permissions.md): Membership in the Organization Management or Security Administrator role groups. Admins can mark messages and notify users of review results only if the user [re - Select the message from the list by clicking anywhere in the row other than the check box. In the details flyout that opens, select :::image type="icon" source="../../media/m365-cc-scc-mark-and-notify-icon.png" border="false"::: Mark as and notify or :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: More options \> :::image type="icon" source="../../media/m365-cc-scc-mark-and-notify-icon.png" border="false"::: Mark as and notify. 4. In the Mark as and notify dropdown list, select one of the following values: - - No threats found - - Phishing - - Spam - :::image type="content" source="../../media/admin-review-send-message-from-portal.png" alt-text="The page displaying the user-reported messages" lightbox="../../media/admin-review-send-message-from-portal.png"::: + - Available verdicts for email messages: + - No threats found + - Phishing + - Spam -The reported message is marked as No threats found, Phishing, or Spam, and an email is automatically sent to notify the user who reported the message. + - Available verdicts for Microsoft Teams messages: + - No threats found + - Phishing + +The reported message is marked with the selected verdict, and an email message is automatically sent to notify the user who reported the message. To customize the notification email, see the next section. ## Customize the messages used to notify users -1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the User reported page at Settings \> Email & collaboration \> User reported tab. Or, to go directly to the User reported page, use <https://security.microsoft.com/securitysettings/userSubmission>. +1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the User reported page at Settings \> Email & collaboration \> User reported settings tab. Or, to go directly to the User reported settings page, use <https://security.microsoft.com/securitysettings/userSubmission>. + +2. On the User reported settings page, verify that Monitor reported messages in Outlook is selected in the Outlook section at the top of the page. -2. On the User reported page, verify that the toggle at the top of the page is :::image type="icon" source="../../media/scc-toggle-on.png" border="false"::: On. +3. Find the Email notifications section and configure one or more of the following settings: -3. Find the Email sent to user after admin review section and configure one or more of the following settings: + - Results email section: Select Customize results email. In the Customize admin review email notifications flyout that opens, configure the following settings on the Phishing, Junk and No threats found tabs: + - Email body results text: Enter the custom text to use. You can use different text for Phishing, Junk and No threats found. + - Email footer text: Enter the custom message footer text to use. The same text is used for Phishing, Junk and No threats found. - - Specify an Office 365 mailbox to send email notifications from: Select this option and enter the sender's email address in the box that appears. - - Replace the Microsoft logo with my company logo: Select this option to replace the default Microsoft logo that's used in notifications. Before you do this step, you need to follow the instructions in [Customize the Microsoft 365 theme for your organization](../../admin/setup/customize-your-organization-theme.md) to upload your custom logo. - - Customize email notification messages: Select this link to customize the email notification that's sent after an admin reviews and marks a reported message. In the Customize admin review email notifications flyout that appears, configure the following settings on the Phishing, Junk and No threats found tabs: - - Email box results text: Enter the custom text to use. - - Footer tab: The following options are available: - - Email footer text: Enter the custom message footer text to use. + When you're finished in the Customize admin review email notifications flyout, select Confirm to return to the User reported settings page. - When you're finished on the Customize admin review email notifications flyout, select Confirm. + :::image type="content" source="../../media/admin-review-customize-message.png" alt-text="The Customize confirmation message flyout." lightbox="../../media/admin-review-customize-message.png"::: - :::image type="content" source="../../media/admin-review-customize-message.png" alt-text="The Customize confirmation message page" lightbox="../../media/admin-review-customize-message.png"::: + - Customize sender and branding section: + - Specify a Microsoft 365 mailbox to use ads the From address of email notifications: Select this option and enter the sender's email address in the box that appears. If you don't select this option, the default sender is submissions@messaging.microsoft.com. + - Replace the Microsoft logo with my organization's logo across all reporting experiences: Select this option to replace the default Microsoft logo that's used in notifications. Before you do this step, follow the instructions in [Customize the Microsoft 365 theme for your organization](../../admin/setup/customize-your-organization-theme.md) to upload your custom logo. -4. When you're finished on the User reported page, select Save. To clear these values, select Restore on the User reported page. +4. When you're finished on the User reported settings page, select Save.
security	Submissions Admin	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-admin.md	description: "Admins can learn how to use the Submissions page in the Microsoft 365 Defender portal to submit messages, URLs, and email attachments to Microsoft for analysis. Reasons for submission include: legitimate messages that were blocked, suspicious messages that were allowed, suspected phishing email, spam, malware, and other potentially harmful messages." Previously updated : 6/20/2023 Last updated : 7/7/2023 appliesto: - Γ£à <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a> - Γ£à <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> In Microsoft 365 organizations with Exchange Online mailboxes, admins can use th - Admin submission of user reported messages: The built-in [user reporting experience](submissions-user-reported-messages-custom-mailbox.md) is turned on and configured. User reported messages appear on the User reported tab on the Submissions page, and admins submit or resubmit the messages to Microsoft from the User reported tab. - After an admin submits the message, an entry is also created on the corresponding tab on the Submissions page (for example, the Emails tab). These types of admin submissions are described in the [Admin options for user reported messages](#admin-options-for-user-reported-messages) section. + After an admin submits the message from the User reported tab, an entry is also created on the corresponding tab on the Submissions page (for example, the Emails tab). These types of admin submissions are described in the [Admin options for user reported messages](#admin-options-for-user-reported-messages) section. -When admins submit email messages for analysis, Microsoft does the following checks: +When admins submit messages for analysis, Microsoft does the following checks: -- Email authentication check: Whether email authentication passed or failed when it was delivered. +- Email authentication check (email messages only): Whether email authentication passed or failed when it was delivered. - Policy hits: Information about any policies or overrides that might have allowed or blocked the incoming email into the organization, thus overriding our filtering verdicts. - Payload reputation/detonation: Up-to-date examination of any URLs and attachments in the message. - Grader analysis: Review done by human graders to confirm whether or not messages are malicious. > [!IMPORTANT] -> In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), admins can submit messages to Microsoft for analysis, but the messages are analyzed for email authentication and policy checks only. Payload reputation, detonation, and grader analysis aren't done for compliance reasons (data isn't allowed to leave the organization boundary). +> In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), admins can submit email messages to Microsoft for analysis, but the messages are analyzed for email authentication and policy checks only. Payload reputation, detonation, and grader analysis aren't done for compliance reasons (data isn't allowed to leave the organization boundary). Watch this short video to learn how to use admin submissions in Microsoft Defender for Office 365 to submit messages to Microsoft for evaluation. After a few moments, the allow entry is available on the URL tab on the Te > - When the URL is encountered again during mail flow, [Safe Links](safe-links-about.md) detonation or URL reputation checks and all other URL-based filters are overridden. If the filtering system determines that all other entities in the email message are clean, the message are delivered. > - During selection, all URL-based filters, including [Safe Links](safe-links-about.md) detonation or URL reputation checks are overridden, allowing user access to content at the URL. +### Report Teams messages to Microsoft + +You can't submit Teams messages from the Teams messages tab on the Submissions page. The only way to submit a Teams message to Microsoft for analysis is to submit a user reported Teams message from the User reported tab as described in the [Submit user reported messages to Microsoft for analysis](#submit-user-reported-messages-to-microsoft-for-analysis) section later in this article. + +The entries on the Teams messages tab are the result of submitting user reported Teams message to Microsoft. For more information, see the [View converted admin submissions](#view-converted-admin-submissions) section later in this article. + ### View email admin submissions to Microsoft In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Actions & submissions \> Submissions. Or, to go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. On the Submissions page, verify that the Emails tab is selected. -On the Emails tab, you can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns** to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): +On the Emails* tab, you can quickly filter the view by selecting one of the available quick filters: + +- Pending +- Completed ++ +You can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): - Submission name<sup>\</sup> - Sender<sup>\</sup> When you're finished on the Filter* flyout, select Apply. To clear the fi Use :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: Export to export the list of entries to a CSV file. +### View Teams admin submissions to Microsoft + +In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Actions & submissions \> Submissions. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. + +On the Submissions page, select the Teams messages tab. + +You can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): + +- Submission name<sup>\</sup> +- Sendersup>\</sup> +- Date submitted<sup>\</sup> +- Reason for submitting<sup>\</sup> +- Submitted by* +- Status<sup>\</sup> +- Result<sup>\</sup> +- Recipient +- Submission ID +- Teams message ID +- Destination +- Phish simulation +- Tags<sup>\</sup>: For more information about user tags, see [User tags](user-tags-about.md). + +To group the entries, select :::image type="icon" source="../../media/m365-cc-sc-group-icon.png" border="false"::: Group* and then select one of the following values: + +- Reason +- Original verdict +- Status +- Result +- Tags + +To ungroup the entries, select None. + +To filter the entries, select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: Filter. The following filters are available in the Filter flyout that opens: + +- Date submitted: Start date and End date. +- Submission ID: A GUID value that's assigned to every submission. +- Teams message +- Submitted by +- Reason for submitting: Any of the following values: + - Not junk + - Phish + - Malware +- Status: Pending and Completed. +- Tags: All or select [user tags](user-tags-about.md) from the dropdown list. + +When you're finished on the Filter flyout, select Apply. To clear the filters, select :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: Clear filters. + +Use :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: Export to export the list of entries to a CSV file. + ### View email attachment admin submissions to Microsoft In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Actions & submissions \> Submissions. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. On the Submissions page, select the Email attachments tab. -On the Email attachments tab, you can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): +On the Email attachments* tab, you can quickly filter the view by selecting one of the available quick filters: + +- Pending +- Completed ++ +You can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): - Attachment filename<sup>\</sup> - Date submitted<sup>\</sup> When you're finished on the Filter* flyout, select Apply. To clear the fi Use :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" border="false"::: Export to export the list of entries to a CSV file. -### View URLs admin submissions to Microsoft +### View URL admin submissions to Microsoft In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the Submissions page at Actions & submissions \> Submissions. To go directly to the Submissions page, use <https://security.microsoft.com/reportsubmission>. On the Submissions page, select the URLs tab. -On the URLs tab, you can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): +On the URLs* tab, you can quickly filter the view by selecting one of the available quick filters: + +- Pending +- Completed ++ +You can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): - URL<sup>\</sup> - Date submitted<sup>\</sup> To filter the entries, select :::image type="icon" source="../../media/m365-cc-s - Not junk* - Phish - Malware - - Spam. + - Spam - Status: Pending and Completed. - Tags: All or select [user tags](user-tags-about.md) from the dropdown list. Use :::image type="icon" source="../../media/m365-cc-sc-download-icon.png" borde ### Admin submission result details -Messages, email attachments, and URLs that admins submit to Microsoft for analysis are available on the corresponding tabs on the Submissions page. +Email messages, Teams messages, email attachments, and URLs that admins submit to Microsoft for analysis are available on the corresponding tabs on the Submissions page. When you select an entry on the tab by clicking anywhere in the row other than the check box next to the first column, complete information about the original reported item, the status of the reported item, and the analysis results of the reported item are shown in the details flyout that opens: In organizations with Microsoft Defender for Office 365 Plan 2 (add-on licenses ## Admin options for user reported messages -If the [user reported settings](submissions-user-reported-messages-custom-mailbox.md) are turned on and you've deployed supported methods for users to report messages (the [Microsoft Report Message or Report Phishing add-ins](submissions-users-report-message-add-in-configure.md), the [built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web), or [supported third-party reporting tools](submissions-user-reported-messages-custom-mailbox.md#options-for-third-party-reporting-tools)), you can see what users are reporting on the User reported tab on the Submissions page: +Admins can see what users are reporting on the User reported tab on the Submissions page if the following statements are true: + +- The [user reported settings](submissions-user-reported-messages-custom-mailbox.md) are turned on. +- Email messages: You're using supported methods for users to report messages: + - The [Microsoft Report Message or Report Phishing add-ins](submissions-users-report-message-add-in-configure.md). + - The [built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web). + - [Supported third-party reporting tools](submissions-user-reported-messages-custom-mailbox.md#options-for-third-party-reporting-tools) +- Teams messages: [User reporting settings for Teams messages](submissions-teams.md#user-reporting-settings-for-teams-messages) is turned on. + +Notes: - User reported messages that are sent to Microsoft only or to Microsoft and the [reporting mailbox](submissions-user-reported-messages-custom-mailbox.md) appear on the User reported tab. Although these messages have already been reported to Microsoft, admins can resubmit the reported messages. - User reported messages that are sent only to the reporting mailbox appear on the User reported tab with the Result value Not Submitted to Microsoft. Admins should report these messages to Microsoft for analysis. The following subsections describe the information and actions that are availabl ### View user reported messages to Microsoft -On the User reported tab, you can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): +On the User reported* tab, you can quickly filter the view by selecting one of the available quick filters: + +- Threats +- Spam +- No threats +- Simulations ++ +You can sort the entries by clicking on an available column header. Select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns to change the columns that are shown. The default values are marked with an asterisk (<sup>\</sup>): - Name and type<sup>\</sup> - Reported by<sup>\</sup> On the User reported* tab, you can sort the entries by clicking on an availab - Sender<sup>\</sup> - Reported reason<sup>\</sup> - Original verdict<sup>\</sup>-- Result<sup>\</sup> +- Result<sup>\</sup>: Contains the following information for reported messages based on the [user reported settings](submissions-user-reported-messages-custom-mailbox.md): + - Send the reported messages to* \> Microsoft and my reporting mailbox or Microsoft only: Values derived from the following analysis: + - Policy hits: Information about any policies or overrides that may have allowed or blocked the incoming messages, including overrides to our filtering verdicts. The result should be available within several minutes. Otherwise, detonation and feedback from graders could take up to one day. + - Payload reputation/detonation: Up-to-date examination of any URLs and files in the message. + - Grader analysis: Review done by human graders in order to confirm whether or not messages are malicious. + - Send the reported messages to \> My reporting mailbox only: The value is always Not submitted to Microsoft, because the messages weren't analyzed by Microsoft. - Message reported ID - Network Message ID +- Teams message ID - Sender IP - Reported from - Phish simulation To filter the entries, select :::image type="icon" source="../../media/m365-cc-s - Reported by - Name - Message reported ID-- Network Message ID +- Network message ID +- Teams message ID - Sender-- Reported reason: The values Not junk, Phish, and Spam. +- Reported reason: The values No threats, Phish, and Spam. - Reported from: The values Microsoft and Third party. - Phish simulation: The values Yes and No. - Converted to admin submission: The values Yes and No. +- Message type: The values Email and Teams. - Tags: All or select [user tags](user-tags-about.md) from the dropdown list. When you're finished on the Filter flyout, select Apply. To clear the filters, select :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: Clear filters. After you select the message on the User reported tab, use either of the fol In the Submit to Microsoft for analysis dropdown list, select one of the following values: -- Report clean: In the dialog that opens, review or configure the following settings: +- Available values for email messages: - Allow email with similar attributes (URL, sender, etc.): Select this option to add corresponding allow entries in Tenant Allow/Block List. The following settings are available: + - Report clean: In the dialog that opens, review or configure the following settings: - - Remove allow entry after: The default value is 30 days, but you can select from the following values: - - 1 day - - 7 days - - 30 days - - Specific date: The maximum value is 30 days from today. - - Allow entry note: Enter optional information about why you're blocking this email. + Allow email with similar attributes (URL, sender, etc.): Select this option to add corresponding allow entries in Tenant Allow/Block List. The following settings are available: + + - Remove allow entry after: The default value is 30 days, but you can select from the following values: + - 1 day + - 7 days + - 30 days + - Specific date: The maximum value is 30 days from today. + - Allow entry note: Enter optional information about why you're blocking this email. - When you're finished in the Submit message as clean to Microsoft dialog, select Submit. + When you're finished in the Submit message as clean to Microsoft dialog, select Submit. -- Report phishing, Report malware or Report spam: These selections have the same options in the dialog that opens: + - Report phishing, Report malware or Report spam: These selections have the same options in the dialog that opens: - Block all email from this sender or domain: Select this option to add a sender or domain block entry in Tenant Allow/Block List. The following settings are available: + Block all email from this sender or domain: Select this option to add a sender or domain block entry in Tenant Allow/Block List. The following settings are available: - - Select Sender or Domain. - - Remove allow entry after: The default value is 30 days, but you can select from the following values: + - Select Sender or Domain. + - Remove allow entry after: The default value is 30 days, but you can select from the following values: - 1 day - 7 days - 30 days - Specific date: The maximum value is 30 days from today. - When you're finished in the dialog, select Submit. + When you're finished in the dialog, select Submit. + + - Trigger investigation: Defender for Office 365 Plan 2 only. For more information, see [Trigger an investigation](air-about-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer). -- Trigger investigation: Defender for Office 365 Plan 2 only. For more information, see [Trigger an investigation](air-about-office.md#example-a-security-administrator-triggers-an-investigation-from-threat-explorer). + :::image type="content" source="../../media/admin-submission-user-reported-submit-button-options.png" alt-text="The available actions in the Submit to Microsoft for analysis dropdown list." lightbox="../../media/admin-submission-user-reported-submit-button-options.png"::: +- Available values for Teams messages: No other options are available when you select one of the following values: + - Report clean + - Report phishing + - Report malware After you submit a user reported message to Microsoft from the User reported tab, the value of Converted to admin submission turns from No to Yes, and a corresponding admin submission entry is created on the appropriate tab on the Submissions page (for example, the Emails tab). #### Notify users about admin submitted messages to Microsoft -After an admin submits a user reported message to Microsoft from the User reported tab, admins can use the :::image type="icon" source="../../media/m365-cc-scc-mark-and-notify-icon.png" border="false"::: Mark as and notify action to mark these messages as No threats found, Phishing, or Spam, and send templated notification messages to the user who reported the message. +After an admin submits a user reported message to Microsoft from the User reported tab, admins can use the :::image type="icon" source="../../media/m365-cc-scc-mark-and-notify-icon.png" border="false"::: Mark as and notify action to mark the message with a verdict and send a templated notification message to the user who reported the message. + +- Available verdicts for email messages: + - No threats found + - Phishing + - Spam + +- Available verdicts for Teams messages: + - No threats found + - Phishing For more information, see [Notify users from within the portal](submissions-admin-review-user-reported-messages.md#notify-users-from-within-the-portal). This action takes you to the corresponding admin submission entry on the appropr In organizations with Microsoft Defender for Office 365 Plan 2 (add-on licenses or included in subscriptions like Microsoft 365 E5), the following actions might also be available in the details flyout of a user reported message on the User reported tab: -- :::image type="icon" source="../../medi#how-to-read-the-email-entity-page). +- :::image type="icon" source="../../medi#how-to-read-the-email-entity-page). -- :::image type="icon" source="../../medi#actions-you-can-take-on-the-email-entity-page). +- :::image type="icon" source="../../medi#actions-you-can-take-on-the-email-entity-page). - :::image type="icon" source="../../media/m365-cc-sc-view-alert-icon.png" border="false"::: View alert. An alert is triggered when an admin submission is created or updated. Selecting this action takes you to the details of the alert.
security	Submissions Teams	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-teams.md	description: "Admins can configure whether users can report malicious message in Microsoft Teams." Previously updated : 6/20/2023 Last updated : 7/7/2023 appliesto: - Γ£à <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> - Γ£à <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a> appliesto: # User reported message settings in Microsoft Teams - [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)] In organizations with Microsoft Defender for Office 365 Plan 2 or Microsoft 365 Defender, admins can decide whether users can report malicious messages in Microsoft Teams. Admins can also get visibility into the Teams messages that users are reporting. User reporting of messages in Teams is made of two separate settings: - In the Teams admin center: On by default and controls whether users are able to report messages from Teams. When this setting is turned off, users can't report messages within Teams, so the corresponding setting in the Microsoft 365 Defender portal is irrelevant. -- In the Microsoft 365 Defender portal: On by default for new tenants. Existing tenants need to enable it. If user reporting of messages is turned on in the Teams admin center, it also needs to be turned on the Defender portal for user reported messages to show up correctly. +- In the Microsoft 365 Defender portal: On by default for new tenants. Existing tenants need to enable it. If user reporting of messages is turned on in the Teams admin center, it also needs to be turned on the Defender portal for user reported messages to show up correctly on the User reported tab on the Submissions page. ### Turn off or turn on user reporting in the Teams admin center For more information about user reported message settings in the Defender portal - The reported message remains visible to the user in the Teams client. - Users can report the same message multiple times.-- The message sender isn't notified that the message(s) was reported.-- Microsoft also sends an email message notification to the user who reported the message from submissions@messaging.microsoft.com with the subject, "You have successfully reported a Teams message as a security risk." If Teams integration is turned on in the Defender portal, admins can customize some elements of the notification message in the Email sent to user after admin review on User reported page as described in [Options for Microsoft reporting tools](submissions-user-reported-messages-custom-mailbox.md#options-for-microsoft-reporting-tools). +- The message sender isn't notified that messages were reported. +- Microsoft also sends an email message notification to the user who reported the message from submissions@messaging.microsoft.com with the subject, "You have successfully reported a Teams message as a security risk." If Teams integration is turned on in the Defender portal, admins can customize some elements of the notification message in the Email notifications section on User reported settings page as described in [Customize the messages used to notify users](submissions-admin-review-user-reported-messages.md#customize-the-messages-used-to-notify-users). > [!IMPORTANT] > For more information about user reported message settings in the Defender portal What happens to a user reported Teams message depends on the settings in the Reported message destinations section on the User reported settings page at <https://security.microsoft.com/securitysettings/userSubmission>: -- Send reported messages to \> Microsoft and my reporting mailbox: For Microsoft 365 organizations created after March 1 2023, this is the default value. The default user reporting mailbox is the Exchange Online mailbox of the global admin. The value for older Microsoft 365 organizations is unchanged.-- Send reported messages to \> Microsoft only-- Send reported messages to \> My reporting mailbox only +- Send the reported messages to \> Microsoft and my reporting mailbox: For Microsoft 365 organizations created after March 1 2023, this is the default value. The default user reporting mailbox is the Exchange Online mailbox of the global admin. The value for older Microsoft 365 organizations is unchanged. +- Send the reported messages to \> Microsoft only +- Send the reported messages to \> My reporting mailbox only For more information, see [User reported settings](submissions-user-reported-messages-custom-mailbox.md). Notes: -- If you select Send reported messages to \> My reporting mailbox only, reported messages don't go to Microsoft for analysis unless an admin manually submits the message from the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. Reporting messages to Microsoft is an important part of training the service to help improve the accuracy of filtering (reduce false positives and false negatives). That's why we use Send reported messages to \> Microsoft and my reporting mailbox as the default.-- Regardless of the Send reported messages to setting, metadata from the reported Teams message (for example, senders, recipients, reported by, and message details) is available on the User reported tab on the Submissions page.-- Regardless of the Send reported messages to setting, the alert policy named Teams message reported by user as a security risk generates an alert when a user reports a message in Teams by default. For more information, see [Manage alerts](/microsoft-365/compliance/alert-policies#manage-alerts). +- If you select Send the reported messages to \> My reporting mailbox only, reported messages don't go to Microsoft for analysis unless an admin manually submits the message from the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. Reporting messages to Microsoft is an important part of training the service to help improve the accuracy of filtering (reduce false positives and false negatives). That's why we use Send the reported messages to \> Microsoft and my reporting mailbox as the default. +- Regardless of the Send the reported messages to setting, metadata from the reported Teams message (for example, senders, recipients, reported by, and message details) is available on the User reported tab on the Submissions page. +- Regardless of the Send the reported messages to setting, the alert policy named Teams message reported by user as a security risk generates an alert when a user reports a message in Teams by default. For more information, see [Manage alerts](/microsoft-365/compliance/alert-policies#manage-alerts). To view the corresponding alert for a user reported message in Teams, go to the User reported tab on the Submission page, and then double-click the message to open the submission flyout. Select :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: More options and then select View alert. ## View and triage user reported messages in Teams As previously described, information about user reported messages in Teams is available on the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. For more information, see [View user reported messages to Microsoft](submissions-admin.md#view-user-reported-messages-to-microsoft).- -The availability of Teams messages on the User reported tab on the Submissions page introduces the following changes to the page: --- Differences in available columns displayed by default (marked with an asterisk (\)) and when you select :::image type="icon" source="../../media/m365-cc-sc-customize-icon.png" border="false"::: Customize columns: - - Name and type<sup>\</sup> is available (previously named Submission name<sup>\</sup>). - - Teams message ID* is available. --- Differences in available filters when you select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: Filter: - - Teams message ID is available. - - Message type is available. Values are Email and Teams message --- Differences in available values when you select :::image type="icon" source="../../media/m365-cc-sc-group-icon.png" border="false"::: Group: - - Reason isn't available. - - Phish simulation isn't available. --- The Result column contains the following information for reported Teams messages based on the [user reported settings](submissions-user-reported-messages-custom-mailbox.md): - - Send reported messages to \> Microsoft and my reporting mailbox or Microsoft only: The Result column contains values derived from the following analysis: - - Policy hits: Information about any policies or overrides that may have allowed or blocked the incoming messages, including overrides to our filtering verdicts. The result should be available within several minutes. Otherwise, detonation and feedback from graders could take up to one day. - - Payload reputation/detonation: Up-to-date examination of any URLs and files in the message. - - Grader analysis: Review done by human graders in order to confirm whether or not messages are malicious. - - Send reported messages to \> My reporting mailbox only: The Result column value is always Not submitted to Microsoft, because the messages weren't analyzed by Microsoft. --- Admin submission of Teams messages to Microsoft from the User reported tab on the Submissions page is basically the same as described in [Submit user reported messages to Microsoft for analysis](submissions-admin.md#submit-user-reported-messages-to-microsoft-for-analysis), including the [required permissions and throttling limits](submissions-admin.md#what-do-you-need-to-know-before-you-begin).- - But only the following values are available in Submit to Microsoft for analysis for reported Teams messages: - - - Report clean - - Report phishing - - Report malware --- Notifying a user about the results of a reported Teams message is basically the same as described in [Notify users from within the portal](submissions-admin-review-user-reported-messages.md#notify-users-from-within-the-portal).- - But only the following values are available in Mark as and notify for reported Teams messages: - - - No threats found - - Phishing --- The available customization options for admin notifications for reported Teams messages are the same as described in [Customize the messages used to notify users](submissions-admin-review-user-reported-messages.md#customize-the-messages-used-to-notify-users), but the names and setting locations on the page are slightly different: - - On the User reported settings page at <https://security.microsoft.com/securitysettings/userSubmission>, the notification customization options are in the Email notifications section (formerly the Email sent to user after admin review section): - - The Customize results email link is in the Results email subsection. The available settings in the flyout that opens are the same. - - The Customize sender and branding subsection contains the options to specify the sender email address and custom branding: - - Specify a Microsoft 365 mailbox to use as the From address of email notifications (formerly Specify an Office 365 mailbox to send email notifications from). - - Replace the Microsoft logo with my organization's logo across all reporting experiences (formerly Replace the Microsoft logo with my company logo). --- As described in the Reporting from quarantine section on the User reported settings page at <https://security.microsoft.com/securitysettings/userSubmission>, only admins can report quarantined Teams messages to Microsoft.
security	Submissions User Reported Messages Custom Mailbox	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox.md	description: "Admins can configure where user reported messages go for analysis: to an internal reporting mailbox, to Microsoft, or both. Other settings complete the reporting experience for users when they report good messages, spam, or phishing messages from Outlook." Previously updated : 6/20/2023 Last updated : 7/6/2023 appliesto: - Γ£à <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a> - Γ£à <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> appliesto: [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)] -In Microsoft 365 organizations with Exchange Online mailboxes, you can identify a _reporting mailbox_ (formerly known as a _custom mailbox_ or _submissions mailbox_) to hold messages that users report as malicious or not malicious using supported reporting tools in Outlook. For Microsoft reporting tools, you can decide whether to send user reported messages to the reporting mailbox, to Microsoft, or to the reporting mailbox and Microsoft. These selections were formerly part of the _User submissions policy_ or _User submissions_. +In Microsoft 365 organizations with Exchange Online mailboxes, you can identify a _reporting mailbox_ (formerly known as a _custom mailbox_ or _submissions mailbox_) to hold messages that users report as malicious or not malicious in Outlook. For Microsoft reporting tools, you can decide whether to send user reported messages to the reporting mailbox, to Microsoft, or to the reporting mailbox and Microsoft. These selections were formerly part of the _User submissions policy_ or _User submissions_. User reported settings and the reporting mailbox work with the following message reporting tools: - [The built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web) - [The Microsoft Report Message or Report Phishing add-ins](submissions-users-report-message-add-in-configure.md)-- [Third-party reporting tools](#options-for-third-party-reporting-tools) +- [Supported third-party reporting tools](#options-for-third-party-reporting-tools) -Delivering user reported messages to a reporting mailbox instead of directly to Microsoft allows admins to selectively and manually submit messages to Microsoft from the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=email>. For more information, see [Admin submission](submissions-admin.md). +Delivering user reported messages to a reporting mailbox instead of directly to Microsoft allows admins to selectively and manually submit messages to Microsoft from the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. For more information, see [Admin submission](submissions-admin.md). > [!NOTE] -> The _ReportJunkEmailEnabled_ parameter on the [Set-OwaMailboxPolicy](/powershell/module/exchange/set-owamailboxpolicy) cmdlet no longer controls whether user message reporting is enabled or disabled. User reporting of messages is now controlled on the User reported page at <https://security.microsoft.com/securitysettings/userSubmission> as described in this article. +> The _ReportJunkEmailEnabled_ parameter on the [Set-OwaMailboxPolicy](/powershell/module/exchange/set-owamailboxpolicy) cmdlet no longer controls whether user message reporting is enabled or disabled. User reporting of messages is now controlled on the User reported settings page at <https://security.microsoft.com/securitysettings/userSubmission> as described in this article. +> +> For information about user reported message settings in Microsoft Teams, see [User reported message settings in Microsoft Teams](submissions-teams.md). ## Configuration requirements for the reporting mailbox -Before you get started, you need to configure Exchange Online Protection and Defender for Office 365 so user reported messages are delivered to the reporting mailbox without being filtered as described in the following steps: +Before you get started, you need to use the following steps to configure Exchange Online Protection and Defender for Office 365 so user reported messages are delivered to the reporting mailbox without being filtered: - Identify the reporting mailbox as a SecOps mailbox. For instructions, see [Use the Microsoft 365 Defender portal to configure SecOps mailboxes in the advanced delivery policy](skip-filtering-phishing-simulations-sec-ops-mailboxes.md#use-the-microsoft-365-defender-portal-to-configure-secops-mailboxes-in-the-advanced-delivery-policy). + > [!NOTE] + > This step is especially important if you use [Attack simulation training](attack-simulation-training-get-started.md) or a third-party product to do phishing simulations. If you don't configure the reporting mailbox as a SecOps mailbox, a user reported message might trigger a training assignment by the phishing simulation product. + - Create a custom anti-malware policy for the reporting mailbox with the following settings: - Turn off Zero-hour auto purge (ZAP) for malware (Protection settings section \> Enable zero-hour auto purge for malware isn't selected or `-ZapEnabled $false` in PowerShell). Before you get started, you need to configure Exchange Online Protection and Def For instructions, see [Create an anti-malware policy](anti-malware-policies-configure.md#use-the-microsoft-365-defender-portal-to-create-anti-malware-policies). -- Verify that the reporting mailbox isn't included in the Standard or Strict preset security policies. For instructions, see [Preset security policies](preset-security-policies.md). +- Verify that the reporting mailbox isn't included in the Standard or Strict preset security policies. For instructions, see [Preset security policies](preset-security-policies.md). - Defender for Office 365: Configure the following additional settings: - - Exclude the reporting mailbox from the Built-in protection preset security policy. For instructions, see [Preset security policies](preset-security-policies.md). + - Exclude the reporting mailbox from the Built-in protection preset security policy. For instructions, see [Preset security policies](preset-security-policies.md). - Create a Safe Attachments policy for the mailbox where Safe Attachments scanning, including Dynamic Delivery, is turned off (Settings \> Safe Attachments unknown malware response section \> Off or `-Enable $false` in PowerShell). For instructions, see [Set up Safe Attachments policies in Microsoft Defender for Office 365](safe-attachments-policies-configure.md). After you verify that the reporting mailbox meets all of these requirements, use ## What do you need to know before you begin? -- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the User reported page, use <https://security.microsoft.com/securitysettings/userSubmission>. +- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the User reported settings page, use <https://security.microsoft.com/securitysettings/userSubmission>. - To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). After you verify that the reporting mailbox meets all of these requirements, use ## Use the Microsoft 365 Defender portal to configure user reported settings -1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Settings \> Email & collaboration \> User reported tab. To go directly to the User reported page, use <https://security.microsoft.com/securitysettings/userSubmission>. +In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to Settings \> Email & collaboration \> User reported settings tab. To go directly to the User reported settings page, use <https://security.microsoft.com/securitysettings/userSubmission>. -2. On the User reported page, the available settings are determined entirely by the toggle at the top of the page: +On the User reported settings page, the available settings for reporting messages in Outlook are determined by the Monitor reported messages in Outlook setting in the Outlook section at the top of the page: - - On :::image type="icon" source="../../media/scc-toggle-on.png":::: The following configurations are supported: - - Users in your organization can see and use the built-in Report button in Outlook on the web or the Microsoft Report Message or Report Phishing add-ins in virtually all Outlook platforms to report messages. - - You can configure user reported messages to go to the reporting mailbox, to Microsoft, or both. - - You decide whether users receive Before a message is reported and After a message is reported pop-ups in Outlook. - - You decide how to customize the feedback email that's sent to users from Mark as and notify on the Submissions page at <https://security.microsoft.com/reportsubmission>. - - You decide whether users can report messages from quarantine. +- Monitor reported messages in Outlook isn't selected: The Microsoft-integrated reporting experience for email messages is turned off, and all settings related to reporting email messages aren't configurable on the User reported settings page, including the ability for users to report email messages from quarantine. - You choose this configuration by selecting Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options in the Outlook report button configuration section. The available configuration options from this selection are explained in the [Options for Microsoft reporting tools](#options-for-microsoft-reporting-tools) section in this article. +- Monitor reported messages in Outlook is selected: The following configurations are supported: - - Users in your organization use a third-party, non-Microsoft add-in to report messages. - - You decide whether Microsoft can read end user report from the third-party reporting mailbox. - - You decide whether users can report messages from quarantine to third-party reporting mailbox. + - Use the built-in Report button in Outlook on the web or the Microsoft Report Message or Report Phishing add-ins in virtually all Outlook platforms to report email messages. + - Configure user reported messages to go to the reporting mailbox, to Microsoft, or both. + - Decide whether users receive before reporting and after reporting pop-ups in Outlook. + - Decide whether to customize the feedback email that's sent to users after an admin reviews and marks the message on the Submissions page. + - Decide whether users can report email messages from quarantine as they release quarantined messages. - You choose this configuration by selecting Use a non-Microsoft add-in button in the Outlook report button configuration section. The available configuration options from this selection are explained in the [Options for third-party reporting tools](#options-for-third-party-reporting-tools) section in this article. + For details, see the [Options for Microsoft reporting tools](#options-for-microsoft-reporting-tools) section in this article. - - Off :::image type="icon" source="../../media/scc-toggle-off.png":::: The Microsoft-integrated reporting experience is turned off, and all other settings on the User reported page are unavailable, including the ability for users to report messages from quarantine. + - Use a third-party, non-Microsoft add-in to report email messages. + - Decide whether users can report email messages from quarantine as they release quarantined messages. -### Options for Microsoft reporting tools + For details, see the [Options for third-party reporting tools](#options-for-third-party-reporting-tools) section in this article. -When the toggle is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and you've selected Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options, the following options are available on the User reported page: +### Options for Microsoft reporting tools -- Send the reported messages to in the Reported message destinations section: Select one of the following options: +When Monitor reported messages in Outlook is selected and you also select Use the built-in Report button in Outlook, the following options are available on the User reported settings page: - - Microsoft only: User reported messages go directly to Microsoft for analysis. These reports are available on the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. +- Outlook section \> Select an Outlook report button configuration section \> When the Report button is clicked: - - My reporting mailbox only: User reported messages go only to the specified reporting mailbox for an admin or the security operations team to analyze. + - Show a pop-up message before email is reported: Select this setting to show users a pop-up notification in Outlook before they report a message. - In the Add a mailbox to send reported messages to box that appears, enter the email address of an existing Exchange Online mailbox to use as the reporting mailbox that holds user reported messages from Microsoft reporting tools. Distribution groups and routing to an external or on-premises mailbox aren't allowed. + To customize the text in the notification, select Customize before message. In the flyout that opens, enter the text in the Title and Message boxes. Use the variable `%type%` to include the submission type (junk, not junk, phishing, etc.). When you're finished in the flyout, select Confirm. - Messages don't go to Microsoft for analysis unless an admin manually submits the message from the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=email>. + - Show a pop-up success message after email is reported: Select this setting to show users a pop-up notification in Outlook after they report a message. - - Microsoft and my reporting mailbox: User reported messages go to Microsoft for analysis and to the reporting mailbox for an admin or security operations team to analyze. + To customize the text in the notification, select Customize after message. In the flyout that opens, enter the text in the Title and Message boxes. Use the variable `%type%` to include the submission type (junk, not junk, phishing, etc.). When you're finished in the flyout, select Confirm. - In the Add a mailbox to send reported messages to box that appears, enter the email address of an existing Exchange Online mailbox to use as the reporting mailbox. Distribution groups and routing to external or on-premises mailboxes isn't allowed. + > [!NOTE] + > Currently, users who report messages from Outlook on the web using the built-in Report button don't get the before or after pop-up notifications. The pop-ups work for users who report messages using the Microsoft Report Message and Report Phishing add-ins. - > [!IMPORTANT] - > - > - If you select My reporting mailbox only, the Result value of entries on the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user> is Not Submitted to Microsoft, because the messages were not analyzed by Microsoft. - > - In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), the only available selection in the Send the reported messages to section is My reporting mailbox only. The other two options are grayed out for compliance reasons (data isn't allowed to leave the organization boundary). - > - > - If you use [Attack simulation training](attack-simulation-training-get-started.md) or a third-party product to do phishing simulations, and you're sending user reported messages to a reporting mailbox, you need to configure the reporting mailbox as a SecOps mailbox as described in the [Configuration requirements for the reporting mailbox](#configuration-requirements-for-the-reporting-mailbox) section earlier in this article. If you don't, a user reported message might trigger a training assignment by the phishing simulation product. +- Reported message destinations section \> Send the reported messages to: Select one of the following options: -The following settings are also available on the page: + - Microsoft and my reporting mailbox: For Microsoft 365 organizations created after March 1 2023, this is the default value. User reported messages go to Microsoft for analysis and to the specified reporting mailbox for an admin or security operations team to analyze. -- Show a pop-up message in Outlook to confirm it the user want's to report the message in the Before a message is reported section: This setting controls whether users see a pop-up before they report a message. + The default user reporting mailbox is the Exchange Online mailbox of the global admin. Currently, the global admin isn't _shown_ as the user reported mailbox on the User reported settings page until _after_ the first user in the organization reports a message from Outlook. - Select this setting and select Customize before message to enter the Title and Message text in the Customize text before message is reported flyout that opens. Use the variable `%type%` to include the submission type (junk, not junk, phishing, etc.). + To specify a different mailbox, select :::image type="icon" source="../../media/m365-cc-sc-remove-selection-icon.png" border="false"::: next to any existing entry in the Add an Exchange Online mailbox to send reported messages to box. Click in the box and wait for the list of mailboxes to populate, or start typing a value to filter the list, and then select the mailbox in the results. Distribution groups and routing to an external or on-premises mailbox aren't allowed. - When you're finished, select Confirm to return to the User reported page. + - My reporting mailbox only: User reported messages go only to the specified reporting mailbox for an admin or the security operations team to analyze. -- Show a success pop-up message in Outlook after the user reports in the After a message is reported section: This setting controls whether users see a pop-up after they report a message. + Follow the previous instructions to select the mailbox in the Add an Exchange Online mailbox to send reported messages to box. - Select this setting and select Customize after message to enter the Title and Message text in the Customize text after message is reported flyout that opens. Use the variable `%type%` to include the submission type (junk, not junk, phishing, etc.). + On the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>, the Result value for these entries is Not Submitted to Microsoft. Messages don't go to Microsoft for analysis unless an admin manually submits the message. For instructions, see [Submit user reported messages to Microsoft for analysis](submissions-admin.md#submit-user-reported-messages-to-microsoft-for-analysis). - When you're finished, select Confirm to return to th User reported page. + - Microsoft only: User reported messages go directly to Microsoft for analysis. - > [!IMPORTANT] - > Currently, users who report messages from Outlook on the web using the built-in Report button don't get these before or after pop-up messages. The pop-ups work for users who report messages using the Microsoft Report Message and Report Phishing add-ins. + > [!NOTE] + > + > - When you select Use the built-in Report button in Outlook and users report messages using the built-in Report button in Outlook on the web or the Microsoft Report Message or Report Phishing add-ins in Outlook, user reported messages are available to admins on the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>, regardless of the value you select for Send the reported messages to. For more information, see [Admin options for user reported messages](submissions-admin.md#admin-options-for-user-reported-messages). + > + > - In U.S. Government organizations (Microsoft 365 GCC, GCC High, and DoD), the only available value for Send the reported messages to is My reporting mailbox only. The other two options are unavailable for compliance reasons (data isn't allowed to leave the organization boundary). -- Email sent to user after admin review section: The following settings are available: +- Email notifications section: These options affect the notification email message that's sent to users when an admin selects :::image type="icon" source="../../media/m365-cc-scc-mark-and-notify-icon.png" border="false"::: Mark as and notify on the Submissions page at <https://security.microsoft.com/reportsubmission>. The following options are available: - - Specify an Office 365 mailbox to send email notifications from: Select this option and enter the sender's email address in the box that appears. - - Replace the Microsoft logo with my company logo: Select this option to replace the default Microsoft logo that's used in notifications. Before you do this step, you need to follow the instructions in [Customize the Microsoft 365 theme for your organization](../../admin/setup/customize-your-organization-theme.md) to upload your custom logo. This option isn't supported if your organization has a custom logo pointing to a URL instead of an uploaded image file. - - Customize email notification messages: Select this link to customize the email notification that's sent after an admin reviews and marks a reported message. In the Customize admin review email notifications flyout that appears, configure the following settings on the Phishing, Junk and No threats found tabs: + - Results email section: Select Customize results email. In the Customize admin review email notifications flyout that opens, configure the following settings on the Phishing, Junk and No threats found tabs: - Email body results text: Enter the custom text to use. You can use different text for Phishing, Junk and No threats found. - Email footer text: Enter the custom message footer text to use. The same text is used for Phishing, Junk and No threats found. - When you're finished, select Confirm to return to the User reported page. + When you're finished in the Customize admin review email notifications flyout, select Confirm to return to the User reported settings page. + + - Customize sender and branding section: + - Specify a Microsoft 365 mailbox to use ads the From address of email notifications: Select this option and enter the sender's email address in the box that appears. If you don't select this option, the default sender is submissions@messaging.microsoft.com. + - Replace the Microsoft logo with my organization's logo across all reporting experiences: Select this option to replace the default Microsoft logo that's used in notifications. Before you do this step, follow the instructions in [Customize the Microsoft 365 theme for your organization](../../admin/setup/customize-your-organization-theme.md) to upload your custom logo. -When you're finished on the User reported page, select Save. To restore all settings on the page to their immediately previous values, select Restore. +- Report from quarantine section \> Allow reporting for quarantined messages: Verify that this setting is selected to let users report messages from quarantine as they [release quarantined email messages](quarantine-end-user.md#release-quarantined-email). Otherwise, uncheck this setting. + +When you're finished on the User reported settings page, select Save. ### Options for third-party reporting tools -When the toggle is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and you've selected Use a non-Microsoft add-in button, the following options are available on the User reported page: +When Monitor reported messages in Outlook is selected and you also select Use a non-Microsoft add-in button, the following options are available on the User reported settings page: -- Add a mailbox to send reported messages to in the Reported message destinations section: Enter the email address of an existing Exchange Online mailbox to use as the reporting mailbox that holds user-reported messages from third-party reporting tools. These messages aren't submitted to Microsoft. +- Reported message destinations section \> Add an Exchange Online mailbox to send reported messages to: Click in the box to find and select an existing Exchange Online mailbox to use as the reporting mailbox that holds user-reported messages from third-party reporting tools. - These user-reported messages appear on the User reported tab of the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. The Result value for these entries is Not Submitted to Microsoft. + Messages can appear on the User reported settings tab of the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. The Result value for these entries is Not Submitted to Microsoft. The message formatting requirements are described in the next section. - Messages sent to the reporting mailbox must include the original user reported message as an uncompressed .EML or .MSG attachment. Don't forward the original user-reported message to the reporting mailbox. +- Report from quarantine section \> Allow reporting for quarantined messages: Verify that this setting is selected to let users report messages from quarantine as they [release quarantined email messages](quarantine-end-user.md#release-quarantined-email). Otherwise, uncheck this setting. - > [!CAUTION] - > Messages that contain multiple attached messages are discarded. We support only one attached original message in a user reported message. +When you're finished on the User reported settings page, select Save. - The message formatting requirements are described in the next section. This formatting is optional, but if user reported messages don't follow the prescribed format, they're always identified as phishing. +#### Message submission format for third-party reporting tools - Let your organization report messages from quarantine in the Report from quarantine section: Verify that this setting is selected to let users report messages from quarantine. Otherwise, uncheck this setting. +Messages sent by third-party reporting tools to the reporting mailbox required specific formatting so they're correctly identified on the User reported tab on the Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user>. -When you're finished on the User reported page, select Save. To restore all settings on the page to their immediately previous values, select Restore. +Messages that don't follow the required formatting are always identified as phishing. -#### Message submission format +To correctly identify why the original messages were reported, messages sent to the reporting mailbox must meet the following criteria: -To correctly identify the original attached messages, messages sent to the custom mailbox require specific formatting. If the messages don't use this format, the original attached messages are always identified as phishing. +- The user reported message is unmodified and is included as an uncompressed .EML or .MSG attachment. Don't forward the original user reported message to the reporting mailbox. -To specify the reason why the original, attached messages were reported, messages sent to the reporting mailbox must meet the following criteria: + > [!CAUTION] + > Messages that contain multiple attached messages are discarded. -- The user reported message is unmodified and is included as an attachment. - The user reported message should contain the following required headers: - 1. X-Microsoft-Antispam-Message-Info - 2. Message-Id To specify the reason why the original, attached messages were reported, message - `3\|This text in the Subject line is ignored by the system` - `Not Junk:This text in the Subject line is also ignored by the system` - Messages that don't follow this format aren't displayed properly on the User reported tab of the Submissions page at <https://security.microsoft.com/reportsubmission>. - ## Use Exchange Online PowerShell to configure the reported message settings -After you [connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), you use the *\-ReportSubmissionPolicy and \-ReportSubmissionRule* cmdlets to manage and configure the user reported settings. +After you [connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell), use the *\-ReportSubmissionPolicy and \-ReportSubmissionRule* cmdlets to manage and configure the user reported settings. In Exchange Online PowerShell, the basic elements of the user reported settings are: -- The report submission policy: Turns the Microsoft integrated reporting experience on or off, turns sending reported messages to Microsoft on or off, turns sending reported messages to the reporting mailbox on or off, and most other settings. +- The report submission policy: Turns reporting in Outlook on or off, turns sending reported messages to Microsoft on or off, turns sending reported messages to the reporting mailbox on or off, and most other settings. - The report submission rule: Specifies the email address of the reporting mailbox or a blank value when the reporting mailbox isn't used (report messages to Microsoft only). The difference between these two elements isn't obvious when you manage the user reported settings in the Microsoft 365 Defender portal: -- There's only one report submission policy named DefaultReportSubmissionPolicy and one report submission rule named DefaultReportSubmissionRule by default. +- An organization has one report submission policy and one report submission rule. - If you've never gone to <https://security.microsoft.com/securitysettings/userSubmission>, there's no report submission policy or report submission rule (the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets return nothing). + If you never opened the User reported settings page at <https://security.microsoft.com/securitysettings/userSubmission>, there's no report submission policy or report submission rule (the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets return nothing). - As soon as you visit <https://security.microsoft.com/securitysettings/userSubmission> and even before you configure any settings, the report submission policy is created with the default values and is visible in PowerShell. + After you visit the User reported settings page for the first time (even if you don't change any settings), the report submission policy named DefaultReportSubmissionPolicy is created with the default values and is visible in PowerShell. - Only after you specify a reporting mailbox (used by Microsoft or third-party reporting tools) and save the changes is the report submission rule named DefaultReportSubmissionRule automatically created. It takes several seconds before the rule is visible in PowerShell. + Only after you specify a reporting mailbox (used by Microsoft or third-party reporting tools) and save the changes on the User reported settings page is the report submission rule named DefaultReportSubmissionRule created. It might take several seconds before the rule is visible in PowerShell. -- You can delete the report submission rule and recreate it with a different name, but the rule is always associated with the report submission policy whose name you can't change. So, we recommend that you name the rule DefaultReportSubmissionRule whenever you create or recreate the rule. + > [!NOTE] + > Currently, the default settings on the User reported settings page include Send reported messages to \> Microsoft and my reporting mailbox with a blank value for the reporting mailbox. In PowerShell, there's no report submission rule. This default configuration means the reporting mailbox is the global admin's Exchange Online mailbox. The global admin isn't _shown_ as the reporting mailbox in the output of the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets or on the User reported settings page until _after_ the first user in the organization reports a message from Outlook. -- When you specify the email address of the reporting mailbox in the Microsoft 365 Defender portal, that value is primarily set in the report submission rule, but the value is also copied into the related properties in the report submission policy. In PowerShell, when you set the email address in the rule, the value isn't copied into the related properties in the policy. For consistency with the Microsoft 365 Defender portal and for clarity, we recommend that you add or update the email address in the policy and the rule. +- You can delete the report submission rule and recreate it with a different name, but the rule is always associated with the report submission policy, and you can't select or change the name of the policy. So, we recommend naming the rule DefaultReportSubmissionRule if you create or recreate the rule. + +- When you specify the email address of the reporting mailbox in the Microsoft 365 Defender portal, that value is primarily set in the report submission rule, but the value is also copied into the related properties in the report submission policy. In PowerShell, when you set the email address in the rule, the value isn't copied into the related properties in the policy. For consistency with the User reported settings page and for clarity, we recommend that you add or update the email address in the policy and the rule. ### Use PowerShell to view the report submission policy and the report submission rule To view both the policy and the rule at the same time, run the following command Write-Output -InputObject `r`n,"Report Submission Policy",("-"79); Get-ReportSubmissionPolicy; Write-Output -InputObject `r`n,"Report Submission Rule",("-"79); Get-ReportSubmissionRule ``` -Remember, if you've never gone to <https://security.microsoft.com/securitysettings/userSubmission> or manually created the report submission policy or the report submission rule in PowerShell, there's no report submission policy or report submission rule, so the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets return nothing. +Remember, the report submission policy doesn't exist if any of the following statement are true: + +- No one ever opened the User reported settings page at <https://security.microsoft.com/securitysettings/userSubmission>. +- No one ever manually created the report submission policy in PowerShell. +- Someone manually deleted the report submission policy in PowerShell. + +Likewise, the report submission rule doesn't exist if either of the following statements are true: + +- No one ever specified a reporting mailbox on the User reported settings page. +- No one ever manually created the report submission rule in PowerShell. +- Someone manually deleted the report submission rule in PowerShell. + +So, it's possible that the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets return nothing. For detailed syntax and parameter information, see [Get-ReportSubmissionPolicy](/powershell/module/exchange/get-reportsubmissionpolicy) and [Get-ReportSubmissionRule](/powershell/module/exchange/get-reportsubmissionrule). ### Use PowerShell to create the report submission policy and the report submission rule -If the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets return no output, you can create the report submission policy and the report submission rule. If you try to create them after they already exist, you'll get an error. +If the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets return no output, you can create the report submission policy and the report submission rule. If you try to create them after they already exist, you get an error. Always create the report submission policy first, because you specify the report submission policy in the report submission rule. For detailed syntax and parameter information, see [New-ReportSubmissionPolicy](/powershell/module/exchange/new-reportsubmissionpolicy) and [New-ReportSubmissionRule](/powershell/module/exchange/new-reportsubmissionrule). -#### Use PowerShell to configure the Microsoft integrated reporting experience with report messages to Microsoft only +#### Use PowerShell to configure reporting in Outlook with report messages to Microsoft and the reporting mailbox -This example creates the report submission policy with the default settings (the same settings as when you first visit <https://security.microsoft.com/securitysettings/userSubmission>, but before you save any setting changes): +This example creates the report submission policy with the default settings: -- The Microsoft integrated reporting experience is turned on: toggle On :::image type="icon" source="../../media/scc-toggle-on.png"::: and Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options is selected (`-EnableReportToMicrosoft $true -EnableThirdPartyAddress $false` are the default values). +- Reporting in Outlook is turned on: Outlook section \> Monitor reported messages in Outlook is selected by default and Select an Outlook report button configuration section \> Use the built-in Report button in Outlook is selected by default (`-EnableThirdPartyAddress $false` is the default value, so you don't need to use the parameter). -- Reported message destinations section: Send messages to \> Microsoft only is selected (`-ReportJunkToCustomizedAddress $false -ReportNotJunkToCustomizedAddress $false -ReportPhishToCustomizedAddress $false` are the default values). +- Reported message destinations section: + - Send reported messages to \> Microsoft and my reporting mailbox is selected by default (`-EnableReportToMicrosoft $true`, `-ReportJunkToCustomizedAddress $true`, `-ReportNotJunkToCustomizedAddress $true`, and `-ReportPhishToCustomizedAddress $true` are the default values, so you don't need to use those parameters). + - Add an Exchange Online mailbox to send reported messages to specifies the email address of the reporting mailbox. + - New-ReportSubmissionPolicy: `-ReportJunkAddresses <emailaddress>`, `-ReportNotJunkAddresses <emailaddress>`, and `-ReportPhishAddresses <emailaddress>` are required. + - New-ReportSubmissionRule: `-SentTo <emailaddress>` is required. -Other settings: + > [!NOTE] + > Currently, the default value of the parameters that identify the the reporting mailbox is blank, which means the default reporting mailbox is the global admin's Exchange Online mailbox. The global admin isn't _shown_ as the reporting mailbox in the output of the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets or on the User reported settings page in the Defender portal until _after_ the first user in the organization reports a message from Outlook. + > + > Use the same email address value in all parameters that identify the reporting mailbox. -- Before a message is reported section: - - Show a pop-up message in Outlook to confirm if the user wants to report the message is selected (`-PreSubmitMessageEnabled $true \| $false` is available only on Set-ReportSubmissionPolicy; the unconfigurable value on New-ReportSubmissionPolicy is `$true`). - - Customize before message link: Nothing is entered in the Title or Message boxes in the flyout (`-EnableCustomizedMsg $false` is the default value). + In this example, the email address of the reporting mailbox is reportedmessages@contoso.com in Exchange Online (you can't specify an external email address). + +Other settings: -- After a message is reported section: - - Show a success pop-up message in Outlook after the user reports message is selected (`-PostSubmitMessageEnabled $true \| $false` is available only on Set-ReportSubmissionPolicy; the unconfigurable value on New-ReportSubmissionPolicy is `$true`). - - Customize after message link: Nothing is entered in the Title or Message boxes in the flyout (`-EnableCustomizedMsg $false` is the default value). +- Outlook section \> Select an Outlook report button configuration section \> When the report button is clicked section: + - Show a pop-up message before email is supported: When you go to the User reported settings page in the Defender portal for the first time (which creates the report submission policy), this setting is not selected (equivalent to `-PreSubmitMessageEnabled -$false`). But, the default value when you use the PowerShell to create the policy is `-PreSubmitMessageEnabled $true`. So, the example includes `-PreSubmitMessageEnabled $false`. + - Customize before message: Nothing is entered in the Title or Message boxes in the flyout (`-EnableCustomizedMsg $false` is the default value). + - Show a pop-up success message after the email is reported: When you go to the User reported settings page in the Defender portal for the first time (which creates the report submission policy), this setting is not selected (equivalent to `-PostSubmitMessageEnabled -$false`). But, the default value when you use the PowerShell to create the policy is `-PostSubmitMessageEnabled $true`. So, the example includes `-PostSubmitMessageEnabled $false`. + - Customize after message: Nothing is entered in the Title or Message boxes in the flyout (`-EnableCustomizedMsg $false` is the default value). > [!NOTE] - > Currently, pop-up messages before or after a user reports a message are supported only by the Microsoft Report Message and Report Phishing add-ins. Users who report messages with the built-in Report button in Outlook on the web don't see these pop-ups. + > Currently, users who report messages from Outlook on the web using the built-in Report button don't get the before or after pop-up notifications. The pop-ups work for users who report messages using the Microsoft Report Message and Report Phishing add-ins. -- Email sent to user after admin review section: - - Specify an Office 365 mailbox to send email notifications from isn't selected (`-EnableCustomNotificationSender $false` is the default value). - - Replace the Microsoft logo with my company logo isn't selected (`-EnableOrganizationBranding $false` is the default value). - - Customize email notification messages link: Nothing is entered in the Email body results text or Email footer text boxes on the Phishing, Junk, or No threats found tabs in the flyout (`-EnableCustomizedMsg $false` is the default value). -- Report from quarantine section: Let your organization report messages from quarantine is selected (`-DisableQuarantineReportingOption $false` is the default value). +- Email notifications section: + - Results email section \> Customize results email: Nothing is entered in the Email body results text or Email footer text boxes on the Phishing, Junk, or No threats found tabs in the flyout (`-EnableCustomizedMsg $false` is the default value). + - Customize sender and branding section: + - Specify a Microsoft 365 mailbox to use as the From address of email notifications isn't selected (`-EnableCustomNotificationSender $false` is the default value). + - Replace the Microsoft logo with my organization's logo across all reporting experiences isn't selected (`-EnableOrganizationBranding $false` is the default value). + +- Reporting from quarantine section: Allow reporting for quarantined messages is selected (`-DisableQuarantineReportingOption $false` is the default value). ```powershell -New-ReportSubmissionPolicy -``` +$usersub = "reportedmessages@contoso.com" -Because a reporting mailbox isn't use, the report submission rule isn't needed or created. +New-ReportSubmissionPolicy -ReportJunkAddresses $usersub -ReportNotJunkAddresses $usersub -ReportPhishAddresses $usersub -PreSubmitMessageEnabled $false -PostSubmitMessageEnabled $false -#### Use PowerShell to configure the Microsoft integrated reporting experience with report messages to Microsoft and the reporting mailbox +New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub +``` + +#### Use PowerShell to configure reporting in Outlook with report messages to the reporting mailbox only This example creates the report submission policy and the report submission rule with the following settings: -- The Microsoft integrated reporting experience is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options is selected (`-EnableReportToMicrosoft $true -EnableThirdPartyAddress $false` are the default values). +- Reporting in Outlook is turned on: Outlook section \> Monitor reported messages in Outlook is selected and Select an Outlook report button configuration section \> Use the built-in Report button in Outlook is selected by default (`-EnableThirdPartyAddress $false` is the default value, so you don't need to use the parameter). - Reported message destinations section: - - Send messages to \> Microsoft and my reporting mailbox is selected. - - Add a mailbox to send reported messages to specifies the email address of the reporting mailbox. - - - New-ReportSubmissionPolicy: `-ReportJunkToCustomizedAddress $true -ReportJunkAddresses <emailaddress> -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses <emailaddress> -ReportPhishToCustomizedAddress $true -ReportPhishAddresses <emailaddress>`. - - New-ReportSubmissionRule: `-SentTo <emailaddress>`. - - In this example, the email address of the reporting mailbox is reportedmessages@contoso.com in Exchange Online (you can't specify an external email address). + - Send reported messages to \> My reporting mailbox only: `-EnableReportToMicrosoft $false` and `-EnableUserEmailNotification $true` are required. `-ReportJunkToCustomizedAddress $true`, `-ReportNotJunkToCustomizedAddress $true`, and `-ReportPhishToCustomizedAddress $true` are the default values, so you don't need to use those parameters. + - Add an Exchange Online mailbox to send reported messages to specifies the email address of the reporting mailbox. + - New-ReportSubmissionPolicy: `-ReportJunkAddresses <emailaddress>`, `-ReportNotJunkAddresses <emailaddress>`, and `-ReportPhishAddresses <emailaddress>` are required. + - New-ReportSubmissionRule: `-SentTo <emailaddress>` is required. > [!NOTE] - > You must use the same email address value in all parameters that identify the reporting mailbox. + > Currently, the value `-ReportChatMessageEnabled $false` is required. Even when the _ReportChatMessageEnabled_ property value is `$false` in PowerShell, the Monitor reported message in Microsoft Teams settings on the User reported settings page is selected. Selecting or unselecting Monitor reported message in Microsoft Teams on the User reported settings page doesn't change the value of the _ReportChatMessageEnabled_ property in PowerShell. + > + > Currently, the default value of the parameters that identify the the reporting mailbox is blank, which means the default reporting mailbox is the global admin's Exchange Online mailbox. The global admin isn't _shown_ as the reporting mailbox in the output of the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets until _after_ the first user in the organization reports a message from Outlook. + > + > Use the same email address value in all parameters that identify the reporting mailbox. -The remaining settings are the default values in "Other settings" as described in [Use PowerShell to configure the Microsoft integrated reporting experience with report to Microsoft only](#use-powershell-to-configure-the-microsoft-integrated-reporting-experience-with-report-messages-to-microsoft-only). + In this example, the email address of the reporting mailbox is userreportedmessages@fabrikam.com in Exchange Online (you can't specify an external email address). + +The remaining settings are the default values in "Other settings" as described in the [Use PowerShell to configure reporting in Outlook with report messages to Microsoft and the reporting mailbox](#use-powershell-to-configure-reporting-in-outlook-with-report-messages-to-microsoft-and-the-reporting-mailbox) section. ```powershell -$usersub = "reportedmessages@contoso.com" +$usersub = "userreportedmessages@fabrikam.com" -New-ReportSubmissionPolicy -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub +New-ReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableUserEmailNotification $true -ReportJunkAddresses $usersub -ReportNotJunkAddresses $usersub -ReportPhishAddresses $usersub -PreSubmitMessageEnabled $false -PostSubmitMessageEnabled $false -ReportChatMessageEnabled $false New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub ``` -#### Use PowerShell to configure the Microsoft integrated reporting experience with report messages to the reporting mailbox only +#### Use PowerShell to configure reporting in Outlook with report messages to Microsoft only -This example creates the report submission policy and the report submission rule with the following settings: +This example creates the report submission policy with the following settings: -- The Microsoft integrated reporting experience is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options is selected (you need to set `-EnableReportToMicrosoft $false`; `-EnableThirdPartyAddress $false` is the default value). +- Reporting in Outlook is turned on: Outlook section \> Monitor reported messages in Outlook is selected by default and Select an Outlook report button configuration section \> Use the built-in Report button in Outlook is selected by default (`-EnableThirdPartyAddress $false` is the default value, so you don't need to use the parameter). - Reported message destinations section: - - Send messages to \> Microsoft and my reporting mailbox is selected. - - Add a mailbox to send reported messages to specifies the email address of the reporting mailbox. - - - New-ReportSubmissionPolicy: `-ReportJunkToCustomizedAddress $true -ReportJunkAddresses <emailaddress> -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses <emailaddress> -ReportPhishToCustomizedAddress $true -ReportPhishAddresses <emailaddress>`. - - New-ReportSubmissionRule: `-SentTo <emailaddress>`. + - Send reported messages to \> Microsoft only: `-EnableReportToMicrosoft $true` is the default value, so you don't need to use the parameter. `-ReportJunkToCustomizedAddress $false`, `-ReportNotJunkToCustomizedAddress $false`, and `-ReportPhishToCustomizedAddress $false` are required. - In this example, the email address of the reporting mailbox is userreportedmessages@fabrikam.com in Exchange Online (you can't specify an external email address). + > [!NOTE] + > Currently, the default value of the parameters that identify the the reporting mailbox is blank, which means the default reporting mailbox is the global admin's Exchange Online mailbox. The global admin isn't _shown_ as the reporting mailbox in the output of the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets until _after_ the first user in the organization reports a message from Outlook. - > [!NOTE] - > You must use the same email address value in all parameters that identify the reporting mailbox. +The remaining settings are the default values in "Other settings" as described in the [Use PowerShell to configure reporting in Outlook with report messages to Microsoft and the reporting mailbox](#use-powershell-to-configure-reporting-in-outlook-with-report-messages-to-microsoft-and-the-reporting-mailbox) section. -The remaining settings are the default values in "Other settings" as described in [Use PowerShell to configure the Microsoft integrated reporting experience with report to Microsoft only](#use-powershell-to-configure-the-microsoft-integrated-reporting-experience-with-report-messages-to-microsoft-only). +> [!NOTE] +> Currently, the values `-EnableUserEmailNotification $true` and `-ReportChatMessageToCustomizedAddressEnabled $false` are required. ```powershell -$usersub = "userreportedmessages@fabrikam.com" - -New-ReportSubmissionPolicy -EnableReportToMicrosoft $false -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub - -New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub +New-ReportSubmissionPolicy -ReportJunkToCustomizedAddress $false -ReportNotJunkToCustomizedAddress $false -ReportPhishToCustomizedAddress $false -PreSubmitMessageEnabled $false -PostSubmitMessageEnabled $false -EnableUserEmailNotification $true -ReportChatMessageToCustomizedAddressEnabled $false ``` -#### Use PowerShell to configure the Microsoft integrated reporting experience to use third-party reporting tools +Because a reporting mailbox isn't used, the report submission rule isn't needed or created. -This example creates the report submission policy and the report submission rule with the following settings: +#### Use PowerShell to configure reporting in Outlook to use third-party reporting tools -- The Microsoft integrated reporting experience is On :::image type="icon" source="../../media/scc-toggle-on.png"::: and Use a non-Microsoft add-in button is selected (`-EnableReportToMicrosoft $false -EnableThirdPartyAddress $true`). +This example creates the report submission policy and the report submission rule with the following settings: -- Reported message destinations section: Add a mailbox to send reported messages to specifies the email address of the reporting mailbox. +- Reporting in Outlook is turned on: Outlook section \> Monitor reported messages in Outlook is selected by default and Select an Outlook report button configuration section \> Use a non-Microsoft add-in button is selected (`-EnableThirdPartyAddress $true` is required). - - New-ReportSubmissionPolicy:`-ThirdPartyReportAddresses <emailaddress>`. - - New-ReportSubmissionRule: `-SentTo <emailaddress>`. +- Reported message destinations section: + - Send reported messages to \> My reporting mailbox only: `-EnableReportToMicrosoft $false`, `-EnableUserEmailNotification $true`, `-ReportJunkToCustomizedAddress $false`, `-ReportNotJunkToCustomizedAddress $false`, and `-ReportPhishToCustomizedAddress $false` are required. + - Add an Exchange Online mailbox to send reported messages to specifies the email address of the reporting mailbox. + - New-ReportSubmissionPolicy: `-ThirdPartyReportAddresses <emailaddress>`, `-ReportJunkAddresses <emailaddress>`, `-ReportNotJunkAddresses <emailaddress>`, and `-ReportPhishAddresses <emailaddress>` are required. + - New-ReportSubmissionRule: `-SentTo <emailaddress>` is required. In this example, the email address of the reporting mailbox is thirdpartyreporting@wingtiptoys.com in Exchange Online (you can't specify an external email address). > [!NOTE] - > You must use the same email address value in all parameters that identify the reporting mailbox. - -Other settings: + > Currently, the default value of the parameters that identify the the reporting mailbox is blank, which means the default reporting mailbox is the global admin's Exchange Online mailbox. The global admin isn't _shown_ as the reporting mailbox in the output of the Get-ReportSubmissionPolicy and Get-ReportSubmissionRule cmdlets until _after_ the first user in the organization reports a message from Outlook. + > + > Use the same email address value in all parameters that identify the reporting mailbox. -- Report from quarantine section: Let your organization report messages from quarantine is selected (`-DisableQuarantineReportingOption $false` is the default value). +The remaining settings are the default values in "Other settings" as described in the [Use PowerShell to configure reporting in Outlook with report messages to Microsoft and the reporting mailbox](#use-powershell-to-configure-reporting-in-outlook-with-report-messages-to-microsoft-and-the-reporting-mailbox) section. ```powershell $usersub = "thirdpartyreporting@wingtiptoys.com" -New-ReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $true -ThirdPartyReportAddresses $usersub +New-ReportSubmissionPolicy -EnableThirdPartyAddress $true -EnableReportToMicrosoft $false -EnableUserEmailNotification $true -ThirdPartyReportAddresses $usersub -ReportJunkAddresses $usersub -ReportNotJunkAddresses $usersub -ReportPhishAddresses $usersub -PreSubmitMessageEnabled $false -PostSubmitMessageEnabled $false New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub ``` -#### Use PowerShell to turn off the Microsoft integrated reporting experience +#### Use PowerShell to turn off reporting in Outlook -Turning off the Microsoft integrated reporting experiences has the following consequences: +Turning off reporting in Outlook has the following consequences: - The Report button in Outlook on the web and the Microsoft Report Message and Report Phishing add-ins are unavailable in all Outlook platforms.-- Third-party reporting tools still work, but reported messages don't appear on the Submissions page in the Microsoft 365 Defender portal. +- Third-party reporting tools still work, but reported messages don't appear on the User reported tab on the Submissions page in the Defender portal. +- Allow reporting for quarantined messages (_DisableQuarantineReportingOption_) is unaffected, and can be enabled or disabled when reporting in Outlook is turned off. -This example creates the report submission policy with the Microsoft integrated reporting experience turned Off :::image type="icon" source="../../media/scc-toggle-on.png"::: (`-EnableReportToMicrosoft $false`; `-EnableThirdPartyAddress $false -ReportJunkToCustomizedAddress $false -ReportNotJunkToCustomizedAddress $false -ReportPhishToCustomizedAddress $false` are the default values). +This example creates the report submission policy with reporting in Outlook turned off (Outlook section \> Monitor reported messages in Outlook not selected): `-EnableThirdPartyAddress $false` is the default value, so you don't need to use the parameter. `-EnableReportToMicrosoft $false`, `-EnableThirdPartyAddress $false, -ReportJunkToCustomizedAddress $false, -ReportNotJunkToCustomizedAddress $false, and -ReportPhishToCustomizedAddress $false` are required. ```powershell -New-ReportSubmissionPolicy -EnableReportToMicrosoft $false +New-ReportSubmissionPolicy -EnableReportToMicrosoft $false -ReportJunkToCustomizedAddress $false -ReportNotJunkToCustomizedAddress $false -ReportPhishToCustomizedAddress $false ``` -### Use PowerShell to modify the report submission policy and the report submission rule +Because a reporting mailbox isn't used, the report submission rule isn't needed or created. -Virtually all of the same settings are available when you modify the report submission policy in PowerShell as when you created the policy as described in [the previous section](#use-powershell-to-create-the-report-submission-policy-and-the-report-submission-rule). The exception is: +### Use PowerShell to modify the report submission policy and the report submission rule -- You can turn off Show a pop-up message in Outlook to confirm if the user wants to report the message and Show a success pop-up message in Outlook after the user reports using the _PreSubmitMessageEnabled_ and _PostSubmitMessageEnabled_ parameters on Set-ReportSubmissionPolicy. +The same settings are available when you modify the report submission policy in PowerShell as when you created the policy as described in [the previous section](#use-powershell-to-create-the-report-submission-policy-and-the-report-submission-rule). - > [!NOTE] - > Currently, users who report messages from Outlook on the web using the built-in Report button don't get these pop-up messages. The pop-ups work for users who report messages using the Microsoft Report Message and Report Phishing add-ins. - -When you modify the existing settings in the report submission policy, you might need to undo or nullify some important settings that you previously configured or didn't configure. And, you might need to create or delete the report submission rule to allow or prevent message reporting to a reporting mailbox. +When you modify the existing settings in the report submission policy, you might need to undo or nullify other settings that might or might not be configured. And, you might need to create or delete the report submission rule to allow or prevent message reporting to a reporting mailbox. For detailed syntax and parameter information, see [Set-ReportSubmissionPolicy](/powershell/module/exchange/set-reportsubmissionpolicy). The following examples show how to change the user reporting experience without concern for the existing settings or values: -- Change to Use built-in "Report" button with "Phishing", "Junk" and "Not Junk" options and Send messages to \> Microsoft only: +- Turn on reporting in Outlook if necessary, select Use the built-in Report button in Outlook, and change Send reported messages to to Microsoft and my reporting mailbox* with reportedmessages@contoso.com as the reporting mailbox: ```powershell - Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $true -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $false -ReportJunkAddresses $null -ReportNotJunkToCustomizedAddress $false -ReportNotJunkAddresses $null -ReportPhishToCustomizedAddress $false -ReportPhishAddresses $null + $usersub = "reportedmessages@contoso.com" - Get-ReportSubmissionRule \| Remove-ReportSubmissionRule + Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $true -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub -PreSubmitMessageEnabled $false -PostSubmitMessageEnabled $false -ReportChatMessageEnabled $true ``` -- Change to Use built-in "Report" button with "Phishing", "Junk" and "Not Junk" options and Send messages to \> Microsoft and my reporting mailbox* (for example, reportedmessages@contoso.com): + And then run one of the following commands, depending on the existing configuration: - ```powershell - $usersub = "reportedmessages@contoso.com" + - If the report submission rule already exists: - Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $true -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub - ``` + ```powershell + Set-ReportSubmissionRule -Identity DefaultReportSubmissionRule -SentTo $usersub + ``` + + - If the report submission rule doesn't exist: + + ```powershell + New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub + ``` - The following command is required only if you don't already have the report submission rule: +- Turn on reporting in Outlook if necessary, select Use the built-in Report button in Outlook, and change Send reported messages to to My reporting mailbox only with userreportedmessages@fabrikam.com as the reporting mailbox: ```powershell - New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub + $usersub = "userreportedmessages@fabrikam.com" + + Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub -PreSubmitMessageEnabled $false -PostSubmitMessageEnabled $false -ReportChatMessageEnabled $false ``` -- Change to Use built-in "Report" button with "Phishing", "Junk" and "Not Junk" options and Send messages to \> Microsoft and my reporting mailbox (for example, userreportedmessages@fabrikam.com): + And then run one of the following commands, depending on the existing configuration: + + - If the report submission rule already exists: + + ```powershell + Set-ReportSubmissionRule -Identity DefaultReportSubmissionRule -SentTo $usersub + ``` + + - If the report submission rule doesn't exist: + + ```powershell + New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub + ``` + +- Turn on reporting in Outlook if necessary, select Use the built-in Report button in Outlook, and change Send reported messages to to Microsoft only: ```powershell - $usersub = "userreportedmessages@fabrikam.com" + Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $true -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $false -ReportJunkAddresses $null -ReportNotJunkToCustomizedAddress $false -ReportNotJunkAddresses $null -ReportPhishToCustomizedAddress $false -ReportPhishAddresses $null -PreSubmitMessageEnabled $false -PostSubmitMessageEnabled $false -EnableUserEmailNotification $true -ReportChatMessageToCustomizedAddressEnabled $false - Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $true -ReportJunkAddresses $usersub -ReportNotJunkToCustomizedAddress $true -ReportNotJunkAddresses $usersub -ReportPhishToCustomizedAddress $true -ReportPhishAddresses $usersub + Get-ReportSubmissionRule \| Remove-ReportSubmissionRule ``` - The following command is required only if you don't already have the report submission rule: + The following command is required only if the report submission rule already exists: ```powershell - New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub + Get-ReportSubmissionRule \| Remove-ReportSubmissionRule ``` -- Change to Use a non-Microsoft add-in button (for example, thirdpartyreporting@wingtiptoys.com): +- Turn on reporting in Outlook if necessary, select Use a non-Microsoft add-in button, and use thirdpartyreporting@wingtiptoys.com as the reporting mailbox: ```powershell $usersub = "thirdpartyreporting@wingtiptoys.com" - Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $true -ThirdPartyReportAddresses $usersub -ReportJunkToCustomizedAddress $false -ReportJunkAddresses $null -ReportNotJunkToCustomizedAddress $false -ReportNotJunkAddresses $null -ReportPhishToCustomizedAddress $false -ReportPhishAddresses $null + Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $true -ThirdPartyReportAddresses $usersub -ReportJunkToCustomizedAddress $false -ReportJunkAddresses $null -ReportNotJunkToCustomizedAddress $false -ReportNotJunkAddresses $null -ReportPhishToCustomizedAddress $false -ReportPhishAddresses $null -PreSubmitMessageEnabled $false -PostSubmitMessageEnabled $false -ReportChatMessageEnabled $true ``` - The following command is required only if you don't already have the report submission rule: + And then run one of the following commands, depending on the existing configuration: - ```powershell - New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub - ``` + - If the report submission rule already exists: + + ```powershell + Set-ReportSubmissionRule -Identity DefaultReportSubmissionRule -SentTo $usersub + ``` + + - If the report submission rule doesn't exist: + + ```powershell + New-ReportSubmissionRule -Name DefaultReportSubmissionRule -ReportSubmissionPolicy DefaultReportSubmissionPolicy -SentTo $usersub + ``` -- Turn off the Microsoft integrated reporting experience Off :::image type="icon" source="../../media/scc-toggle-off.png":::: +- Turn off reporting in Outlook (Monitor reported messages in Outlook isn't selected): ```powershell Set-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy -EnableReportToMicrosoft $false -EnableThirdPartyAddress $false -ThirdPartyReportAddresses $null -ReportJunkToCustomizedAddress $false -ReportJunkAddresses $null -ReportNotJunkToCustomizedAddress $false -ReportNotJunkAddresses $null -ReportPhishToCustomizedAddress $false -ReportPhishAddresses $null ``` - The following command is required only if you don't already have the report submission rule: + And then run the following command if the report submission rule already exists: ```powershell Get-ReportSubmissionRule \| Remove-ReportSubmissionRule The following examples show how to change the user reporting experience without The only meaningful setting that you can modify in the report submission rule is the email address of the reporting mailbox (the _SentTo_ parameter value). For example: ```powershell -Get-ReportSubmissionRule \| Set-ReportSubmissionRule -SentTo newemailaddress@contoso.com +Set-ReportSubmissionRule -Identity DefaultReportSubmissionRule -SentTo newemailaddress@contoso.com ``` > [!NOTE] To temporarily disable sending email messages to the reporting mailbox without d Get-ReportSubmissionRule \| Disable-ReportSubmissionRule -Confirm:$false ``` -To enable the report submission rule again, use [Enable-ReportSubmissionRule](/powershell/module/exchange/enable-reportsubmissionrule). For example: +To enable the report submission rule, use [Enable-ReportSubmissionRule](/powershell/module/exchange/enable-reportsubmissionrule). For example: ```powershell Get-ReportSubmissionRule \| Disable-ReportSubmissionRule -Confirm:$false To remove the report submission rule, run the following command: Get-ReportSubmissionRule \| Remove-ReportSubmissionRule ``` -To remove both the report submission policy and report submission rule in the same command without prompts, run the following command: +To remove both the report submission policy and report submission rule in the same command without a confirmation, run the following command: ```powershell Remove-ReportSubmissionPolicy -Identity DefaultReportSubmissionPolicy; Get-ReportSubmissionRule \| Remove-ReportSubmissionRule -Confirm:$false
security	Submissions Users Report Message Add In Configure	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure.md	After the add-in is installed and enabled, users see the following icons based o - The add-ins aren't available for on-premises Exchange mailboxes. -- For more information on how to report a message using the Report Message feature, see [Report false positives and false negatives in Outlook](submissions-outlook-report-messages.md). +- For more information on how to report a message using reporting in Outlook, see [Report false positives and false negatives in Outlook](submissions-outlook-report-messages.md). > [!NOTE] - > Reported messages are available to admins on the User reported tab of Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user> only if both of the following settings are configured on the User reported page at <https://security.microsoft.com/securitysettings/userSubmission>: + > Reported messages are available to admins on the User reported tab of Submissions page at <https://security.microsoft.com/reportsubmission?viewid=user> only if both of the following settings are configured on the User reported settings page at <https://security.microsoft.com/securitysettings/userSubmission>: > - > - The toggle on the User reported page is On :::image type="icon" source="../../media/scc-toggle-on.png" border="false":::. - > - Use the built-in "Report" button with "Phishing", "Junk", and "Not Junk options" is selected. + > - Monitor reported messages in Outlook is selected. + > - Use the built-in "Report" button in Outlook is selected. - Organizations that use URL filtering or a third-party security solution (for example, a proxy and/or firewall) must be able to reach the following URLs using the HTTPS protocol: - `ipagave.azurewebsites.net`
security	Zero Hour Auto Purge	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/zero-hour-auto-purge.md	ZAP doesn't quarantine messages that are in the process of [Dynamic Delivery](sa ## Zero-hour auto purge (ZAP) in Microsoft Teams > [!NOTE] -> ZAP for Microsoft Teams is currently in Preview, and is available only to customers with Microsoft Defender for Office 365 E5 and Defender for Office P2 subscriptions. -> -> When you [join the Preview](mdo-support-teams-about.md#enable-microsoft-defender-for-teams), ZAP for Microsoft Teams is turned on. +> ZAP for Microsoft Teams is available only to customers with Microsoft Defender for Office 365 E5 and Defender for Office P2 subscriptions. > > Currently, ZAP is available only for messages that are identified as malware or high confidence phishing. When a chat message is identified as potentially phishing or malicious in Micros :::image type="content" source="../../media/zero-hour-auto-purge-recipient.png" alt-text="Image showing how zero-hour auto purge works for the recipient." lightbox="../../media/zero-hour-auto-purge-recipient.png"::: -Admins can view and manage these quarantined messages in Microsoft Teams. For more information, see [Manage quarantined messages and files as an admin](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-quarantined-messages-in-microsoft-teams). Currently, you can't view or manage quarantined Teams messages unless you're an admin. +Admins can view and manage these quarantined messages in Microsoft Teams. For more information, see [Manage quarantined messages and files as an admin](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-microsoft-teams-quarantined-messages). Currently, you can't view or manage quarantined Teams messages unless you're an admin. ### Zero-hour auto purge (ZAP) for high confidence phishing messages in Teams For Teams messages that are identified as malware, ZAP blocks and quarantines th ### How to see if ZAP blocked your Teams message -To find out if ZAP blocked your Teams message, see [Manage quarantined messages and files as an admin](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-quarantined-messages-in-microsoft-teams). +To find out if ZAP blocked your Teams message, see [Manage quarantined messages and files as an admin](quarantine-admin-manage-messages-files.md#use-the-microsoft-365-defender-portal-to-manage-microsoft-teams-quarantined-messages). ## Zero-hour auto purge (ZAP) FAQ
syntex	Ocr	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/ocr.md	description: Learn how to set up and manage optical character recognition in Mic # Set up and manage optical character recognition in Microsoft Syntex -Before you can use the optical character recognition (OCR) service in Microsoft Syntex, it must be configured in the Microsoft 365 admin center. +Before you can use the optical character recognition (OCR) service in Microsoft Syntex, it must be set up in the Microsoft 365 admin center. ## Prerequisites You must have Global admin or SharePoint admin permissions to be able to access ## Set up optical character recognition -You can configure the OCR service by using either or both of these methods: +After an [Azure subscription is linked to Microsoft Syntex](syntex-azure-billing.md), OCR will be automatically set up and enabled for all SharePoint sites for Syntex. -- [Microsoft 365 admin center](#microsoft-365-admin-center)-- [Microsoft Purview compliance portal](#microsoft-purview-compliance-portal) +### Set up data loss prevention policies using OCR -### Microsoft 365 admin center +The compliance admin for your organization can also [configure the OCR settings for your tenant](../compliance/ocr-learn-about.md?#phase-3-configure-your-ocr-settings) for [data loss prevention policies](../compliance/dlp-learn-about-dlp.md) in the Microsoft Purview compliance portal. -You can set up the OCR service in the same admin area that you used to set up billing. +The compliance admin can specify which SharePoint sites to include for data loss prevention. If there are different sites specified for Syntex and data loss prevention, the maximum number of sites will be enabled for OCR. You won't be charged twice for processing. + +For more information, see [Learn about optical character recognition in Microsoft Purview](../compliance/ocr-learn-about.md). + +## Manage sites enabled for Syntex + +Manage which SharePoint sites have OCR enabled for Syntex in the Microsoft 365 admin center. 1. In the Microsoft 365 admin center, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">Setup</a>, and then select Use content AI with Microsoft Syntex. You can set up the OCR service in the same admin area that you used to set up bi c. Select Save. -### Microsoft Purview compliance portal - -The compliance admin for your organization [configures the OCR settings for your tenant](../compliance/ocr-learn-about.md?#phase-3-configure-your-ocr-settings) in the Microsoft Purview compliance portal. - -The compliance admin can specify which SharePoint sites to enable OCR to make that text available for [data loss prevention policies](../compliance/dlp-learn-about-dlp.md). If there are different sites specified in the two setup locations, the maximum number of sites will be enabled for OCR. You won't be charged twice for processing. - -For more information, see [Learn about optical character recognition in Microsoft Purview](../compliance/ocr-learn-about.md).
syntex	Prebuilt Setup	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/prebuilt-setup.md	description: Learn how to set up and manage prebuilt document processing in Micr # Set up and manage prebuilt document processing in Microsoft Syntex -Before you can use prebuilt document processing in Microsoft Syntex, it must be set up in the Microsoft 365 admin center. +The prebuilt document processing service for Microsoft Syntex is set up in the Microsoft 365 admin center. ## Prerequisites
syntex	Syntex Pay As You Go Services	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-pay-as-you-go-services.md	When you use Microsoft Syntex [pay-as-you-go](syntex-azure-billing.md), services \|Service\|What's counted?\|What's billed?\| \|:-\|:--\|:-\| -\|Unstructured document processing\|The number of pages processed for Word, PDF, or TIFF files; the number of sheets for Excel files; the number of slides for PowerPoint files; or the number of files for other file types. Each of these counts as one transaction. You won't be charged for model training. You will be charged for processing whether or not there's a positive classification, or any entities extracted.<br><br>Processing occurs on document upload and on subsequent updates. Processing is counted for each model applied. For example, if you have two models applied to a library and you upload or update a five-page document in that library, the total pages processed is 10.\|$0.05/transaction\| \|Prebuilt document processing\|The number of pages processed for PDF or image files. Each of these counts as one transaction. You won't be charged for model training. You will be charged for processing whether or not there's a positive classification, or any entities extracted.<br><br>Processing occurs on document upload and on subsequent updates. Processing is counted for each model applied. For example, if you have two models applied to a library and you upload or update a five-page document in that library, the total pages processed is 10.\|$0.01/transaction\| -\|Optical character recognition \|The number of pages processed for for images (JPEG, JPG, PNG, or BMP); the number of pages processed for PDF, TIF, or TIFF; or the number of embedded images in Teams chats and email messages. Each of these counts as one transaction. Processing occurs every time the file is edited. \|$0.001/transaction\| -<!\|Image tagging \|The number of images processed. Each processed image counts as one transaction. You wonΓÇÖt be charged if you only enable pay-as-you-go billing for image tagging. You will be charged only when you enable image tagging on a [document library](image-tagging.md#to-enable-image-tagging-in-a-library). \|$0.001/image > +\|Unstructured document processing\|The number of pages processed for Word, PDF, or TIFF files; the number of sheets for Excel files; the number of slides for PowerPoint files; or the number of files for other file types. Each of these counts as one transaction. You won't be charged for model training. You will be charged for processing whether or not there's a positive classification, or any entities extracted.<br><br>Processing occurs on document upload and on subsequent updates. Processing is counted for each model applied. For example, if you have two models applied to a library and you upload or update a five-page document in that library, the total pages processed is 10.\|$0.05/transaction\| +\|Optical character recognition \|The number of pages processed for images (JPEG, JPG, PNG, or BMP); the number of pages processed for PDF, TIF, or TIFF; or the number of embedded images in Teams chats and email messages. Each of these counts as one transaction. Processing occurs every time the file is edited. \|$0.001/transaction\| ## Related topics
syntex	Unstructured Setup	https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/unstructured-setup.md	description: Learn how to set up and manage unstructured document processing in # Set up and manage unstructured document processing in Microsoft Syntex -Before you can use unstructured document processing in Microsoft Syntex, it must be set up in the Microsoft 365 admin center. +The unstructured document processing service for Microsoft Syntex is set up in the Microsoft 365 admin center. ## Prerequisites