+<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->

+## Week of June 20, 2022

+| Published On |Topic title | Change |

+|||--|

+| 6/23/2022 | [Defender Threat Intelligence](/defender-threat-intelligence/index) | modified |

+ Title: Defender Threat Intelligence

+description: Defender Threat Intelligence

+search.appverid: MET150

+ms.technology: m365d

+ms.localizationpriority: medium

+f1.keywords: CSH

+# Welcome to Defender-Threat-Intelligence!

+ Title: Defender Threat Intelligence

+description: Defender Threat Intelligence

+search.appverid: MET150

+ms.technology: m365d

+ms.localizationpriority: medium

+f1.keywords: CSH

+# Welcome to Defender-Threat-Intelligence!

+ Title: "Microsoft Purview eDiscovery Graph connectors"

+f1.keywords:

+- NOCSH

+audience: Admin

+- m365-security-compliance

+- m365solution-ediscovery

+- m365initiative-compliance

+- m365solution-overview

+ms.localizationpriority: medium

+search.appverid:

+- SPO160

+- MOE150

+- MET150

+description: "Microsoft 365 customers can perform eDiscovery searches on content ingested for enterprise search."

+# Use Graph connectors with eDiscovery (Premium)

+Microsoft 365 customers can perform eDiscovery searches on content ingested for enterprise search. This will help organizations improve their compliance posture to external content sources by bringing them within the purview of Microsoft compliance solutions.

+With Graph connectors, you can enable content from external data sources to be available to Microsoft Purview eDiscovery premium solution. Learn more about establishing Graph Connectors for your organization here: [Microsoft Graph connectors overview for Microsoft Search](/microsoftsearch/connectors-overview).

+## Add Graph Connector as a data source within a case

+Once Graph Connectors are established for an organization and eDiscovery is enabled, the option to add the Graph Connector data source to the case will be available under non-Microsoft 365 locations. Only the connectors that have been established and enabled will be available to the eDiscovery manager for inclusion in a case.

+## Collect Graph Connectors content

+Upon adding Graph Connectors content as a data source this content is then available for search and collection. Within the collection wizard, select the Graph Connector content as a non-custodial data source, use conditions such as date range, keywords and more to search across the connected content to collect only the content of interest. Upon completion of the wizard get estimates for the amount of content that contains hits to your search criteria, and commit the collection to the review set.

+## Review content

+Once collected to a review set, eDiscovery managers can review content from Graph Connectors to understand more about the content and work to assess if the information is critical and relevant to the case.

+## Export content

+Once validated that the content collected into review is the correct content, this content is then available for export from the review set directly. Select export options and submit the export job for the Connectors content to be exported from the review set.

+search.appverid:

+- **Processing.** After you've collected all data relevant to the case, the next step is process it for further review and analysis. In eDiscovery (Premium), the in-place data that you identified in the collection phase is copied to an Azure Storage location (called a *review set*), which provides you with a static view of the case data.

+For information regarding what licenses provide the rights for a user to benefit from eDiscovery (Premium) please see [Microsoft 365 guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-purview-ediscovery) and see the "eDiscovery and auditing" section in the [Microsoft 365 Comparison table](https://go.microsoft.com/fwlink/?linkid=2139145).

+For information about how to assign licenses, see [Assign licenses to users](/microsoft-365/admin/manage/assign-licenses-to-users).

+When you create your sensitivity labels in the Microsoft Purview compliance portal, they appear in a list on the **Sensitivity** tab on the **Labels** page. In this list, the order of the labels is important because it reflects their priority. You want your most restrictive sensitivity label, such as Highly Confidential, to appear at the **bottom** of the list, and your least restrictive sensitivity label, such as Public, to appear at the **top**.

+You make your sensitivity labels available to users by publishing them in a sensitivity label policy that appears in a list on the **Label policies** page. Just like sensitivity labels (see [Label priority (order matters)](#label-priority-order-matters)), the order of the sensitivity label policies is important because it reflects their priority: The label policy with lowest priority is shown at the top of the list with the **lowest** order number, and the label policy with the highest priority is shown at the bottom of the list with the **highest** order number.

+You can include a user in multiple label policies, and the user will get all the sensitivity labels and settings from those policies. If there is a conflict in settings from multiple policies, the settings from the policy with the highest priority (highest order number) is applied. In other words, the highest priority wins for each setting.

+If you're not seeing the label policy setting behavior that you expect for a user or group, check the order of the sensitivity label policies. You might need to move the policy down. To reorder the label policies, select a sensitivity label policy > choose the Actions ellipsis for that entry > **Move down** or **Move up**. For example:

+From our screenshot example that shows three label policies, all users are assigned the standard label policy, so it's appropriate that it has the lowest priority (lowest order number of 0). Only users in the IT department are assigned the second policy that has the order number 1. For these users, if there are any conflicts in settings between their policy and the standard policy, the settings from their policy wins because it has a higher order number.

+Similarly for users in the legal department, who are assigned the third policy with distinct settings. It's likely that these users will have more stringent settings, so it's appropriate that their policy has the highest order number. It's unlikely that a user from the legal department will be in a group that's also assigned to the policy for the IT department. But if they are, the order number 2 (highest order number) ensures that the settings from the legal department always take priority if there's a conflict.

+> Remember: If there is a conflict of settings for a user who has multiple policies assigned to them, the setting from the assigned policy with the highest order number is applied.

+ > For extractors with the column type **Single line of text**, the maximum character limit is 255. Any characters that you select exceeding the limit get truncated. To select greater than 255 characters, choose the **Multiple lines of text** column type when creating the extractor.

+ >

+ >By default, **Multiple lines of text** columns are created with a limit to the amount of text that can be added. In this case, extracted text might appear truncated. If this occurs, the column setting **Allow unlimited length in document libraries** can be used to remove the limit.

+## Week of July 11, 2022

+| Published On |Topic title | Change |

+|||--|

+| 7/11/2022 | [Understand the proposal workflow](/microsoft-365/commerce/understand-proposal-workflow?view=o365-21vianet) | modified |

+| 7/11/2022 | [Investigate and remediate communication compliance alerts](/microsoft-365/compliance/communication-compliance-investigate-remediate?view=o365-21vianet) | modified |

+| 7/11/2022 | [Overview of the eDiscovery (Premium) solution in Microsoft Purview](/microsoft-365/compliance/overview-ediscovery-20?view=o365-21vianet) | modified |

+| 7/11/2022 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-21vianet) | modified |

+| 7/11/2022 | Overview of Microsoft Defender Security Center | removed |

+| 7/11/2022 | [Trial playbook - Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/defender-endpoint-trial-playbook?view=o365-21vianet) | added |

+| 7/11/2022 | [Export incidents queue to CSV files](/microsoft-365/security/defender/export-incidents-queue?view=o365-21vianet) | added |

+| 7/11/2022 | [Microsoft Defender for Identity in Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-center-mdi?view=o365-21vianet) | added |

+| 7/11/2022 | [Report spam, non-spam, phishing, and suspicious emails to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft?view=o365-21vianet) | modified |

+| 7/11/2022 | [Enable block at first sight to detect malware in seconds](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?view=o365-21vianet) | modified |

+| 7/11/2022 | [Evaluate Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus?view=o365-21vianet) | modified |

+| 7/11/2022 | [Overview of next-generation protection in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/next-generation-protection?view=o365-21vianet) | modified |

+| 7/11/2022 | [Onboard previous versions of Windows on Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-downlevel?view=o365-21vianet) | modified |

+| 7/11/2022 | [Switch to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-21vianet) | modified |

+| 7/11/2022 | [What's new in Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-21vianet) | modified |

+| 7/11/2022 | [Manage GDPR data subject requests in Microsoft Whiteboard](/microsoft-365/whiteboard/gdpr-requests?view=o365-21vianet) | modified |

+| 7/11/2022 | [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |

+| 7/11/2022 | [Microsoft Defender Antivirus in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-21vianet) | modified |

+| 7/12/2022 | [Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - threat and vulnerability management](/microsoft-365/security/defender-vulnerability-management/tvm-manage-log4shell-guidance?view=o365-21vianet) | renamed |

+| 7/12/2022 | [Microsoft 365 feature descriptions](/microsoft-365/admin/m365-feature-descriptions?view=o365-21vianet) | modified |

+| 7/12/2022 | [Unassign licenses from users](/microsoft-365/admin/manage/remove-licenses-from-users?view=o365-21vianet) | modified |

+| 7/12/2022 | [Block potentially unwanted applications with Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/detect-block-potentially-unwanted-apps-microsoft-defender-antivirus?view=o365-21vianet) | modified |

+| 7/12/2022 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-21vianet) | modified |

+| 7/12/2022 | [Understand and use attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-21vianet) | modified |

+| 7/12/2022 | [Microsoft 365 Health Dashboard](/microsoft-365/admin/manage/health-dashboard-overview?view=o365-21vianet) | added |

+| 7/12/2022 | Admin training video library # < 60 chars | removed |

+| 7/12/2022 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |

+| 7/12/2022 | [Microsoft Threat Experts](/microsoft-365/security/defender-endpoint/microsoft-threat-experts?view=o365-21vianet) | modified |

+| 7/12/2022 | [Microsoft Threat Experts in Microsoft 365 Defender overview](/microsoft-365/security/defender/microsoft-threat-experts?view=o365-21vianet) | modified |

+| 7/12/2022 | [Spoof intelligence insight](/microsoft-365/security/office-365-security/learn-about-spoof-intelligence?view=o365-21vianet) | modified |

+| 7/13/2022 | [Get Microsoft Defender for Business servers](/microsoft-365/security/defender-business/get-defender-business-servers?view=o365-21vianet) | added |

+| 7/13/2022 | [Microsoft Defender for Business preview features](/microsoft-365/security/defender-business/mdb-preview?view=o365-21vianet) | added |

+| 7/13/2022 | [Onboard your organization's devices to Microsoft Defender for Business](/microsoft-365/business-premium/m365bp-onboard-devices-mdb?view=o365-21vianet) | modified |

+| 7/13/2022 | [Decryption in eDiscovery](/microsoft-365/compliance/ediscovery-decryption?view=o365-21vianet) | modified |

+| 7/13/2022 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-21vianet) | modified |

+| 7/13/2022 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-21vianet) | modified |

+| 7/13/2022 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-21vianet) | modified |

+| 7/13/2022 | [Device groups in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-create-edit-device-groups?view=o365-21vianet) | modified |

+| 7/13/2022 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-21vianet) | modified |

+| 7/13/2022 | [Firewall in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-firewall?view=o365-21vianet) | modified |

+| 7/13/2022 | [Visit the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-21vianet) | modified |

+| 7/13/2022 | [Manage devices in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-21vianet) | modified |

+| 7/13/2022 | [Understand next-generation protection configuration settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-gen-configuration-settings?view=o365-21vianet) | modified |

+| 7/13/2022 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-21vianet) | modified |

+| 7/13/2022 | [What is Microsoft Defender for Business?](/microsoft-365/security/defender-business/mdb-overview?view=o365-21vianet) | modified |

+| 7/13/2022 | [Microsoft Defender for Business and Microsoft partner resources](/microsoft-365/security/defender-business/mdb-partners?view=o365-21vianet) | modified |

+| 7/13/2022 | [Reports in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-reports?view=o365-21vianet) | modified |

+| 7/13/2022 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-21vianet) | modified |

+| 7/13/2022 | [Review remediation actions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-review-remediation-actions?view=o365-21vianet) | modified |

+| 7/13/2022 | [Assign roles and permissions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-21vianet) | modified |

+| 7/13/2022 | [Set up and configure Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-setup-configuration?view=o365-21vianet) | modified |

+| 7/13/2022 | [The simplified configuration process in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-simplified-configuration?view=o365-21vianet) | modified |

+| 7/13/2022 | [Microsoft Defender for Business troubleshooting](/microsoft-365/security/defender-business/mdb-troubleshooting?view=o365-21vianet) | modified |

+| 7/13/2022 | [Tutorials and simulations in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-tutorials?view=o365-21vianet) | modified |

+| 7/13/2022 | [Use setup wizard in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-use-wizard?view=o365-21vianet) | modified |

+| 7/13/2022 | [View or edit policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-21vianet) | modified |

+| 7/13/2022 | [View and manage incidents in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-manage-incidents?view=o365-21vianet) | modified |

+| 7/13/2022 | [Microsoft Defender for Business trial playbook](/microsoft-365/security/defender-business/trial-playbook-defender-business?view=o365-21vianet) | modified |

+| 7/13/2022 | [Configure and manage Microsoft Threat Experts capabilities](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts?view=o365-21vianet) | modified |

+| 7/13/2022 | [Configure and manage Microsoft Threat Experts capabilities through Microsoft 365 Defender](/microsoft-365/security/defender/configure-microsoft-threat-experts?view=o365-21vianet) | modified |

+| 7/13/2022 | [Configure global settings for Safe Links settings in Defender for Office 365](/microsoft-365/security/office-365-security/configure-global-settings-for-safe-links?view=o365-21vianet) | modified |

+| 7/13/2022 | [Migrate to Microsoft Defender for Office 365 Phase 2: Setup](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-setup?view=o365-21vianet) | modified |

+| 7/13/2022 | [Protect against threats in Microsoft Defender for Office 365, Anti-malware, Anti-Phishing, Anti-spam, Safe links, Safe attachments, Zero-hour auto purge (ZAP), MDO security configuration](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-21vianet) | modified |

+| 7/13/2022 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |

+| 7/13/2022 | [Set up Safe Links policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/set-up-safe-links-policies?view=o365-21vianet) | modified |

+| 7/13/2022 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-21vianet) | modified |

+| 7/13/2022 | Secure Windows 10 computers | removed |

+| 7/13/2022 | [Paying for your subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?view=o365-21vianet) | modified |

+| 7/13/2022 | Microsoft 365 Security for Business Decision Makers (BDMs) | removed |

+| 7/13/2022 | [Understand and use attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-21vianet) | modified |

+| 7/13/2022 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-21vianet) | modified |

+| 7/14/2022 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-21vianet) | modified |

+| 7/14/2022 | [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-21vianet) | modified |

+| 7/14/2022 | [Enable the Report Message or the Report Phishing add-ins](/microsoft-365/security/office-365-security/enable-the-report-message-add-in?view=o365-21vianet) | modified |

+| 7/14/2022 | [Assess the impact of security configuration changes with Explorer](/microsoft-365/security/office-365-security/step-by-step-guides/assess-the-impact-of-security-configuration-changes-with-explorer?view=o365-21vianet) | added |

+| 7/14/2022 | [Deploy and configure the report message add-in](/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in?view=o365-21vianet) | added |

+| 7/14/2022 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-21vianet) | modified |

+| 7/14/2022 | [How to enable DMARC Reporting for Microsoft Online Email Routing Address (MOERA) and parked Domains](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-enable-dmarc-reporting-for-microsoft-online-email-routing-address-moera-and-parked-domains?view=o365-21vianet) | renamed |

+| 7/15/2022 | [Enable pay-as-you-go for your subscription in the Microsoft 365 admin center](/microsoft-365/commerce/subscriptions/manage-pay-as-you-go-services?view=o365-21vianet) | added |

+| 7/15/2022 | [Block user sign-in in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-block-user-signin?view=o365-21vianet) | modified |

+| 7/15/2022 | [Manage self-service password reset in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-sspr?view=o365-21vianet) | modified |

+| 7/15/2022 | [Mitigate threats in Microsoft 365 Lighthouse with Microsoft Defender Antivirus](/microsoft-365/lighthouse/m365-lighthouse-mitigate-threats?view=o365-21vianet) | modified |

+| 7/15/2022 | [Reset a user password in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-reset-user-password?view=o365-21vianet) | modified |

+| 7/15/2022 | [View and manage risky users in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-manage-risky-users?view=o365-21vianet) | modified |

+| 7/15/2022 | [Set up and configure the Moodle plugin](/microsoft-365/lti/moodle-plugin-configuration?view=o365-21vianet) | modified |

+| 7/15/2022 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |

+| 7/15/2022 | [Investigate data loss incidents with Microsoft 365 Defender](/microsoft-365/security/defender/investigate-dlp?view=o365-21vianet) | modified |

+| 7/15/2022 | [Virtual appointments with Microsoft Teams and the Bookings app](/microsoft-365/frontline/bookings-virtual-visits?view=o365-21vianet) | added |

+| 7/15/2022 | [Manage the join experience for Teams virtual appointments on browsers](/microsoft-365/frontline/browser-join?view=o365-21vianet) | added |

+| 7/15/2022 | [Deploy teams at scale for frontline workers in Microsoft Teams](/microsoft-365/frontline/deploy-teams-at-scale?view=o365-21vianet) | added |

+| 7/15/2022 | [Virtual appointments with Teams - Integration into Cerner EHR](/microsoft-365/frontline/ehr-admin-cerner?view=o365-21vianet) | added |

+| 7/15/2022 | [Virtual appointments with Teams - Integration into Epic EHR](/microsoft-365/frontline/ehr-admin-epic?view=o365-21vianet) | added |

+| 7/15/2022 | [Microsoft Teams EHR connector Virtual Appointments report](/microsoft-365/frontline/ehr-connector-report?view=o365-21vianet) | added |

+| 7/15/2022 | [Choose your scenarios for Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-choose-scenarios?view=o365-21vianet) | added |

+| 7/15/2022 | [Corporate communications with frontline workers](/microsoft-365/frontline/flw-corp-comms?view=o365-21vianet) | added |

+| 7/15/2022 | [Learn where to start with a frontline deployment](/microsoft-365/frontline/flw-deploy-overview?view=o365-21vianet) | added |

+| 7/15/2022 | [Manage mobile devices for frontline workers](/microsoft-365/frontline/flw-devices?view=o365-21vianet) | added |

+| 7/15/2022 | [Understand frontline worker user types and licensing](/microsoft-365/frontline/flw-licensing-options?view=o365-21vianet) | added |

+| 7/15/2022 | [Provide initial and ongoing training to help onboard your frontline workers](/microsoft-365/frontline/flw-onboarding-training?view=o365-21vianet) | added |

+| 7/15/2022 | [Use the Frontline Worker onboarding wizard to get your frontline workforce up and running](/microsoft-365/frontline/flw-onboarding-wizard?view=o365-21vianet) | added |

+| 7/15/2022 | [Get started with Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-overview?view=o365-21vianet) | added |

+| 7/15/2022 | [Start with a pilot deployment of Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-pilot?view=o365-21vianet) | added |

+| 7/15/2022 | [Set up Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-setup-microsoft-365?view=o365-21vianet) | added |

+| 7/15/2022 | [Frontline team collaboration](/microsoft-365/frontline/flw-team-collaboration?view=o365-21vianet) | added |

+| 7/15/2022 | [Manage the Frontline Trial in Teams](/microsoft-365/frontline/flw-trial?view=o365-21vianet) | added |

+| 7/15/2022 | [Engage your frontline employees and focus on wellbeing](/microsoft-365/frontline/flw-wellbeing-engagement?view=o365-21vianet) | added |

+| 7/15/2022 | [Managers - Get your team started with Microsoft 365 for frontline workers](/microsoft-365/frontline/get-up-and-running?view=o365-21vianet) | added |

+| 7/15/2022 | [Message delegation](/microsoft-365/frontline/hc-delegates?view=o365-21vianet) | added |

+| 7/15/2022 | [Manage shift-based access for frontline workers in Teams](/microsoft-365/frontline/manage-shift-based-access-flw?view=o365-21vianet) | added |

+| 7/15/2022 | [Secure Messaging for healthcare organizations using Microsoft Teams](/microsoft-365/frontline/messaging-policies-hc?view=o365-21vianet) | added |

+| 7/15/2022 | [Tailor Teams apps for your frontline workers](/microsoft-365/frontline/pin-teams-apps-based-on-license?view=o365-21vianet) | added |

+| 7/15/2022 | [Manage schedule owners for shift management](/microsoft-365/frontline/schedule-owner-for-shift-management?view=o365-21vianet) | added |

+| 7/15/2022 | [Use PowerShell to connect Shifts to Blue Yonder Workforce Management](/microsoft-365/frontline/shifts-connector-blue-yonder-powershell-setup?view=o365-21vianet) | added |

+| 7/15/2022 | [Use PowerShell to manage your Shifts connection to Blue Yonder Workforce Management](/microsoft-365/frontline/shifts-connector-powershell-manage?view=o365-21vianet) | added |

+| 7/15/2022 | [Use the Shifts connector wizard to connect Shifts to Blue Yonder Workforce Management](/microsoft-365/frontline/shifts-connector-wizard?view=o365-21vianet) | added |

+| 7/15/2022 | [Shifts connectors](/microsoft-365/frontline/shifts-connectors?view=o365-21vianet) | added |

+| 7/15/2022 | [Shifts for frontline workers](/microsoft-365/frontline/shifts-for-teams-landing-page?view=o365-21vianet) | added |

+| 7/15/2022 | [Simplify business processes for frontline teams](/microsoft-365/frontline/simplify-business-processes?view=o365-21vianet) | added |

+| 7/15/2022 | [Changing from a Microsoft 365 E plan to a Microsoft F plan](/microsoft-365/frontline/switch-from-enterprise-to-frontline?view=o365-21vianet) | added |

+| 7/15/2022 | [Microsoft 365 for Financial Services](/microsoft-365/frontline/teams-for-financial-services?view=o365-21vianet) | added |

+| 7/15/2022 | [Microsoft 365 for Manufacturing](/microsoft-365/frontline/teams-for-manufacturing?view=o365-21vianet) | added |

+| 7/15/2022 | [Microsoft 365 for Retail](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-21vianet) | added |

+| 7/15/2022 | [Get started with Microsoft 365 for healthcare organizations](/microsoft-365/frontline/teams-in-hc?view=o365-21vianet) | added |

+| 7/15/2022 | [Help your clients and customers use virtual appointments](/microsoft-365/frontline/virtual-appointments-toolkit?view=o365-21vianet) | added |

+| 7/15/2022 | [Virtual appointments with Microsoft Teams](/microsoft-365/frontline/virtual-appointments?view=o365-21vianet) | added |

+| 7/15/2022 | [Microsoft Teams Virtual Visits usage report](/microsoft-365/frontline/virtual-visits-usage-report?view=o365-21vianet) | added |

+| 7/15/2022 | [Set up and configure the Moodle LMS plugins](/microsoft-365/lti/moodle-plugin-configuration?view=o365-21vianet) | modified |

+| 7/15/2022 | [Onboard non-persistent virtual desktop infrastructure (VDI) devices](/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-21vianet) | modified |

+| 7/15/2022 | [Onboard devices without Internet access to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-offline-machines?view=o365-21vianet) | modified |

+### [Compare Microsoft endpoint security plans](defender-endpoint-plan-1-2.md)

+ Title: Compare Microsoft endpoint security plans

+description: Compare Microsoft endpoint security plans, such as Defender for Endpoint Plan 1 to Defender for Endpoint Plan 2. Learn about the differences between the plans and select the plan that suits your organization's needs.

+keywords: Defender for Endpoint, advanced threat protection, endpoint protection, endpoint security, device security, cybersecurity

+- **Microsoft Defender for Servers Plan 1 or Plan 2** as part of the [Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) offering. To learn more. see [Overview of Microsoft Defender for Servers](/azure/defender-for-cloud/defender-for-servers-introduction).

+- [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md)

+Endpoint Attack Notifications (previously referred to as Microsoft Threat Experts - Targeted Attack Notification) provides proactive hunting for the most important threats to your network, including human adversary intrusions, hands-on-keyboard attacks, or advanced attacks like cyber-espionage. These notifications show up as a new alert. The managed hunting service includes:

+You can contact Microsoft Threat Experts from inside the Microsoft 365 Defender portal. Experts can help you understand complex threats and Endpoint Attack Notifications. Partner with experts for further details about alerts and incidents, or advice on handling compromise. Gain insight into the threat intelligence context described by your portal dashboard.

+ Title: Understand the Defender Experts for Hunting report in Microsoft 365 Defender

+description: The Defender Experts for Hunting service publishes monthly reports to help you understand all the threats the hunting service surfaced in your environment

+keywords: analyst report, defender experts report, detections, defender expert notification, hunting, notifications, threat categories, hunting reports

+search.product: eADQiWindows 10XVcnh

+search.appverid: met150

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+audience: ITPro

+- M365-security-compliance

+# Understand the Defender Experts for Hunting report in Microsoft 365 Defender

+**Applies to:**

+- Microsoft 365 Defender

+Microsoft Defender Experts for Hunting layers human intelligence and expert-trained technology to help Microsoft 365 Defender customers understand the significant threats they face. It showcases how Defender ExpertΓÇÖs threat hunting skills, thorough understanding of the threat landscape, and knowledge of emerging threats can help you identify, prioritize, and address those threats in your environment.

+The Defender Experts for Hunting service publishes monthly reports to help you understand all the threats the hunting service surfaced in your environment, alongside the alerts generated by your Microsoft 365 Defender products.

+To view the latest report in your Microsoft 365 Defender portal, go to **Reports**, select **Defender Experts** > **Defender Experts for Hunting report**.

+## Scan the Defender Experts for Hunting report to know what to prioritize

+Each section of the report is designed to provide more insights about the threats our Defender Experts found in your environment. The reports include the sections described in the following table:

+| Report section | Description |

+|--|--|

+| Hunted and triaged | The total number of potential cybersecurity issues found in your environment. |

+| Investigated | The number of cybersecurity issues that need further analysis to determine their nature and extent. |

+| Notified (View notification) | The number of Defender Experts Notifications the Defender Experts sent. These notifications are related to the investigated possible threat activities in your environment that must be prioritized based on urgency and impact. |

+| MITRE ATT&CK tactics observed | The number of attack tactics and techniques observed in your environment and mapped according to the [MITRE ATT&CK framework](https://attack.mitre.org/). This section visualizes how many attacks reached each tactic so you can take appropriate actions like reviewing those that progressed further first. |

+| Threat categories observed | The categories depict the most significant threats and risks observed in your environment. The most critical categories are highlighted to help you further assess and evaluate your security posture based on the threats' known characteristics, behavior, and potential impact. It also enables you to focus and prioritize urgent tasks to address. |

+Refer to the following screenshot of a sample report:

+

+## View Defender Experts Notifications

+A Defender Experts Notification describes the significant threat activity Defender Experts for Hunting observed in your environment and provides recommendations to remediate and defend your organization.

+The Defender Experts for Hunting reports provide you with the total number of Defender Experts Notifications our Defender Experts have sent for your chosen time. To view these notifications, click **View notification** beside **Notified**.

+This link redirects you to the Microsoft 365 Defender incidents page. Defender Expert for Hunting alerts or Defender Experts Notifications are labeled with **Defender Experts**.

+> [!NOTE]

+> The **View notification** link only appears if the value displayed in **Notified** is at least 1.

+## Identify potential attack entry points and other security weak spots

+The MITRE ATT&CK tactics represent adversary goalsΓÇöwhat theyΓÇÖre trying to achieve in each attack phase. The **MITRE ATT&CK tactics observed** section of the report tracks the progression of attack against the phase they reached:

+1. Reconnaissance

+2. Resource Development

+3. Initial access

+4. Execution

+3. Persistence

+4. Privilege escalation

+5. Defense evasion

+6. Credential access

+7. Discovery

+8. Lateral movement

+9. Collection

+10. Command and control

+11. Exfiltration

+12. Impact

+Signals from Microsoft 365 Defender and investigations by Defender Experts for Hunting help identify these tactics, represented in the bar chart. This chart helps you visualize where the surge is and provides you with the information you need to plan the corresponding containment and remediation actions.

+## Know and understand the prevalent threats in your environment

+Threat categories help identify and organize security threats into classes to assess and evaluate their impact and develop strategies to prevent or mitigate these threats to your environment. The **Threat categories observed** section of the report shows a bar chart with significant risks and threats detected in your environment, helping you understand the breadth and scope of your exposure.

+Among the various threat categories available, the following categories are carefully chosen because they are not covered under the purview of MITRE ATT&CK framework:

+- Ransomware

+- Malware

+- Weaponization

+- Exploit

+- Delivery

+You can prioritize remediation based on the most impacted category, as depicted in the bar graph.

+Microsoft Secure Score can be found at <https://security.microsoft.com/securescore> in the [Microsoft 365 Defender portal](microsoft-365-defender-portal.md).

+- A new Microsoft Defender for Identity recommendation is available as a Secure Score improvement action:

+- A new [app governance](/defender-cloud-apps/app-governance-manage-app-governance) recommendation is now available as a Secure Score improvement action:

+> [!NOTE]

+> Salesforce and ServiceNow controls are now available in public preview.

+## July 2022

+- (Preview) Microsoft Defender Experts for Hunting public preview participants can now look forward to receiving monthly reports to help them understand the threats the hunting service surfaced in their environment, along with the alerts generated by their Microsoft 365 Defender products. For details, refer to [Understand the Defender Experts for Hunting report in Microsoft 365 Defender](defender-experts-report.md).

+> If your users want to learn more about default privacy settings and how diagnostic data is collected, direct them to [Microsoft Whiteboard privacy and compliance](https://support.microsoft.com/office/privacy-and-compliance-ed9f0de9-71be-44c2-837d-e0f448660be1).

+If you are the Microsoft Whiteboard administrator for your organization, you can control the following:

+- What level of diagnostic data is collected and sent to Microsoft about the Whiteboard client software running on the userΓÇÖs device.

+- Whether optional connected experiences in Whiteboard are available to your users.

+To configure the level of diagnostic data, sign in to the [Microsoft 365 admin center](https://docs.microsoft.com/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) with your administrator account. From the admin center home page, go to **Show all > Settings > Org settings > Whiteboard**.

+To configure the availability of optional connected experiences, use the [Office cloud policy service](https://docs.microsoft.com/deployoffice/admincenter/overview-office-cloud-policy-service) in the [Microsoft 365 Apps admin center](https://config.office.com). Sign in with your administrator account and go to **Customization > Policy Management**. The policy you want to configure is named: **Allow the use of additional optional connected experiences in Office**.

+## Diagnostic data setting for your organization

+You can choose the level of [diagnostic data](https://support.microsoft.com/office/privacy-and-compliance-ed9f0de9-71be-44c2-837d-e0f448660be1#diagnostic_data)that is collected and sent to Microsoft about the Whiteboard client software running on devices in your organization. Optional diagnostic data will be sent to Microsoft, unless you change the setting in the Microsoft 365 admin center. If you choose to send optional diagnostic data, required diagnostic data is also included.

+In addition to **Required** or **Optional**, there is also a choice of **Neither**. If you choose that option, no diagnostic data about Whiteboard client software running on the userΓÇÖs device is sent to Microsoft. This option, however, significantly limits MicrosoftΓÇÖs ability to detect, diagnose, and remediate problems that your users may encounter while using Whiteboard.

+Your users wonΓÇÖt be able to change the diagnostic data level for their devices if they are signed in to Whiteboard with their organizational credentials (sometimes referred to as a work or school account). But if they are signed in to Whiteboard with a Microsoft account, such as a personal outlook.com email address, then they can change the diagnostic data level on their devices by going to **Settings > Privacy and security**.

+## Optional connected experiences setting for your organization

+You can choose whether to make [optional connected experiences](https://support.microsoft.com/office/privacy-and-compliance-ed9f0de9-71be-44c2-837d-e0f448660be1?storagetype=live#optional) in Whiteboard available to your users. These connected experiences will be available to your users unless you change the setting in the Microsoft 365 admin center.

+These connected experiences are different because they are not covered by your organizationΓÇÖs commercial agreement with Microsoft. Optional connected experiences are offered by Microsoft directly to your users and are governed by the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement) instead of the [Online Services Terms](https://www.microsoft.com/licensing/product-licensing/products).

+Even if you choose to make these optional connected experiences available to your users, your users have the option to turn them off as a group by going to **Settings > Privacy and security**. Your users only have this choice if they are signed in to Whiteboard with their organizational credentials (sometimes referred to as a work or school account), not if they are signed in with a Microsoft account, such as a personal outlook.com email address.

+## Required diagnostic data events collected by Whiteboard

+The following are the required diagnostic data events collected by Whiteboard, including a list of data fields in each event.

+**Intentional.CanvasObject.Ink.DrawFirstStroke**

+Collected the first-time ink is added to a board in Microsoft Whiteboard. This information is critical to catch errors associated with adding ink to a board. Microsoft is using this data to diagnose the issue in order to guarantee Microsoft Whiteboard is running as expected.

+- **Action** ΓÇô type of ink stroke

+- **Source** ΓÇô input method for ink stroke

+**Intentional.SurfSide.ActivationProtocol.LoadFromUri**

+Collected every time when Microsoft Whiteboard is launched by a call from another application or process. This information is critical to catch if Whiteboard does not launch when properly invoked by another application or process. Microsoft is using this data to diagnose the issue in order to guarantee Microsoft Whiteboard is running as expected.

+- **ApplicationExecutionState** ΓÇô execution state of app when activation protocol happens

+- **IsSignedIn** ΓÇô user is authentication status

+- **Kind** ΓÇô application or process which is launching Whiteboard

+**Intentional.Whiteboard.Init.DisplayWhiteboard**

+Collected the first time Microsoft Whiteboard is actually displayed on a client per a session. This information is critical to catch launching issues. Microsoft is using this data to diagnose the issue in order to guarantee Microsoft Whiteboard is running as expected.

+- **IsPrelaunched** ΓÇô prelaunch status

+- **IsProtocolActivation** ΓÇô application launch type

+**Intentional.Whiteboard.Init.StartApp**

+Collected every time when Microsoft Whiteboard launches after the previous state ended without crashing. This information is critical to catch crashing issues. Microsoft is using this data to diagnose the issue in order to guarantee Microsoft Whiteboard is running as expected.

+- **First Start** ΓÇô first time app was launched on client

+**Intentional.Whiteboard.KeyCategory.UseCategory**

+Collected every time a feature is used for the first time (and the first time only) per user/session/whiteboard in Microsoft Whiteboard. This information is critical to make sure the key categories are used. Microsoft is using this data to diagnose the issue in order to guarantee Microsoft Whiteboard is running as expected.

+- **CategoryName** ΓÇô Name of the key category

+**Intentional.Whiteboard.KeyFeature.UseFeature**

+Collected every time a feature is used for the first time (and the first time only) per user/session/whiteboard in Microsoft Whiteboard. This information is critical to make sure the features are called and used. Microsoft is using this data to diagnose the issue in order to guarantee Microsoft Whiteboard is running as expected.

+- **FeatureName** ΓÇô Name of the key feature

+**Intentional.Whiteboard.SafeBoot.StartApp**

+Collected every time when Microsoft Whiteboard launches after the previous state ended in a crash. This information is critical to catch crashing issues. Microsoft is using this data to diagnose the issue in order to guarantee Microsoft Whiteboard is running as expected.

+- **First Start** ΓÇô first time app was launched on client

+**Intentional.Whiteboard.Scrub.LoadSettings**

+Collected every time when Microsoft Whiteboard launches. This information is critical to catch errors associated with user configured settings. Microsoft is using this data to diagnose the issue in order to guarantee Microsoft Whiteboard is running as expected.

+- **ActivePen** ΓÇô pen mode state

+- **CollectFullTelemetryWithoutSignIn** ΓÇô full telemetry collection without sign in enablement

+- **DefaultWhiteboardBackgroundColor** ΓÇô default board background color

+- **DefaultWhiteboardBackgroundPattern** ΓÇô default board background pattern

+- **FlightStatus** ΓÇô flight status

+- **InkToShape** ΓÇô ink to shape enablement

+- **InkToTable** ΓÇô ink to table enablement

+- **SignInEnabled** ΓÇô user sign-in enablement

+- **SharingWithoutSignInEnabled** ΓÇô sharing board enablement

+- **ToolbarLocation** ΓÇô default toolbar location on screen

+- **TeamSettingsSource** ΓÇô Teams settings enablement