+Let us begin by saying that you made a wise choice in adopting Microsoft 365 Business Premium and its world class productivity tools. Designed with cybersecurity in mind, Microsoft 365 Business Premium safeguards your data, devices and information. You are your organization's first and best defense against hackers and cyberattackers, including random individuals, organized crime, or highly-sophisticated nation states.

+- **[Security defaults](#security-defaults)** (suitable for most businesses)

+- **[Conditional Access](#conditional-access)** (for businesses with more stringent security requirements)

+- [Next steps](#next-steps) (such as securing unmanaged devices)

+1. Go to [https://office.com](https://office.com), and sign in using your work account.

+3. The Office apps are installed. The process might take several minutes. When it completes, select **Close**.

+4. To install Microsoft Teams, go to the [office.com page](https://office.com), and then choose **Teams**.

+By default, servers are not supported in Microsoft 365 Business Premium and the standalone version of Defender for Business. However, **the ability to onboard a server, such as an endpoint running Windows Server or Linux Server, is now in preview**!

+See [How to get Microsoft Defender for Business servers (preview)](../security/defender-business/get-defender-business-servers.md).

+> [!NOTE]

+> BYOD users must each install and run the Company Portal app to enroll these devices and receive access to company resources.

+Okay, mission complete! Now, let's work on [securing email usage](m365bp-protect-email-overview.md) against phishing and other attacks.

+- m365solution-smb

+- Cybersecurity Law of the People's Republic of China

+- Hong Kong - Code of Banking Practice and Payment Card

+## July 2022

+Compliance Manager has published the following new assessment template:

+- Hong Kong - Code of Banking Practice and Payment Card

+View our [full list of assessment templates](compliance-manager-templates-list.md).

+#### Sensitive service domains (preview)

+When you list a website in Sensitive services domains you can audit, block with override, or block users when they attempt to:

+- print from a website

+- copy data from a website

+- save a website as local files

+Each website must be listed in a website group and the user must be accessing the website through Microsoft Edge. Sensitive service domains (preview) is used in conjunction with a DLP policy for Devices. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains-preview) for more information.

+- (preview) The user accessed a sensitive website from Edge. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains-preview) for more information.

+- File extension is

+- File type is

+<!-

+- (preview) Audit or restricted activities when users acceses sensitive websites in Microsoft Edge browser on Windows devices. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains-preview) for more information.

+To use `Audit or restrict activities on Windows devices`, you have to configure options in **DLP settings** and in the policy in which you want to use them. See, [Restricted apps and app groups](dlp-configure-endpoint-settings.md#restricted-apps-and-app-groups) for more information.

+With Endpoint DLP and Microisoft Edge Web browser, you can restrict unintentional sharing of sensitive items to unallowed cloud apps and services. Edge understands when an item is restricted by an Endpoint DLP policy and enforces access restrictions.

+## Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)

+Use this scenario when you want to audit, block with override, or block these user activities on a website.

+- print from a website

+- copy data from a website

+- save a website as local files

+The user must be accessing the website through Microsoft Edge.

+### Supported syntax for designating websites in a website group

+You can use a flexible syntax to include and exclude domains, subdomains, websites, and subsites in your website groups.

+- use `*` as a wildcard to specify all domains or all subdomains

+- use `/` as a terminator at the end of a URL to scope to that specific site only.

+When you add a URL without a terminating `/`, that URL is scoped to that site and all subsites.

+This syntax applies to all http/https websites.

+Here are some examples:

+|URL that you add to the website group |URL will match | URL will not match|

+||||

+|contoso.com | //<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/ </br> //<!--nourl-->contoso.com/allsubsites1 </br> //<!--nourl-->contoso.com/allsubsites1/allsubsites2| //<!--nourl-->allsubdomains.contoso.com </br> //<!--nourl-->allsubdomains.contoso.com.au |

+|contoso.com/ |//<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/ |//<!--nourl-->contoso.com/allsubsites1 </br> //<!--nourl-->contoso.com/allsubsites1/allsubsites2 </br> //<!--nourl-->allsubdomains.contoso.com </br> //<!--nourl-->allsubdomains.contoso.com/au |

+|*.contoso.com | //<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/allsubsites </br> //<!--nourl-->contoso.com/allsubsites1/allsubsites2 </br> //<!--nourl-->allsubdomains.contoso.com </br> //<!--nourl-->allsubdomains.contoso.com/allsubsites </br> //<!--nourl-->allsubdomains1/allsubdomains2/contoso.com/allsubsites1/allsubsites2 | //<!--nourl-->allsubdomains.contoso.com.au|

+|*.contoso.com/xyz |//<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/xyz </br> //<!--nourl-->contoso.con/xyz/allsubsites/ </br> //<!--nourl-->allsubdomains.contoso.com/xyz </br> //<!--nourl-->allsubdomains.contoso.com/xyz/allsubsites </br> //<!--nourl-->allsubdomains1.allsubdomains2.contoso.com/xyz/allsubsites </br> //<!--nourl-->allsubdomains1.allsubdomains2.contoso.com/xyz/allsubsites1/allsubsites2 | //<!--nourl-->contoso.com/xyz </br> //<!--nourl-->allsubdomains.contoso.com/xyz/|

+|*.contoso.com/xyz/ |//<!--nourl-->contoso.com/xyz </br> //<!--nourl-->allsubdomains.contoso.com/xyz |//<!--nourl-->contoso.com </br> //<!--nourl-->contoso.com/xyz/allsubsites/ </br> //<!--nourl-->allsubdomains.contoso.com/xyz/allsubsites/ </br> //<!--nourl-->allsubdomains1.allsubdomains2.contoso.com/xyz/allsubsites/ </br> //<!--nourl-->allsubdomains1.allsubdomains2.contoso.com/xyz/allsubsites1/allsubsites2|

+### Configure Sensitive service domains

+1. In the Microsoft Purview compliance portal open **Data loss prevention** > **Endpoint DLP settings** > **Browser and domain restrictions to sensitive data** > **Sensitive service domains**.

+1. Select **Add a new group of sensitive service domains**.

+1. Name the group.

+1. Select the **Match type** you want. You can select from **URL**, **IP address**, **IP address range**.

+1. Type in the appropriate value in the **Add new service domains to this group**. You can add multiple websites to a group and use wildcards to cover subdomains. For example, www.contoso.com for just the top level website or *.contoso.com for corp.contoso.com, hr.contoso.com, fin.contoso.com

+1. Select **Save**.

+1. Select **Policies**.

+1. Create and scope a policy that is applied only to **Devices**. See, [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md) for more information on how to create a policy.

+1. Create a rule that uses the **the user accessed a sensitive site from Edge**, and the action **Audit or restrict activities when users access sensitive sites in Microsoft Edge browser on Windows devices**.

+1. In the action select **Add or remove Sensitive site groups**.

+1. Select the **Sensitive site groups** you want.

+1. Select **Add**.

+1. Select the user activities you want to monitor or restrict and the actions you DLP to take in response to those activities.

+1. Finish configuring the rule and policy and apply it.

+In addition to using [sensitivity labels](sensitivity-labels.md) to protect documents and emails, you can also use sensitivity labels to protect content in the following containers: Microsoft Teams sites, Microsoft 365 groups ([formerly Office 365 groups](https://techcommunity.microsoft.com/t5/microsoft-365-blog/office-365-groups-will-become-microsoft-365-groups/ba-p/1303601)), and SharePoint sites. For this container-level protection, use the following label settings:

+When you apply this sensitivity label to a supported container, the label automatically applies the sensitivity category and configured protection settings to the site or group.

+Content in these containers however, do not inherit the labels for the sensitivity category or settings for files and emails, such as content markings and encryption. So that users can label their documents in SharePoint sites or team sites, make sure you've [enabled sensitivity labels for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md).

+Container labels don't support displaying [other languages](create-sensitivity-labels.md#additional-label-settings-with-security--compliance-powershell) and display the original language only for the label name and description.

+###### [Troubleshoot AuditD performance issues](troubleshoot-auditd-performance-issues.md)

+To block a specific removable storage class but allow specific media, you can use ΓÇÿIncludedIdList a group through PrimaryId and ExcludedIDList a group through DeviceId/HardwareId/etc.ΓÇÖ

+ <summary>Jul-2022 (Build: 101.71.18 | Release version: 20.122052.17118.0)</summary>

+ Title: Troubleshoot AuditD performance issues with Microsoft Defender for Endpoint on Linux

+description: Describes how to troubleshoot AuditD related performance issues that you might encounter with Microsoft Defender for Linux.

+keywords: microsoft, defender, Microsoft Defender for Endpoint, linux, troubleshoot, AuditD, XMDEClientAnalyzer, installation, deploy, uninstallation

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+ms.localizationpriority: medium

+audience: ITPro

+ - m365-security-compliance

+ - m365-initiative-defender-endpoint

+ms.technology: mde

+# Troubleshoot AuditD performance issues with Microsoft Defender for Endpoint on Linux

+This article provides guidance on how to troubleshoot AuditD related performance issues that you might encounter with Microsoft Defender for Endpoint on Linux.

+**Background:**

+- Microsoft Defender for Endpoint on Linux OS distributions uses AuditD framework to collect certain types of telemetry events.

+- System events captured by rules added to `/etc/audit/rules.d/` will add to audit.log(s) and might affect host auditing and upstream collection.

+- Events added by Microsoft Defender for Endpoint on Linux will be tagged with `mdatp` key.

+- If the AuditD service is misconfigured or offline, then some events might be missing. To troubleshoot such an issue, refer to: [Troubleshoot missing events or alerts issues for Microsoft Defender for Endpoint on Linux.](linux-support-events.md)

+In certain server workloads, two issues might be observed:

+- **High CPU** resource consumption from ***mdatp_audisp_plugin*** process.

+- ***/var/log/audit/audit.log*** becoming large or frequently rotating.

+These issues may occur on servers with many events flooding AuditD.

+This can happen if there are multiple consumers for AuditD, or too many rules with the combination of Microsoft Defender for Endpoint and third party consumers, or high workload that generates a lot of events.

+To troubleshoot such issues, begin by [collecting MDEClientAnalyzer logs](run-analyzer-macos-linux.md) on the sample affected server.

+> [!NOTE]

+> As a general best practice, it is recommended to update the [Microsoft Defender for Endpoint agent to latest available version](linux-whatsnew.md) and confirming issue still persists before investigating further.

+## XMDEClientAnalyzer

+When you use XMDEClientAnalyzer, the following files will display output that provide insights to help you troubleshoot issues.

+- auditd_info.txt

+- auditd_log_analysis.txt

+### auditd_info.txt

+Contains general AuditD configuration and will display:

+- What processes are registered as AuditD consumers.

+- **Auditctl -s** output with **enabled=2**

+ - Suggests auditd is in immutable mode (requires restart for any config changes to take effect).

+- **Auditctl -l** output

+ - Will show what rules are currently loaded into the kernel (which may be different that what exists on disk in ΓÇ£/etc/auditd/rules.d/mdatp.rulesΓÇ¥).

+

+ - Will show which rules are related to Microsoft Defender for Endpoint.

+

+### auditd_log_analysis.txt

+Contains important aggregated information that is useful when investigating AuditD performance issues.

+- Which component owns the most reported events (Microsoft Defender for Endpoint events will be tagged with `key=mdatp`).

+- The top reporting initiators.

+- The most common system calls (network or filesystem events, and others).

+- What file system paths are the noisiest.

+**To mitigate most AuditD performance issues, you can implement AuditD exclusion. **

+> [!NOTE]

+> Exclusions should be made only for low threat and high noise initiators or paths. For example, do not exclude /bin/bash which risks creating a large blind spot.

+> [Common mistakes to avoid when defining exclusions](/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus).

+## Exclusion Types

+The XMDEClientAnalyzer support tool contains syntax that can be used to add AuditD exclusion configuration rules:

+AuditD exclusion ΓÇô support tool syntax help:

+**By initiator**

+- **-e/ -exe** full binary path > Removes all events by this initiator

+**By path**

+- **-d / -dir** full path to a directory > Removes filesystem events targeting this directory

+Examples:

+If ΓÇ£`/opt/app/bin/app`ΓÇ¥ writes to ΓÇ£`/opt/app/cfg/logs/1234.log`ΓÇ¥, then you can use the support tool to exclude with various options:

+`-e /opt/app/bin/app`

+`-d /opt/app/cfg`

+`-x /usr/bin/python /etc/usercfg`

+`-d /usr/app/bin/`

+More examples:

+`./mde_support_tool.sh exclude -p <process id>`

+`./mde_support_tool.sh exclude -e <process name>`

+To exclude more than one item - concatenate the exclusions into one line:

+`./mde_support_tool.sh exclude -e <process name> -e <process name 2> -e <process name3>`

+

+The -x flag is used to exclude access to subdirectories by specific initiators for example:

+`./mde_support_tool.sh exclude -x /usr/sbin/mv /tmp`

+The above will exclude monitoring of /tmp subfolder, when accessed by mv process.

+

+> [!NOTE]

+> Please contact Microsoft support if you need assistance with analyzing and mitigating AuditD related performance issues, or with deploying AuditD exclusions at scale.

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+This article helps clarify what Defender Vulnerability Management capabilities are included in the following plans:

+ Title: About the Microsoft Defender Vulnerability Management public preview trial

+description: Learn about the Microsoft Defender Vulnerability Management trial

+keywords: defender vulnerability management

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+audience: ITPro

+ms.technology: m365d

+# About the Microsoft Defender Vulnerability Management public preview add-on trial

+**Applies to:**

+- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml)

+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)

+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)

+Microsoft Defender Vulnerability Management is a new service that provides advanced vulnerability management capabilities to minimize your organizationΓÇÖs cyber risk. Get real-time asset discovery, continuous risk-based assessment and prioritization, and built in remediation tools.

+It includes the existing vulnerability management capabilities in Microsoft Defender for Endpoint and new capabilities to further provide enhanced tools so your teams can intelligently assess, prioritize, and seamlessly remediate the biggest risks to your organization.

+## How to sign up for the Defender Vulnerability Management public preview add-on trial

+To sign up for the Defender Vulnerability Management add-on trial, you can go directly to the [Microsoft 365 trials hub](https://security.microsoft.com/trialHorizontalHub) page or by selecting **Trials** on the left navigation from the [Microsoft Defender 365 portal](https://security.microsoft.com/homepage).

+Once you've reached the [Microsoft 365 trials hub](https://security.microsoft.com/trialHorizontalHub):

+1. Under **Security trials**, find the **Defender Vulnerability Management add-on** card and select **Try now**.

+2. Review the information about what's included in the trial, then select **Begin trial**.

+Your trial will be effective immediately for 120 days. It can take up to 6 hours for all vulnerability management features to appear in your left navigation. Sign out and sign back in to see the updates.

+> [!NOTE]

+> This is a public preview trial. Details on your purchase options for this new offering will be made available once the offering is generally available.

+## Required roles for starting the trial

+As a Global Administrator, you can start the trial or you can allow to users start the trial on behalf of your organization by enabling this option:

+1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > **User owned apps and services**

+2. Check **Let users start trials on behalf of your organization**

+3. Select **Save**

+> [!NOTE]

+> If you don't want users in your organization to be able to start trials, as a Global Administrator you must disable this option once you've activated the trial.

+>

+> Only a Global Administrator can end the trial.

+It can take a few hours for the changes to take effect. Once it does, return to the trial setup page and select **Begin trial**.

+## Licensing

+As part of the trial setup, the new Defender Vulnerability Management trial licenses will be applied to users automatically. Therefore, no assignment is needed (_The trial can automatically apply up to 1,000,000 licenses_). The licenses are active for 120 days.

+## Getting started, extending, and ending the trial

+### Getting started

+You can start using Defender Vulnerability Management features as soon as you see them in the Microsoft 365 Defender portal. Nothing is created automatically and users won't be affected. When you navigate to each solution, you may be guided to make extra setup configurations to start using features.

+### Extending the trial

+You can extend the trial within the last 15 days of the trial period. You're limited to a maximum of two trial periods. If you don't extend by the time your trial period ends, you'll need to wait at least 30 days before signing up for a second trial.

+### Ending the trial

+Admins can disable the trial anytime by selecting **Trials** on the left navigation, going to the **Defender Vulnerability Management** trial card and selecting **End trial**.

+Unless stated otherwise for the solution your trial data will be maintained for time, usually 180 days, before being permanently deleted. You may continue to access the data gathered during the trial until that time.

+## Terms and conditions

+See the [terms and conditions](/legal/microsoft-365/microsoft-365-trial) for Microsoft 365 trials.

+## Learn more about Defender Vulnerability Management

+Wondering what you can experience in your free trial? The Defender Vulnerability Management trial includes:

+- **[Security baselines assessment](tvm-security-baselines.md)**: When the trial ends security baseline profiles may be stored for a short additional time before being deleted.

+- **[Blocking vulnerable applicationsΓÇ»(beta)](tvm-block-vuln-apps.md)**: When the trial ends blocked applications will be immediately unblocked whereas baseline profiles may be stored for a short additional time before being deleted.

+- **[Browser extensions assessment](tvm-browser-extensions.md)**

+- **[Digital certificates assessment](tvm-certificate-inventory.md)**

+- **[Network shares analysis](tvm-network-share-assessment.md)**

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+Defender Vulnerability Management leverage Microsoft's threat intelligence, breach likelihood predictions, business contexts, and device assessments to quickly prioritize the biggest vulnerabilities in your organization. A single view of prioritized recommendations from multiple security feeds, along with critical details including related CVEs and exposed devices, helps you quickly remediate the biggest vulnerabilities on your most critical assets. Risk-based intelligent prioritization:

+# Sign up for Microsoft Defender Vulnerability Management public preview

+Microsoft Defender Vulnerability Management is available as a standalone and as an add-on for Microsoft Defender for Endpoint Plan 2 customers. How you sign up for the Defender Vulnerability Management trial depends on whether you already have Microsoft Defender for Endpoint Plan 2.

+> [!NOTE]

+> This offering isn't currently available for Microsoft Defender for Business customers.

+- If you don't already have Defender for Endpoint Plan 2, sign up to try the [Defender Vulnerability Management Standalone trial.](#try-defender-vulnerability-management-standalone)

+- If you already have an existing Defender for Endpoint Plan 2 or Microsoft 365 E5 license, sign up to try the [Defender Vulnerability Management Add-on trial.](#try-the-defender-vulnerability-management-add-on-public-preview-trial-for-defender-for-endpoint-plan-2-customers)

+> If you have any questions related to the trial sign up and onboarding process, [contact us](mailto:mdvmtrial@microsoft.com) (mdvmtrial@microsoft.com).

+If you don't already have Defender for Endpoint Plan 2, you will sign up to trial the **Defender Vulnerability Management Standalone trial**.

+> [!IMPORTANT]

+> You must be logged into the tenant as a global administrator to perform this task.

+To sign up:

+1. Log in as a global admin to the tenant where the Defender Vulnerability Management public preview trial service will be added.

+2. Visit [Microsoft Defender Vulnerability Management Public Preview Trial](https://aka.ms/MDVMPreviewTrial).

+3. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not.

+4. Once you have signed in, select the **Try now** button to confirm your order of the 120 day subscription of the Microsoft Defender Vulnerability Management Public Preview Trial.

+5. Select **Continue**. YouΓÇÖll now be directed to the Microsoft 365 admin center. No action is required in the Microsoft 365 admin center to start using the trial.

+> [!NOTE]

+> Once you activate the trial it can take up to 4 hours for Defender Vulnerability Management to be fully available in your tenant.

+## Try the Defender Vulnerability Management Add-on Public Preview Trial for Defender for Endpoint Plan 2 customers

+If you already have an existing Defender for Endpoint Plan 2 or Microsoft 365 E5 license, sign up to trial the **Defender Vulnerability Management Add-on trial** to get access to the additional capabilities. To sign up:

+1. Visit [Microsoft Defender Vulnerability Management Add-on Public Preview Trial](https://aka.ms/AddonPreviewTrial).

+2. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not.

+3. Once you have signed in, select the **Try now** button to confirm your order of the 120 day subscription of the Microsoft Defender Vulnerability Add-on Public Preview Trial.

+> Once you activate the trial it can take up to 6 hours for the new features to become available in the portal.

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+ Title: Trial playbook - Microsoft Defender Vulnerability Management (public preview)

+description: Learn how Microsoft Defender Vulnerability Management can help you protect all your users and data.

+keywords: vulnerability management, threat and vulnerability management, Microsoft Defender for Endpoint TVM, Microsoft Defender for Endpoint-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration assessment, Microsoft Defender for Endpoint, Microsoft Defender Vulnerability Management, endpoint vulnerabilities, next generation

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+ms.localizationpriority: medium

+audience: ITPro

+ms.technology: mde

+# Trial playbook: Microsoft Defender Vulnerability Management

+## Welcome to the Microsoft Defender Vulnerability Management trial playbook

+This playbook is a simple guide to help you make the most of your free trial. Using the suggested steps in this playbook from the Microsoft Security team, you'll learn how vulnerability management can help you protect all your users and data.

+## What is Microsoft Defender Vulnerability Management?

+Reducing cyber risk requires a comprehensive risk-based vulnerability management program to identify, assess, remediate, and track important vulnerabilities across your most critical assets.

+Microsoft Defender Vulnerability Management is a new service that proactively provides continuous real-time discovery and assessment of vulnerabilities, context-aware threat & business prioritization, and built-in remediation processes. It includes all threat and vulnerability management capabilities in Microsoft Defender for Endpoint and new enhanced capabilities so your teams can further intelligently assess, prioritize, and seamlessly remediate the biggest risks to your organization.

+Watch the following video to learn more about Defender Vulnerability Management:

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Y1FX]

+## LetΓÇÖs get started

+### Step 1: Set-up

+> [!NOTE]

+> Users need to have the global admin role defined in Azure AD to onboard the trial.

+1. Check [permissions and pre-requisites.](tvm-prerequisites.md)

+2. The Microsoft Defender Vulnerability Management preview trial can be accessed in several ways:

+ Via the [Microsoft 365 Defender portal](https://security.microsoft.com) under Trials.

+ :::image type="content" source="../../medivm-trialshub.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management trial hub landing page.":::

+ Via the [Microsoft Admin Center](https://admin.microsoft.com/#/catalog) (global admins only).

+3. Sign up for the trial depends on whether you already have Microsoft Defender for Endpoint Plan 2 or not.

+ - If you have Defender for Endpoint Plan 2 or Microsoft 365 E5, choose [Defender Vulnerability Management Add-on](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-the-defender-vulnerability-management-add-on-public-preview-trial-for-defender-for-endpoint-plan-2-customers).

+ - If you don't have Defender for Endpoint Plan 2, or Microsoft 365 E5, choose [Defender Vulnerability Management Standalone](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-defender-vulnerability-management-standalone).

+4. When you're ready to get started, visit the [Microsoft 365 Defender portal](https://security.microsoft.com) to start using the Defender Vulnerability Management trial.

+> [!NOTE]

+> This is a public preview trial. Details on your purchase options for this new offering will be made available once the offering is generally available.

+> [!NOTE]

+> Once you activate the trial it can take up to 6 hours for the new features to become available in the portal.

+Now that you have set up your trial, itΓÇÖs time to try key capabilities.

+### Step 2: Know what to protect in a single view

+Built-in and agentless scanners continuously monitor and detect risk even when devices arenΓÇÖt connected to the corporate network. Expanded asset coverage consolidates software applications, digital certificates, network shares, and browser extensions into a single inventory view.

+1. [**Device inventory**](../defender-endpoint/machines-view-overview.md) - The device inventory shows a list of the devices in your network. By default, the list displays devices seen in the last 30 days. At a glance, you'll see information such as domains, risk levels, OS platform, associated CVEs, and other details for easy identification of devices most at risk.

+2. Discover and assess your organizationΓÇÖs software in a single, consolidated inventory view:

+ - [**Software application inventory**](tvm-software-inventory.md) - the software inventory in Defender Vulnerability Management is a list of known applications in your organization. The view includes vulnerability and misconfiguration insights across installed software with prioritized impact scores and details such as OS platforms, vendors, number of weaknesses, threats, and an entity-level view of exposed devices.

+ - [**Browser extension assessments**](tvm-browser-extensions.md) - the browser extensions page displays a list of the extensions installed across different browsers in your organization. Extensions usually need different permissions to run properly. Defender Vulnerability Management provides detailed information on the permissions requested by each extension and identifies those with the highest associated risk levels, the devices with the extension turned on, installed versions, and more.

+ - [**Certificate inventory**](tvm-certificate-inventory.md) - the certificate inventory allows you to discover, assess, and manage digital certificates installed across your organization in a single view. This can help you:

+ - Identify certificates that are about to expire so you can update them and prevent service disruption.

+ - Detect potential vulnerabilities due to the use of weak signature algorithm (for example, SHA-1-RSA), short key size (for example, RSA 512 bit), or weak signature hash algorithm (for example, MD5).

+ - Ensure compliance with regulatory guidelines and organizational policy.

+3. [Assign device value](tvm-assign-device-value.md) - defining a device's value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation. Devices assigned as "high value" will receive more weight. Device value options:

+ - Low

+ - Normal (Default)

+ - High

+ You can also use the [set device value API](/microsoft-365/security/defender-endpoint/set-device-value).

+### Step 3: Track and mitigate remediation activities

+1. [**Request remediation**](tvm-remediation.md#request-remediation) - vulnerability management capabilities bridge the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Recommendation** pages to [Intune](/mem/intune/).

+2. [**View your remediation activities**](tvm-remediation.md#view-your-remediation-activities) - when you submit a remediation request from the Security recommendations page, it kicks-off a remediation activity. A security task is created that can be tracked on a **Remediation** page, and a remediation ticket is created in Microsoft Intune.

+3. [**Block vulnerable applications**](tvm-block-vuln-apps.md) - Remediating vulnerabilities takes time and can be dependent on the responsibilities and resources of the IT team. Security admins can temporarily reduce the risk of a vulnerability by taking immediate action to block all currently known vulnerable versions of an application or warn users with customizable messages before opening vulnerable app versions until the remediation request is completed. The block option gives IT teams time to patch the application without security admins worrying that the vulnerabilities will be exploited in the meantime.

+ - [How to block vulnerable applications](tvm-block-vuln-apps.md#how-to-block-vulnerable-applications)

+ - [View remediation activities](tvm-block-vuln-apps.md#view-remediation-activities)

+ - [View blocked applications](tvm-block-vuln-apps.md#view-blocked-applications)

+ - [Unblock applications](tvm-block-vuln-apps.md#unblock-applications)

+4. Use enhanced assessment capabilities such as [Network shares analysis](tvm-network-share-assessment.md) to protect vulnerable network shares. As network shares can be easily accessed by network users, small common weaknesses can make them vulnerable. These types of misconfigurations are commonly used in the wild by attackers for lateral movement, reconnaissance, data exfiltration, and more. ThatΓÇÖs why we built a new category of configuration assessments in Defender Vulnerability Management that identify the common weaknesses that expose your endpoints to attack vectors in Windows network shares. This helps you:

+ - Disallow offline access to shares

+ - Remove shares from the root folder

+ - Remove share write permission set to ΓÇÿEveryoneΓÇÖ

+ - Set folder enumeration for shares

+

+5. View and monitor your organizationΓÇÖs devices using a [**Vulnerable devices report**](tvm-vulnerable-devices-report.md) that shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.

+### Step 4: Set up security baseline assessments

+Instead of running point-in-time compliance scans, security baselines assessment helps you to continuously and proactively monitor your organization's compliance against industry security benchmarks in real time. A security baseline profile is a customized profile that you can create to assess and monitor endpoints in your organization against industry security benchmarks (CIS, NIST, MS). When you create a security baseline profile, you're creating a template that consists of multiple device configuration settings and a base benchmark to compare against.

+Security baselines provide support for Center for Internet Security (CIS) benchmarks for Windows 10, Windows 11, and Windows Server 2008 R2 and above, as well as Security Technical Implementation Guides (STIG) benchmarks for Windows 10 and Windows Server 2019.

+1. Get started with [security baselines assessment](tvm-security-baselines.md#get-started-with-security-baselines-assessment)

+2. Review [security baseline profile assessment results](tvm-security-baselines.md#review-security-baseline-profile-assessment-results)

+3. [Use advanced hunting](tvm-security-baselines.md#use-advanced-hunting)

+### Step 5: Create meaningful reports to get in-depth insights using APIs and Advanced Hunting

+Defender Vulnerability Management APIs can help drive clarity in your organization with customized views into your security posture and automation of vulnerability management workflows. Alleviate your security teamΓÇÖs workload with data collection, risk score analysis, and integrations with your other organizational processes and solutions. For more information, see:

+- [Export assessment methods and properties per device](../defender-endpoint/get-assessment-methods-properties.md)

+- [Defender Vulnerability Management APIs blog](https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/new-threat-amp-vulnerability-management-apis-create-reports/ba-p/2445813)

+Advanced hunting enables flexible access to Defender Vulnerability Management raw data, which allows you to proactively inspect entities for known and potential threats.

+For more information, see [Hunt for exposed devices](../defender-endpoint/advanced-hunting-overview.md).

+## Additional resources

+- Compare offerings: [Microsoft Defender Vulnerability Management](defender-vulnerability-management-capabilities.md)

+- [Defender Vulnerability Management documentation](../defender-vulnerability-management/index.yml)

+- Datasheet: [Microsoft Defender Vulnerability Management: Reduce cyber risk with continuous vulnerability discovery and assessment, risk-based prioritization, and remediation](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4XR02)

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+The **warn action** is intended to send a warning to your users when they open vulnerable versions of the application. Users can choose to bypass the warning and access the application.

+- Recommendations related to apps for macOS and Linux

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+Select a security recommendation you would like to create an exception for, and then select **Exception options** and fill out the form.

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+To view the permissions options for vulnerability management:

+- **Threat and vulnerability management - Application handling** - Apply immediate mitigation actions by blocking vulnerable applications, as part of the remediation activity and manage the blocked apps and perform unblock actions

+### Threat and vulnerability management - security baselines

+**Threat and vulnerability management ΓÇô Manage security baselines assessment profiles** - Create and manage profiles so you can assess if your devices comply to security industry baselines.

+>[!Note]

+> For the Defender Vulnerability Management public preview trial this permission is not required. Users with ΓÇ£Threat and vulnerability management - View dataΓÇ¥ permissions can manage security baselines. However, when the trial ends and a license is purchased, this permission is required.

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+>You can create multiple profiles for the same operating system with various customizations.

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+>[!Note]

+> Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).

+ - m365solution-getstarted

+Deploying each service typically requires provisioning to your tenant and some initial configuration. See the following table to understand how each of these services is deployed.

+ - m365solution-firstincident

+ - m365solution-firstincident

+ - m365solution-firstincident

+ - m365solution-firstincident

+ - m365solution-firstincident

+ - m365solution-firstincident

+ - m365solution-firstincident

+ - m365solution-getstarted

+ - M365-security-compliance

+ - m365solution-getstarted

+To enable the integration with Microsoft Defender for Cloud Apps, you'll need to log in to the Microsoft Defender for Cloud Apps at least once.

+ Title: User-reported email settings for spam, phish, as malicious mail

+description: How to configure a mailbox to collect spam and phishing email reported by users. Make a mailbox for messages that users report as spam, phish, as malicious, or not malicious.

+In Microsoft 365 organizations with Exchange Online mailboxes, you can direct mail to a mailbox when users report spam, phish, as malicious, or even not malicious messages. When users report emails using various reporting options, admins can use this mailbox to intercept those email messages (send to the custom mailbox only) or receive copies of messages (send to the custom mailbox and Microsoft).

+This feature works with these message reporting options:

+Delivering user-reported messages to a custom mailbox instead of directly to Microsoft allows admins to selectively and manually report email messages to Microsoft using [Admin submission](admin-submission.md). *These settings were formerly known as the User submissions policy*.

+ > If reporting has been [disabled in Outlook on the web](report-junk-email-and-phishing-scams-in-outlook-on-the-web-eop.md#disable-or-enable-junk-email-reporting-in-outlook-on-the-web), enabling user-reported messages here will override that setting and enable users to report messages in Outlook on the web again.

+Use the articles below to configure prerequisites user-reported email messages go to your custom mailbox:

+**If you have Microsoft Defender for Office 365**, you should also configure the following settings so that our advanced filtering doesn't impact the reported emails:

+After you've verified that your mailbox meets prerequisites, you can use the rest of this article to configure the user submissions mailbox.

+## Use the Microsoft 365 Defender portal to configure the user submissions mailbox for emails

+## Third-party email reporting tools

+> If you or your users want to learn more about default privacy settings, optional connected experiences, and how diagnostic data is collected, direct them to [Microsoft Whiteboard privacy and compliance](https://support.microsoft.com/office/privacy-and-compliance-ed9f0de9-71be-44c2-837d-e0f448660be1).

+To configure the level of diagnostic data, sign in to the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) with your administrator account. From the admin center home page, go to **Show all > Settings > Org settings > Whiteboard**.

+To configure the availability of optional connected experiences, use the [Office cloud policy service](/deployoffice/admincenter/overview-office-cloud-policy-service) in the [Microsoft 365 Apps admin center](https://config.office.com). Sign in with your administrator account and go to **Customization > Policy Management**. The policy you want to configure is named: **Allow the use of additional optional connected experiences in Office**.

+You can choose the level of diagnostic data that is collected and sent to Microsoft about the Whiteboard client software running on devices in your organization. Optional diagnostic data will be sent to Microsoft, unless you change the setting in the Microsoft 365 admin center. If you choose to send optional diagnostic data, required diagnostic data is also included.

+You can choose whether to make optional connected experiences in Whiteboard available to your users. These connected experiences will be available to your users unless you change the setting in the Microsoft 365 admin center.