Updates from: 07/21/2022 02:33:56
Category Microsoft Docs article Related commit history on GitHub Change details
business-premium Get Microsoft 365 Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/get-microsoft-365-business-premium.md
audience: Admin
ms.localizationpriority: high Last updated : 07/20/2022 - Adm_O365 - M365-subscription-management
description: "Get Microsoft 365 Business Premium so you can protect your company
When you're ready to sign up for Microsoft 365 Business Premium, you have several options. You can: - [Try or buy Microsoft 365 Business Premium on your own](#sign-up-for-microsoft-365-business-premium-on-your-own)-- [Work with a solution provider](#work-with-a-microsoft-solution-provider-to-get-microsoft-365-business-premium)
+- [Work with a Microsoft partner](#work-with-a-microsoft-partner-to-get-microsoft-365-business-premium)
> [!TIP] > If you're looking for Microsoft 365 for Campaigns, see [How to get Microsoft 365 for Campaigns](get-microsoft-365-campaigns.md).
When you're ready to sign up for Microsoft 365 Business Premium, you have severa
3. After you have signed up for Microsoft 365 Business Premium, you'll receive an email with a link to sign in and get started. Proceed to [Set up Microsoft 365 Business Premium](m365bp-setup.md).
-## Work with a Microsoft Solution Provider to get Microsoft 365 Business Premium
+## Work with a Microsoft partner to get Microsoft 365 Business Premium
Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium. If you're not already working with a solution provider, you can find one by following these steps:
-1. Go to the **Microsoft Solution Providers** page ([https://www.microsoft.com/solution-providers](https://www.microsoft.com/solution-providers)).
-
-2. In the search box, fill in your location and company size.
+1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir).
-3. In the **Search for products, services, skills, industries** box, put `Microsoft 365`, and then select **Go**.
+2. In the **Filters** pane, specify search criteria, such as:
-4. Review the list of results. Select a provider to learn more about their expertise and the services they provide.
+ - Your location
+ - Your organization's size
+ - **Focus areas**, such as **Security** and/or **Threat Protection**
+ - **Services**, such as **Licensing** or **Managed Services (MSP)**
+
+ As soon as you select one or more criteria, the list of partners updates.
+
+3. Review the list of results. Select a provider to learn more about their expertise and the services they provide.
## Next steps
business-premium M365bp Maintain Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-maintain-environment.md
description: "An overview about maintaining your organization's network and syst
# Maintain your environment
-As the users on your network change over time, a secure environment must be maintained. The missions you've completed so far have been about getting the system secured. But in addition to this, you also need to be able to safely and cleanly remove users from the system, thereby removing their access to all data and information. And, there are certain security management tasks to perform.
+In addition to security incident management, your company needs a maintenance and operations plan. The missions you completed during the setup and configuration process were about getting your systems secured. But in addition to this, you also need to be able to perform certain tasks, such as adding or removing users, resetting passwords, and resetting devices to factory settings as needed.
+
+See the following articles for more details:
- [Review the Microsoft 365 Business Premium security operations guide](m365bp-security-incident-quick-start.md).-- [Remove user accounts](m365bp-review-remediation-actions-devices.md). - [Add new users](m365bp-add-users.md). - [Reset passwords (as needed)](m365bp-reset-passwords.md).
+- [Remove user accounts](m365bp-review-remediation-actions-devices.md).
- [Remove company data from devices (when necessary)](../admin/devices/remove-company-data.md). - [Reset devices to factory settings (when needed)](../admin/devices/reset-devices-to-factory-settings.md).
business-premium M365bp Security Incident Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-incident-management.md
audience: Admin
ms.localizationpriority: high Previously updated : 07/19/2022 Last updated : 07/20/2022 - M365-Campaigns - m365solution-smb
description: "An overview of security incident management"
# Security incident management
-The security of your organization requires constant monitoring, and as threats are detected, remediation actions come into play. Depending on the particular threat and how your security settings are configured, actions may be taken automatically or only upon approval. Approvals need to happen on a regular basis.
+After you have set up and configured your security capabilities in Microsoft 365 Business Premium, your security team can monitor and address any detected threats. As threats are detected, alerts are generated and incidents are created. Remediation actions can come into play to help mitigate threats.
-Watch a short video on a typical incident response.
+Want to see how it works? Watch this short video on a typical incident response.
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Zvew]
-To learn more about incident responses, use the following steps:
+To learn more about incident responses, see the following articles:
1. [Review security recommendations](../security/defender-business/mdb-view-tvm-dashboard.md?toc=/microsoft-365/business-premium/toc.json&bc=/microsoft-365/business-premium/breadcrumb/toc.json).
business-premium M365bp Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup.md
audience: Admin
ms.localizationpriority: high Previously updated : 07/19/2022 Last updated : 07/20/2022 f1.keywords: NOCSH
After you have [started a trial or purchased Microsoft 365 Business Premium](get-microsoft-365-business-premium.md), your next step is to get everything set up. You have several options available. You can: -- Start with the [guided setup experience](m365bp-setup.md#guided-setup-process) for basic setup and configuration; or-- [Work with a partner](m365bp-setup.md#work-with-a-microsoft-partner), such as a Microsoft Cloud Solution Provider (CSP).
+- Start with the [guided setup experience](m365bp-setup.md#guided-setup-process) for basic setup and configuration, and then proceed to [Bump up security](m365bp-security-overview.md); or
+- [Work with a Microsoft partner](m365bp-setup.md#work-with-a-microsoft-partner) who can help you get everything set up and configured.
## Before you begin
Make sure that you meet the following requirements before you begin your setup p
| Browser requirements | Microsoft Edge, Safari, Chrome or Firefox. [Learn more about browser requirements](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources#coreui-heading-uyetipy). | | Operating system | **Windows**: Windows 11, Windows 10, Windows 8.1<br/>**macOS**: One of the three most recent versions of macOS <br/>Currently, Microsoft 365 Business Premium and the standalone version of Microsoft Defender for Business do not support servers. |
-> [!TIP]
+> [!NOTE]
> For more detailed information about Microsoft 365, Office, and system requirements, see [Microsoft 365 and Office Resources](https://www.microsoft.com/microsoft-365/microsoft-365-and-office-resources). ## Guided setup process
Microsoft 365 Business Premium includes a guided process. The following video sh
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE471FJ] > [!TIP]
-> After you have added users, give them a link to the [Employee quick setup guide](../admin/setup/employee-quick-setup.md). The guide walks them through signing in, getting Office apps, and saving, copying, and sharing files.
-> Make sure to proceed to [Bump up security](m365bp-security-overview.md).
+> - After you have added users, give them a link to the [Employee quick setup guide](../admin/setup/employee-quick-setup.md). The guide walks them through signing in, getting Office apps, and saving, copying, and sharing files.
+> - Proceed to [Bump up security](m365bp-security-overview.md).
## Work with a Microsoft partner If you'd prefer to have a Microsoft partner help you get and set up Microsoft 365, follow these steps:
-1. Go to the **Microsoft Solution Providers** page ([https://www.microsoft.com/solution-providers](https://www.microsoft.com/solution-providers)).
+1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir).
-2. In the search box, fill in your location and company size.
+2. In the **Filters** pane, specify search criteria, such as:
-3. In the **Search for products, services, skills, industries** box, put `Microsoft 365`, and then select **Go**.
+ - Your location
+ - Your organization's size
+ - **Focus areas**, such as **Security** and/or **Threat Protection**
+ - **Services**, such as **Licensing** or **Managed Services (MSP)**
-4. Review the list of results. Select a provider to learn more about their expertise and the services they provide.
+ As soon as you select one or more criteria, the list of partners updates.
-## See also
+3. Review the list of results. Select a provider to learn more about their expertise and the services they provide.
-- [Find your partner or reseller](../admin/manage/find-your-partner-or-reseller.md)
+## See also
+- [Find a Microsoft partner or reseller](../admin/manage/find-your-partner-or-reseller.md)
- [Set up self-service passwords](../admin/add-users/let-users-reset-passwords.md)- - [Set up self-service group management](/azure/active-directory/enterprise-users/groups-self-service-management) ### Next objective
compliance Create A Litigation Hold https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-litigation-hold.md
f1.keywords:
Previously updated : Last updated : 07/20/2022 audience: Admin
# Create a Litigation hold
-You can place a mailbox on Litigation hold to retain all mailbox content, including deleted items and the original versions of modified items. When you place a user mailbox on Litigation hold, content in the user's archive mailbox (if it's enabled) is also retained. When you create a hold, you can specify a hold duration (also called a *time-based hold*) so that deleted and modified items are retained for a specified period and then permanently deleted from the mailbox. Or you can just retain content indefinitely (called an *infinite hold*) or until the Litigation hold is removed. If you do specify a hold duration period, it's calculated from the date a message is received or a mailbox item is created.
+You can place a mailbox on Litigation hold to retain all mailbox content, including deleted items and the original versions of modified items. When you place a user mailbox on Litigation hold, content in the user's archive mailbox (if it's enabled) is also retained. When you create a hold, you can specify a hold duration (also called a *time-based hold*) so that deleted and modified items are retained for a specified period and then permanently deleted from the mailbox. Or you can just retain content indefinitely (called an *infinite hold*) or until the Litigation hold is removed. If you do specify a hold duration period, it's calculated from the date a message is received or a mailbox item is created.
Here's what happens when you create a Litigation hold.
Here's what happens when you create a Litigation hold.
To place an Exchange Online mailbox on Litigation hold, it must be assigned an Exchange Online Plan 2 license. If a mailbox is assigned an Exchange Online Plan 1 license, you would have to assign it a separate Exchange Online Archiving license to place it on hold. > [!NOTE]
-> For Office 365 Education organizations, Litigation hold is supported in Office 365 A1 subscriptions, which include an Exchange Online Plan 1 license with supplemental features. For more information, see the "Exchange Online features" section in the [Office 365 Education service description](/office365/servicedescriptions/office-365-platform-service-description/office-365-education#exchange-online-features).
+> For Office 365 Education organizations, Litigation hold is supported in Office 365 A1 subscriptions, which include an Exchange Online Plan 2 license with supplemental features. For more information, see the "Exchange Online features" section in the [Office 365 Education service description](/office365/servicedescriptions/office-365-platform-service-description/office-365-education#exchange-online-features).
## Place a mailbox on Litigation hold
compliance Data Classification Activity Explorer Available Events https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-activity-explorer-available-events.md
description: "A list of labeling activities that are available in Activity explo
This event is generated each time an unlabeled document is labeled or an email is sent with a sensitivity label. - It is captured at the time of save in Office native applications and web applications.-- It is captured at the time of occurrence in Azure Information protection add-ins.
+- It is captured at the time of occurrence for the Azure Information Protection (AIP) unified labeling client.
- Upgrade and downgrade labels actions can also be monitored via the *Label event type* field and filter. |Source |Reported in Activity explorer | Note |
This event is generated each time an unlabeled document is labeled or an email i
|SharePoint online, OneDrive|Yes | | |Exchange |Yes | | |Azure Information Protection (AIP) unified client and AIP unified scanner |Yes |The AIP *new label* action is mapped to *label applied* in Activity explorer |
-|Microsoft information protection (MIP) SDK |Yes|The AIP *new label* action is mapped to *label applied* in Activity explorer|
+|Microsoft Information Protection (MIP) SDK |Yes|The AIP *new label* action is mapped to *label applied* in Activity explorer|
|Rights Management Service (RMS) |Not applicable | | |Power BI desktop and web | No| Accessible in the Microsoft 365 audit logs | |Microsoft Defender for Cloud Apps |No| |
This event is generated each time an unlabeled document is labeled or an email i
This event is generated each time a sensitivity label is updated on the document or email. -- For the AIP Unified client, Unified Scanner and MIP SDK sources, the AIP *upgrade label* and *downgrade label* action maps to Activity explorer *label changed*
+- For the AIP unified client, AIP unified scanner and MIP SDK sources, the AIP *upgrade label* and *downgrade label* action maps to Activity explorer *label changed*
- It is captured at the point of save in Office native applications and web applications.-- It is captured at the time of occurrence in Azure Information protection unified client add-ins and scanner enforcements
+- It is captured at the time of occurrence for the AIP unified labeling client and scanner enforcements
- Upgrade and downgrade labels actions can also be monitored via the *Label event type* field and filter. The *justification* text is also captured except for SharePoint Online and OneDrive. - Sensitivity labeling done in Office native apps on Outlook collects the last action that was generated before file save/email send actions. For example, if the user changes label on an email multiple times before sending, the last label found on the email when it is sent is captured in the audit log and then reported in Activity explorer.
This event is generated each time a sensitivity label is updated on the document
This event is generated each time a sensitivity label is removed from a file or document. - This event is captured at the time of save in Office native applications and web applications.-- It is captured at the time of occurrence in Azure Information protection add-ins.-- Sensitivity labeling, with Office native MIP label, on Outlook collects the last labeling event that was generated before file save/email send actions.
+- It is captured at the time of occurrence for the Azure Information Protection (AIP) unified labeling client.
+- Sensitivity labeling, with Office built-in labels, on Outlook collects the last labeling event that was generated before file save/email send actions.
|Source |Reported in Activity explorer | Note | ||||
This event is generated each time a sensitivity labeled or protected document is
## Files discovered
-This event is generated each time files are discovered when AIP Scanner is used for scanning sensitive data in various locations and finds files.
+This event is generated each time files are discovered when the AIP scanner is used for scanning sensitive data in various locations and finds files.
|Source |Reported in Activity explorer | Note | ||||
compliance Data Classification Activity Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-activity-explorer.md
Here's a list of applicable role groups that are in preview. To learn more about
Activity explorer gathers activity information from the audit logs on multiple sources of activities. For more detailed information on what labeling activity makes it to Activity explorer, see [Labeling events available in Activity explorer](data-classification-activity-explorer-available-events.md).
-**Sensitivity label activities** and **Retention labeling activities** from Office native applications, Azure Information Protection add-in, SharePoint Online, Exchange Online (sensitivity labels only), and OneDrive. Some examples are:
+**Sensitivity label activities** and **Retention labeling activities** from Office native applications, the Azure Information Protection (AIP) unified labeling client and scanner, SharePoint Online, Exchange Online (sensitivity labels only), and OneDrive. Some examples are:
- Label applied - Label changed (upgraded, downgraded, or removed)
compliance Data Classification Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-overview.md
description: "The data classification dashboard gives you visibility into how mu
# Learn about data classification
-As a Microsoft 365 administrator or compliance administrator, you can evaluate and then tag content in your organization in order to control where it goes, protect it no matter where it is and to ensure that it is preserved and deleted according to your organizations needs. You do this through the application of [sensitivity labels](sensitivity-labels.md), [retention labels](retention.md#retention-labels), and sensitive information type classification. There are various ways to do the discovery, evaluation and tagging, but the end result is that you may have very large number of documents and emails that are tagged and classified with one or both of these labels. After you apply your retention labels and sensitivity labels, you'll want to see how the labels are being used across your tenant and what is being done with those items. The data classification page provides visibility into that body of content, specifically:
+As a Microsoft 365 administrator or compliance administrator, you can evaluate and then tag content in your organization in order to control where it goes, protect it no matter where it is, and ensure that it is preserved and deleted according to your organization's needs. You do this through the application of [sensitivity labels](sensitivity-labels.md), [retention labels](retention.md#retention-labels), and sensitive information type classification. There are various ways to do the discovery, evaluation, and tagging, but the end result is that you may have very large numbers of documents and emails that are tagged and classified with one or both of these labels. After you apply your retention labels and sensitivity labels, you'll want to see how the labels are being used across your tenant and what is being done with those items. The data classification page provides visibility into that body of content, specifically:
- the number items that have been classified as a sensitive information type and what those classifications are - the top applied sensitivity labels in both Microsoft 365 and Azure Information Protection
compliance Device Onboarding Macos Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-macos-overview.md
Endpoint DLP supports these browsers on macOS Catalina 10.15 or higher:
See, [Microsoft 365 licensing guidance for information protection](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection-data-loss-prevention-for-exchange-online-sharepoint-online-and-onedrive-for-business).
-## Activities that can be restricted on macOS
+## Activities that can be audited and restricted on macOS
Once a macOS device is onboarded into Microsoft Purview solutions, you can monitor and restrict these actions with data loss prevention (DLP) policies.
compliance Dlp Configure View Alerts Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-configure-view-alerts-policies.md
Customers who use [Endpoint DLP](endpoint-dlp-learn-about.md) who are eligible f
- **Single-event alert configuration**: Organizations that have an E1, F1, or G1 subscription or an E3 or G3 subscription can create alert policies only where an alert is triggered every time an activity occurs. - **Aggregated alert configuration**: To configure aggregate alert policies based on a threshold, you must have either of the following configurations:
+ - An A5 subscription
- An E5 or G5 subscription - An E1, F1, or G1 subscription or an E3 or G3 subscription that includes one of the following features: - Office 365 Advanced Threat Protection Plan 2
compliance Dlp Policy Tips Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-tips-reference.md
Please note that custom sensitive information types will also be detected in add
|**3rd party cloud apps**|:::image type="icon" source="../media/crsmrk.png" border="false":::|none|none|Data Loss Prevention policy tips are not supported on 3rd party cloud apps| |**On-prem**|:::image type="icon" source="../media/crsmrk.png" border="false":::|none|none|| |**Word, Excel, PowerPoint Win32 Client**|:::image type="icon" source="../medi#policy-tips-in-excel-powerpoint-and-word) for more details|
+|**Power BI**|:::image type="icon" source="../media/crsmrk.png" border="false":::|subset|subset|Data loss prevention policies in Power BI are in Public Preview. </br></br> Policy tips and admin alerts are supported. |
||||||
compliance Endpoint Dlp Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-learn-about.md
You can use Microsoft Purview Data Loss Prevention (DLP) to monitor the actions
Endpoint DLP enables you to audit and manage the following types of activities users take on sensitive items that are physically stored Windows 10, Windows 11, or macOS devices.
-|Activity |Description |Windows 10 1809 and later/ Windows 11| macOS Catalina 10.15| Auditable/restrictable|
+|Activity |Description |Windows 10 1809 and later/ Windows 11| macOS Catalina 10.15 and later | Auditable/restrictable|
|||||| |upload to cloud service, or access by unallowed browsers | Detects when a user attempts to upload an item to a restricted service domain or access an item through a browser. If they are using a browser that is listed in DLP as an unallowed browser, the upload activity will be blocked and the user is redirected to use Microsoft Edge. Microsoft Edge will then either allow or block the upload or access based on the DLP policy configuration |supported | supported|auditable and restrictable| |copy to other app |Detects when a user attempts to copy information from a protected item and then paste it into another app, process or item. Copying and pasting information within the same app, process, or item is not detected by this activity.|supported|supported | auditable and restrictable|
compliance Endpoint Dlp Using https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-using.md
To help familiarize you with Endpoint DLP features and how they surface in DLP p
>- [Create a DLP policy from a template](create-a-dlp-policy-from-a-template.md) >- [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md) +
+## Before you begin
+
+### SKU/subscriptions licensing
+
+For full licensing details, see [Microsoft 365 licensing guidance for information protection](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-protection-data-loss-prevention-for-exchange-online-sharepoint-online-and-onedrive-for-business).
+ ## Scenario 1: Create a policy from a template, audit only These scenarios require that you already have devices onboarded and reporting into Activity explorer. If you haven't onboarded devices yet, see [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md).
compliance Sit Get Started Exact Data Match Export Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-export-data.md
Once the data has been exported in one of the supported formats, you can proceed
## Defining your EDM Sensitive type
-When defining your EDM sensitive type, one of the most critical decisions is which fields will be primary fields. Primary fields need to follow a detectable pattern and be defined as searchable fields (columns) in your EDM schema. Secondary fields do not need to follow any pattern since they will be compared against all the text surrounding matches to the primary fields.
+When defining your EDM sensitive type, one of the most critical decisions is to define which fields will be primary fields. Primary fields need to follow a detectable pattern and be defined as searchable fields (columns) in your EDM schema. Secondary fields do not need to follow any pattern since they will be compared against all the text surrounding matches to the primary fields.
Use these rules to help you decide which columns you should use as primary fields:
For example, if you have the columns `full name`, `date of birth`, `account numb
## Save sensitive data in .csv, .tsv, or pipe-separated format
-1. Identify the sensitive information you want to use. Export the data to an app, such as Microsoft Excel, and save the file in a text file. The file can be saved in .csv (comma-separated values), .tsv (tab-separated values), or pipe-separated (|) format. The .tsv format is recommended in cases where your data values may included commas, such as street addresses.
+1. Identify the sensitive information you want to use. Export the data to an app such as Microsoft Excel, and save the file in a text file. The file can be saved in .csv (comma-separated values), .tsv (tab-separated values), or pipe-separated (|) format. The .tsv format is recommended in cases where your data values may include commas, such as street addresses.
The data file can include a maximum of: - Up to 100 million rows of sensitive data - Up to 32 columns (fields) per data source
The data file can include a maximum of:
2. Structure the sensitive data in the .csv or .tsv file such that the first row includes the names of the fields used for EDM-based classification. In your file you might have field names such as "ssn", "birthdate", "firstname", "lastname". The column header names can't include spaces or underscores. For example, the sample .csv file that we use in this article is named *PatientRecords.csv*, and its columns include *PatientID*, *MRN*, *LastName*, *FirstName*, *SSN*, and more.
-3. Pay attention to the format of the sensitive data fields. In particular, fields that may contain commas in their content, for example, a street address that contains the value "Seattle,WA" would be parsed as two separate fields when parsed if the .csv format is selected. To avoid this, use the .tsv format or surrounded the comma containing values by double quotes in the sensitive data table. If comma containing values also contain spaces, you need to create a custom SIT that matches the corresponding format. For example, a SIT that detects multi-word string with commas and spaces in it.
+3. Pay attention to the format of the sensitive data fields; in particular, fields that may contain commas in their content. For example, a street address that contains the value "Seattle,WA" would be parsed as two separate fields when parsed if the .csv format is selected. To avoid this, use the .tsv format or surrounded the comma containing values by double quotes in the sensitive data table. If comma containing values also contain spaces, you need to create a custom SIT that matches the corresponding format. For example, a SIT that detects multi-word string with commas and spaces in it.
## Next step
security Get Defender Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/get-defender-business.md
ms.prod: m365-security ms.technology: mdb ms.localizationpriority: medium Last updated : 07/20/2022 f1.keywords: NOCSH
If you don't already have Microsoft Defender for Business, you can choose from s
- [Try or buy the standalone version of Defender for Business](#try-or-buy-microsoft-defender-for-business). - [Get Microsoft 365 Business Premium](#get-microsoft-365-business-premium), which now includes Defender for Business.-- [Work with a Microsoft solution provider](#work-with-a-microsoft-solution-provider) who can help you get everything set up and configured.
+- [Work with a Microsoft partner](#work-with-a-microsoft-partner) who can help you get everything set up and configured.
If you have signed up for a trial, after you receive your acceptance email, you can [activate your trial and assign user licenses](#how-to-activate-your-trial), and then proceed to your [next steps](#next-steps).
If you have signed up for a trial, after you receive your acceptance email, you
3. After you have signed up for Microsoft 365 Business Premium, you'll receive an email with a link to sign in and get started. Proceed to [Set up Microsoft 365 Business Premium](../../business-premium/m365bp-setup.md).
-## Work with a Microsoft Solution Provider
+## Work with a Microsoft partner
Microsoft has a list of solution providers who are authorized to sell offerings, including Microsoft 365 Business Premium and Microsoft Defender for Business. To find a solution provider in your area, take the following steps:
-1. Go to the **Microsoft Solution Providers** page ([https://www.microsoft.com/solution-providers](https://www.microsoft.com/solution-providers)).
-
-2. In the search box, fill in your location and company size.
+1. Go to the [Browse Partners](https://appsource.microsoft.com/marketplace/partner-dir).
-3. In the **Search for products, services, skills, industries** box, put `Microsoft 365`, and then select **Go**.
+2. In the **Filters** pane, specify search criteria, such as:
-4. Review the list of results. Select a provider to learn more about their expertise and the services they provide. Your provider can help you sign up for Defender for Business.
+ - Your location
+ - Your organization's size
+ - **Focus areas**, such as **Security** and/or **Threat Protection**
+ - **Services**, such as **Licensing** or **Managed Services (MSP)**
+
+ As soon as you select one or more criteria, the list of partners updates.
+
+3. Review the list of results. Select a provider to learn more about their expertise and the services they provide.
## How to activate your trial
security Automation Levels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/automation-levels.md
ms.pagetype: security
ms.localizationpriority: medium Last updated : 07/20/2022 audience: ITPro
Automated investigation and remediation (AIR) capabilities in Microsoft Defender
|Automation level|Description| |||
-|**Full - remediate threats automatically** <br> (also referred to as *full automation*)|With full automation, remediation actions are performed automatically. All remediation actions that are taken can be viewed in the [Action Center](auto-investigation-action-center.md) on the **History** tab. If necessary, a remediation action can be undone. <p> ***Full automation is recommended** and is selected by default for tenants with Defender for Endpoint that were created on or after August 16, 2020, with no device groups defined yet.*<p>*Full automation is set by default in Defender for Business.*|
+|**Full - remediate threats automatically** <br> (also referred to as *full automation*)|With full automation, remediation actions are performed automatically on entities that are considered to be malicious. All remediation actions that are taken can be viewed in the [Action Center](auto-investigation-action-center.md) on the **History** tab. If necessary, a remediation action can be undone. <p> ***Full automation is recommended** and is selected by default for tenants with Defender for Endpoint that were created on or after August 16, 2020, with no device groups defined yet.*<p>*Full automation is set by default in Defender for Business.*|
|**Semi - require approval for any remediation** <br> (also referred to as *semi-automation*)|With this level of semi-automation, approval is required for *any* remediation action. Such pending actions can be viewed and approved in the [Action Center](auto-investigation-action-center.md), on the **Pending** tab. <p> *This level of semi-automation is selected by default for tenants that were created before August 16, 2020 with Microsoft Defender for Endpoint, with no device groups defined.*| |**Semi - require approval for core folders remediation** <br> (also a type of *semi-automation*)|With this level of semi-automation, approval is required for any remediation actions needed on files or executables that are in core folders. Core folders include operating system directories, such as the **Windows** (`\windows\*`). <p> Remediation actions can be taken automatically on files or executables that are in other (non-core) folders. <p> Pending actions for files or executables in core folders can be viewed and approved in the [Action Center](auto-investigation-action-center.md), on the **Pending** tab. <p> Actions that were taken on files or executables in other folders can be viewed in the [Action Center](auto-investigation-action-center.md), on the **History** tab.| |**Semi - require approval for non-temp folders remediation** <br> (also a type of *semi-automation*)|With this level of semi-automation, approval is required for any remediation actions needed on files or executables that are *not* in temporary folders. <p> Temporary folders can include the following examples: <ul><li>`\users\*\appdata\local\temp\*`</li><li>`\documents and settings\*\local settings\temp\*`</li><li>`\documents and settings\*\local settings\temporary\*`</li><li>`\windows\temp\*`</li><li>`\users\*\downloads\*`</li><li>`\program files\`</li><li>`\program files (x86)\*`</li><li>`\documents and settings\*\users\*`</li></ul> <p> Remediation actions can be taken automatically on files or executables that are in temporary folders. <p> Pending actions for files or executables that are not in temporary folders can be viewed and approved in the [Action Center](auto-investigation-action-center.md), on the **Pending** tab. <p> Actions that were taken on files or executables in temporary folders can be viewed and approved in the [Action Center](auto-investigation-action-center.md), on the **History** tab.|
security Device Control Removable Storage Access Control https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control.md
Before you get started with Removable Storage Access Control, you must confirm y
:::image type="content" source="images/enable-rsac-gp.png" alt-text="Screenshot of Enabling RSAC using Group Policy " lightbox="images/enable-rsac-gp.png":::
+> [!NOTE]
+> If you don't see this group policy objects, you need to add group policy administrative template. you can download administrative template (WindowsDefender.adml and WindowsDefender.admx) from https://github.com/microsoft/mdatp-devicecontrol/tree/main/Removable%20Storage%20Access%20Control%20Samples.
+ 2. Set Default Enforcement: You can set default access (Deny or Allow) for all Device Control features (RemovableMediaDevices, CdRomDevices, WpdDevices, PrinterDevices).
security Manage Auto Investigation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-auto-investigation.md
ms.pagetype: security
ms.localizationpriority: medium Last updated : 07/20/2022 audience: ITPro
Automation levels affect whether certain remediation actions are taken automatic
|Device group setting|Automated investigation results|What to do| ||||
-|**Full - remediate threats automatically**<br/>(recommended)|A verdict of *Malicious* is reached for a piece of evidence. <p> Appropriate remediation actions are taken automatically.|[Review completed actions](#review-completed-actions)|
-|**Full - remediate threats automatically**|A verdict of *Suspicious* is reached for a piece of evidence. <p> Appropriate remediation actions are taken automatically.|[Approve (or reject) pending actions](#review-pending-actions)|
+|**Full - remediate threats automatically**<br/>(recommended)|A verdict of *Malicious* is reached for a piece of evidence. <p> Appropriate remediation actions are taken automatically.|[Review completed actions](#review-completed-actions) |
|**Semi - require approval for any remediation**|A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <p> Remediation actions are pending approval to proceed.|[Approve (or reject) pending actions](#review-pending-actions)| |**Semi - require approval for core folders remediation**|A verdict of *Malicious* is reached for a piece of evidence. <p> If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <p> If the artifact is *not* in an operating system directory, remediation actions are taken automatically.|<ol><li>[Approve (or reject) pending actions](#review-pending-actions)</li><li>[Review completed actions](#review-completed-actions)</li></ol>| |**Semi - require approval for core folders remediation**|A verdict of *Suspicious* is reached for a piece of evidence. <p> Remediation actions are pending approval.|[Approve (or reject) pending actions](#review-pending-actions).|
security Run Analyzer Macos Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux.md
Open a terminal or SSH into the relevant machine and run the following commands:
> > - In addition, the tool currently requires Python version 3 or later to be installed. >
-> - If you are running on a machine that cannot use Python 3 or fetch the lxml component, then you can download a binary based version of the analyzer that does not have any of the requirements: [XMDE Client Analyzer Binary](https://aka.ms/XMDEClientAnalyzerBinary)
+> - If you are running on a machine that cannot use Python 3 or fetch the lxml component, then you can download a binary based version of the analyzer that does not have any of the requirements: [XMDE Client Analyzer Binary](https://aka.ms/XMDEClientAnalyzerBinary). <br> Note that the binary is currently unsigned. To allow the package run on MacOS, you will need to use the syntax: "spctl --add /Path/To/Application.app".
> > - If your device is behind a proxy, then you can simply pass the proxy server as an environment variable to the mde_support_tool.sh script. For example: > `https_proxy=https://myproxy.contoso.com:8080 ./mde_support_tool.sh"`
security Defender Vulnerability Management Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-faq.md
+
+ Title: Microsoft Defender Vulnerability Management frequently asked questions
+description: Find answers to frequently asked questions (FAQs) about MDVM
+keywords: defender vulnerability management
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+f1.keywords:
+- NOCSH
++
+ms.localizationpriority: medium
+
+audience: ITPro
++
+ms.technology: m365d
++
+# Microsoft Defender Vulnerability Management frequently asked questions
++
+**Applies to:**
+
+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml)
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
++
+Find answers to frequently asked questions (FAQs) about Microsoft Defender Vulnerability Management. Use the following links to help find answer to your questions:
+
+- [Defender Vulnerability Management licensing FAQs](#defender-vulnerability-management-licensing-faqs)
+- [Defender Vulnerability Management trial FAQs](#defender-vulnerability-management-licensing-faqs)
+- [Block vulnerable applications FAQs](#block-vulnerable-applications-faqs)
+- [Security baselines FAQs](#security-baselines-faqs)
+- [Defender Vulnerability Management general FAQs](#defender-vulnerability-management-general-faqs)
+
+## Defender Vulnerability Management licensing FAQs
+
+### What license does the user need to benefit from Defender Vulnerability Management capabilities?
+
+Microsoft Defender Vulnerability Management is available for public preview via two
+
+1. Microsoft Defender for Endpoint Plan 2 / E5 customers can seamlessly enhance their existing generally available vulnerability management capabilities with the Microsoft Defender Vulnerability Management add-on. This service provides consolidated inventories, expanded asset coverage, cross-platform support, and new assessment and mitigation tools. To sign up for the free 120-day public preview trial, see [Defender Vulnerability Management Add-on](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-the-defender-vulnerability-management-add-on-public-preview-trial-for-defender-for-endpoint-plan-2-customers).
+
+2. For non-Defender for Endpoint Plan 2 / non-E5 customers looking for a risk-based vulnerability management solution, Microsoft Defender Vulnerability Management standalone helps you efficiently discover, assess, and remediate vulnerabilities and misconfigurations in one place. To sign up for the free 120-day public preview trial, see [Defender Vulnerability Management Standalone](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-defender-vulnerability-management-standalone).
+
+If you have any questions related to the trial sign up and onboarding process, [contact us](mailto:mdvmtrial@microsoft.com) (mdvmtrial@microsoft.com).
+
+### Is Defender Vulnerability Management available as part of E5?
+
+If the customer has E5, they have Defender for Endpoint Plan 2 and core vulnerability management capabilities. Defender Vulnerability Management is a separate solution from Defender for Endpoint (not included in E5) and is available as an add-on.
+
+### What will the purchase options be when Defender Vulnerability Management is generally available (GA)?
+
+Details on your purchase options for Defender Vulnerability Management will be made available once the offering is GA.
+
+## Defender Vulnerability Management trial FAQs
+
+### How do customers sign up for a trial?
+
+For existing Defender for Endpoint Plan 2 / E5 customers who want to evaluate the experience first-hand, we encourage directly onboarding onto the Microsoft Defender Vulnerability Management add-on free 120-day public preview trial. For more information, see [Defender Vulnerability Management Add-on](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-the-defender-vulnerability-management-add-on-public-preview-trial-for-defender-for-endpoint-plan-2-customers).
+
+For new customers (non-Defender for Endpoint Plan 2 / non-E5), see [Defender Vulnerability Management Standalone](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-defender-vulnerability-management-standalone) to sign up for the free 120-day public preview trial.
+
+> [!NOTE]
+> Customers need to have the global admin role defined in Azure AD to onboard the trial.
+>
+> WeΓÇÖre happy to assist with initial trial onboarding and to meet with customers to provide an overview of the product capabilities. To do this or if you have any questions, [contact us](mailto:mdvmtrial@microsoft.com) (mdvmtrial@microsoft.com) and we will get in touch!
+
+### How is the service provisioned/deployed?
+
+Once a customer is onboarded on to the free-trial experience, Defender Vulnerability Management features are turned on by default at the tenant level for all users within the organization.
+
+### Do I need to assign Defender Vulnerability Management trial licenses to users in my organization as instructed in the admin center?
+
+Currently, there is no need to assign the new Defender Vulnerability Management license to users. Licenses will be applied automatically after a customer signs up for the free public preview trial.
+
+### If a customer is in private preview, what will happen to their premium capabilities if I donΓÇÖt sign up for a free public preview trial?
+
+The new capabilities will be available only to customers who onboard the public preview trial. Customers who havenΓÇÖt onboarded will lose access to these capabilities. Blocked applications will be immediately unblocked. Security baseline profiles may be stored for a short additional time before being deleted.
+
+### How long does the public preview trial last and what happens at the end of my trial?
+
+The public preview trial lasts for 120 days.
+
+After your trial ends, you'll have a 30 day grace period of active trial before the license becomes suspended. When the trial is suspended, you will retain your security baselines, but you may lose access to your portal and your blocked applications may become unblocked.
+
+After 180 days, your license will be deactivated and your profiles will be deleted.
+
+## Block vulnerable applications FAQs
+
+### I want to block a vulnerable application but it's not showing up as available to block?
+
+Examples of recommendations where you might not see a mitigation action (such as block) include:
+
+- Recommendations related to applications where Microsoft does not have sufficient information to block
+- Recommendations related to Microsoft applications
+- Recommendations related to operating systems
+- Recommendations related to apps for MacOS and Linux
+
+It is also possible that your organization has reached the maximum indicator capacity of 15,000. If this is the case, you will need to free up space by deleting old indicators. To learn more see, [Manage indicators](../defender-endpoint/indicator-manage.md).
+
+### Does blocking vulnerable apps work on all devices?
+
+This feature is supported on Windows devices (1809 or later) with the latest Windows updates installed. Each device must have a minimum antimalware client version of 4.18.1901.x or later. The Engine version must be 1.1.16200.x or later.
+
+## Security baselines FAQs
+
+### What is the full list of baseline benchmarks I can use as part of security baselines assessment?
+
+There is currently support for:
+
+- Center for Internet Security (CIS) benchmarks for Windows 10, Windows 11, and Windows Server 2008R2 and above.
+- Security Technical Implementation Guides (STIG) benchmarks for Windows 10 and Windows Server 2019.
+
+Upcoming support:
+
+- Microsoft benchmarks for Windows 10, Windows 11, and Windows Server 2008R2 and above will be available in an upcoming release.
+
+### What operating systems can I measure using security baseline assessments?
+
+Currently Windows is supported, but coverage will be expanded to cover additional operating systems such as Mac and Linux.
+
+## Defender Vulnerability Management general FAQs
+
+### Can I set up a customer meeting to learn more about Defender Vulnerability Management?
+
+Yes, to do this or if you have any questions, [contact us](mailto:mdvmtrial@microsoft.com) (mdvmtrial@microsoft.com) and we will get in touch!
+
+### Where can I find the full list of capabilities across different plans?
+
+For details on the full list of capabilities across Microsoft Defender Vulnerability Management and Defender for Endpoint, see [Defender Vulnerability Management Capabilities](defender-vulnerability-management-capabilities.md).
+
+### Can customers buy only one capability?
+
+Microsoft Defender Vulnerability Management is available as a vulnerability management solution comprised of multiple premium capabilities.
+
+### Can I turn on Defender Vulnerability Management capabilities on a subset of devices in my organization?
+
+There isnΓÇÖt a way to selectively light up the Defender Vulnerability Management assessment capabilities (block vulnerable applications, browser extension, certificate inventory, and network share assessment) on a subset of devices in a given tenant.
security Get Defender Vulnerability Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management.md
If you don't already have Defender for Endpoint Plan 2, you will sign up to tria
To sign up: 1. Log in as a global admin to the tenant where the Defender Vulnerability Management public preview trial service will be added.
-2. Visit [Microsoft Defender Vulnerability Management Public Preview Trial](https://aka.ms/MDVMPreviewTrial).
+2. Visit [Microsoft Defender Vulnerability Management Public Preview Trial](https://signup.microsoft.com/get-started/signup?products=dee3976b-2cfd-40c3-90b6-3147cbf03146&ali=1&ru=https://aka.ms/MdvmPortal).
3. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not. 4. Once you have signed in, select the **Try now** button to confirm your order of the 120 day subscription of the Microsoft Defender Vulnerability Management Public Preview Trial.
-5. Select **Continue**. YouΓÇÖll now be directed to the Microsoft 365 admin center. No action is required in the Microsoft 365 admin center to start using the trial.
+5. Select **Continue**. YouΓÇÖll now be directed to the Microsoft 365 Defender portal.
> [!NOTE] > Once you activate the trial it can take up to 4 hours for Defender Vulnerability Management to be fully available in your tenant.
To sign up:
If you already have an existing Defender for Endpoint Plan 2 or Microsoft 365 E5 license, sign up to trial the **Defender Vulnerability Management Add-on trial** to get access to the additional capabilities. To sign up:
-1. Visit [Microsoft Defender Vulnerability Management Add-on Public Preview Trial](https://aka.ms/AddonPreviewTrial).
+1. Visit [Microsoft Defender Vulnerability Management Add-on Public Preview Trial](https://signup.microsoft.com/get-started/signup?products=5908ecaa-b8a7-4a04-b6c0-d44fd934b6f2&ali=1&ru=https://aka.ms/MdvmPortal).
2. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not. 3. Once you have signed in, select the **Try now** button to confirm your order of the 120 day subscription of the Microsoft Defender Vulnerability Add-on Public Preview Trial.
-4. Select **Continue**. YouΓÇÖll now be directed to the Microsoft 365 admin center. No action is required in the Microsoft 365 admin center to start using the trial.
+4. Select **Continue**. YouΓÇÖll now be directed to the Microsoft 365 Defender portal.
> [!NOTE] > Once you activate the trial it can take up to 6 hours for the new features to become available in the portal.
security Admin Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md
Watch this short video to learn how to use admin submissions in Microsoft Defend
- For more information about how users can submit messages and files to Microsoft, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md).
-## Report suspicious content to Microsoft
+## Report questionable email to Microsoft
1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the **Submissions** page at **Actions & submissions** \> **Submissions**. To go directly to the **Submissions** page, use <https://security.microsoft.com/reportsubmission>.
-2. On the **Submissions** page, verify that the **Emails** or **Email attachments** or **URLs** tab is selected based on the type of content you want to report, and then click ![Submit to Microsoft for analysis icon.](../../media/m365-cc-sc-create-icon.png) **Submit to Microsoft for analysis**.
+2. On the **Submissions** page, verify that the **Emails** tab is selected based on the type of content you want to report, and then click ![Submit to Microsoft for analysis icon.](../../media/m365-cc-sc-create-icon.png) **Submit to Microsoft for analysis**.
-3. Use the **Submit to Microsoft for analysis** flyout that appears to submit the respective type of content (email, URL, or email attachment) as described in the following sections.
+3. In the **Add the network message ID or upload the email file** section, use one of the following options:
+ - **Add the email network message ID**: This is a GUID value that's available in the **X-MS-Exchange-Organization-Network-Message-Id** header in the message or in the **X-MS-Office365-Filtering-Correlation-Id** header in quarantined messages.
+ - **Upload the email file (.msg or .eml)**: Click **Browse files**. In the dialog that opens, find and select the .eml or .msg file, and then click **Open**.
- > [!NOTE]
- > File and URL submissions are not available in the clouds that do not allow for data to leave the environment. The ability to select File or URL will be greyed out.
+4. In the **Choose a recipient who had an issue** box, specify the recipient that you would like to run a policy check against. The policy check will determine if the email bypassed scanning due to user or organization policies.
-### Notify users from within the portal
-
-1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the **Submissions** page at **Email & collaboration** \> **Submissions**. To go directly to the **Submissions** page, use <https://security.microsoft.com/reportsubmission>.
-
-2. On the **Submissions** page, select **User reported messages** tab, and then select the message you want to mark and notify.
-
-3. Select the **Mark as and notify** drop-down, and then select **No threats found** \> **Phishing** or **Junk**.
-
- :::image type="content" source="../../media/unified-submission-user-reported-message.png" alt-text="The Submissions page" lightbox="../../media/unified-submission-user-reported-message.png":::
-
-The reported message will be marked as a false positive or a false negative. An email notification is sent automatically from within the portal to the user who reported the message.
-
-### Submit a questionable email to Microsoft
-
-1. In the **Select the submission type** box, verify that **Email** is selected in the dropdown list.
-
-2. In the **Add the network message ID or upload the email file** section, use one of the following options:
- - **Add the email network message ID**: This is a GUID value that's available in the **X-MS-Exchange-Organization-Network-Message-Id** header in the message or in the **X-MS-Office365-Filtering-Correlation-Id** header in quarantined messages.
- - **Upload the email file (.msg or .eml)**: Click **Browse files**. In the dialog that opens, find and select the .eml or .msg file, and then click **Open**.
-
-3. In the **Choose a recipient who had an issue** box, specify the recipient that you would like to run a policy check against. The policy check will determine if the email bypassed scanning due to user or organization policies.
-
-4. In the **Select a reason for submitting to Microsoft** section, select one of the following options:
+5. In the **Select a reason for submitting to Microsoft** section, select one of the following options:
- **Should not have been blocked (False positive)** - **Should have been blocked (False negative)**: In the **The email should have been categorized as** section that appears, select one of the following values (if you're not sure, use your best judgment): - **Phish** - **Malware** - **Spam**
-5. When you're finished, click **Submit**.
+6. When you're finished, click **Submit**.
> [!div class="mx-imgBorder"] > :::image type="content" source="../../media/submission-flyout-email.png" alt-text="The New URL submission process" lightbox="../../media/submission-flyout-email.png":::
-### Send a suspect URL to Microsoft
+## Report questionable URLs to Microsoft
-1. In the **Select the submission type** box, select **URL** from the dropdown list.
+1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the **Submissions** page at **Actions & submissions** \> **Submissions**. To go directly to the **Submissions** page, use <https://security.microsoft.com/reportsubmission>.
-2. In the **URL** box that appears, enter the full URL (for example, `https://www.fabrikam.com/marketing.html`).
+2. On the **Submissions** page, verify that the **URLs** tab is selected based on the type of content you want to report, and then click ![Submit to Microsoft for analysis icon.](../../media/m365-cc-sc-create-icon.png) **Submit to Microsoft for analysis**.****
-3. In the **Select a reason for submitting to Microsoft** section, select one of the following options:
+3. In the **URL** box that appears, enter the full URL (for example, `https://www.fabrikam.com/marketing.html`).
+
+4. In the **Select a reason for submitting to Microsoft** section, select one of the following options:
- **Should not have been blocked (False positive)** - **Should have been blocked (False negative)**: In the **This URL should have been categorized as** section that appears, select one of the following values (if you're not sure, use your best judgment): - **Phish** - **Malware**
-4. When you're finished, click **Submit**.
+5. When you're finished, click **Submit**.
> [!div class="mx-imgBorder"] > :::image type="content" source="../../media/submission-url-flyout.png" alt-text="The New Email submission process" lightbox="../../media/submission-url-flyout.png":::
-### Submit a suspected email attachment to Microsoft
+ > [!NOTE]
+ > URL submissions are not available in clouds that do not allow for data to leave the environment. The ability to select URL will be greyed out.
+
+## Report questionable email attachment to Microsoft
-1. In the **Select the submission type** box, select **Email attachment** from the dropdown list.
+1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to the **Submissions** page at **Actions & submissions** \> **Submissions**. To go directly to the **Submissions** page, use <https://security.microsoft.com/reportsubmission>.
-2. In the **File** section that appears, click **Browse files**. In the dialog that opens, find and select the file, and then click **Open**.
+2. On the **Submissions** page, verify that the **Email attachments** tab is selected based on the type of content you want to report, and then click ![Submit to Microsoft for analysis icon.](../../media/m365-cc-sc-create-icon.png) **Submit to Microsoft for analysis**.
+
+3. In the **File** section that appears, click **Browse files**. In the dialog that opens, find and select the file, and then click **Open**.
3. In the **Select a reason for submitting to Microsoft** section, select one of the following options: - **Should not have been blocked (False positive)**
The reported message will be marked as a false positive or a false negative. An
> [!NOTE] > If malware filtering has replaced the message attachments with the Malware Alert Text.txt file, you need to submit the original message from quarantine that contains the original attachments. For more information on quarantine and how to release messages with malware false positives, see [Manage quarantined messages and files as an admin](manage-quarantined-messages-and-files.md).
+> File ubmissions are not available in the clouds that do not allow for data to leave the environment. The ability to select File will be greyed out.
## View email admin submissions to Microsoft
If you've deployed the [Report Message add-in](enable-the-report-message-add-in.
- **Tags** - To export the entries, click **Export**. In the dialog that appears, save the .csv file.-
+ - To notify users see [Admin Review for Reported messages](admin-reiew-reported-messages.md)
+
> [!NOTE] > If organizations are configured to send user reported messages to the custom mailbox only, reported messages will appear in **User reported messages** but their results will always be empty (as they would not have been rescanned).
security Configure Advanced Delivery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-advanced-delivery.md
Messages that are identified by the advanced delivery policy aren't security thr
2. On the **Advanced delivery** page, verify that the **SecOps mailbox** tab is selected, and then do one of the following steps: - Click ![Edit icon.](../../media/m365-cc-sc-edit-icon.png) **Edit**.
- - If there are no configured phishing simulations, click **Add**.
+ - If there are no configured SecOps mailboxes, click **Add**.
3. On the **Edit SecOps mailboxes** flyout that opens, enter an existing Exchange Online mailbox that you want to designate as SecOps mailbox by doing one of the following steps: - Click in the box, let the list of mailboxes resolve, and then select the mailbox.
The SecOps mailbox entries that you configured are displayed on the **SecOps mai
- Single IP: For example, 192.168.1.1. - IP range: For example, 192.168.0.1-192.168.0.254. - CIDR IP: For example, 192.168.0.1/25.+ - **Simulation URLs to allow**: Expand this setting and optionally enter specific URLs that are part of your phishing simulation campaign that should not be blocked or detonated by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. You can add up to 10 entries. For the URL syntax format, see [URL syntax for the Tenant Allow/Block List](tenant-allow-block-list.md#url-syntax-for-the-tenant-allowblock-list). These URLs are wrapped at the time of click, but they aren't blocked. To remove an existing value, click remove ![Remove icon.](../../media/m365-cc-sc-remove-selection-icon.png) next to the value.
whiteboard Configure Privacy Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/configure-privacy-settings.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn about compliance and how to configure privacy settings in Microsoft Whiteboard.-
If you are the Microsoft Whiteboard administrator for your organization, you can
- Whether optional connected experiences in Whiteboard are available to your users.
-To configure the level of diagnostic data, sign in to the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) with your administrator account. From the admin center home page, go to **Show all > Settings > Org settings > Whiteboard**.
+To configure the level of diagnostic data, sign in to the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview) with your administrator account. From the admin center home page, go to **Show all > Settings > Org settings > Whiteboard**.
To configure the availability of optional connected experiences, use the [Office cloud policy service](/deployoffice/admincenter/overview-office-cloud-policy-service) in the [Microsoft 365 Apps admin center](https://config.office.com). Sign in with your administrator account and go to **Customization > Policy Management**. The policy you want to configure is named: **Allow the use of additional optional connected experiences in Office**.
whiteboard Deploy On Windows Organizations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/deploy-on-windows-organizations.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn how to deploy Microsoft Whiteboard on devices running Windows 10 or later versions.-
whiteboard Gdpr Requests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/gdpr-requests.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn how to export, transfer, or delete personal information from Microsoft Whiteboard.-
whiteboard Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/index.md
search.appverid: MET150
ms.localizationpriority: medium description: Find resources about how to set up and manage Microsoft Whiteboard.-
The resources in this section help the admin in your organization to set up and
| If you're looking for this information | Go to this resource | |:--|:--|
-|Learn how to set up and manage access to Whiteboard for your organization|[Manage access to Whiteboard](manage-whiteboard-access-organizations.md)|
+|Learn how to set up Whiteboard for your organization|[Set up and use Whiteboard](/surface-hub/whiteboard-collaboration)|
+|Deploy Whiteboard on devices that run Windows 10 or later using Microsoft Intune or Microsoft Configuration Manager|[Deploy Microsoft Whiteboard on Windows devices](deploy-on-windows-organizations.md)|
+|Learn how to manage access to Whiteboard for your organization|[Manage access to Whiteboard](manage-whiteboard-access-organizations.md)|
|Find where your Whiteboard content and data are stored in Azure and OneDrive for Business |[Manage data for Whiteboard](manage-data-organizations.md) | |Learn about the sharing experience in Teams and how to share links to specific users |[Manage sharing for Whiteboard](manage-sharing-organizations.md) |
-|Deploy Whiteboard on devices that run Windows 10 or later using Microsoft Intune or Microsoft Configuration Manager |[Deploy Whiteboard on Windows](deploy-on-windows-organizations.md) |
+|Learn how to configure privacy settings and diagnostic data for Whiteboard |[Configure privacy settings in Whiteboard](configure-privacy-settings.md) |
+|Learn how to manage General Data Protection Regulation (GDPR) requirements for personal data collected in Whiteboard |[Manage GDPR data subject requests in Whiteboard](gdpr-requests.md) |
### For government
whiteboard Manage Clients Gcc High https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-clients-gcc-high.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn which clients are currently supported for Whiteboard.-
whiteboard Manage Data Gcc High https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-data-gcc-high.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn how to enable, disable, and manage access to Whiteboard.-
whiteboard Manage Data Organizations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-data-organizations.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn about data retention for Microsoft Whiteboard in Azure and OneDrive for Business.-
whiteboard Manage Sharing Gcc High https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-sharing-gcc-high.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn how to manage sharing for Microsoft Whiteboard in GCC High environments.-
whiteboard Manage Sharing Organizations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-sharing-organizations.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn how to manage sharing for Microsoft Whiteboard.-
whiteboard Manage Whiteboard Access Gcc High https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-whiteboard-access-gcc-high.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn how to enable, disable, and manage Whiteboard data.-
whiteboard Manage Whiteboard Access Organizations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-whiteboard-access-organizations.md
search.appverid: MET150
ms.localizationpriority: medium description: Learn how to set up Microsoft Whiteboard for your organization in the Microsoft 365 admin center.-