Updates from: 07/22/2021 03:11:07
Category Microsoft Docs article Related commit history on GitHub Change details
admin About Shared Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md
Before you [create a shared mailbox](create-a-shared-mailbox.md), here are some
- **Signing in:** A shared mailbox is not intended for direct sign-in by its associated user account. You should always block sign-in for the shared mailbox account and keep it blocked. -- **Too many users:** When there are too many designated users concurrently accessing a shared mailbox, they may intermittently fail to connect to this mailbox. In this case, you can consider reducing the number of the users or using a different workload, such a Microsoft 365 group or Public folder.
+- **Too many users:** When there are too many designated users concurrently accessing a shared mailbox (no more than 25 is recommended), they may intermittently fail to connect to this mailbox or have inconsistencies like messages being duplicated in the outbox. In this case, you can consider reducing the number of users or using a different workload, such as a Microsoft 365 group or a Public folder.
- **Message deletion:** Unfortunately, you can't prevent people from deleting messages in a shared mailbox. The only way around this is to create a Microsoft 365 group instead of a shared mailbox. A group in Outlook is like a shared mailbox. For a comparison of the two, see [Compare groups](../create-groups/compare-groups.md). To learn more about groups, see [Learn more about groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2).
Before you [create a shared mailbox](create-a-shared-mailbox.md), here are some
[Configure a shared mailbox](configure-a-shared-mailbox.md) (article)\ [Convert a user mailbox to a shared mailbox](convert-user-mailbox-to-shared-mailbox.md) (article)\ [Remove a license from a shared mailbox](remove-license-from-shared-mailbox.md) (article)\
-[Resolve issues with shared mailboxes](resolve-issues-with-shared-mailboxes.md) (article)
+[Resolve issues with shared mailboxes](resolve-issues-with-shared-mailboxes.md) (article)
admin Set Up File Storage And Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-file-storage-and-sharing.md
Employees can also share OneDrive files and folders. If an employee is away or l
Here's how each person on your team can set up OneDrive and share files.
-1. Go to the <a href="https://admin.mirosoft.com/ " target="_blank">Microsoft 365 admin center</a>, and sign in with your user name and password.
+1. Go to the <a href="https://admin.microsoft.com/ " target="_blank">Microsoft 365 admin center</a>, and sign in with your user name and password.
2. From the App launcher, select **OneDrive**.
You can enable third-party storage for your users in Microsoft 365 so they can s
[Add storage space for your subscription](../../commerce/add-storage-space.md) (article)\ [Share files and folders with Microsoft 365 Business](https://support.microsoft.com/office/share-files-and-folders-with-microsoft-365-business-72f26d6c-bf9e-432c-8b96-e3c2437f5b65) (video)\
-[Customize your team site for file storage and sharing](customize-team-site.md) (article)
+[Customize your team site for file storage and sharing](customize-team-site.md) (article)
compliance Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md
An alert policy consists of the following settings and conditions.
- **Activity conditions**. For most activities, you can define additional conditions that must be met to trigger an alert. Common conditions include IP addresses (so that an alert is triggered when the user performs the activity on a computer with a specific IP address or within an IP address range), whether an alert is triggered if a specific user or users perform that activity, and whether the activity is performed on a specific file name or URL. You can also configure a condition that triggers an alert when the activity is performed by any user in your organization. The available conditions are dependent on the selected activity.
+You can also define user tags as a condition of an alert policy. This results in the alerts triggered by the policy to include the context of the impacted user. You can use system user tags or custom user tags. For more information, see [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags).
+ - **When the alert is triggered**. You can configure a setting that defines how often an activity can occur before an alert is triggered. This allows you to set up a policy to generate an alert every time an activity matches the policy conditions, when a certain threshold is exceeded, or when the occurrence of the activity the alert is tracking becomes unusual for your organization. ![Configure how alerts are triggered, based on when the activity occurs, a threshold, or unusual activity for your organization](../media/howalertsaretriggered.png)
compliance App Governance Anomaly Detection Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-anomaly-detection-alerts.md
description: "Investigate anomaly detection alerts."
## MITRE ATT&CK
-To make it easier to map the relationship between Microsoft app governance alerts and the familiar MITRE ATT&CK Matrix, we've categorized the alerts by their corresponding MITRE ATT&CK tactic. This additional reference makes it easier to understand the suspected attacks technique potentially in use when Microsoft Application Security and Governance alert is triggered.
+To make it easier to map the relationship between Microsoft app governance alerts and the familiar MITRE ATT&CK Matrix, we've categorized the alerts by their corresponding MITRE ATT&CK tactic. This additional reference makes it easier to understand the suspected attacks technique potentially in use when app governance alert is triggered.
-This guide provides information about investigating and remediating Microsoft app governance alerts in the following categories.
+This guide provides information about investigating and remediating app governance alerts in the following categories.
- Initial Access - Execution
This guide provides information about investigating and remediating Microsoft ap
- Exfiltration - Impact
+<!-->
## Security alert classifications Following proper investigation, all Microsoft app governance alerts can be classified as one of the following activity types:
Following proper investigation, all Microsoft app governance alerts can be class
- True positive (TP): An alert on a confirmed malicious activity. - Benign true positive (B-TP): An alert on suspicious but not malicious activity, such as a penetration test or other authorized suspicious action. - False positive (FP): An alert on a non-malicious activity.
+-->
## General investigation steps
compliance App Governance App Policies Create https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-app-policies-create.md
App governance includes these templates to generate alerts for app permissions.
| New app with high-privilege permissions | Highlights all new apps with high privilege permissions to identify potential high-footprint apps that may need further investigation. <br><br> By default, this policy will flag all apps registered within the last 7 days that have high-scoped permissions. | |||
-### App certification
+### M365 certification
-App governance includes these templates to generate alerts for app certification.
+App governance includes these templates to generate alerts for M365 certification.
| Template name | Description | |:-|:--|
-| New uncertified app | Highlights new apps that haven't been through the app certification process to ensure that they are expected in the tenant. <br><br> By default, this policy will flag all apps that were registered in the last 7 days and are uncertified. |
+| New uncertified app | Highlights new apps that haven't been through the M365 certification process to ensure that they are expected in the tenant. <br><br> By default, this policy will flag all apps that were registered in the last 7 days and are uncertified. |
||| ## Custom app policies
Here are the available conditions for a custom app policy.
| Error rate | Error rate is greater than X% in the last 7 days, where X is an admin-defined value | | ||||
-<!--
-NOTE TO WRITER: Replace X in the above table with correct values.
>-
-All of the specified conditions must be met for this app policy to apply.
+All of the specified conditions must be met for this app policy to generate an alert.
When you are done specifying the conditions, select **Save**, and then select **Next**.
compliance App Governance App Policies Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-app-policies-get-started.md
To see the list of current app policies, go to **Microsoft 365 Compliance Center
## WhatΓÇÖs available on the app policies dashboard
-You can see the number of active, inactive, and test policies, and the following information for each policy:
+You can see the number of active, inactive, and audit policies, and the following information for each policy:
- **Policy name** - **Status** - **Active**: All policy evaluation and actions are active. - **Inactive**: All policy evaluation and actions are disabled.
- - **Audit mode**: Policy evaluation is in audit mode. The policy is active but policy actions are disabled.
+ - **Audit mode**: Policy evaluation is active (alerts will trigger) but policy actions are disabled.
- **Severity**: Severity level set on any alerts triggered because of this policy being evaluated as true, which is part of the configuration of the policy. - **Number of active alerts**: Alerts generated by the policy that have an **In Progress** or **New** status.
When you select a policy, you get a detailed policy pane with these additional d
- **Description**: A more detailed explanation of the purpose of the policy. - **Created by**: user principal name (UPN) of the account that created the policy.-- A list of the active alerts generated by this policy.
+- A list of the total and active alerts generated by this policy.
You can edit or delete an app policy by selecting **Edit** or **Delete** in the detailed policy pane or by selecting the vertical ellipses of the policy in the policy list.
compliance App Governance App Policies Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-app-policies-overview.md
These policies for app and user patterns and behaviors can protect your users fr
See [Administrator roles](app-governance-get-started.md#administrator-roles) for information on which roles can modify policies.
-<!--
-How app policies are the method by which MAPG detects app anomolies resulting in detection (alerts) and remediation (manual or automatic)
--
-CFA #2 Scenario 1: As an admin, I can quickly set up policies to govern M365 apps in my tenant using MAPG out-of-the-box templates
-CFA #2 Scenario 2: As an admin, I can create customized policies to govern M365 apps in my tenant to meet my organizations requirements.
-CFA #2 Scenario 3: As an admin or policy reviewer, I can view all policies created in my environment and quickly see which policies have associated alerts.
-CFA #2 Scenario 4: As an admin, I can adjust policies efficiently to meet changing needs.
-
-App policy templates
--- Basic info-- Policy settings and conditions-- Actions-- Status-> - ## Next step [Get started with app policies.](app-governance-app-policies-get-started.md)
compliance App Governance Countries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-countries.md
+
+ Title: "Get Started with app governance"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
+++
+localization_priority: Priority
+search.appverid:
+- MOE150
+- MET150
+description: "List of countries where app governance is available."
++
+# App governance supported countries
+
+The Microsoft app governance add-on for Microsoft Cloud App Security is available in the following countries and regions:
++
+|Country |Region |
+|||
+| aland-islands | Global Geography 1 ΓÇô EMEA |
+| albania | Global Geography 1 ΓÇô EMEA |
+| algeria | Global Geography 1 ΓÇô EMEA |
+| andorra | Global Geography 1 ΓÇô EMEA |
+| angola | Global Geography 1 ΓÇô EMEA |
+| anguilla | United States |
+| antarctica | United States |
+| antigua-and-barbuda | United States |
+| armenia | Global Geography 1 ΓÇô EMEA |
+| aruba | United States |
+| austria | European Union |
+| azerbaijan | Global Geography 1 ΓÇô EMEA |
+| bahamas | United States |
+| bahrain | Global Geography 1 ΓÇô EMEA |
+| barbados | United States |
+| belarus | Global Geography 1 ΓÇô EMEA |
+| belgium | European Union |
+| belize | United States |
+| benin | Global Geography 1 ΓÇô EMEA |
+| bermuda | United States |
+| bosnia-and-herzegovina | Global Geography 1 ΓÇô EMEA |
+| botswana | Global Geography 1 ΓÇô EMEA |
+| bouvet-island | United States |
+| british-virgin-islands | United States |
+| bulgaria | European Union |
+| burkina-faso | Global Geography 1 ΓÇô EMEA |
+| burundi | Global Geography 1 ΓÇô EMEA |
+| cameroon | Global Geography 1 ΓÇô EMEA |
+| cape-verde | Global Geography 1 ΓÇô EMEA |
+| cayman-islands | United States |
+| central-african-republic | Global Geography 1 ΓÇô EMEA |
+| chad | Global Geography 1 ΓÇô EMEA |
+| colombia | United States |
+| comoros | Global Geography 1 ΓÇô EMEA |
+| congo-brazzaville | Global Geography 1 ΓÇô EMEA |
+| congo-kinshasa | Global Geography 1 ΓÇô EMEA |
+| costa-rica | United States |
+| cote-divoire | Global Geography 1 ΓÇô EMEA |
+| croatia | European Union |
+| cyprus | European Union |
+| czech-republic | European Union |
+| denmark | European Union |
+| djibouti | Global Geography 1 ΓÇô EMEA |
+| dominica | United States |
+| dominican-republic | United States |
+| egypt | Global Geography 1 ΓÇô EMEA |
+| el-salvador | United States |
+| equatorial-guinea | Global Geography 1 ΓÇô EMEA |
+| eritrea | Global Geography 1 ΓÇô EMEA |
+| estonia | European Union |
+| ethiopia | Global Geography 1 ΓÇô EMEA |
+| faroe-islands | Global Geography 1 ΓÇô EMEA |
+| finland | European Union |
+| french-southern-territories | United States |
+| gabon | Global Geography 1 ΓÇô EMEA |
+| gambia | Global Geography 1 ΓÇô EMEA |
+| georgia | Global Geography 1 ΓÇô EMEA |
+| ghana | Global Geography 1 ΓÇô EMEA |
+| gibraltar | Global Geography 1 ΓÇô EMEA |
+| greece | European Union |
+| greenland | United States |
+| grenada | United States |
+| guadeloupe | United States |
+| guatemala | United States |
+| guernsey | Global Geography 1 ΓÇô EMEA |
+| guinea | Global Geography 1 ΓÇô EMEA |
+| guinea-bissau | Global Geography 1 ΓÇô EMEA |
+| haiti | United States |
+| heard-and-mcdonald-islands | United States |
+| herzegovina | Global Geography 1 ΓÇô EMEA |
+| holy-see-vatican-city-state | Global Geography 1 ΓÇô EMEA |
+| honduras | United States |
+| hungary | European Union |
+| iceland | Global Geography 1 ΓÇô EMEA |
+| iraq | Global Geography 1 ΓÇô EMEA |
+| ireland | European Union |
+| isle-of-man | Global Geography 1 ΓÇô EMEA |
+| israel | Global Geography 1 ΓÇô EMEA |
+| italy | European Union |
+| jamaica | United States |
+| jersey | Global Geography 1 ΓÇô EMEA |
+| jordan | Global Geography 1 ΓÇô EMEA |
+| kazakhstan | Global Geography 1 ΓÇô EMEA |
+| kenya | Global Geography 1 ΓÇô EMEA |
+| kosovo | Global Geography 1 ΓÇô EMEA |
+| kuwait | Global Geography 1 ΓÇô EMEA |
+| kyrgyzstan | Global Geography 1 ΓÇô EMEA |
+| latvia | European Union |
+| lebanon | Global Geography 1 ΓÇô EMEA |
+| lesotho | Global Geography 1 ΓÇô EMEA |
+| liberia | Global Geography 1 ΓÇô EMEA |
+| libya | Global Geography 1 ΓÇô EMEA |
+| lithuania | European Union |
+| luxembourg | European Union |
+| madagascar | Global Geography 1 ΓÇô EMEA |
+| malawi | Global Geography 1 ΓÇô EMEA |
+| mali | Global Geography 1 ΓÇô EMEA |
+| malta | European Union |
+| martinique | United States |
+| mauritania | Global Geography 1 ΓÇô EMEA |
+| mauritius | Global Geography 1 ΓÇô EMEA |
+| mayotte | Global Geography 1 ΓÇô EMEA |
+| mexico | United States |
+| moldova | Global Geography 1 ΓÇô EMEA |
+| monaco | Global Geography 1 ΓÇô EMEA |
+| montenegro | Global Geography 1 ΓÇô EMEA |
+| montserrat | United States |
+| morocco | Global Geography 1 ΓÇô EMEA |
+| mozambique | Global Geography 1 ΓÇô EMEA |
+| namibia | Global Geography 1 ΓÇô EMEA |
+| netherlands | European Union |
+| netherlands-antilles | United States |
+| nicaragua | United States |
+| niger | Global Geography 1 ΓÇô EMEA |
+| nigeria | Global Geography 1 ΓÇô EMEA |
+| oman | Global Geography 1 ΓÇô EMEA |
+| pakistan | Global Geography 1 ΓÇô EMEA |
+| panama | United States |
+| poland | European Union |
+| portugal | European Union |
+| puerto-rico | United States |
+| qatar | Global Geography 1 ΓÇô EMEA |
+| republic-of-macedonia | Global Geography 1 ΓÇô EMEA |
+| réunion | Global Geography 1 – EMEA |
+| romania | European Union |
+| russian-federation | Global Geography 1 ΓÇô EMEA |
+| rwanda | Global Geography 1 ΓÇô EMEA |
+| saint-helena | Global Geography 1 ΓÇô EMEA |
+| saint-kitts-and-nevis | United States |
+| saint-lucia | United States |
+| saint-martin | United States |
+| saint-pierre-and-miquelon | United States |
+| saint-vincent-and-the-grenadines | United States |
+| saint-barthélemy | United States |
+| san-marino | Global Geography 1 ΓÇô EMEA |
+| sao-tome-and-principe | Global Geography 1 ΓÇô EMEA |
+| saudi-arabia | Global Geography 1 ΓÇô EMEA |
+| senegal | Global Geography 1 ΓÇô EMEA |
+| serbia | Global Geography 1 ΓÇô EMEA |
+| seychelles | Global Geography 1 ΓÇô EMEA |
+| sierra-leone | Global Geography 1 ΓÇô EMEA |
+| sint-maarten | United States |
+| slovakia | European Union |
+| slovenia | European Union |
+| somalia | Global Geography 1 ΓÇô EMEA |
+| south-georgia-and-the-south-sandwich-islands | United States |
+| spain | European Union |
+| suriname | United States |
+| svalbard-and-jan-mayen-islands | Global Geography 1 ΓÇô EMEA |
+| swaziland | Global Geography 1 ΓÇô EMEA |
+| sweden | European Union |
+| tajikistan | Global Geography 1 ΓÇô EMEA |
+| united-republic-of-tanzania | Global Geography 1 ΓÇô EMEA |
+| togo | Global Geography 1 ΓÇô EMEA |
+| trinidad-and-tobago | United States |
+| tunisia | Global Geography 1 ΓÇô EMEA |
+| turkey | Global Geography 1 ΓÇô EMEA |
+| turkmenistan | Global Geography 1 ΓÇô EMEA |
+| turks-and-caicos-islands | United States |
+| us-virgin-islands | United States |
+| uganda | Global Geography 1 ΓÇô EMEA |
+| ukraine | Global Geography 1 ΓÇô EMEA |
+| united-states | United States |
+| uzbekistan | Global Geography 1 ΓÇô EMEA |
+| venezuela | United States |
+| western-sahara | Global Geography 1 ΓÇô EMEA |
+| yemen | Global Geography 1 ΓÇô EMEA |
+| zambia | Global Geography 1 ΓÇô EMEA |
+| zimbabwe | Global Geography 1 ΓÇô EMEA |
compliance App Governance Detect Remediate Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-detect-remediate-get-started.md
You can also export the current alert list to a comma separated value (CSV) file
## Next step
-[Remediate app threats.](app-governance-detect-remediate-detect-threats.md)
+[Investigate anomaly detection alerts](app-governance-anomaly-detection-alerts.md)
compliance App Governance Detect Remediate Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-detect-remediate-overview.md
By sharing information across app governance, Azure AD, and Microsoft Cloud App
From the app governance portal, you can see the aggregated sign-in activity for each app and link back to the Azure Active Directory admin center for the details of sign-in events. -- App API usage information in the Azure Active Directory admin center:-
- From the Azure Active Directory admin center, you can see the aggregated app usage information and link to the app governance portal for the details of app usage.
- - API usage information in the Microsoft Cloud App Security portal: From the Microsoft Cloud App Security portal, you can see API usage level and aggregate data transfer and link to the app governance portal for the details.
compliance App Governance Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-get-started.md
To begin using the app governance add-on to Microsoft Cloud App Security:
1. Verify your account has the appropriate level of licensing. App governance is an add-on feature for Microsoft Cloud App Security (MCAS), and thus MCAS must be present in your account as either a standalone product or as part of the various license packages listed below. 1. You must have one of the administrator roles listed below to access the app governance pages in the portal.
+1. Your organization's tenant registration must be within one of the [supported areas of North America, Europe, or Africa](app-governance-countries.md).
## Licensing for app governance
-Before you get started with app governance, you should confirm your [Microsoft 365 admin center - subscriptions](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans) and any add-ons. To access and use app governance, your organization must have one of the following subscriptions or add-ons:
+Before you get started with app governance, you should confirm your [Microsoft 365 admin center - subscriptions](https://admin.microsoft.com/Adminportal/Home?source=applauncher#/subscriptions) and any add-ons. To access and use app governance, your organization must have one of the following subscriptions or add-ons:
- Microsoft Cloud App Security - Microsoft 365 E5
For both:
1. In the sign-up portal, provide your email address to use for the trial. If you are an existing customer, use the email associated with your account. Click **Next** 1. Once you have signed in, click **Try now** to get the free trial. 1. Click **Continue** to close page and begin trial setup. For new app governance customers, it will take up to two hours for your app governance instance to become available. For existing customers, there will be no interruption of existing services.+ > [!NOTE]
-If you do not already have an account you will be prompted to set up a new account before you can proceed with the trial.
+ If you do not already have an account you will be prompted to set up a new account before you can proceed with the trial.
1. Enter in an available domain name for your AAD tenant and click **Check availability**. You will automatically be assigned an Admin role (if you donΓÇÖt have an existing role for app governance) and can always change the domain name and/or purchase more tenants later through the Microsoft 365 admin center. 1. Enter the username and password you would like to use to login to your account. Click **Sign up**. 1. Click **Get started** to go to the app governance portal or **Manage your subscription** to go to the Microsoft 365 admin center.+
+## Add integration with MCAS
+
+Pre requisites:
+
+- Office 365 is connected in Cloud App Security
+- Office 365 Azure AD apps are enabled
+
+To enable app governance sync with Cloud App Security follow these steps:
+
+1. Go to your Microsoft Cloud App Security portal ΓÇô [https://portal.cloudappsecurity.com](https://portal.cloudappsecurity.com)
+1. Click the gear icon (top right corner) and select **Settings**.
+1. Under **Threat Protection**, select **App Governance**.
+1. Click **Enable App Governance integration**, and then select **Save**.
+
+Next, review newly enabled policies in MCAS. The new policies might take few minutes to appear once integration is enabled.
+
+- Microsoft 365 OAuth app Reputation
+- Microsoft 365 OAuth Phishing Detection
+- Microsoft 365 OAuth App Governance
+- Review App Governance widget in MCAS dashboard
+- Review newly generated App Governance alerts in MCAS alerts
+- Review MCAS M365 OAuth policies in App Governance policy list
+- Review newly generated  MCAS M365 OAuth alerts  in App Governance alerts
+
+## Canceling your trial
+
+If you did not participate in private preview and would like to cancel your trial of app governance, you can communicate with your CXE contact, or use these steps:
+
+1. In the Microsoft 365 admin center, navigate to **Billing** > **Your products**.
+1. Navigate to the app governance trial, click the three dots, and select **Cancel subscription**.
+1. In the resulting fly-out pane, provide a reason for cancellation, any additional feedback, and select **Cancel subscription**.
+1. Select **Cancel subscription** in the resulting pop up screen. Your trial is cancelled, you will lose access to app governance, and your app governance data will be deleted (log data that is used to create the app governance insights and detections - no emails or other files will be affected).
compliance App Governance Manage App Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-manage-app-governance.md
+
+ Title: "App governance in Microsoft 365"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
+++
+localization_priority: Priority
+search.appverid:
+- MOE150
+- MET150
+description: "Implement Microsoft app governance capabilities to govern your apps."
++
+# App governance add-on to Microsoft Cloud App Security (in preview)
+
+>*[Microsoft 365 licensing guidance for security & compliance](https://aka.ms/ComplianceSD).*
+
+Cyberattacks have become increasingly sophisticated in the ways they exploit the apps you have deployed in your on-premises and cloud infrastructures, establishing a starting point for privilege escalation, lateral movement, and exfiltration of your data. To understand the potential risks and stop these types of attacks, you need to gain clear visibility into your organizationΓÇÖs app compliance posture to quickly identify when an app exhibits anomalous behaviors and to respond when these behaviors present risks to your environment, data, and users.
+
+The app governance add-on feature to Microsoft Cloud App Security is a security and policy management capability designed for OAuth-enabled apps that access Microsoft 365 data through Microsoft Graph APIs. App governance delivers full visibility, remediation, and governance into how these apps and their users access, use, and share your sensitive data stored in Microsoft 365 through actionable insights and automated policy alerts and actions.
+
+<!--
+The scale of ongoing cybersecurity incidents affecting large enterprises and smaller businesses highlights the dangers of supply chain attacks and the need to strengthen the security and compliance posture of every organization. Accelerated cloud adoption with Microsoft 365 and its rich application ecosystem are constantly growing. Attackers are gaining organizational footholds through applications because:
+
+- Users are typically unaware of the risks when consenting to the use of applications.
+- App developers and independent software vendors (ISVs) do not yet have Security Development Lifecycle (SDL) best practices in place to address attacker techniques.
+-->
+
+App governance provides you with comprehensive:
+
+- **Insights**: See a view of all the third-party apps for the Microsoft 365 platform in your tenant on a single dashboard. You can see all the appsΓÇÖ status and alert activities and react or respond to them.
+- **Governance**: Create proactive or reactive policies for app and user patterns and behaviors and protect your users from using non-compliant or malicious apps and limiting the access of risky apps to your data.
+- **Detection**: Be alerted and notified when there are anomalies in app activity and when non-compliant, malicious, or risky apps are used.
+- **Remediation**: Along with automatic remediation capabilities, use remediation controls in a timely manner to respond to anomalous app activity detections.
+
+App governance is a platform-based solution that is an integral part of the Microsoft 365 app ecosystem. App governance oversees and governs OAuth-enabled apps that are registered with Azure Active Directory (Azure AD) and access data through the Microsoft Graph API. App governance provides you with application behavior controls to help strengthen the security and compliance posture of your IT infrastructure.
+
+<!--
+Unlike other application governance products in the marketplace, MAPG is a platform-based solution that is an integral part of the Microsoft 365 application ecosystem. MAPG's initial focus is on OAuth-enabled apps published to the Microsoft 365 platform that are registered with Azure AD and access data through the Graph API. For the initial release, MAPG does not support other, non-OAuth-enabled M365 apps, add-ins (such as PowerBI), or other app vendor ecosystems such as Google, Facebook, Amazon Web Services, Workplace, and Salesforce. MAPGΓÇÖs focus is on third-party published apps for the Microsoft 365 application platform.
+
+Microsoft allows developers to build cloud applications using Azure Active Directory (Azure AD), MicrosoftΓÇÖs cloud identity platform, and other resources and access to tenant data through the Microsoft Graph. Because of MAPG's visibility, insights, and control capabilities, app developers have the incentive to comply with publisher verification, self-attestation, and Microsoft certification, and can build high-quality productivity apps that are secure and compliant.
+-->
+
+## A first glimpse at app governance
+
+To see the app governance dashboard, go to [https://aka.ms/appgovernance](https://aka.ms/appgovernance). Note that your sign-in account must have one of the [administrator roles](app-governance-get-started.md#administrator-roles) to view any app governance data.
+
+## App governance integration with Azure AD and Microsoft Cloud App Security
+
+App governance, Azure AD, and Microsoft Cloud App Security collect and provide different data sets:
+
+- App governance provides detailed information about an appΓÇÖs activity at the API level.
+- Azure AD provides foundational app metadata and detailed information on sign-ins to apps.
+- Microsoft Cloud App Security provides app risk information.
+
+By sharing information across app governance, Azure AD, and Microsoft Cloud App Security, you can display aggregate information in one portal and easily link to another portal for more information. Here are some examples:
+
+- App sign-in information in app governance:
+
+ From the app governance portal, you can see the aggregated sign-in activity for each app and link back to the Azure Active Directory admin center for the details of sign-in events.
+
+<!--
+- App API usage information in the Azure Active Directory admin center:
+
+ From the Azure Active Directory admin center, you can see the aggregated app usage information and link to the app governance portal for the details of app usage.
+-->
+- API usage information in the Microsoft Cloud App Security portal:
+
+ From the Microsoft Cloud App Security portal, you can see API usage level and aggregate data transfer and link to the app governance portal for the details.
+
+Here's a summary of the integration.
+
+![The integration of app governance with Azure AD and Microsoft Cloud App Security](..\media\manage-app-protection-governance\mapg-integration.png)
+
+Additionally, app governance sends its alerts as signals to Microsoft Cloud App Security and Microsoft 365 Defender, and app governance receives alerts from Microsoft Cloud App Security, to enable more detailed analysis of app-based security incidents.
+
+<!--
+Integration of alerts with MCAS and M365 Defender
+Azure AD IP detections in progress to surface in M365 Defender
+
+## Integration with Azure AD
+
+**Feedback from Anand:** We should add some details on how MAPG works with M365 Defender (previously MTP). Also, we should highlight the integration with MCAS and AAD.
+
+Key cross-reference resources:
+
+- [What is application management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/manage-apps/what-is-application-management)
+- [Common application management scenarios for Azure Active Directory (especially scenarios 3-4)](https://docs.microsoft.com/cloud-app-security/monitor-alerts)
+- [Azure Active Directory Identity Governance documentation](https://docs.microsoft.com/azure/active-directory/governance/)
+- [Managing access to apps using Azure AD](https://docs.microsoft.com/azure/active-directory/manage-apps/what-is-access-management)
+
+## Integration with Microsoft Cloud App Security
+
+Key cross-reference resources:
+
+- [Cloud App Security anomaly detection alerts investigation guide](https://docs.microsoft.com/cloud-app-security/investigate-anomaly-alerts#unusual-addition-of-credentials-to-an-oauth-app)
+- [Monitor alerts raised in Cloud App Security](https://docs.microsoft.com/cloud-app-security/monitor-alerts)
+- [Control which third-party cloud OAuth apps get permissions](https://docs.microsoft.com/cloud-app-security/manage-app-permissions)
+
+-->
compliance App Governance Visibility Insights Compliance Posture https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-compliance-posture.md
description: "Determine your app compliance posture."
>*[Microsoft 365 licensing guidance for security & compliance](https://aka.ms/ComplianceSD).*
-Microsoft app governance allows you to quickly assess the compliance posture of the third-party apps and their access to data in your Microsoft 365 tenant from the app governance Overview page in the [Microsoft 365 Compliance Center](https://aka.ms/appgovernance).
+Microsoft app governance allows you to quickly assess the compliance posture of the third-party apps and their access to data in your Microsoft 365 tenant from the app governance Overview page in the Microsoft 365 Compliance Center.
![The app governance overview page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-overview.png)
compliance App Governance Visibility Insights Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-get-started.md
The first place to get started is the app governance dashboard at [https://aka.m
![The app governance overview page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-overview.png)
-You can also access the app governance dashboard from **Microsoft 365 admin center > Microsoft 365 Compliance Center > App governance > Overview page**.
+You can also access the app governance dashboard from **Office 365 admin center > Microsoft 365 Compliance Center > App governance > Overview page**.
## WhatΓÇÖs available on the dashboard
compliance App Governance Visibility Insights Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-overview.md
description: "Learn about visibility and insights."
>*[Microsoft 365 licensing guidance for security & compliance](https://aka.ms/ComplianceSD).*
-With Microsoft app governance, you can quickly gain visibility and meaningful insights on your Microsoft 365 application ecosystem. You start from the app governance dashboard that provides a high-level summary of the alerts and apps in your tenant that require administrator attention.
+With Microsoft app governance, you can quickly gain visibility and meaningful insights on your Microsoft 365 application ecosystem. You start from the app governance dashboard that provides a high-level overview of the alerts and apps in your tenant that require administrator attention.
With app governance visibility and insights, you can see: -- A list of the OAuth-enabled apps that access Microsoft 365 data via Microsoft Graph APIs.
+- A list of the OAuth-enabled apps that access Microsoft 365 data via Microsoft Graph APIs in your tenant.
- A rich view on app activities so that you can react or respond to them. >[!Note]
With app governance visibility and insights, you can see:
See [administrator roles](app-governance-get-started.md#administrator-roles) for an overview of required administrator roles for visibility and insights.
-<!--
-From messaging doc, page 21:
-
-View M365 App List & Metadata
-View M365 App List of Consented Users
-View M365 App Permissions
-View M365 App Permission Usage
-View Over permissioned Apps
-Aggregate M365 API Usage Data by Workload (count, download/upload)
-Per-App M365 API Usage Data by Workload (count, download/upload)
-Per-User M365 API Usage Data by Workload (count, download/upload)
-M365 API Usage Data For High-Value/Classified Assets (count, download/upload)
-M365 API Error Analysis per App
>- With app governance, you can see: - A dashboard of all insights.
With app governance, you can see:
- A cumulative view of users accessing apps. - Alerts insights. - Policy list insights.
-<!-->
+<!--
- Policies created in MCAS in the app governance portal. --> - Alerts for OAuth apps generated in MCAS, in the app governance portal.
compliance App Governance Visibility Insights View Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-view-apps.md
You will see a list of apps and this information:
- App Name - Publisher-- App certification
+- M365 certification
Indicates whether the app is compatible with Microsoft technologies, compliant with cloud app security best practices, and supported by Microsoft.
The app details pane provides additional information on these tabs:
| Permissions | See a summary of the permissions granted to and used by the app and the list of specific permissions. See the [Microsoft Graph permissions reference](/graph/permissions-reference) for more information. | |||
-For an enabled app, there is also a **Disable app** control to disable the use of the selected app and an **Enable app** control to enable the use of the disabled app. These actions require these [administrator roles](app-governance-get-started.md#administrator-roles):
+For an enabled app, there is also a **Disable app** control to disable the use of the selected app and an **Enable app** control to enable the use of the disabled app. These actions require these administrator roles:
- Compliance Administrator - Global Administrator
compliance Archiving Third Party Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archiving-third-party-data.md
You can use [Communication compliance](communication-compliance.md) to examine t
Signals from third-party data, like selective HR data, can be used by the [Insider risk management](insider-risk-management.md) solution to minimize internal risks by letting you to detect, investigate, and act on risky activities in your organization. For example, data imported by the HR data connector is used as risk indicators to help detect departing employee data theft.
+## Using eDiscovery tools to search for third-party data
+
+After you use data connectors to import and archive third-party data in user mailboxes, you can use Microsoft 365 eDiscovery tools to search for third-party data. You can also eDiscovery tools to create query-based holds associated with Core eDiscovery and Advanced eDiscovery cases to preserve third-party data. For more information about eDiscovery tools, see [eDiscovery solutions in Microsoft 365](ediscovery.md).
+
+To search for (or place a hold on) any type of third-party data that you've imported to user mailboxes using a data connector, you can use the following search query. Be sure to scope the search to user mailboxes.
+
+```powershell
+kind:externaldata
+```
+
+You can use this query in the **Keywords** box for a Content search, a search associated with a Core eDiscovery case, or a collection in Advanced eDiscovery.
+
+![Query to search for third-party data](..\media\SearchThirdPartyData1.png)
+
+You can also use the `kind:externaldata` property:value pair to to narrow the scope of searches to third-party data. For example, to search for items imported from any third-party data source that contain the word *contoso* in the **Subject** property of the imported item, use the following query in the **Keywords** box:
+
+```powershell
+subject:contoso AND kind:externaldata
+```
+
+Alternatively, you can use the **Message kind** condition to configure the same query.
+
+![Use Message kind condition to narrow searches to third-party data](..\media\SearchThirdPartyData2.png)
+
+To search for a specific type of archived third-party data, use the **itemclass** mailbox property in a search query. Use the following property:value format:
+
+```powershell
+itemclass:ipm.externaldata.<third-party data type>
+```
+
+Every item imported by a third-party data connector includes the **itemclass** property with a value that corresponds to the third-party data type. For example, to search for Facebook data that contains the word *contoso*, in the **Subject** property of the imported item, use the following query:
+
+```powershell
+subject:contoso AND itemclass:ipm.externaldata.facebook*
+```
+
+Here are a few examples for **itemclass** values for different types of third-party data.
+
+| **Third-party data type** | **Value for itemclass property** |
+||-|
+| Bloomberg Message | ipm.externaldata.bloombergmessage* |
+| CellTrust | ipm.externaldata.celltrust* |
+| Pivot | ipm.externaldata.pivot* |
+| WhatsApp Archiver | ipm.externaldata.whatsapparchiver* |
+|||
+
+Values for the *itemclass* property are not case-sensitive. In general, use the name of the third-party data type (without spaces) followed by a wildcard ( * ) character.
+
+For more information about creating eDiscovery search queries, see [Keyword queries and search conditions for eDiscovery](keyword-queries-and-search-conditions.md).
+ ## Data connectors in the US Government cloud As previously mentioned, data connectors provided by TeleMessage are available in the US Government cloud. The following table indicates the specific government environments that support each TeleMessage data connector. For more information about US Government clouds, see [Microsoft 365 US Government](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/microsoft-365-government-how-to-buy).
compliance Compliance Manager Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md
description: "Understand how to use and manage templates for building assessment
## Templates overview
-A template is a framework of controls for creating an assessment in Compliance Manager. Our comprehensive set of templates can help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data. We refer to templates by the same name as their underlying certification or regulation, such as the EU GDPR template and the ISO/IEC 27701:2019 template. Since Compliance Manger can be used to assess different types of products, each template comes in two versions: one that applies to Microsoft 365, and a universal version that can be tailored to suit your chosen product.
+A template is a framework of controls for creating an assessment in Compliance Manager. Our comprehensive set of templates can help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data.
+
+We refer to templates by the same name as their underlying certification or regulation, such as the EU GDPR template and the ISO/IEC 27701:2019 template. Since Compliance Manger can be used to assess different types of products, each template comes in two versions: one that applies to Microsoft 365, and a universal version that can be tailored to suit your chosen product.
+
+Note that US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers can currently use the Microsoft 365 template versions, but not universal.
## Template availability and licensing
compliance Create Activity Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-activity-alerts.md
description: Add and manage activity alerts in the Security & Compliance Center
You can create an activity alert that will send you an email notification when users perform specific activities in Office 365. Activity alerts are similar to searching for events in the audit log, except that you'll be sent an email message when an event for an activity that you've created an alert for happens.
- **Why use activity alerts instead of searching the audit log?** There might be certain kinds of activity or activity performed by specific users that you really want to know about. Instead of having to remember to search the audit log for those activities, you can use activity alerts to have Microsoft 365 send you an email message when users perform those activities. For example, you can create an activity alert to notify you when a user deletes files in SharePoint or you can create an alert to notify you when a user permanently deletes messages from their mailbox. The email notification sent to you includes information about which activity was performed and the user who performed it.
+ **Why use activity alerts instead of searching the audit log?** There might be certain kinds of activity or activity performed by specific users that you really want to know about. Instead of having to remember to search the audit log for those activities, you can use activity alerts to have Microsoft 365 send you an email message when users perform those activities. For example, you can create an activity alert to notify you when a user deletes files in SharePoint, or you can create an alert to notify you when a user permanently deletes messages from their mailbox. The email notification sent to you includes information about which activity was performed and the user who performed it.
> [!NOTE]
-> Activity alerts are being deprecated. We recommend that you start using alert policies in the security and compliance center instead of creating new activity alerts. Alert policies provide addition functionality such as the ability to create an alert policy that triggers an alert when any user performs a specified activity, and displaying alerts on the **View alerts** page in the security and compliance center. For more information, see [Alert policies](alert-policies.md).
+> Activity alerts are being deprecated. We recommend that you start using alert policies in the security and compliance center instead of creating new activity alerts. Alert policies provide additional functionality such as the ability to create an alert policy that triggers an alert when any user performs a specified activity, and displaying alerts on the **View alerts** page in the security and compliance center. For more information, see [Alert policies](alert-policies.md).
## Confirm roles and configure audit logging
You can create an activity alert that will send you an email notification when u
- You can create alerts for the same activities that you can search for in the audit log. See the [More information](#more-information) section for a list of common scenarios (and the specific activity to monitor) that you can create alerts for. -- You can use the **Activity alerts** page in the Security & Compliance Center to create alerts only for activity performed by users who are listed in your organization's address book. You can't use this page to create alerts for activity performed by external users who aren't listed in the address book.
+- You can use the **Activity alerts** page in the Security & Compliance Center to create alerts only for activity performed by users who are listed in your organization's address book. You can't use this page to create alerts for activities performed by external users who aren't listed in the address book.
## Create an activity alert
You can create an activity alert that will send you an email notification when u
a. **Name** - Type a name for the alert. Alert names must be unique within your organization.
- b. **Description** (Optional) - Describe the alert, such as the activities and users being tracked, and the users that email notifications are sent to. Descriptions provide a quick and easy way to describe the purpose of the alert to other admins.
+ b. **Description** (Optional) - Describe the alert, such as the activities and users being tracked and the users that email notifications are sent to. Descriptions provide a quick and easy way to describe the purpose of the alert to other admins.
c. **Alert type** - Make sure the **Custom** option is selected. d. **Send this alert when** - Click **Send this alert when** and then configure these two fields:
- - **Activities** - Click the drop-down list to display the activities that you can create an alert for. This is the same activities list that's displayed when you search the audit log. You can select one or more specific activities or you can click the activity group name to select all activities in the group. For a description of these activities, see the "Audited activities" section in [Search the audit log](search-the-audit-log-in-security-and-compliance.md#audited-activities). When a user performs any of the activities that you've added to the alert, an email notification is sent.
+ - **Activities** - Click the drop-down list to display the activities that you can create an alert for. This is the same activities list that's displayed when you search the audit log. You can select one or more specific activities, or you can click the activity group name to select all activities in the group. For a description of these activities, see the "Audited activities" section in [Search the audit log](search-the-audit-log-in-security-and-compliance.md#audited-activities). When a user performs any of the activities that you've added to the alert, an email notification is sent.
- **Users** - Click this box and then select one or more users. If the users in this box perform the activities that you added to the **Activities** box, an alert will be sent. Leave the **Users** box blank to send an alert when any user in your organization performs the activities specified by the alert.
- e. **Send this alert to** - Click **Send this alert**, and then click in the **Recipients** box and type a name to add a users who will receive an email notification when a user (specified in the **Users** box) performs an activity (specified in the **Activities** box). Note that you are added to the list of recipients by default. You can remove your name from this list.
+ e. **Send this alert to** - Click **Send this alert**, and then click in the **Recipients** box and type a name to add users who will receive an email notification when a user (specified in the **Users** box) performs an activity (specified in the **Activities** box). Note that you are added to the list of recipients by default. You can remove your name from this list.
5. Click **Save** to create the alert.
You can create an activity alert that will send you an email notification when u
![A list of alerts is displayed on the Activity alerts page](../media/02b774f2-1719-41de-bbc9-5e5b7576f335.png)
- The status of the alert is set to **On**. Note that the recipients who will received an email notification when an alert is sent are also listed.
+ The status of the alert is set to **On**. Note that the recipients who will receive an email notification when an alert is sent are also listed.
## Turn off an activity alert
To turn an activity alert back on, just repeat these steps and click the **Off**
- Here's an example of the email notification that is sent to the users that are specified in the Sent this alert to field (and listed under **Recipients** on the **Activity alerts** page) in the Security & Compliance Center.
- ![Example of an email notifcation sent for an activity alert](../media/a5f91611-fae6-4fe9-82f5-58521a2e2541.png)
+ ![Example of an email notification sent for an activity alert](../media/a5f91611-fae6-4fe9-82f5-58521a2e2541.png)
-- Here's are some common document and email activities that you can create an activity alerts for. The tables describes the activity, the name of the activity to create an alert for, and the name of the activity group that the activity is listed under in the **Activities** drop-down list. To see a complete list of the activities that you can create activity alerts for, see the "Audited activities" section in [Search the audit log](search-the-audit-log-in-security-and-compliance.md#audited-activities).
+- Here's are some common document and email activities that you can create activity alerts for. The tables describe the activity, the name of the activity to create an alert for, and the name of the activity group that the activity is listed under in the **Activities** drop-down list. To see a complete list of the activities that you can create activity alerts for, see the "Audited activities" section in [Search the audit log](search-the-audit-log-in-security-and-compliance.md#audited-activities).
> [!TIP]
- > You might want to create an activity alert for just one activity that's performed by any user. Or you might want to create an activity alert that track multiple activities performed by one or mores users.
+ > You might want to create an activity alert for just one activity that's performed by any user. Or you might want to create an activity alert that tracks multiple activities performed by one or more users.
The following table lists some common document-related activities in SharePoint or OneDrive for Business.
compliance Microsoft 365 Compliance Center Redirection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/microsoft-365-compliance-center-redirection.md
This article explains how automatic redirection works for users accessing compli
## What to expect
-Automatic redirection is enabled by default for all users accessing the following compliance-related solutions in Office 365 Security and Compliance (protection.office.com):
--- Data loss prevention (DLP)-- Classification-- Information governance-- Records management-- Communication compliance (formerly 'Supervision')
+Automatic redirection is enabled by default for all users accessing compliance-related solutions in Office 365 Security and Compliance (protection.office.com):
+
+- [Advanced eDiscovery](overview-ediscovery-20.md)
+- [Communication compliance](communication-compliance.md)
+- [Content search](search-for-content.md)
+- [Core eDiscovery](get-started-core-ediscovery.md)
+- [Data classification](data-classification-overview.md)
+- [Data loss prevention (DLP)](dlp-learn-about-dlp.md)
+- [Data subject requests](/compliance/regulatory/gdpr-manage-gdpr-data-subject-requests-with-the-dsr-case-tool)
+- [Information governance](manage-information-governance.md)
+- [Records management](records-management.md)
Users are automatically routed to the same compliance solutions in the Microsoft 365 compliance center (compliance.microsoft.com).
-> [!NOTE]
-> For other compliance solutions included in the Office 365 Security and Compliance Center, users will continue to manage these solutions in either the Microsoft 365 compliance center or the Office 365 Security and Compliance Center. The automatic redirection for these compliance solutions will be available soon.
- This feature and associated controls does not enable the automatic redirection of Security features for Microsoft Defender for Office 365. To enable the redirection for security features, see [Redirecting accounts from Microsoft Defender for Office 365 to the Microsoft 365 security center](/microsoft-365/security/defender/microsoft-365-security-mdo-redirection) for details. ## Can I go back to using the former portal?
This feature and associated controls does not enable the automatic redirection o
If something isn't working for you or if there's anything you're unable to complete through the Microsoft 365 compliance center portal, you can temporarily disable the automatic redirection for all users. > [!IMPORTANT]
-> The Microsoft 365 compliance center is the replacement management portal for compliance solutions currently managed in the Office 365 Security and Compliance center. All Microsoft 365 compliance solutions will be managed solely in the Microsoft 365 compliance center. Disabling redirection to the Microsoft 365 compliance center should be a short-term solution.
+> The Microsoft 365 compliance center is the replacement management portal for compliance solutions currently managed in the Office 365 Security and Compliance center. All Microsoft 365 compliance solutions will be managed solely in the Microsoft 365 compliance center. Disabling redirection to the Microsoft 365 compliance center should be considered a short-term solution.
To switch back to the Office 365 Security and Compliance center (protection.microsoft.com) for all users, complete the following steps:
compliance Privacy Management Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privacy-management-policies.md
Privacy management can help you detect and handle situations in which data that
Transferring data across departments or regional borders can increase the risk of data exposure, for example if itΓÇÖs sent via unencrypted emails or to unauthorized recipients. Such actions can have regulatory impact or may go against established practices for privacy. Using the data transfer template to create privacy management policies can spot and help limit such transfers. > [!NOTE]
-> During public preview, some tenants running data transfer policies to detect transfers across regions may encounter synchronization issues that impact visibility into policy matches in Exchange and Teams data. We recommend focusing on SharePoint and OneDrive data while previewing this policy type. An update for this issue is expected in fall 2021.
+> During public preview, some tenants running data transfer policies to detect transfers across regions may encounter synchronization issues that impact visibility into policy matches in Exchange and Teams data. We recommend focusing on SharePoint and OneDrive data while previewing this policy type.
### Data minimization
contentunderstanding Accessibility Mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/accessibility-mode.md
Title: "SharePoint Syntex accessibility mode "--
+ Title: SharePoint Syntex accessibility mode
++ audience: admin ms.prod: microsoft-365-enterprise search.appverid: localization_priority: Normal
-description: "Learn how to use accessibility mode when training a model in SharePoint Syntex."
+description: Learn how to use accessibility mode when training a model in SharePoint Syntex.
# SharePoint Syntex accessibility mode
As you navigate through the sample documents and label string values, Narrator w
- In the training tab, if you select a string in the document viewer that has only been predicted, Narrator audio will state the value, and then "predicted". This occurs when training predicts a value in the file that does not match what has been labeled by the user. - In the training tab, if you select a string in the document viewer that has been labeled and predicted, Narrator audio will state the value, and then "labeled and predicted". This occurs when training is successful and there is a match between a predicted value and the user label. -- After a string is labeled or a label has been removed in the viewer, Narrator audio will warn you to save your changes before you exit. ## See Also
-[Create an extractor](create-an-extractor.md)</br>
+[Create an extractor](create-an-extractor.md)
-[Create a classifier](create-a-classifier.md)</br>
+[Create a classifier](create-a-classifier.md)
contentunderstanding Adoption Scenarios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/adoption-scenarios.md
Title: "Scenarios and use cases for Microsoft SharePoint Syntex"
+ Title: Scenarios and use cases for Microsoft SharePoint Syntex
search.appverid: localization_priority: Normal
-description: "Find scenarios about how to use SharePoint Syntex in your organization."
+description: Find scenarios about how to use SharePoint Syntex in your organization.
# Scenarios and use cases for Microsoft SharePoint Syntex
contentunderstanding Apply A Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/apply-a-model.md
Title: "Apply a document understanding model to a document library"--
+ Title: Apply a document understanding model to a document library
++ + audience: admin ms.prod: microsoft-365-enterprise
- enabler-strategic - m365initiative-syntex localization_priority: Normal
-description: "Learn how to apply a published a model to a SharePoint document library"
+description: Learn how to apply a published a model to a SharePoint document library.
# Apply a document understanding model in Microsoft SharePoint Syntex
contentunderstanding Apply A Retention Label To A Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/apply-a-retention-label-to-a-model.md
Title: "Apply a retention label to a model"--
+ Title: Apply a retention label to a model in SharePoint Syntex
++ + audience: admin ms.prod: microsoft-365-enterprise
- enabler-strategic - m365initiative-syntex localization_priority: Normal
-description: "This article discusses how to apply a retention label to a model in SharePoint Syntex"
+description: Learn how to apply a retention label to a model in SharePoint Syntex.
# Apply a retention label to a model in SharePoint Syntex
contentunderstanding Apply A Sensitivity Label To A Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/apply-a-sensitivity-label-to-a-model.md
Title: "Apply a sensitivity label to a model in Microsoft SharePoint Syntex"
+ Title: Apply a sensitivity label to a model in Microsoft SharePoint Syntex
- enabler-strategic - m365initiative-syntex localization_priority: Priority
-description: "Learn how to apply a sensitivity label to a model in SharePoint Syntex."
+description: Learn how to apply a sensitivity label to a model in SharePoint Syntex.
# Apply a sensitivity label to a model in Microsoft SharePoint Syntex
contentunderstanding Create A Content Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/create-a-content-center.md
To create and manage document understanding models, you first need a content cen
You create a default content center during [setup](set-up-content-understanding.md). But a SharePoint admin can also choose to create additional centers as needed. While a single content center may be fine for environments for which you want a roll-up of all model activity, you may want to have additional centers for multiple departments within your organization, which might have different needs and permission requirements for their models.
+Additionally, if you want to try SharePoint Syntex, you can create a content center using the instructions in this article without purchasing licenses. Unlicensed users can create document understanding models but can't apply them to a document library.
+ > [!NOTE] > In a [Microsoft 365 Multi-Geo environment](../enterprise/microsoft-365-multi-geo.md), if you have a single default content center in your central location, you can only provide a roll-up of model activity from within that location. You currently cannot get a roll-up of model activity across farm-boundaries in Multi-Geo environment.
A SharePoint admin can create a content center site like they would [create any
To create a new content center:
-1. On the Microsoft 365 admin center, go to the SharePoint admin center.
-
-2. On the SharePoint admin center, under **Sites**, select **Active Sites**.
+1. On the Microsoft 365 admin center, go to the [SharePoint admin center **Active sites** page](https://admin.microsoft.com/sharepoint?page=siteManagement&modern=true).
-3. On the **Active Sites** page, click **Create**, and then select **Other options**.
+2. On the **Active Sites** page, click **Create**, and then select **Other options**.
-4. On the **Choose a template** menu, select **Content Center**.
+3. On the **Choose a template** menu, select **Content Center**.
-5. For the new site, provide a **Site Name**, **Primary administrator**, and a **Language**.</br>
+4. For the new site, provide a **Site Name**, **Primary administrator**, and a **Language**.</br>
> [!NOTE] > You can select a content center site to render in any of the available languages, but note that currently models can only be created for English files. Also note that like other site templates, the default site language isn't editable after the site is created.
-6. Select **Finished**.
+5. Select **Finished**.
After you create a content center site, you will see it listed on the **Active sites** page in the SharePoint admin center.
contentunderstanding Create A Form Processing Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/create-a-form-processing-model.md
Title: "Create a form processing model"--
+ Title: Create a form processing model in Microsoft SharePoint Syntex
++ + audience: admin ms.prod: microsoft-365-enterprise
- enabler-strategic - m365initiative-syntex localization_priority: Priority
-description: "Create a form processing model in Microsoft SharePoint Syntex."
+description: Learn how to create a form processing model in SharePoint Syntex.
# Create a form processing model in Microsoft SharePoint Syntex
description: "Create a form processing model in Microsoft SharePoint Syntex."
</br>
-Using [AI Builder](/ai-builder/overview) - a feature in Microsoft PowerApps - SharePoint Syntex users can create a [form processing model](form-processing-overview.md) directly from a SharePoint document library.
+Using [AI Builder](/ai-builder/overview)ΓÇöa feature in Microsoft PowerAppsΓÇöSharePoint Syntex users can create a [form processing model](form-processing-overview.md) directly from a SharePoint document library.
-Creating a form processing model involves the following:
+Creating a form processing model involves the following steps:
+
+ - [Step 1: Create a form processing model](create-a-form-processing-model.md#step-1-create-a-form-processing-model)
+ - [Step 2: Add and analyze documents](create-a-form-processing-model.md#step-2-add-and-analyze-documents)
+ - [Step 3: Tag fields and tables](create-a-form-processing-model.md#step-3-tag-fields-and-tables)
+ - [Step 4: Train and publish your model](create-a-form-processing-model.md#step-4-train-and-publish-your-model)
+ - [Step 5: Use your model](create-a-form-processing-model.md#step-5-use-your-model)
## Requirements
-You can only create a form processing model in SharePoint document libraries for which it is enabled. If form processing is enabled, you are able to see the **AI Builder** **"Create a form processing model'** under the **Automate** menu in your document library. If you need processing enabled on your document library, you must contact your SharePoint administrator.
+You can only create a form processing model in SharePoint document libraries for which it's enabled. If form processing is enabled, you're able to see the **Automate** > **AI Builder** > **Create a model to process forms** menu in your document library. If you need processing enabled on your document library, you must contact your SharePoint administrator.
- ![Create an AI Builder model](../media/content-understanding/create-ai-builder-model.png)</br>
+ ![Screenshot showing the AI Builder model.](../media/content-understanding/create-ai-builder-model2.png)
## Step 1: Create a form processing model
-The first step in creating a form processing model is to name it and create the define the new content type and create a new document library view for it.
+The first step in creating a form processing model is to name the model, define the new content type, and create a new document library view for it.
-1. From the document library, select the **Automate** menu, select **AI Builder**, and then select **Create a Form Processing model**.
+1. From the document library, select the **Automate** menu, select **AI Builder**, and then select **Create a model to process forms**.
- ![Create a model](../media/content-understanding/create-ai-builder-model.png)</br>
+ ![Screenshot showing the Automate menu and the Create a model to process forms option.](../media/content-understanding/create-ai-builder-model2.png)
-2. In the **New form processing model** pane, in the **Name** field, type a name for your model (for example, *Purchase Orders*).
+2. In the **Create a model to process forms** panel, in the **Name** field, type a name for your model (for example, *Purchase Orders*).
- ![New form processing model](../media/content-understanding/new-form-model.png)</br>
+ ![Screenshot showing the Create a model to process forms panel.](../media/content-understanding/new-form-model2.png)
-3. When you create a form processing model, you create a new SharePoint content type. A SharePoint content type represents a category of documents that have common characteristics and share a collection of columns or metadata properties for that particular content. SharePoint Content Types are managed through the [Content types gallery]().
+3. You can now automatically extract and save information from a *collection* of structured files that share a similar layoutΓÇösuch as invoices or tax documentsΓÇöthat are in a SharePoint document library. This lets you compose several models into a single model and extract specific table item information.
- Select **Advanced settings** if you want to map this model to an existing content type in the SharePoint Content types gallery to use its schema.
+ The collection name is saved to a dedicated column in the document library where the model is applied, which allows you to distinguish different file layouts processed by the same model.
-4. Your model creates a new view in your document library for your extracted data. If you do not want it to the default view, deselect **Set the view as default**.
+ In addition, the extracted table information is saved to a specified list and associated with the uploaded file for easy viewing or for additional business process automation.
-5. Select **Create**.
+ To extract table information to an associated list:<br><br>
-## Step 2: Add and analyze documents
+ 1. In the **Extract info from tables?** section, select **Yes**.
-After you create your new form processing model, your browser opens a new PowerApps AI Builder forms processing model page. On this page you can add and analyze your example documents. </br>
-
-> [!NOTE]
-> When looking for example files to use, see the [form processing model input document requirements and optimization tips](/ai-builder/form-processing-model-requirements).
+ ![Screenshot showing the Extract info from tables section on the Create a model to process forms panel.](../media/content-understanding/extract-info-from-tables.png)
- ![Power Apps AI Builder](../media/content-understanding/powerapps.png)</br>
+ 2. In the **Where should we save table info?** section:
-1. Select **Add documents** to begin adding example documents analyzed to determine the named value pairs that can be extracted. You can then choose either **Upload from local storage**, **SharePoint**, or **Azure Blob storage**. You need to use at least five files for training.
+ - If you select **A new list** (the default setting), a suggested name is automatically provided in the **New list name** box. You can modify the name if you want to. If you want to show the list in the site navigation, select the **Show in site navigation** checkbox.
-2. After adding files, select **Analyze** to check for any information common is all files. This may take several minutes to complete.</br>
-
- ![Analyze files](../media/content-understanding/analyze.png)</br>
-
-3. After the files have been analyzed, in the **Select the form fields you want to save** page select the file to view the detected fields.</br>
+ - If you select **An existing list**, in the **Selected list** box, choose the list you want to use.
- ![Select form fields](../media/content-understanding/select-form-fields.png)</br>
+4. When you create a form processing model, you create a new SharePoint content type. A SharePoint content type represents a category of documents that have common characteristics and share a collection of columns or metadata properties for that particular content. SharePoint content types are managed through the SharePoint admin center.
-## Step 3: Select your form fields
+ To map this model to an existing content type in the SharePoint content types gallery, select **Advanced settings**.
-After analyzing the documents for fields, you can now see the fields that were found, and identify the ones that you want to save. Saved fields display as columns in your model's document library view and show the values extracted from each document.
+ ![Screenshot showing the Advanced settings in the Create a model to process forms panel.](../media/content-understanding/new-form-model-advanced-settings.png)
-1. The next page displays one of your sample files and will highlight all common fields that were automatically detected by the system. </br>
+ 1. In the **Content type** section, choose whether to create a new content type or to use an existing one.
- ![Select fields page](../media/content-understanding/select-fields-page.png)</br>
+ 2. To use an existing content type, select **Select one**, and choose a content type from the list.
-2. Select the fields that you want to save and select the checkbox to confirm your selection. For example, in the Purchase Order model, choose to select the *Date*, *PO*, and *Total* fields. Note that you can also choose to rename a field if you choose. </br>
+ 3. Your model creates a new view in your document library for your extracted data. If you don't want it to be the default view, in the **Library view for this model** section, clear the **Set the view as default** checkbox.
- ![Select PO#](../media/content-understanding/po.png)</br>
+ 4. To apply a retention label to your files, in the **Retention label** section, select the retention label you want to use.
-3. If a field was not detected by analysis, you can still choose to add it. Highlight the information you want to extract, and in the name box type in the name you want. Then select the check box. Note that you need to confirm undetected fields in your remaining sample files.
-
-4. Click **Confirm fields** after you have selected the fields that you want to save. </br>
-
- ![Confirm fields after selecting fields](../media/content-understanding/confirm-fields.png)</br>
-
-5. On the **Select the form fields you want to save** page, it shows the number of fields you have selected. Select **Done**.
-
-## Step 4: Train and test your model
+5. Select **Create**.
-After selecting the fields you want to save, the **Model Summary** page lets you train and test your model.
+## Step 2: Add and analyze documents
-1. On the **Model Summary** page, the saved fields will show in the **Selected fields** section. Select **Train** to begin training on your example files. Note that this may take a few minutes to complete.</br>
+After you create your new form processing model, your browser opens a new PowerApps AI Builder forms processing model page. On this page, you can add and analyze your example documents.
- ![Select fields train](../media/content-understanding/select-fields-train.png)</br>
+> [!NOTE]
+> When you look for example files to use, see the [form processing model input document requirements and optimization tips](/ai-builder/form-processing-model-requirements).
+
+1. You first define the fields and tables you want to teach your model to extract on the **Choose information to extract** page. For detailed steps, see [Define fields and tables to extract](/ai-builder/create-form-processing-model#define-fields-and-tables-to-extract).
-2. When you see the notification that training has completed, select **Go to details page**.
+2. You can create as many collections of document layouts you want your model to process. For detailed steps, see [Group documents by collections](/ai-builder/create-form-processing-model#group-documents-by-collections).
-3. On the **Model details** page, you can choose to test how your model works by selecting **Quick test**. This lets you drag and drop files to the page and see if the fields are detected.
+3. After you create your collections and add the example files for each, AI Builder will examine the uploaded documents to detect the fields and tables. This usually takes a few minutes. When the analysis is complete, you can proceed with tagging the documents.
- ![Confirm fields](../media/content-understanding/select-fields-train.png)</br>
+## Step 3: Tag fields and tables
-2. When you see the notification that training has completed, select **Go to details page**.
+You need to tag the documents to teach the model to understand the fields and table data you want to extract. For detailed steps, see [Tag documents](/ai-builder/create-form-processing-model#tag-documents).
-3. On the **Model details** page, choose to test how your model works by selecting **Quick test**. This lets you drag and drop files to the page and see if the fields are detected.
+## Step 4: Train and publish your model
-## Step 5: Publish your model
+1. After you create and train your model, you're ready to publish it and use it in SharePoint. For detailed steps, see [Train and publish your form processing model](/ai-builder/form-processing-train).
-1. If you are satisfied with the results of your model, select **Publish** to make it available for use.
+2. After the model is published, select **Use model**, and then select **Create flow**. This creates a Power Automate flow that can run in your SharePoint document library and that extracts the fields that have been identified in the model.
-2. After the model is published, select **Use model**. This creates a PowerAutomate flow that can run in your SharePoint document library and extracts the fields that have been identified in the model, then select **Create Flow**.
-
-3. When completed, you will see the message **Your flow has been successfully created**.
+ ![Screenshot in AI Builder showing the Create a flow panel.](../media/content-understanding/ai-builder-create-a-flow.png)
-## Step 6: Use your model
+3. When completed, you'll see the message: *Your flow was successfully created*.
+
+ ![Screenshot in AI Builder showing flow was successfully created.](../media/content-understanding/ai-builder-flow-created.png)
-After publishing your model and creating it's PowerAutomate flow, you can use your model in your SharePoint document library.
+4. Select the **Go to SharePoint** button to see the document library updated with your model.
-1. After publishing your model, select **Go to SharePoint** to go to your document library.
+## Step 5: Use your model
-2. In the document library model view, notice that the fields you selected now display as columns.</br>
+1. In the document library model view, notice that the fields you selected now display as columns.
- ![Document library model applied](../media/content-understanding/doc-lib-view.png)</br>
+ ![Document library model applied.](../media/content-understanding/doc-lib-view.png)
-3. Notice that the information link next to **Documents** notes that a forms processing model is applied to this document library.
+2. Notice that the information link next to **Documents** notes that a forms processing model is applied to this document library.
- ![Info button](../media/content-understanding/info-button.png)</br>
+ ![Info button.](../media/content-understanding/info-button.png)
-4. Upload files to your document library. Any files that the model identifies as it's content type lists the files in your view and displays the extracted data in the columns.</br>
+3. Upload files to your document library. Any files that the model identifies as its content type lists the files in your view and displays the extracted data in the columns.
- ![Done](../media/content-understanding/doc-lib-done.png)</br>
+ ![Done.](../media/content-understanding/doc-lib-done.png)
## See Also
contentunderstanding Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/index.md
The resources on this page are designed to get you started with learning about a
The resources in this section help you learn more about the two methods of data classification and extraction used by SharePoint Syntex: form processing and document understanding.
+> [!NOTE]
+> You can get started with SharePoint Syntex without buying licenses by [creating a content center from the SharePoint admin center](create-a-content-center.md). Unlicensed users can create document understanding models but can't apply them to a document library.
+ | If you're looking for this information: | Go to this resource: | |:--|:--| |Learn more about document understanding|[Document understanding overview](./document-understanding-overview.md)|
contentunderstanding Set Up Content Understanding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/set-up-content-understanding.md
Go to the [Power Platform admin center](https://admin.powerplatform.microsoft.co
Click **Next**.
-5. On the **Create Content Center** page, you can create a SharePoint content center site on which your users can create and manage document understanding models.
+5. On the **Create Content Center** page, you can create a SharePoint content center site on which your users can create and manage document understanding models. If you previously created a content center from the SharePoint admin center, that information will display here and you can just select **Next**.
1. For **Site name**, type the name you want to give your content center site.
managed-desktop Admin Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/working-with-managed-desktop/admin-support.md
You can submit support tickets or feedback requests to Microsoft using the Microsoft Managed Desktop Admin portal. Support requests are always prioritized over feedback submissions. Support requests are triaged and managed according to severity as outlined in the [severity definition table](#sev). Feedback is reviewed and a response provided where requested.
-> [!IMPORTANT]
-> Make sure that you [set up an Admin contact](../get-started/add-admin-contacts.md) for app packaging, devices, security, and other requests. You won't be able to submit a support request in any of these areas if you don't provide an admin contact.
-**To submit a support request**
+## Open a new support request
1. Sign in to [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) and navigate to the **Tenant administration** menu. 2. Look for the Microsoft Managed Desktop section, and then select **Service request**. 3. On **Support requests**, select **+ New Support ticket**. 4. Select the **Support request type** that matches the help you need. The following table outlines the options.
-5. Select the **Severity level**. For more information, see [Support request severity definitions](#sev).
+5. Select the **Severity level**. For more information, see [Support request severity definitions](#sev).
+6. Provide as much information about the request as possible to help the team respond quickly. Depending on the type of request, you may be required to provide different details.
+7. Review all the information you provided for accuracy.
+8. When youΓÇÖre ready, select **Create**.
+
Support request type | When to use |
Incident | You require the Microsoft Managed Desktop Operations team to investig
Request for information | You're planning a change in networking, proxy configuration, VPN systems, certificate expiration, or just need some information about the service. A response from the Microsoft Managed Desktop Operations team is advised when communicating a change within your organization. Change request | You require the Microsoft Managed Desktop Operations team to make a change, such as moving devices between update groups.
+> [!IMPORTANT]
+> When you create a support request you will need to list a Primary contact, responsible for working with our Service Engineers to resolve the issue or answer any questions about a requested change. We also require that you have previously [set up an Admin contact](../get-started/add-admin-contacts.md) who will be copied on all case notifications for their relevant area of focus and be asked to take over a case if the primary contact for a case is unreachable.
+
+## Manage an active support request
+The primary contact for a case (and any [Admin contact](../get-started/add-admin-contacts.md) for that area of focus) will receive email notifications when a case is **Created**, **Assigned** to a Service Engineer to investigate, and **Resolved**. If at any point you have a question about the case, the best way to get in touch with our team is to reply directly to one of those emails. If we have questions about your request or need more details to take action, we will email the Primary contact listed on the support requests (copying all the relevant Admin contacts).
+
+### View all your active cases
+While email is the recommended approach to interact with our team, you may want to see the summary status of all your support requests. At any time, you can use the portal to see all support requests Active during the last six months.
+
+1. Sign in to [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) and navigate to the **Tenant Administration** menu.
+2. Look for the *Microsoft Managed Desktop* section, select **Service request**.
+3. From this view, you can export the summary view or click on any case to see the details
+
+### Edit case details
+If you need to edit the details of a case, for example updating the primary case contact, you will need to follow these steps:
+1. From the **Service request** blade, in **Tenant Administration** menu of [Microsoft Endpoint Manager](https://endpoint.microsoft.com/), use the search bar or filters to find the case youΓÇÖre interested in editing.
+2. Select the case to open up the requestΓÇÖs details
+3. Scroll to the bottom of the request details and select **Edit**.
+4. Update the editable information, add attachments to the case, or add a note for the Service Engineering team, then select **Save**.
+
+### Provide feedback
+
+We appreciate your feedback and use it to improve the admin support experience.
+
+When you are the primary contact on for a support request, you will receive an email from Microsoft Managed Desktop Operations asking about your experience after your issue has been resolved. Feedback is actively monitored and shared with engineering to improve the service and prioritize future features. Be sure to focus on your experience and not include personal information in the feedback form. For more information about privacy, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
+ <span id="sev" /> ## Support request severity definitions
Severity level | Situation | Initial response time | Expected response from you
- **Application compatibility** - For an application compatibility issue to be considered, there must be a reproducible error, of the same version of the application, between the previous and current version of Windows or Microsoft 365 Apps for enterprise. To resolve application compatibility issues, we requires a point of contact in your org to work with. The contact must work directly with our Fast Track team to investigate and resolve the issue. - **Customer response time** If you aren't able to meet the expected response requirements, we'll downgrade the request by one severity level, to a minimum of Severity C. If you're unresponsive to requests for action, we'll mitigate and close the support request within 48 hours of the last request.
-## Provide feedback
-
-We appreciate your feedback and use it to improve the admin support experience.
-
-Once a ticket is in the **Mitigated** or **Resolved** state, you can share your feedback on your experience with that particular issue. To share feedback, go to the **Service requests** page in the **Troubleshooting + support** menu of the Microsoft Endpoint Manager portal. Select the specific ticket. The ticket details will appear in the fly-in on the right side. Select the **Feedback** tab, and provide the requested information. Be careful not to include any personal information in the feedback form. For more information about privacy, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement).
- ## More resources
security Onboard Windows 10 Multi Session Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/Onboard-Windows-10-multi-session-device.md
This scenario uses a centrally located script and runs it using a domain-based g
1. Open the VDI configuration package .zip file (WindowsDefenderATPOnboardingPackage.zip)
- 1. In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**.
+ 1. In the Microsoft 365 Defender portal navigation pane, select **Settings** > **Endpoints** > **Onboarding** (under **Device Management**).
1. Select Windows 10 as the operating system. 1. In the **Deployment method** field, select VDI onboarding scripts for non-persistent endpoints. 1. Click **Download package** and save the .zip file.
security Machines View Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machines-view-overview.md
During the onboarding process, the **Devices list** is gradually populated with
>[!NOTE] > If you export the device list, it will contain every device in your organization. It might take a significant amount of time to download, depending on how large your organization is. Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all devices in the organization, regardless of any filtering applied in the view itself.
-![Image of devices list with list of devices](images/device-list.png)
+![Image of devices list with list of devices](images/device-inventory.png)
## Sort and filter the device list
security Manage Atp Post Migration Configuration Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-atp-post-migration-configuration-manager.md
We recommend using We recommend using [Microsoft Endpoint Manager](/mem), which
|**Enable Network Protection** to help prevent employees from using apps that malicious content on the Internet <br/><br/>*We recommend using [audit mode](/microsoft-365/security/defender-endpoint/evaluate-network-protection) at first for network protection in a test environment to see which apps would be blocked before rolling out.* |[Turn on network protection with Configuration Manager](/microsoft-365/security/defender-endpoint/enable-network-protection#microsoft-endpoint-configuration-manager) | |**Configure controlled folder access** to protect against ransomware <br/><br/>*Controlled folder access is also referred to as antiransomware protection.* |[Endpoint protection: Controlled folder access](/mem/intune/protect/endpoint-protection-windows-10#controlled-folder-access) <br/><br/>[Enable controlled folder access in Microsoft Endpoint Configuration Manage](/microsoft-365/security/defender-endpoint/enable-controlled-folders#microsoft-endpoint-configuration-manager) |
-## Configure your Microsoft Defender Security Center
+## Configure your Microsoft 365 Defender portal
-If you haven't already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See [Microsoft Defender Security Center](microsoft-defender-security-center.md). You can also configure whether and what features end users can see in the Microsoft 365 Defender portal.
+If you haven't already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See [Microsoft 365 Defender portal](microsoft-defender-security-center.md). You can also configure whether and what features end users can see in the Microsoft 365 Defender portal.
-- [Overview of the Microsoft Defender Security Center](/microsoft-365/security/defender-endpoint/use)
+- [Overview of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/use)
-- [Endpoint protection: Microsoft Defender Security Center](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
+- [Endpoint protection: Microsoft 365 Defender](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
## Next steps - [Get an overview of threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) -- [Visit the Microsoft Defender Security Center security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard)
+- [Visit the Microsoft 365 Defender portal security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard)
- [Manage Microsoft Defender for Endpoint with Intune](manage-atp-post-migration-intune.md)
security Manage Atp Post Migration Group Policy Objects https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-atp-post-migration-group-policy-objects.md
The following table lists various tasks you can perform to configure Microsoft D
|**Configure encryption and BitLocker** to protect information on your organization's devices running Windows |[BitLocker Group Policy settings](/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings) | |**Configure Microsoft Defender Credential Guard** to protect against credential theft attacks |[Enable Windows Defender Credential Guard by using Group Policy](/windows/security/identity-protection/credential-guard/credential-guard-manage#enable-windows-defender-credential-guard-by-using-group-policy) |
-## Configure your Microsoft Defender Security Center
+## Configure your Microsoft 365 Defender portal
-If you haven't already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See [Microsoft Defender Security Center](microsoft-defender-security-center.md). You can also configure whether and what features end users can see in the Microsoft 365 Defender portal.
+If you haven't already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See [Microsoft 365 Defender](microsoft-defender-security-center.md). You can also configure whether and what features end users can see in the Microsoft 365 Defender portal.
-- [Overview of the Microsoft Defender Security Center](/microsoft-365/security/defender-endpoint/use)
+- [Overview of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/use)
-- [Endpoint protection: Microsoft Defender Security Center](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
+- [Endpoint protection: Microsoft 365 Defender](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
## Next steps - [Get an overview of threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) -- [Visit the Microsoft Defender Security Center security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard)
+- [Visit the Microsoft 365 Defender portal security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard)
- [Manage Microsoft Defender for Endpoint with Intune](manage-atp-post-migration-intune.md)
security Manage Atp Post Migration Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-atp-post-migration-intune.md
The following table lists various tasks you can perform to configure Microsoft D
|**Configure Microsoft Defender Application Control** to choose whether to audit or trust apps on your organization's devices <br/><br/>*Microsoft Defender Application Control is also referred to as [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview).*|[Deploy Microsoft Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune)<br/><br/>[Endpoint protection: Microsoft Defender Application Control](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-application-control)<br/><br/>[AppLocker CSP](/windows/client-management/mdm/applocker-csp)| |**Configure device control and USB peripherals access** to help prevent threats in unauthorized peripherals from compromising your devices |[Control USB devices and other removable media using Microsoft Defender for Endpoint and Intune](/windows/security/threat-protection/device-control/control-usb-devices-using-intune) |
-## Configure your Microsoft Defender Security Center
+## Configure your Microsoft 365 Defender portal
-If you haven't already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See [Microsoft Defender Security Center](microsoft-defender-security-center.md). You can also configure whether and what features end users can see in the Microsoft 365 Defender portal.
+If you haven't already done so, configure your Microsoft 365 Defender portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture. See [Microsoft 365 Defender](microsoft-defender-security-center.md). You can also configure whether and what features end users can see in the Microsoft 365 Defender portal.
-- [Overview of the Microsoft Defender Security Center](/microsoft-365/security/defender-endpoint/use)
+- [Overview of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/use)
-- [Endpoint protection: Microsoft Defender Security Center](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
+- [Endpoint protection: Microsoft 365 Defender](/mem/intune/protect/endpoint-protection-windows-10#microsoft-defender-security-center)
## Next steps - [Get an overview of threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) -- [Visit the Microsoft Defender Security Center security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard)
+- [Visit the Microsoft 365 Defender portal security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard)
security Manage Atp Post Migration Other Tools https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-atp-post-migration-other-tools.md
On an individual device, you can run a scan, start diagnostic tracing, check for
||| |**Manage Microsoft Defender Antivirus**|[Configure and manage Microsoft Defender Antivirus with mpcmdrun.exe](/windows/security/threat-protection/microsoft-defender-antivirus/command-line-arguments-microsoft-defender-antivirus)|
-## Configure your Microsoft Defender Security Center
+## Configure your Microsoft 365 Defender portal
-If you haven't already done so, **configure your Microsoft Defender Security Center** ([https://securitycenter.windows.com](https://securitycenter.windows.com)) to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture.
+If you haven't already done so, configure your [Microsoft 365 Defender](https://security.microsoft.com/) portal to view alerts, configure threat protection features, and view detailed information about your organization's overall security posture.
You can also configure whether and what features end users can see in the Microsoft Defender Security Center.
security Manage Atp Post Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-atp-post-migration.md
The following table lists various tools/methods you can use, with links to learn
|Tool/Method |Description | |||
-|**[Threat and vulnerability management dashboard insights](/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights)** in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) |The threat & vulnerability management dashboard provides actionable information that your security operations team can use to reduce exposure and improve your organization's security posture. <br/><br/>See [Threat & vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) and [Overview of the Microsoft Defender Security Center](/microsoft-365/security/defender-endpoint/use). |
+|**[Threat and vulnerability management dashboard insights](/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights)** in the [Microsoft 365 Defender](https://security.microsoft.com/) portal |The threat & vulnerability management dashboard provides actionable information that your security operations team can use to reduce exposure and improve your organization's security posture. <br/><br/>See [Threat & vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) and [Overview of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/use). |
|**[Microsoft Intune](/mem/intune/fundamentals/what-is-intune)** (recommended) |Microsoft Intune (Intune), a component of [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), focuses on mobile device management (MDM) and mobile application management (MAM). With Intune, you control how your organizationΓÇÖs devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. <br/><br/>See [Manage Microsoft Defender for Endpoint using Intune](manage-atp-post-migration-intune.md). | |**[Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction)** |Microsoft Endpoint Manager (Configuration Manager), formerly known as System Center Configuration Manager, is a component of [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). Configuration Manager is a powerful tool to manage your users, devices, and software.<br/><br/>See [Manage Microsoft Defender for Endpoint with Configuration Manager](manage-atp-post-migration-configuration-manager.md). | |**[Group Policy Objects in Azure Active Directory Domain Services](/azure/active-directory-domain-services/manage-group-policy)** |[Azure Active Directory Domain Services](/azure/active-directory-domain-services/overview) includes built-in Group Policy Objects for users and devices. You can customize the built-in Group Policy Objects as needed for your environment, as well as create custom Group Policy Objects and organizational units (OUs). <br/><br/>See [Manage Microsoft Defender for Endpoint with Group Policy Objects](manage-atp-post-migration-group-policy-objects.md). |
security Microsoft Defender Endpoint Android https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-android.md
This topic describes how to install, configure, update, and use Defender for End
- **For Administrators**
- - Access to the Microsoft Defender Security Center portal.
+ - Access to the Microsoft 365 Defender portal.
> [!NOTE] > Microsoft Intune is the only supported Mobile Device Management (MDM) solution for deploying Microsoft Defender for Endpoint on Android. Currently only enrolled devices are supported for enforcing Defender for Endpoint on Android related device compliance policies in Intune.
security Microsoft Defender Endpoint Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux.md
This topic describes how to install, configure, update, and use Microsoft Defend
### Prerequisites -- Access to the Microsoft Defender Security Center portal
+- Access to the Microsoft 365 Defender portal
- Linux distribution using the [systemd](https://systemd.io/) system manager - Beginner-level experience in Linux and BASH scripting - Administrative privileges on the device (in case of manual deployment)
This topic describes how to install, configure, update, and use Microsoft Defend
> > Microsoft Defender for Endpoint on Linux is not yet integrated into Azure Security Center. -- ### Installation instructions There are several methods and deployment tools that you can use to install and configure Microsoft Defender for Endpoint on Linux.
security Microsoft Defender Endpoint Mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac.md
To get the latest features, including preview capabilities (such as endpoint det
### Prerequisites -- A Defender for Endpoint subscription and access to the Microsoft Defender Security Center portal
+- A Defender for Endpoint subscription and access to the Microsoft 365 Defender portal
- Beginner-level experience in macOS and BASH scripting - Administrative privileges on the device (in case of manual deployment)
security Network Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-devices.md
ms.technology: mde
> [!NOTE] > The [Network device discovery and vulnerability assessments](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/network-device-discovery-and-vulnerability-assessments/ba-p/2267548) Blog \(published 04-13-2021\) provides insights into the new **Network device discovery** capabilities in Defender for Endpoint. This article provides an overview of the challenge that **Network device discovery** is designed to address, and detailed information about how get started using these new capabilities.
-Network discovery capabilities are available in the **Device inventory** section of the Microsoft 365 security center and Microsoft Defender Security Center consoles.
+Network discovery capabilities are available in the **Device inventory** section of the Microsoft 365 security center and Microsoft 365 Defender consoles.
A designated Microsoft Defender for Endpoint device will be used on each network segment to perform periodic authenticated scans of preconfigured network devices. Once discovered, Defender for EndpointΓÇÖs threat and vulnerability management capabilities provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways.
Your first step is to select a device that will perform the authenticated networ
8. To allow the network scanner to be authenticated and work properly, it's essential that you add the following domains/URLs: - login.windows.net
- - *.securitycenter.windows.com
+ - *.security.microsoft.com
- login.microsoftonline.com - *.blob.core.windows.net/networkscannerstable/ *
To configure assessment jobs, the following user permission option is required:
## Install the network scanner 1. Go to **Microsoft 365 security** > **Settings** > **Endpoints** > **Assessment jobs** (under **Network assessments**).
- 1. In the Microsoft Defender Security Center, go to Settings > Assessment jobs page.
+ 1. In the Microsoft 365 Defender portal, go to Settings > Assessment jobs page.
2. Download the network scanner and install it on the designated Defender for Endpoint assessment device.
security Office 365 Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/office-365-microsoft-defender-antivirus.md
Microsoft Defender for Office 365 integrated with Microsoft Defender for Endpoin
SO -- Once integration is enabled, your security operations team can see a list of devices that are used by the recipients of any detected URLs or email messages, along with recent alerts for those devices, in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
+- Once integration is enabled, your security operations team can see a list of devices that are used by the recipients of any detected URLs or email messages, along with recent alerts for those devices, in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).
If you haven't already done so, [integrate Microsoft Defender for Office 365 with Microsoft Defender for Endpoint](/microsoft-365/security/office-365-security/integrate-office-365-ti-with-wdatp).
security Onboard Downlevel https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-downlevel.md
Review the following details to verify minimum system requirements:
1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604). 2. Obtain the workspace ID:
- - In the Defender for Endpoint navigation pane, select **Settings > Device management > Onboarding**
+ - In the Defender for Endpoint navigation pane, select **Settings > Endpoints > Device management > Onboarding**
- Select **Windows 7 SP1 and 8.1** as the operating system - Copy the workspace ID and workspace key
security Onboarding Endpoint Configuration Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager.md
This section guides you in configuring the following capabilities using Microsof
### Endpoint detection and response #### Windows 10
-From within the Microsoft Defender Security Center it is possible to download
+From within the Microsoft 365 Defender portal it is possible to download
the '.onboarding' policy that can be used to create the policy in System Center Configuration Manager and deploy that policy to Windows 10 devices.
-1. From a Microsoft Defender Security Center Portal, select [Settings and then Onboarding](https://securitycenter.windows.com/preferences2/onboarding).
+1. From a Microsoft 365 Defender portal, select [Settings and then Onboarding](https://security.microsoft.com/preferences2/onboarding).
Manager and deploy that policy to Windows 10 devices.
#### Previous versions of Windows Client (Windows 7 and Windows 8.1) Follow the steps below to identify the Defender for Endpoint Workspace ID and Workspace Key, that will be required for the onboarding of previous versions of Windows.
-1. From a Microsoft Defender Security Center Portal, select **Settings > Onboarding**.
+1. From a Microsoft 365 Defender portal, select **Settings** > **Endpoints** > **Onboarding** (under **Device Management**).
2. Under operating system choose **Windows 7 SP1 and 8.1**.
Defender Antivirus.
The attack surface reduction pillar of Defender for Endpoint includes the feature set that is available under Exploit Guard. Attack surface reduction (ASR) rules, Controlled Folder Access, Network Protection and Exploit Protection.
-All these features provide an audit mode and a block mode. In audit mode there is no end-user impact. All it does is collect additional telemetry and make it available in the Microsoft Defender Security Center. The goal with a deployment is to step-by-step move security controls into block mode.
+All these features provide an audit mode and a block mode. In audit mode there is no end-user impact. All it does is collect additional telemetry and make it available in the Microsoft 365 Defender portal. The goal with a deployment is to step-by-step move security controls into block mode.
To set ASR rules in Audit mode:
Below are additional steps to verify whether ASR rules are correctly applied to
endpoints. (This may take few minutes)
-1. From a web browser, navigate to <https://securitycenter.windows.com>.
+1. From a web browser, navigate to <https://security.microsoft.com>.
2. Select **Configuration management** from left side menu.
security Portal Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/portal-overview.md
Title: Microsoft Defender for Endpoint portal overview
-description: Microsoft Defender Security Center can monitor your enterprise network and assist in responding to potential advanced persistent threats (APT) or data breaches.
-keywords: Microsoft Defender Security Center, portal, cybersecurity threat intelligence, dashboard, alerts queue, devices list, settings, device management, advanced attacks
+description: Microsoft 365 Defender can monitor your enterprise network and assist in responding to potential advanced persistent threats (APT) or data breaches.
+keywords: Microsoft 365 Defender, portal, cybersecurity threat intelligence, dashboard, alerts queue, devices list, settings, device management, advanced attacks
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
ms.technology: mde
-# Microsoft Defender Security Center portal overview
+# Microsoft 365 Defender portal overview
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
ms.technology: mde
>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
-Enterprise security teams can use Microsoft Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat activity or data breaches.
+Enterprise security teams can use Microsoft 365 Defender to monitor and assist in responding to alerts of potential advanced persistent threat activity or data breaches.
-You can use [Microsoft Defender Security Center](https://securitycenter.windows.com/) to:
+You can use [Microsoft 365 Defender](https://security.microsoft.com) to:
- View, sort, and triage alerts from your endpoints - Search for more information on observed indicators such as files and IP Addresses - Change Microsoft Defender for Endpoint settings, including time zone and review licensing information
-## Microsoft Defender Security Center
+## Microsoft 365 Defender
When you open the portal, you'll see:
Icon | Description
## Related topics -- [Overview of Microsoft Defender Security Center](use.md)
+- [Overview of Microsoft 365 Defender](use.md)
- [View the Security operations dashboard](security-operations-dashboard.md) - [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) - [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md)
security Prevent Changes To Security Settings With Tamper Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md
Tamper protection doesn't prevent you from viewing your security settings. And,
| To perform this task... | See this section... | |:|:|
-| Manage tamper protection across your tenant <p>Use the Microsoft Defender Security Center to turn tamper protection on or off | [Manage tamper protection for your organization using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) |
+| Manage tamper protection across your tenant <p>Use the Microsoft 365 Defender portal to turn tamper protection on or off | [Manage tamper protection for your organization using the Microsoft 365 Defender](#manage-tamper-protection-for-your-organization-using-the-microsoft-365-defender-portal) |
| Fine-tune tamper protection settings in your organization <p>Use Intune (Microsoft Endpoint Manager) to turn tamper protection on or off. You can configure tamper protection for some or all users with this method. | [Manage tamper protection for your organization using Intune](#manage-tamper-protection-for-your-organization-using-intune) | | Turn tamper protection on (or off) for your organization with Configuration Manager | [Manage tamper protection for your organization using tenant attach with Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006) | | Turn tamper protection on (or off) for an individual device | [Manage tamper protection on an individual device](#manage-tamper-protection-on-an-individual-device) |
The following table provides details on the methods, tools, and dependencies.
|:-|:-| | Microsoft Intune | No | | Microsoft Endpoint Configuration Manager + Tenant Attach | No |
-| Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) | Yes |
| Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) | Yes |
-## Manage tamper protection for your organization using the Microsoft Defender Security Center
+## Manage tamper protection for your organization using the Microsoft 365 Defender portal
-Tamper protection can be turned on or off for your tenant using the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)). Here are a few points to keep in mind:
+Tamper protection can be turned on or off for your tenant using the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)). Here are a few points to keep in mind:
-- Currently, the option to manage tamper protection in the Microsoft Defender Security Center is on by default for new deployments. For existing deployments, tamper protection is available on an opt-in basis, with plans to make opting in the default method in the near future. (To opt in, in the Microsoft Defender Security Center, choose **Settings** > **Advanced features** > **Tamper protection**.)
+- Currently, the option to manage tamper protection in the Microsoft 365 Defender portal is on by default for new deployments. For existing deployments, tamper protection is available on an opt-in basis, with plans to make opting in the default method in the near future. (To opt in, in the Microsoft 365 Defender portal, choose **Settings** > **Endpoints** > **Advanced features** > **Tamper protection**.)
-- When you use the Microsoft Defender Security Center to manage tamper protection, you do not have to use either Intune or the tenant attach method.
+- When you use the Microsoft 365 Defender portal to manage tamper protection, you do not have to use Intune or the tenant attach method.
-- When you manage tamper protection in the Microsoft Defender Security Center, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows Server 2016, or Windows Server 2019. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Intune](#manage-tamper-protection-for-your-organization-using-intune) or [Configuration Manager with tenant attach](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006).
+- When you manage tamper protection in the Microsoft 365 Defender portal, the setting is applied tenant wide, affecting all of your devices that are running Windows 10, Windows Server 2016, or Windows Server 2019. To fine-tune tamper protection (such as having tamper protection on for some devices but off for others), use either [Intune](#manage-tamper-protection-for-your-organization-using-intune) or [Configuration Manager with tenant attach](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006).
-- If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft Defender Security Center.
+- If you have a hybrid environment, tamper protection settings configured in Intune take precedence over settings configured in the Microsoft 365 Defender portal.
-### Requirements for managing tamper protection in the Microsoft Defender Security Center
+### Requirements for managing tamper protection in the Microsoft 365 Defender portal
- You must have appropriate [permissions](/microsoft-365/security/defender-endpoint/assign-portal-access), such as global admin, security admin, or security operations.
Tamper protection can be turned on or off for your tenant using the Microsoft De
- [Cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) must be turned on.
-### Turn tamper protection on (or off) in the Microsoft Defender Security Center
+### Turn tamper protection on (or off) in the Microsoft 365 Defender portal
-![Turn tamper protection on in the Microsoft Defender Security Center](images/mde-turn-tamperprotect-on.png)
+::image type="content" source="../../media/mde-turn-tamperprotect-on-new.png" alt-text="Turn tamper protection ON in Microsoft 365 Defender portal":::
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
-2. Choose **Settings**.
+2. Choose **Settings** > **Endpoints**.
3. Go to **General** > **Advanced features**, and then turn tamper protection on.
If you are part of your organization's security team, and your subscription incl
- **Platform: Windows 10 and later** - **Profile type: Endpoint protection**
- - **Category: Microsoft Defender Security Center**
+ - **Category: Microsoft 365 Defender**
- **Tamper Protection: Enabled** 4. Assign the profile to one or more groups.
Here's what you see in the Windows Security app:
Tampering attempts typically indicate bigger cyberattacks. Bad actors try to change security settings as a way to persist and stay undetected. If you're part of your organization's security team, you can view information about such attempts, and then take appropriate actions to mitigate threats.
-When a tampering attempt is detected, an alert is raised in the [Microsoft Defender Security Center](/microsoft-365/security/defender-endpoint/portal-overview) ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
+When a tampering attempt is detected, an alert is raised in the [Microsoft 365 Defender portal](/microsoft-365/security/defender-endpoint/portal-overview) ([https://security.microsoft.com](https://security.microsoft.com)).
-![Microsoft Defender Security Center](images/tamperattemptalert.png)
+![Microsoft 365 Defender](images/tamperattemptalert.png)
Using [endpoint detection and response](/microsoft-365/security/defender-endpoint/overview-endpoint-detection-response) and [advanced hunting](/microsoft-365/security/defender-endpoint/advanced-hunting-overview) capabilities in Microsoft Defender for Endpoint, your security operations team can investigate and address such attempts.
Tamper protection integrates with [Threat & Vulnerability Management](/microsoft
![Turn on tamper protection](images/tamperprotectsecurityrecos.png)
-To learn more about Threat & Vulnerability Management, see [Threat & Vulnerability Management in Microsoft Defender Security Center](/microsoft-365/security/defender-endpoint/tvm-dashboard-insights#threat--vulnerability-management-in-microsoft-defender-security-center).
+To learn more about Threat & Vulnerability Management, see [Threat & Vulnerability Management in Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/tvm-dashboard-insights#threat--vulnerability-management-in-microsoft-defender-security-center).
## Frequently asked questions
If you are an organization using [Microsoft Defender for Endpoint](/microsoft-36
- [Manage tamper protection using Intune](#manage-tamper-protection-for-your-organization-using-intune) - [Manage tamper protection using Configuration Manager, version 2006](#manage-tamper-protection-for-your-organization-with-configuration-manager-version-2006)-- [Manage tamper protection using the Microsoft Defender Security Center](#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center)
+- [Manage tamper protection using the Microsoft 365 Defender portal](#manage-tamper-protection-for-your-organization-using-the-microsoft-365-defender-portal)
### How does configuring tamper protection in Intune affect how I manage Microsoft Defender Antivirus through my group policy?
No. Local admins cannot change or modify tamper protection settings.
If a device is off-boarded from Microsoft Defender for Endpoint, tamper protection is turned on, which is the default state for unmanaged devices.
-### Will there be an alert about tamper protection status changing in the Microsoft Defender Security Center?
+### Will there be an alert about tamper protection status changing in the Microsoft 365 Defender portal?
-Yes. The alert is shown in [https://securitycenter.microsoft.com](https://securitycenter.microsoft.com) under **Alerts**.
+Yes. The alert is shown in [https://security.microsoft.com](https://security.microsoft.com) under **Alerts**.
Your security operations team can also use hunting queries, such as the following example:
security Preview Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/preview-settings.md
ms.technology: mde
Turn on the preview experience setting to be among the first to try upcoming features.
-1. In the navigation pane, select **Settings** > **Advanced features**.
+1. In the navigation pane, select **Settings** > **Endpoints** > **Advanced features**.
- ![Image of settings and preview experience](images/atp-preview-features.png)
+ :::image type="content" source="../../media/atp-preview-features-new.png" alt-text="settings and preview experience image":::
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/preview.md
You'll have access to upcoming features that you can provide feedback on to help
Turn on the preview experience setting to be among the first to try upcoming features.
-1. In the navigation pane, select **Settings** > **Advanced features** > **Preview features**.
+1. In the navigation pane, select **Settings** > **Endpoints** > **Advanced features** > **Preview features**.
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
security Rbac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/rbac.md
Title: Use role-based access control to grant fine-grained access to Microsoft Defender Security Center
+ Title: Use role-based access control to grant fine-grained access to Microsoft 365 Defender portal
description: Create roles and groups within your security operations to grant access to the portal. keywords: rbac, role, based, access, control, groups, control, tier, aad search.product: eADQiWindows 10XVcnh
Before using RBAC, it's important that you understand the roles that can grant p
> [!WARNING] > Before enabling the feature, it's important that you have a Global Administrator role or Security Administrator role in Azure AD and that you have your Azure AD groups ready to reduce the risk of being locked out of the portal.
-When you first log in to Microsoft Defender Security Center, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD.
+When you first log in to the Microsoft 365 Defender portal, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. Read only access is granted to users with a Security Reader role in Azure AD.
Someone with a Defender for Endpoint Global administrator role has unrestricted access to all devices, regardless of their device group association and the Azure AD user groups assignments > [!WARNING]
-> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in Microsoft Defender Security Center, therefore, having the right groups ready in Azure AD is important.
+> Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in the Microsoft 365 Defender portal, therefore, having the right groups ready in Azure AD is important.
> > **Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.** > >Users with admin permissions are automatically assigned the default built-in Defender for Endpoint global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Azure AD Global or Security Administrators to the Defender for Endpoint global administrator role. >
-> After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal.
--
+> After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal.
## Related topic - [Create and manage device groups in Microsoft Defender for Endpoint](machine-groups.md)
security Respond File Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/respond-file-alerts.md
You can also edit indicators from the **Settings** page, under **Rules** > **In
## Consult a threat expert
-Consult a Microsoft threat expert for more insights on a potentially compromised device, or already compromised devices. Microsoft Threat Experts are engaged directly from within the Microsoft Defender Security Center for timely and accurate response. Experts provide insights on a potentially compromised device and help you understand complex threats and targeted attack notifications. They can also provide information about the alerts or a threat intelligence context that you see on your portal dashboard.
+Consult a Microsoft threat expert for more insights on a potentially compromised device, or already compromised devices. Microsoft Threat Experts are engaged directly from within the Microsoft 365 Defender portal for timely and accurate response. Experts provide insights on a potentially compromised device and help you understand complex threats and targeted attack notifications. They can also provide information about the alerts or a threat intelligence context that you see on your portal dashboard.
See [Consult a Microsoft Threat Expert](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts#consult-a-microsoft-threat-expert-about-suspicious-cybersecurity-activities-in-your-organization) for details.
security Service Status https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/service-status.md
ms.technology: mde
**Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037) -- >Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-servicestatus-abovefoldlink) **Service health** provides information on the current status of the Defender for Endpoint service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see information such as when the issue was detected, what the preliminary root cause is, and the expected resolution time.
security Switch To Microsoft Defender Onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-onboard.md
## Onboard devices to Microsoft Defender for Endpoint
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
-2. Choose **Settings** > **Device management** > **Onboarding**.
+2. Choose **Settings** > **Endpoints** > **Onboarding** (under **Device management**).
3. In the **Select operating system to start onboarding process** list, select an operating system.
Deployment methods vary, depending on operating system and preferred methods. Th
| Windows 10 | [Group Policy](configure-endpoints-gp.md)<p>[Configuration Manager](configure-endpoints-sccm.md)<p>[Mobile Device Management (Intune)](configure-endpoints-mdm.md)<p>[Local script](configure-endpoints-script.md) <p>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. | | Windows 8.1 Enterprise <p>Windows 8.1 Pro <p>Windows 7 SP1 Enterprise <p>Windows 7 SP1 Pro | [Microsoft Monitoring Agent](onboard-downlevel.md)<p>**NOTE**: Microsoft Monitoring Agent is now Azure Log Analytics agent. To learn more, see [Log Analytics agent overview](/azure/azure-monitor/platform/log-analytics-agent). | | Windows Server 2019 and later <p>Windows Server 2019 core edition <p>Windows Server version 1803 and later | [Local script](configure-endpoints-script.md) <p>[Group Policy](configure-endpoints-gp.md) <p>[Configuration Manager](configure-endpoints-sccm.md) <p>[System Center Configuration Manager](configure-endpoints-sccm.md) <p>[VDI onboarding scripts for non-persistent devices](configure-endpoints-vdi.md) <p>**NOTE**: A local script is suitable for a proof of concept but should not be used for production deployment. For a production deployment, we recommend using Group Policy, Microsoft Endpoint Configuration Manager, or Intune. |
-| Windows Server 2016 <p>Windows Server 2012 R2 <p>Windows Server 2008 R2 SP1 | [Microsoft Defender Security Center](configure-server-endpoints.md)<p>[Azure Defender](/azure/security-center/security-center-wdatp) |
+| Windows Server 2016 <p>Windows Server 2012 R2 <p>Windows Server 2008 R2 SP1 | [Microsoft 365 Defender portal](configure-server-endpoints.md)<p>[Azure Defender](/azure/security-center/security-center-wdatp) |
| macOS:<p>11.3.1 (Big Sur) <p>10.15 (Catalina)<p>10.14 (Mojave) | [Onboard non-Windows devices](configure-endpoints-non-windows.md) | | iOS | [Onboard non-Windows devices](configure-endpoints-non-windows.md) | | Linux:<p>RHEL 7.2+<p>CentOS Linux 7.2+<p>Ubuntu 16 LTS, or higher LTS<p>SLES 12+<p>Debian 9+<p>Oracle Linux 7.2 | [Onboard non-Windows devices](configure-endpoints-non-windows.md) |
Now that you have onboarded to Defender for Endpoint, and you have uninstalled y
**Congratulations**! You have completed your [migration to Defender for Endpoint](switch-to-microsoft-defender-migration.md#the-migration-process)! -- [Visit your security operations dashboard](security-operations-dashboard.md) in the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
+- [Visit your security operations dashboard](security-operations-dashboard.md) in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).
- [Manage Defender for Endpoint, post migration](manage-atp-post-migration.md).
security Switch To Microsoft Defender Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-prepare.md
This migration phase includes the following steps:
1. [Get and deploy updates across your organization's devices](#get-and-deploy-updates-across-your-organizations-devices) 2. [Get Defender for Endpoint](#get-microsoft-defender-for-endpoint).
-3. [Grant access to the Microsoft Defender Security Center](#grant-access-to-the-microsoft-defender-security-center).
+3. [Grant access to the Microsoft 365 Defender portal](#grant-access-to-the-microsoft-365-defender-portal).
4. [Configure device proxy and internet connectivity settings](#configure-device-proxy-and-internet-connectivity-settings). ## Get and deploy updates across your organization's devices
Now that you've updated your organization's devices, the next step is to get Def
4. If endpoints (such as devices) in your organization use a proxy to access the internet, see [Defender for Endpoint setup: Network configuration](production-deployment.md#network-configuration).
-At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
+At this point, you are ready to grant access to your security administrators and security operators who will use the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).
> [!NOTE]
-> The Microsoft Defender Security Center is sometimes referred to as the Defender for Endpoint portal, and can be accessed at [https://securitycenter.windows.com](https://securitycenter.windows.com).
+> The Microsoft 365 Defender portal is sometimes referred to as the Defender for Endpoint portal, and can be accessed at [https://security.microsoft.com](https://security.microsoft.com).
-## Grant access to the Microsoft Defender Security Center
+## Grant access to the Microsoft 365 Defender portal
-The Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) is where you access and configure features and capabilities of Defender for Endpoint. To learn more, see [Overview of the Microsoft Defender Security Center](use.md).
+The Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) is where you access and configure features and capabilities of Defender for Endpoint. To learn more, see [Overview of the Microsoft 365 Defender portal](use.md).
-Permissions to the Microsoft Defender Security Center can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
+Permissions to the Microsoft 365 Defender portal can be granted by using either basic permissions or role-based access control (RBAC). We recommend using RBAC so that you have more granular control over permissions.
1. Plan the roles and permissions for your security administrators and security operators. See [Role-based access control](prepare-deployment.md#role-based-access-control).
Permissions to the Microsoft Defender Security Center can be granted by using ei
- [Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm) - [Windows Admin Center](/windows-server/manage/windows-admin-center/overview)
-3. Grant access to the Microsoft Defender Security Center. (Need help? See [Manage portal access using RBAC](rbac.md)).
+3. Grant access to the Microsoft 365 Defender portal. (Need help? See [Manage portal access using RBAC](rbac.md)).
## Configure device proxy and internet connectivity settings
security Switch To Microsoft Defender Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup.md
The [DisableAntiSpyware](/windows-hardware/customize/desktop/unattend/security-m
`Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features` <p> `Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender` <br/>
- When using the DISM command within a task sequence running PS, the following path to cmd.exe is required.
+ When using the DISM command within a task sequence running PowerShell, the following path to cmd.exe is required.
Example:<br/> `c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features`<p>
Keep the following points in mind:
Device groups, device collections, and organizational units enable your security team to manage and assign security policies efficiently and effectively. The following table describes each of these groups and how to configure them. Your organization might not use all three collection types. | Collection type | What to do |
-|:|:|
-| [Device groups](/microsoft-365/security/defender-endpoint/machine-groups) (formerly called *machine groups*) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<p>Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <p>Device groups are created in the [Microsoft Defender Security Center](microsoft-defender-security-center.md). | 1. Go to the Microsoft Defender Security Center ([https://aka.ms/MDATPportal](https://aka.ms/MDATPportal)).<p>2. In the navigation pane on the left, choose **Settings** > **Permissions** > **Device groups**. <p>3. Choose **+ Add device group**.<p>4. Specify a name and description for the device group.<p>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](/microsoft-365/security/defender-endpoint/automated-investigations#how-threats-are-remediated).<p>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](/microsoft-365/security/defender-endpoint/machine-tags).<p>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <p>8. Choose **Done**. |
-| [Device collections](/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization.<p>Device collections are created by using [Configuration Manager](/mem/configmgr/). | Follow the steps in [Create a collection](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
-| [Organizational units](/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<p> Organizational units are defined in [Azure Active Directory Domain Services](/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](/azure/active-directory-domain-services/create-ou). |
+|--|--|
+|[Device groups](/microsoft-365/security/defender-endpoint/machine-groups) (formerly called *machine groups*) enable your security operations team to configure security capabilities, such as automated investigation and remediation.<p>Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <p>Device groups are created in the [Microsoft 365 Defender portal](microsoft-defender-security-center.md). |1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).<p>2. In the navigation pane on the left, choose **Settings** > **Endpoints** > **Permissions** > **Device groups**. <p>3. Choose **+ Add device group**.<p>4. Specify a name and description for the device group.<p>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](/microsoft-365/security/defender-endpoint/automated-investigations#how-threats-are-remediated).<p>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](/microsoft-365/security/defender-endpoint/machine-tags).<p>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group. <p>8. Choose **Done**. |
+|[Device collections](/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization.<p>Device collections are created by using [Configuration Manager](/mem/configmgr/). |Follow the steps in [Create a collection](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create). |
+|[Organizational units](/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings.<p> Organizational units are defined in [Azure Active Directory Domain Services](/azure/active-directory-domain-services). | Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](/azure/active-directory-domain-services/create-ou). |
## Next step
security Whats New In Microsoft Defender Atp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-atp.md
For more information on preview features, see [Preview features](preview.md).
- [Device group definitions](/microsoft-365/security/defender-endpoint/machine-groups) can now include multiple values for each condition. You can set multiple tags, device names, and domains to the definition of a single device group. ## March 2021
+- [Manage tamper protection using the Microsoft Defender Security Center](prevent-changes-to-security-settings-with-tamper-protection.md#manage-tamper-protection-for-your-organization-using-the-microsoft-365-defender-portal) <br> You can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called *tenant attach*.
-- [Manage tamper protection using the Microsoft Defender Security Center](prevent-changes-to-security-settings-with-tamper-protection.md#manage-tamper-protection-for-your-organization-using-the-microsoft-defender-security-center) <br> You can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called *tenant attach*. ## January 2021
security Entity Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/entity-tags.md
+
+ Title: Microsoft Defender for Identity entity tags in Microsoft 365 Defender
+description: Learn how to apply Microsoft Defender for Identity entity tags in Microsoft 365 Defender
Last updated : 06/08/2021+++++++
+# Defender for Identity entity tags in Microsoft 365 Defender
+
+**Applies to:**
+
+- Microsoft 365 Defender
+- Defender for Identity
+
+This article explains how to apply [Microsoft Defender for Identity](/defender-for-identity) entity tags in [Microsoft 365 Defender](/microsoft-365/security/defender/overview-security-center).
+
+>[!IMPORTANT]
+>As part of the convergence with Microsoft 365 Defender, some options and details have changed from their location in the Defender for Identity portal. Please read the details below to discover where to find both the familiar and new features.
+
+## Entity tags
+
+In Microsoft 365 Defender, you can set three types of Defender for Identity entity tags: **Sensitive tags**, **Honeytoken tags**, and **Exchange server tags**.
+
+To set these tags, in [Microsoft 365 Defender](https://security.microsoft.com/), go to **Settings** and then **Identities**.
+
+![Go to Settings, then Identities](../../media/defender-identity/settings-identities.png)
+
+The tag settings will appear in the **Settings** column.
+
+![Tag setting types](../../media/defender-identity/tag-settings.png)
+
+To set each type of tag, follow the instructions below.
+
+## Sensitive tags
+
+The **Sensitive tag** is used to identify high value assets. The lateral movement path also relies on an entity's sensitivity status. Some entities are considered sensitive automatically by Defender for Identity. For a list of those assets, see [Sensitive entities](/defender-for-identity/manage-sensitive-honeytoken-accounts#sensitive-entities).
+
+You can also manually tag users, devices, or groups as sensitive.
+
+1. Select **Sensitive tag**. You will then see the existing sensitive **Users**, **Devices**, and **Groups**.
+
+ ![Sensitive entities](../../media/defender-identity/sensitive-entities.png)
+
+1. Under each category, select **Tag...** to tag that type of entity. For example, under **Groups**, select **Tag groups.** A pane will open with the groups you can select to tag. To search for a group, enter its name in the search box.
+
+ ![Add groups](../../media/defender-identity/add-groups.png)
+
+1. Select your group, and click **Add selection.**
+
+ ![Add selection](../../media/defender-identity/add-selection.png)
+
+## Honeytoken tags
+
+Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert.
+
+You can tag users or devices with the **Honeytoken** tag in the same way you tag sensitive accounts.
+
+1. Select **Honeytoken tag**. You'll then see the existing honeytoken **Users** and **Devices**.
+
+ ![Honeytoken entities](../../media/defender-identity/honeytoken-entities.png)
+
+1. Under each category, select **Tag...** to tag that type of entity. For example, under **Users**, select **Tag users.** A pane will open with the groups you can select to tag. To search for a group, enter its name in the search box.
+
+ ![Add users](../../media/defender-identity/add-users.png)
+
+1. Select your user, and click **Add selection.**
+
+ ![Add selected user](../../media/defender-identity/add-selected-user.png)
+
+## Exchange server tags
+
+Defender for Identity considers Exchange servers as high-value assets and automatically tags them as **Sensitive**. You can also manually tag devices as Exchange servers.
+
+1. Select **Exchange server tag**. You'll then see the existing devices labeled with the **Exchange server** tag.
+
+ ![Exchange servers](../../media/defender-identity/exchange-servers.png)
+
+1. To tag a device as an Exchange server, select **Tag devices**. A pane will open with the devices that you can select to tag. To search for a device, enter its name in the search box.
+
+ ![Add devices](../../media/defender-identity/add-devices.png)
+
+1. Select your device, and click **Add selection.**
+
+ ![Select device](../../media/defender-identity/select-device.png)
+
+## See also
+
+- [Manage Defender for Identity security alerts](manage-security-alerts.md)
security Manage Security Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/manage-security-alerts.md
- Microsoft 365 Defender - Defender for Identity
-This article explains the basics of how to work with [Microsoft Defender for Identity](/defender-for-identity) security alerts in the [Microsoft 365 security center](/microsoft-365/security/defender/overview-security-center).
+This article explains the basics of how to work with [Microsoft Defender for Identity](/defender-for-identity) security alerts in [Microsoft 365 Defender](/microsoft-365/security/defender/overview-security-center).
-Defender for Identity alerts are natively integrated into the [Microsoft 365 security center](https://security.microsoft.com) with a dedicated Identity alert page format. This marks the first step in the journey to [introduce the full Microsoft Defender for Identity experience into Microsoft 365 Defender](/defender-for-identity/defender-for-identity-in-microsoft-365-defender).
+Defender for Identity alerts are natively integrated into [Microsoft 365 Defender](https://security.microsoft.com) with a dedicated Identity alert page format. This marks the first step in the journey to [introduce the full Microsoft Defender for Identity experience into Microsoft 365 Defender](/defender-for-identity/defender-for-identity-in-microsoft-365-defender).
The new Identity alert page gives Microsoft Defender for Identity customers better cross-domain signal enrichment and new automated identity response capabilities. It ensures that you stay secure and helps improve the efficiency of your security operations.
Alerts originating from Defender for Identity can now trigger the [Microsoft 365
Alerts can be accessed from multiple locations, including the **Alerts** page, the **Incidents** page, the pages of individual **Devices**, and from the **Advanced hunting** page. In this example, we'll review the **Alerts page**.
-In the [Microsoft 365 security center](https://security.microsoft.com/), go to **Incidents & alerts** and then to **Alerts**.
+In [Microsoft 365 Defender](https://security.microsoft.com/), go to **Incidents & alerts** and then to **Alerts**.
![Go to Incidents and Alerts, then Alerts](../../media/defender-identity/incidents-alerts.png)
security Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/notifications.md
+
+ Title: Microsoft Defender for Identity notifications in Microsoft 365 Defender
+description: Learn how to set Microsoft Defender for Identity notifications in Microsoft 365 Defender
Last updated : 05/20/2021+++++++
+# Defender for Identity notifications in Microsoft 365 Defender
+
+**Applies to:**
+
+- Microsoft 365 Defender
+- Defender for Identity
+
+This article explains how to work with [Microsoft Defender for Identity](/defender-for-identity) notifications in [Microsoft 365 Defender](/microsoft-365/security/defender/overview-security-center).
+
+>[!IMPORTANT]
+>As part of the convergence with Microsoft 365 Defender, some options and details have changed from their location in the Defender for Identity portal. Please read the details below to discover where to find both the familiar and new features.
+
+## Health issues notifications
+
+In Microsoft 365 Defender, you can add recipients for email notifications of health issues in Defender for Identity.
+
+1. In [Microsoft 365 Defender](https://security.microsoft.com/), go to **Settings** and then **Identities**.
+
+ ![Go to Settings, then Identities](../../media/defender-identity/settings-identities.png)
+
+1. Select **Health issues notifications**.
+
+1. Enter the recipient's email address. Select **Add**.
+
+ ![Enter email address for health issues](../../media/defender-identity/health-email-recipient.png)
+
+1. When Defender for Identity detects a health issue, the recipients will receive an email notification with the details.
+
+ ![Example of health issue email](../../media/defender-identity/health-email.png)
+
+ >[!NOTE]
+ >The email provides two links for further details about the issue. You can either go to the **MDI Health Center** or the new **Health Center in M365D**.
+
+## Alert notifications
+
+In Microsoft 365 Defender, you can add recipients for email notifications of detected alerts.
+
+1. In [Microsoft 365 Defender](https://security.microsoft.com/), go to **Settings** and then **Identities**.
+
+ ![Go to Settings, then Identities](../../media/defender-identity/settings-identities.png)
+
+1. Select **Alert notifications**.
+
+1. Enter the recipient's email address. Select **Add**.
+
+ ![Enter email address for detected alerts](../../media/defender-identity/alert-email-recipient.png)
+
+## Syslog notifications
+
+Defender for Identity can notify you when it detects suspicious activities by sending security and health alerts to your Syslog server through a nominated sensor.
+
+1. In [Microsoft 365 Defender](https://security.microsoft.com/), go to **Settings** and then **Identities**.
+
+ ![Go to Settings, then Identities](../../media/defender-identity/settings-identities.png)
+
+1. Select **Syslog notifications**.
+
+1. To enable syslog notification, set the **Syslog service** toggle to the **on** position.
+
+ ![Turn on syslog service](../../media/defender-identity/syslog-service.png)
+
+1. Select **Configure service**. A pane will open where you can enter the details for the syslog service.
+
+ ![Enter syslog service details](../../media/defender-identity/syslog-sensor.png)
+
+1. Enter the following details:
+
+ - **Sensor** - From the drop-down list, choose the sensor that will send the alerts.
+ - **Service endpoint** and **Port** - Enter the IP address or fully qualified domain name (ΓÇïFQDN) for the syslog server and specify the port number.
+ - **Transport** - Select the **Transport** protocol (TCP or UDP).
+ - **Format** - Select the format (RFC 3164 or RFC 5424).
+
+1. Select **Send test SIEM notification** and then verify the message is received in your Syslog infrastructure solution.
+
+1. Select **Save**.
+
+1. Once you've configured the **Syslog service**, you can choose which types of notifications (alerts or health issues) to send to your Syslog server.
+
+ ![Syslog service configured](../../media/defender-identity/syslog-configured.png)
+
+## See also
+
+- [Manage Defender for Identity security alerts](manage-security-alerts.md)
security Sensor Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/sensor-health.md
+
+ Title: Microsoft Defender for Identity sensor health and settings in Microsoft 365 Defender
+description: Learn how to configure Microsoft Defender for Identity sensors and monitor their health in Microsoft 365 Defender
Last updated : 06/07/2021+++++++
+# Microsoft Defender for Identity sensor health and settings in Microsoft 365 Defender
+
+**Applies to:**
+
+- Microsoft 365 Defender
+- Defender for Identity
+
+This article explains how to configure and monitor [Microsoft Defender for Identity](/defender-for-identity) sensors in [Microsoft 365 Defender](/microsoft-365/security/defender/overview-security-center).
+
+>[!IMPORTANT]
+>As part of the convergence with Microsoft 365 Defender, some options and details have changed from their location in the Defender for Identity portal. Please read the details below to discover where to find both the familiar and new features.
+
+## View Defender for Identity sensor settings and status
+
+1. In [Microsoft 365 Defender](https://security.microsoft.com/), go to **Settings** and then **Identities**.
+
+ ![Go to Settings, then Identities](../../media/defender-identity/settings-identities.png)
+
+1. Select the **Sensors** page, which displays all of your Defender for Identity sensors. For each sensor, you'll see its name, its domain membership, the version number, if updates should be delayed, the service status, update status, health status, the number of health issues, and when the sensor was created.
+
+ [![Sensor page](../../media/defender-identity/sensor-page.png)](../../media/defender-identity/sensor-page.png#lightbox)
+
+ >[!NOTE]
+ >In the Defender for Identity portal, the sensor settings and health information were in separate locations. Note that in Microsoft 365 Defender they're now on the same page.
+
+1. If you select **Filters**, you can choose which filters will be available. Then with each filter, you can choose which sensors to display.
+
+ [![Sensor filters](../../media/defender-identity/sensor-filters.png)](../../media/defender-identity/sensor-filters.png#lightbox)
+
+ ![Filtered sensor](../../media/defender-identity/filtered-sensor.png)
+
+1. If you select one of the sensors, a pane will display with information about the sensor and its health status.
+
+ [![Sensor details](../../media/defender-identity/sensor-details.png)](../../media/defender-identity/sensor-details.png#lightbox)
+
+1. If you select any of the health issues, you'll get a pane with more details about them. If you choose a closed issue, you can reopen it from here.
+
+ ![Issue details](../../media/defender-identity/issue-details.png)
+
+1. If you select **Manage sensor**, a pane will open where you can configure the sensor details.
+
+ ![Manage sensor](../../media/defender-identity/manage-sensor.png)
+
+ ![Configure sensor details](../../media/defender-identity/configure-sensor-details.png)
+
+1. In the **Sensors** page, you can export your list of sensors to a .csv file by selecting **Export**.
+
+ ![Export list of sensors](../../media/defender-identity/export-sensors.png)
+
+## Add a sensor
+
+From the **Sensors** page, you can add a new sensor.
+
+1. Select **Add sensor**.
+
+ ![Add sensor](../../media/defender-identity/add-sensor.png)
+
+1. A pane will open, providing you with a button to download the sensor installer and a generated access key.
+
+ ![Download installer and access key](../../media/defender-identity/installer-access-key.png)
+
+1. Select **Download installer** to save the package locally. The zip file includes the following files:
+
+ - The Defender for Identity sensor installer
+
+ - The configuration setting file with the required information to connect to the Defender for Identity cloud service
+
+1. Copy the **Access key**. The access key is required for the Defender for Identity sensor to connect to your Defender for Identity instance. The access key is a one-time-password for sensor deployment, after which all communication is performed using certificates for authentication and TLS encryption. Use the **Regenerate key** button if you ever need to regenerate the new access key. It won't affect any previously deployed sensors, because it's only used for initial registration of the sensor.
+
+1. Copy the package to the dedicated server or domain controller onto which you're installing the Defender for Identity sensor.
+
+## Configure Directory Services account
+
+To connect the sensor with your Active Directory domains, you'll need to configure Directory Services accounts.
+
+1. In [Microsoft 365 Defender](https://security.microsoft.com/), go to **Settings** and then **Identities**.
+
+ ![Go to Settings, then Identities](../../media/defender-identity/settings-identities.png)
+
+1. Select **Directory Service accounts**. You'll see which accounts are associated with which domains.
+
+ ![Directory Service accounts](../../media/defender-identity/directory-service-accounts.png)
+
+1. If you select an account, a pane will open with the settings for that account.
+
+ ![Account settings](../../media/defender-identity/account-settings.png)
+
+1. To add a new Directory Services account, select **Create new account** and fill in the **Account name**, **Domain**, and **Password**. You can also choose if it's a **Group managed service account** (gMSA), and if it belongs to a **Single label domain**.
+
+ ![New Directory Service account](../../media/defender-identity/new-directory-service-account.png)
+
+1. Select **Save**.
+
+## See also
+
+- [Manage Defender for Identity security alerts](manage-security-alerts.md)
security Vpn Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/vpn-integration.md
+
+ Title: Microsoft Defender for Identity VPN integration in Microsoft 365 Defender
+description: Learn how to collect accounting information by integrating a VPN for Microsoft Defender for Identity in Microsoft 365 Defender
Last updated : 06/07/2021+++++++
+# Defender for Identity VPN integration in Microsoft 365 Defender
+
+**Applies to:**
+
+- Microsoft 365 Defender
+- Defender for Identity
+
+This article explains how to integrate a VPN with [Microsoft Defender for Identity](/defender-for-identity) in [Microsoft 365 Defender](/microsoft-365/security/defender/overview-security-center).
+
+>[!IMPORTANT]
+>As part of the convergence with Microsoft 365 Defender, some options and details have changed from their location in the Defender for Identity portal. Please read the details below to discover where to find both the familiar and new features.
+++
+- Microsoft
+- F5
+- Check Point
+- Cisco ASA
+
+## Prerequisites
+
+To enable VPN integration, make sure you set the following parameters:
+
+- Open port UDP 1813 on your [!INCLUDE [Product short](includes/product-short.md)] sensors and/or [!INCLUDE [Product short](includes/product-short.md)] standalone sensors.
+
+> [!NOTE]
+>
+> - By enabling **Radius Accounting**, the [!INCLUDE [Product short](includes/product-short.md)] sensor will enable a pre-provisioned Windows firewall policy called **[!INCLUDE [Product long](includes/product-long.md)] Sensor** to allow incoming RADIUS Accounting on port UDP 1813.
+> - VPN integration is not supported in environments adhering to Federal Information Processing Standards (FIPS)
+
+The example below uses Microsoft Routing and Remote Access Server (RRAS) to describe the VPN configuration process.
+
+If you're using a third-party VPN solution, consult their documentation for instructions on how to enable RADIUS Accounting.
+
+## Configure RADIUS Accounting on the VPN system
+
+Perform the following steps on your RRAS server.
+
+1. Open the **Routing and Remote Access** console.
+1. Right-click the server name and select **Properties**.
+1. In the **Security** tab, under **Accounting provider**, select **RADIUS Accounting** and select **Configure**.
+
+ ![RADIUS setup](../../media/defender-identity/radius-setup.png)
+
+1. In the **Add RADIUS Server** window, type the **Server name** of the closest [!INCLUDE [Product short](includes/product-short.md)] sensor (which has network connectivity). For high availability, you can add additional [!INCLUDE [Product short](includes/product-short.md)] sensors as RADIUS Servers. Under **Port**, make sure the default of 1813 is configured. Select **Change** and type a new shared secret string of alphanumeric characters. Take note of the new shared secret string as you'll need to fill it out later during [!INCLUDE [Product short](includes/product-short.md)] Configuration. Check the **Send RADIUS Account On and Accounting Off messages** box and select **OK** on all open dialog boxes.
+
+ ![VPN setup](../../media/defender-identity/vpn-set-accounting.png)
+
+## Configure VPN in Defender for Identity
++
+To configure VPN data in [!INCLUDE [Product short](includes/product-short.md)] in Microsoft 365 Defender:
+
+1. In [Microsoft 365 Defender](https://security.microsoft.com/), go to **Settings** and then **Identities**.
+
+ ![Go to Settings, then Identities](../../media/defender-identity/settings-identities.png)
+
+1. Select **VPN**.
+1. Select **Enable radius accounting**, and type the **Shared Secret** you configured previously on your RRAS VPN Server. Then select **Save**.
+
+ ![VPN integration](../../media/defender-identity/vpn-integration.png)
+
+After this is enabled, all Defender for Identity sensors will listen on port 1813 for RADIUS accounting events, and your VPN setup is complete.
+
+After the Defender for Identity sensor receives the VPN events and sends them to the Defender for Identity cloud service for processing, the entity profile will indicate distinct accessed VPN locations and activities in the profile will indicate locations.
+
+## See also
+
+- [Investigate alerts in Microsoft 365 Defender](../defender/investigate-alerts.md)
security Eval Defender Investigate Respond Additional https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-investigate-respond-additional.md
Once you have performed an [incident response for a simulated attack](eval-defen
| [Manage incidents](#manage-incidents) | Modify incident properties to ensure correct assignment, add tags and comments, and to resolve an incident. | | [Automated investigation and response](#examine-automated-investigation-and-response-with-the-action-center) | Automated investigation and response (AIR) capabilities that can help your security operations team address threats more efficiently and effectively. The Action center is a "single pane of glass" experience for incident and alert tasks such as approving pending remediation actions. | | [Advanced hunting](#advanced-hunting) | A query-based threat-hunting tool that lets you proactively inspect events in your network and locate threat indicators and entities. You also use advanced hunting during the investigation and remediation of an incident. |
-||||
+ ## Prioritize incidents
For more information, see [Automated investigation and response](m365d-autoir.md
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Bp7O]
-If the [optional fileless PowerShell attack simulation](eval-defender-investigate-respond-simulate-attack.md#simulate-an-attack-with-an-isolated-domain-controller-and-client-device-optional) were a real attack that had already reached the credential access stage, you can use advanced hunting at any point in the investigation to proactively search through events and records in the network using what you already know from the generated alerts and affected entities. For instance, you can query for any connections to the external IP address in the past 30 days.
+If the [optional fileless PowerShell attack simulation](eval-defender-investigate-respond-simulate-attack.md#simulate-an-attack-with-an-isolated-domain-controller-and-client-device-optional) were a real attack that had already reached the credential access stage, you can use advanced hunting at any point in the investigation to proactively search through events and records in the network using what you already know from the generated alerts and affected entities.
+
+For instance, based on information in the [User and IP address reconnaissance (SMB)](eval-defender-investigate-respond-simulate-attack.md#alert-user-and-ip-address-reconnaissance-smb-source-microsoft-defender-for-identity) alert, you can use the `IdentityDirectoryEvents` table to find all the SMB session enumeration events, or find more discovery activities in various other protocols in Microsoft Defender for Identity data using the `IdentityQueryEvents` table.
+ ### Hunting environment requirements
security Microsoft 365 Security Mdo Redirection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-mdo-redirection.md
To revert to the former portal:
1. [Sign in](https://security.microsoft.com/) to Microsoft 365 Defender as a global administrator or using and account with security administrator permissions in Azure Active directory.
-2. Navigate to **Settings** > **Email & collaboration** > **Portal redirection**.
+2. Navigate to **Settings** > **Email & collaboration** > **Portal redirection**.
3. Toggle the Automatic redirection setting to **Off**.
To revert to the former portal:
This setting can be enabled again at any time.
-Once disabled, accounts will no longer be routed to security.microsoft.com, and you will once again have access to the former portalΓÇösecuritycenter.windows.com or securitycenter.microsoft.com.
- ## Related information - [Microsoft 365 Defender overview](overview-security-center.md) - [Microsoft Defender for Endpoint in Microsoft 365 Defender](microsoft-365-security-center-mde.md)
security Microsoft Secure Score Whats Coming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-coming.md
We're making some changes in the near future to make [Microsoft Secure Score](mi
- Require lobbies to be set up for Teams meetings. - Configure which users are allowed to be present in Teams meetings.
-#### Add improvement action related to Microsoft Defender for Endpoint
-- Fix Microsoft Defender for Endpoint sensor data collection for macOS-- Fix Microsoft Defender for Endpoint impaired communications for macOS-- Set minimum password length to 15 or more characters in macOS-- Set 'Enforce password history' to '24 or more password(s)' in macOS-- Set 'Maximum password age' to '90 or fewer days, but not 0' in macOS-- Set account lockout threshold to 5 or lower in macOS-- Turn on Firewall on macOS-- Enable Gatekeeper-- Enable System Integrity Protection (SIP)-- Enable FileVault Disk Encryption-- Set screen to lock when screensaver starts in macOS-- Ensure screensaver is set to start in 20 minutes or less in macOS-- Secure Home Folders-- Turn on Microsoft Defender Antivirus real-time protection for macOS-- Turn on Microsoft Defender Antivirus PUA protection in block mode for macOS-- Enable Microsoft Defender Antivirus cloud-delivered protection for macOS-- Update Microsoft Defender Antivirus definitions for macOS-- Fix Microsoft Defender for Endpoint sensor data collection for Linux-- Fix Microsoft Defender for Endpoint impaired communications for Linux-- Unrestricted Access Accounts-- Turn on Microsoft Defender Antivirus real-time protection for Linux-- Turn on Microsoft Defender Antivirus PUA protection in block mode for Linux-- Enable Microsoft Defender Antivirus cloud-delivered protection for Linux-- Update Microsoft Defender Antivirus definitions for Linux-- ## Related resources
security Microsoft Secure Score Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-new.md
To make Microsoft Secure Score a better representative of your security posture,
Microsoft Secure Score can be found at https://security.microsoft.com/securescore in the [Microsoft 365 security center](overview-security-center.md).
+## July 2021
+
+### Added improvement action related to Microsoft Defender for Endpoint
+- Fix Microsoft Defender for Endpoint sensor data collection for macOS
+- Fix Microsoft Defender for Endpoint impaired communications for macOS
+- Set minimum password length to 15 or more characters in macOS
+- Set 'Enforce password history' to '24 or more password(s)' in macOS
+- Set 'Maximum password age' to '90 or fewer days, but not 0' in macOS
+- Set account lockout threshold to 5 or lower in macOS
+- Turn on Firewall on macOS
+- Enable Gatekeeper
+- Enable System Integrity Protection (SIP)
+- Enable FileVault Disk Encryption
+- Set screen to lock when screensaver starts in macOS
+- Ensure screensaver is set to start in 20 minutes or less in macOS
+- Secure Home Folders
+- Turn on Microsoft Defender Antivirus real-time protection for macOS
+- Turn on Microsoft Defender Antivirus PUA protection in block mode for macOS
+- Enable Microsoft Defender Antivirus cloud-delivered protection for macOS
+- Update Microsoft Defender Antivirus definitions for macOS
+- Fix Microsoft Defender for Endpoint sensor data collection for Linux
+- Fix Microsoft Defender for Endpoint impaired communications for Linux
+- Unrestricted Access Accounts
+- Turn on Microsoft Defender Antivirus real-time protection for Linux
+- Turn on Microsoft Defender Antivirus PUA protection in block mode for Linux
+- Enable Microsoft Defender Antivirus cloud-delivered protection for Linux
+- Update Microsoft Defender Antivirus definitions for Linux
+ ## June 2021
-### Remove improvement action related to Microsoft Cloud App Security
+### Removed improvement action related to Microsoft Cloud App Security
- Use Cloud App Security to detect anomalous behavior.
The ability to create ServiceNow tickets through Secure Score by going to **Shar
## October 2020
-### Remove improvement action related to Microsoft Defender for Endpoint
+### Removed improvement action related to Microsoft Defender for Endpoint
- Set Microsoft Defender SmartScreen Windows Store app web content checking to warn
security Learn About Spoof Intelligence https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/learn-about-spoof-intelligence.md
When you select an entry from the list, a details flyout appears that contains t
- What you need to do. - A domain summary that includes most of the same information from the main spoof intelligence page. - WhoIs data about the sender.-- A link to open [Threat Explorer](threat-explorer.md) to see additional details about the sender (Microsoft Defender for Office 365).
+- A link to open [Threat Explorer](threat-explorer.md) to see additional details about the sender under **View** \> **Phish** in Microsoft Defender for Office 365.
- Similar messages we have seen in your tenant from the same sender. ### About allowed spoofed senders