| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| admin | Remove Former Employee Step 5 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-5.md | To preserve a former user's OneDrive files, first give yourself access to their You can also grant access to another user to access a former employee's OneDrive. -1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">admin center</a> as a global admin or SharePoint admin. +1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">admin center</a> as a SharePoint admin. If you get a message that you don't have permission to access the admin center, then you don't have administrator permissions in your organization. You can also grant access to another user to access a former employee's OneDrive You can give yourself access to the content in a user's OneDrive, but you may want to remove your access when you no longer need it. -1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">admin center</a> as a global admin or SharePoint admin. +1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">admin center</a> as a SharePoint admin. If you get a message that you don't have permission to access the admin center, then you don't have administrator permissions in your organization. |
| admin | Create An Apns Certificate For Ios Devices | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-an-apns-certificate-for-ios-devices.md | description: "To manage iOS devices such as iPads and iPhones in Basic Mobility To manage iOS devices like iPad and iPhones, you need to create an Apple Push Notification service (APNs) certificate. -1. Sign in to Microsoft Azure with your global admin account. +1. Sign in to Microsoft Azure with your Intune administrator account. 1. Go to [Configure MDM Push Certificate](https://portal.azure.com/#view/Microsoft_Intune_Enrollment/APNSCertificateUploadBlade). To manage iOS devices like iPad and iPhones, you need to create an Apple Push No 1. Select **Create your MDM push certificate** to open the Apple Push Certificates Portal. a. Sign in with an Apple ID.- + > [!IMPORTANT] > Use a company Apple ID associated with an email account that will remain with your organization even if the user who manages the account leaves. Save this ID because you'll need to use the same ID when it's time to renew the certificate. b. Select **Create a Certificate** and accept the **Terms of Use**.- + c. Browse to the certificate signing request that you downloaded to your computer from Microsoft 365 and then select **Upload**.- + d. Download the APNs certificate created by the Apple Push Certificate Portal to your computer.- + > [!TIP] > If you're having trouble downloading the certificate, refresh your browser. |
| admin | Create Device Security Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-device-security-policies.md | You can use Basic Mobility and Security to create device policies that help prot - Learn about the devices, mobile device apps, and security settings that Basic Mobility and Security supports. See [Capabilities of Basic Mobility and Security](capabilities.md). - Create security groups that include Microsoft 365 users that you want to deploy policies to and for users that you might want to exclude from being blocked access to Microsoft 365. We recommend that before you deploy a new policy to your organization, you test the policy by deploying it to a small number of users. You can create and use a security group that includes just yourself or a small number Microsoft 365 users that can test the policy for you. To learn more about security groups, see [Create, edit, or delete a security group](../email/create-edit-or-delete-a-security-group.md).-- To create and deploy Basic Mobility and Security policies in Microsoft 365, you need to be a Microsoft 365 global admin. For more info, see [Roles and role groups in Microsoft Defender and Microsoft Purview compliance](../../security/office-365-security/scc-permissions.md).+- To create and deploy Basic Mobility and Security policies in Microsoft 365, you need to be a Compliance administrator. For more info, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference). - Before you deploy policies, let your organization know the potential impacts of enrolling a device in Basic Mobility and Security. Depending on how you set up the policies, noncompliant devices can be blocked from accessing Microsoft 365 and data, including installed applications, photos, and personal information on an enrolled device, and data can be deleted. > [!NOTE] |
| admin | Manage Device Access Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-device-access-settings.md | If you're using Basic Mobility and Security, there might be devices that you can Use these steps: -1. Sign in to Microsoft 365 with your global admin account. +1. Sign in to Microsoft 365 with a [Compliance administrator](/entra/identity/role-based-access-control/permissions-reference) account. 2. In your browser, type: <https://compliance.microsoft.com/basicmobilityandsecurity>. |
| admin | Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/overview.md | To see what Basic Mobility and Security supports for each type of device, see [C ## Setup steps for Basic Mobility and Security -A Microsoft 365 global admin must complete the following steps to activate and set up Basic Mobility and Security. For detailed steps, follow the guidance in [Set up Basic Mobility and Security](set-up.md). +A [Directory Writers](/entr). Here's a summary of the steps: |
| admin | Set Up | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/set-up.md | Check out all of our small business content on [Small business help & learning]( The built-in Basic Mobility and Security for Microsoft 365 helps you secure and manage users' mobile devices such as iPhones, iPads, Androids, and Windows phones. You can create and manage device security policies, remotely wipe a device, and view detailed device reports. -Have questions? For a FAQ to help address common questions, see [Basic Mobility and Security Frequently asked questions (FAQs)](frequently-asked-questions.yml). Be aware that you cannot use a delegated administrator account to manage Basic Mobility and Security. For more info, see [Partners: Offer delegated administration](https://support.microsoft.com/office/partners-offer-delegated-administration-26530dc0-ebba-415b-86b1-b55bc06b073e). +Have questions? For a FAQ to help address common questions, see [Basic Mobility and Security Frequently asked questions (FAQs)](frequently-asked-questions.yml). Be aware that you cannot use a delegated administrator account to manage Basic Mobility and Security. For more info, see [Partners: Offer delegated administration](https://support.microsoft.com/office/partners-offer-delegated-administration-26530dc0-ebba-415b-86b1-b55bc06b073e). ## Activate the Basic Mobility and Security service -1. Sign in to Microsoft 365 with your global admin account. +1. Sign in to Microsoft 365 with a [Directory writers](/entra/identity/role-based-access-control/permissions-reference) admin account. -1. Go to [Activate Basic Mobility and Security](https://compliance.microsoft.com/basicmobilityandsecurity). +1. Go to [Activate Basic Mobility and Security](https://compliance.microsoft.com/basicmobilityandsecurity). 1. Select **Enable feature.** - It can take some time to activate Basic Mobility and Security. If the feature is already activated, the **Enable feature** option will not appear. - + It can take some time to activate Basic Mobility and Security. If the feature is already activated, the **Enable feature** option will not appear. + ## Set up Mobile Device Management When the service is ready, complete the following steps to finish setup. After you add the two CNAME records, go back to the Security & Compliance Center To manage iOS devices like iPad and iPhones, you need to create an Apple Push Notification service (APNs) certificate. -1. Sign in to Microsoft Azure with your global admin account. +1. Sign in to Microsoft Azure with a [Directory writers](/entra/identity/role-based-access-control/permissions-reference) admin account. 1. Go to [Configure MDM Push Certificate](https://portal.azure.com/#view/Microsoft_Intune_Enrollment/APNSCertificateUploadBlade). |
| admin | Set Password Expiration Policy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md | Follow the steps below if you want to set user passwords to expire after a speci 1. In the Microsoft 365 admin center, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Org Settings** page</a>. - If you aren't a global admin or security admin, you won't see this page. + If you aren't a security admin, you won't see this page. 2. In the **Security and Privacy** tab, on the **Password expiration policy** page, uncheck the box to change the password policy. |
| admin | Use Qr Code Download Outlook | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/use-qr-code-download-outlook.md | description: "Learn how to use a QR code to authenticate and download Outlook mo # Use a QR code to sign-in to the Outlook mobile apps > [!IMPORTANT]-> As of August 2021, this experience has been put on _hold_ indefinitely for commercial and enterprise users due to organizations' lack of control over them. The work involved in providing these controls is extensive and the Identity team continues to work on them. We rolled back this feature for commercial and enterprise users since we wanted to provide more security and customization for all the different cases they managed. +> As of August 2024, this feature will turned back on for Enterprise users. For more details on the settings and controls for this feature see, [Conditional Access: Authentication flows (Preview)](/entra/identity/conditional-access/concept-authentication-flows). -As the Microsoft 365 administrator, you can enable your users to sign in to Outlook for Android or iOS app on their mobile devices without having to enter their username and password. By scanning a QR code, users can securely authenticate and sign in to Outlook mobile. +As the Microsoft 365 administrator, you can allow your users to sign in to the Outlook for Android or iOS app on their mobile devices without having to enter their username and password. By scanning a QR code, users can securely authenticate and sign in to Outlook mobile. -In Outlook on the web or other desktop Outlook applications, users may see notifications informing them that they can use Outlook on their mobile device. The administrator can manage these notifications by using Exchange PowerShell. If users choose to send themselves an SMS text message to download the app on their mobile device, a QR code appears on their computer. They'll be able to scan the QR code to log into Outlook on their phone or tablet. This QR code is a short lived token that can only be redeemed once. --The notification is only generated if the following conditions are met: --1. The QR code experience is enabled for the tenant (this experience is enabled by default). --2. The user isn't already using Outlook for iOS and Android. --3. The user has an empty state at reading pane (doesn't select the option of auto opening the first email). --4. The user didn't dismiss the notification. +In Outlook on the web or Outlook desktop app, users now have a button labeled Outlook mobile. Once a user selects the button, a QR code will appear. Users then can scan QR code with their Outlook mobile app to sign in. Outlook will use their identity from Azure Active Directory to securely log them into the app on their mobile device. The QR code is a temporary token that can only be used once per session. > [!NOTE] > In some cases, your users must re-authenticate on their computer to generate the QR code. -## Use Exchange PowerShell +## Use Exchange PowerShell to turn of QR code sign in -This feature is on by default. To disable this feature, use the following steps. +This feature is on by default but you can turn it off by setting the Set-OWAMailboxPolicy command, **AccountTransferEnabled** to false. Users that have already used this feature won’t be signed out. 1. [Connect to Exchange PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). -2. Using PowerShell, you can disable the notifications informing your users about the Outlook mobile apps. This also prevents the QR code sign-in flow from being shown. +2. Using PowerShell, you can disable the button from being shown to your users and prevent the QR code sign-in flow from being used. ```powershell- Set-OrganizationConfig -MobileAppEducationEnabled <Boolean> + Set-OwaMailboxPolicy --Identity EMEA\Contoso\Corporate -AccountTransferEnabled $false ``` > [!NOTE] This feature is on by default. To disable this feature, use the following steps. ## Related content [Set up the Standard or Targeted release options](release-options-in-office-365.md) (article)\-[Set-OrganizationConfig](/powershell/module/exchange/set-organizationconfig) (article) +[Set-OwaMailboxPolicy](/powershell/module/exchange/set-owamailboxpolicy) (article) +[Conditional Access: Authentication flows (Preview)](/entra/identity/conditional-access/concept-authentication-flows) |
| enterprise | Advanced Data Residency | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/advanced-data-residency.md | The "Data location" section in the Microsoft 365 admin center (referenced in the Microsoft adheres to the [Microsoft Online Services Service Level Agreement (SLA)](https://go.microsoft.com/fwlink/p/?LinkId=523897) for service availability and uses reasonable efforts to complete an Advanced Data Residency add-on customer data migration within 12 months from the time the customer administrator selects the option to initiate migration. However, large, complex customers, and situations outside of Microsoft's control, may require more time for migration to complete. -Data moves are a back-end service operation with minimal impact to a customer's operations. For information related to specific workloads, customer administrators can refer to the ΓÇ£MigrationΓÇ¥ sections in the following Workload Data Residency Capabilities pages: [Exchange Online](m365-dr-workload-exo.md#migration), [SharePoint and OneDrive](m365-dr-workload-spo.md#migration-with-advanced-data-residency), [Microsoft Teams](m365-dr-workload-teams.md#migration), [Microsoft Copilot for Microsoft 365](m365-dr-workload-copilot.md#migration), [Microsoft Defender for Office P1](m365-dr-workload-mdo-p1.md#migration), [Office for the Web](m365-dr-workload-office-for-web.md#migration), [Viva Connections](m365-dr-workload-viva-connections.md#migration), [Viva Topics](m365-dr-workload-viva-topics.md#migration), [Microsoft Purview](m365-dr-workload-purview.md#migration), and [Other Services](m365-dr-workload-other.md). +Data moves are a back-end service operation with minimal impact to a customer's operations. For information related to specific workloads, customer administrators can refer to the ΓÇ£MigrationΓÇ¥ sections in the following Workload Data Residency Capabilities pages: [Exchange Online](m365-dr-workload-exo.md#migration), [SharePoint and OneDrive](m365-dr-workload-spo.md#migration-with-advanced-data-residency), [Microsoft Teams](m365-dr-workload-teams.md#migration), [Microsoft Copilot for Microsoft 365](m365-dr-workload-copilot.md#migration-and-user-experience), [Microsoft Defender for Office P1](m365-dr-workload-mdo-p1.md#migration), [Office for the Web](m365-dr-workload-office-for-web.md#migration), [Viva Connections](m365-dr-workload-viva-connections.md#migration), [Viva Topics](m365-dr-workload-viva-topics.md#migration), [Microsoft Purview](m365-dr-workload-purview.md#migration), and [Other Services](m365-dr-workload-other.md). ### During and After your Migration |
| enterprise | M365 Dr Workload Copilot | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/m365-dr-workload-copilot.md | Two people are working together on a Microsoft Word document. User A authored th **Teams Meeting Experience** Microsoft Teams meeting recording video location is determined by the user PDL that starts the recording, or when meetings have an automatic recording policy, the location is determined from the first person joining the meeting. When users in other regions interact with Microsoft Copilot for Microsoft 365 in Teams, those user prompts and corresponding responses are stored in the location of the user that asks the Microsoft Copilot for Microsoft 365 questions. -### Migration +### Migration and User Experience -Microsoft Copilot for Microsoft 365 is part of the Microsoft 365 Advanced Data Residency migration. You can learn more at [ADR Migration](advanced-data-residency.md#data-migration-management) +When a user interacts with Microsoft Copilot for Microsoft 365 (using apps such as Word, PowerPoint, Excel, OneNote, Loop, or Whiteboard), we store data about these interactions. The stored data includes the user's prompt and Copilot's response, including citations to any information used to ground Copilot's response. We refer to the userΓÇÖs prompt and CopilotΓÇÖs response to that prompt as the ΓÇ£content of interactionsΓÇ¥ and the record of those interactions is the userΓÇÖs Copilot interaction history. For example, this stored data provides users with Copilot interaction history in [Microsoft Copilot with Graph-grounded chat](https://support.microsoft.com/topic/get-started-with-copilot-for-microsoft-365-5b00a52d-7296-48ee-b938-b95b7209f737) and [meetings in Microsoft Teams](https://support.microsoft.com/office/get-started-with-copilot-in-microsoft-teams-meetings-0bf9dd3c-96f7-44e2-8bb8-790bedf066b1). This data is processed and stored in alignment with contractual commitments with your organizationΓÇÖs other content in Microsoft 365, such as [Advanced data residency in Microsoft 365](advanced-data-residency.md). ++When a customer elects [Advanced data residency in Microsoft 365](advanced-data-residency.md), they are subject to [ADR Migration](advanced-data-residency.md#data-migration-management). For detailed information regarding customer impact during the migration, please refer to [Data Residency for Microsoft Teams](m365-dr-workload-teams.md#user-experience). ### How can I determine customer data location? |
| syntex | Esignature Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/esignature-overview.md | SharePoint eSignature will be available worldwide by the end of 2025. ### Legal considerations -SharePoint eSignature uses simple electronic signatures as defined under applicable law including, but not limited, to the Regulation (EU) No 910/2014 (the eIDASRegulation). Determine whether this is appropriate for your needs and then read the [SharePoint eSignature terms of service](/legal/microsoft-365/esignature-terms-of-service). +SharePoint eSignature uses simple electronic signatures as defined under applicable law including, but not limited, to the Regulation (EU) No 910/2014 (the eIDAS Regulation). Determine whether this is appropriate for your needs and then read the [SharePoint eSignature terms of service](/legal/microsoft-365/esignature-terms-of-service). ### Licensing |