|Category||Microsoft Docs article||Related commit history on GitHub||Change details|
|compliance||Apply Irm To A List Or Library||https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-irm-to-a-list-or-library.md||
You can use Information Rights Management (IRM) to help control and protect file|Select this option if you want to restrict access to content to a specified period of time. If you select this option, people's issuance licenses to access the content will expire after the specified number of days, and people will be required to return to the server to verify their credentials and download a new copy.|Select the **After download, document access rights will expire after these number of days (1-365)** check box, and then specify the number of days for which you want the document to be viewable.| | Prevent people from uploading documents that do not support IRM to this list or library. If you select this option, people will not be able to upload any of the following file types: File types that do not have corresponding IRM protectors installed on all of the front-end web servers. File types that SharePoint Server 2010 cannot decrypt. File types that are IRM protected in another program.|Select the **Do not allow users to upload documents that do not support IRM** check box.| |Remove restricted permissions from this list or library on a specific date.|Select the **Stop restricting access to the library at** check box, and then select the date that you want.|
-|Control the interval that credentials are cached for the program that is licensed to open the document.|Select the **Users must verify their credentials using this interval (days)** check box, then enter the interval for caching credentials in number of days.|
+|Control the interval that Azure RMS credentials are cached for the program that is licensed to open the document.|Select the **Users must verify their credentials using this interval (days)** check box, then enter the interval for caching credentials in number of days.||Allow group protection so that users can share with members of the same group.|Select **Allow group protection**, and enter the group's name for sharing.| 8. After you finish selecting the options you want, select **OK**.
|compliance||Set Up New Message Encryption Capabilities||https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-new-message-encryption-capabilities.md||
You can verify that your Microsoft 365 tenant is properly configured to use Micr- The default template names may be different from those displayed above. See [Configuring and managing templates for Azure Information Protection](/azure/information-protection/configure-policy-templates) for more.
-4. If the test fails with an error message **Failed to acquire RMS templates**, execute the following commands and run the Test-IRMConfiguration cmdlet to verify that it passes.
+4. If the test fails with an error message **Failed to acquire RMS templates**, execute the following commands and run the Test-IRMConfiguration cmdlet to verify that it passes. Connect to the [AIPService module](/powershell/module/aipservice/?view=azureipps) to run the cmdlet.```powershell
- $RMSConfig = Get-AadrmConfiguration
+ $RMSConfig = Get-AipServiceConfiguration$LicenseUri = $RMSConfig.LicensingIntranetDistributionPointUrl Set-IRMConfiguration -LicensingLocation $LicenseUri Set-IRMConfiguration -InternalLicensingEnabled $true
Logo |Partner name | Description![Image of Accenture logo.](images/accenture-logo.png)|[Accenture Managed Detection & Response (MDR)](https://go.microsoft.com/fwlink/?linkid=2164353) | Manage, maintain, and enhance global cybersecurity operations with extended capabilities that detect, proactively hunt for and respond to advanced cyber-attacks across both IT and OT environments located in the cloud and on-premise. ![Image of Aujas logo.](images/aujas-logo.png) | [Aujas managed MDE Service](https://go.microsoft.com/fwlink/?linkid=2162429) | Aujas cybersecurity provides 24*7 managed security services across the entire enterprise spectrum, using Microsoft Defender for Endpoint through its Cyber Defense Centers. ![Image of BDO Digital logo.](images/bdo-logo.png)| [BDO Digital](/openspecs/ie_standards/ms-html401/ad459f6f-5219-4f68-829c-a58f7397a11f) | BDO Digital's Managed Defense uses best practice tools, AI, and in-house security experts for 24/7/365 identity protection
-![Image of BlueVoyant logo.](images/bluevoyant-logo.png)| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR for Microsoft Defender for Endpoint provides support in monitoring, investigating, and mitigating advanced attacks on endpoints
+![Image of BlueVoyant logo.](images/bluevoyant-logo.png)| [BlueVoyant](https://go.microsoft.com/fwlink/?linkid=2121401) | MDR services that deliver comprehensive threat data analytics and advanced technology solutions with 24x7 remote monitoring and XDR incident remediation in your environment.:::image type="content" source="images/bt-logo.png" alt-text="!Image of BT logo.":::|[Managed Endpoint Microsoft from BT](https://www.globalservices.bt.com/en/solutions/solution/endpoint-security-and-protection-solutions)| We have been defending ourselves for many years, this expertise has allowed us to develop unique tradecraft which we use to protect Microsoft customers. We'll provide 24x7x365 monitoring of your Microsoft Defender for Endpoint estate in our global security operation centers. ![Image of Cloud Defender for Cloud logo.](images/cloudsecuritycenter-logo.png)| [Cloud Defender for Cloud](https://go.microsoft.com/fwlink/?linkid=2099315) | InSpark's Cloud Defender for Cloud is a 24x7 managed service that delivers protect, detect & respond capabilities ![Image of Cloud SOC logo.](images/cloudsoc-logo.png)| [Cloud SOC](https://go.microsoft.com/fwlink/?linkid=2104265) | Cloud SOC provides 24/7 security monitoring services based on Microsoft cloud and helps you to continuously improve your security posture
For more details on how to get started, visit the Defender for Endpoint on macOS> [!NOTE] > The following capabilities are not currently supported on macOS endpoints: >
-> - Data loss prevention> - Security Management for Microsoft Defender for Endpoint ## Microsoft Defender for Endpoint on Linux
Deploying Microsoft Defender for Endpoint is a two-step process.:::image type="content" source="images/deployment-steps.png" alt-text="The onboarding and configuration process" lightbox="images/deployment-steps.png":::
+## Role-based access control+
+We recommend using Privileged Identity Management to manage your roles to provide additional auditing, control, and access review for users with directory permissions.+
+Defender for Endpoint supports two ways to manage permissions:+
+- **Basic permissions management**: Sets permissions to either full access or read-only. Users with global administrator or security administrator roles in Azure Active Directory (Azure AD) have full access. The security reader role has read-only access and does not grant access to view machines/device inventory.+
+- **Role-based access control (RBAC)**: Sets granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to device groups. For more information. see [Manage portal access using role-based access control](rbac.md).+
+We recommend leveraging RBAC to ensure that only users that have a business justification can access Defender for Endpoint.+ ## Onboard devices to the service You'll need to go the onboarding section of the Defender for Endpoint portal to onboard any of the supported devices. Depending on the device, you'll be guided with appropriate steps and provided management and deployment tool options suitable for the device.