Updates from: 07/31/2021 03:13:51
Category Microsoft Docs article Related commit history on GitHub Change details
compliance Compliance Manager Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-setup.md
To set permissions and assign roles in the Microsoft 365 compliance center, foll
8. When youΓÇÖre done assigning users, select **Done**, then select **Save**, then **Close**.
-If you need to access the classic version of Compliance Manager in the Microsoft Service Trust Portal, the Admin settings in the Service Trust Portal provides another way to assign roles ([view instructions](meet-data-protection-and-regulatory-reqs-using-microsoft-cloud.md#assigning-compliance-manager-roles-to-users)). Be aware that such roles are more limited in their functionality.
-
-##### More about Azure AD
+#### More about Azure AD
To assign roles and set permissions in Azure AD, see [Assign administrator and non-administrator roles to users with Azure Active Directory](/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal).
compliance Compliance Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager.md
description: "Microsoft Compliance Manager helps organizations simplify and auto
**In this article:** Learn what Compliance Manager is, how it helps simplify compliance and reduce risk, and its key components.
-## What's new: the GA release of Compliance Manager
+## What is Compliance Manager?
-Compliance Manager is now generally available (GA) as an end-to-end compliance management solution inside the [Microsoft 365 compliance center](microsoft-365-compliance-center.md). With this release, Compliance Manager completes the transition from its previous location in the Microsoft Service Trust Portal. Compliance Manager is also available to US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers.
-
-What began as the public preview of Compliance Score has evolved into a centralized tool with enhanced compliance management capabilities and greater ease of use. The GA release brings a larger collection of pre-built assessments to help you scale your compliance activities.
-
-**Learn more about the GA release:**
-- Our [frequently asked questions](compliance-manager-faq.yml) walk you through the evolution in greater detail.-- Read about GA feature enhancements in [this blog post](https://aka.ms/compliancemanager/GAblog).
+[Microsoft Compliance Manager](https://compliance.microsoft.com/compliancemanager) is a feature in the [Microsoft 365 compliance center](microsoft-365-compliance-center.md) that helps you manage your organizationΓÇÖs compliance requirements with greater ease and convenience. Compliance Manager can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.
Watch the video below to learn how Compliance Manager can help simplify how your organization manages compliance: <br> <br> >[!VIDEO https://www.microsoft.com/videoplayer/embed/RE4FGYZ]
-## What is Compliance Manager
-
-[Microsoft Compliance Manager](https://compliance.microsoft.com/compliancemanager) is a feature in the [Microsoft 365 compliance center](microsoft-365-compliance-center.md) that helps you manage your organizationΓÇÖs compliance requirements with greater ease and convenience. Compliance Manager can help you throughout your compliance journey, from taking inventory of your data protection risks to managing the complexities of implementing controls, staying current with regulations and certifications, and reporting to auditors.
- Compliance Manager helps simplify compliance and reduce risk by providing: - Pre-built assessments for common industry and regional standards and regulations, or custom assessments to meet your unique compliance needs (available assessments depend on your licensing agreement; [learn more](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance)).
Learn how to sign in, assign permissions and roles, configure settings, and pers
Then start customizing Compliance Manager to help you comply with industry standards that matter most to your organization by [setting up assessments](compliance-manager-assessments.md).
-To help you comply with data privacy regulations, weΓÇÖve designed a workflow to guide you through an end-to-end process to plan and implement capabilities across Microsoft 365, including using Compliance Manager. For more information, see [Deploy information protection for data privacy regulations with Microsoft 365](../solutions/information-protection-deploy.md) (aka.ms/m365dataprivacy).
+To help you comply with data privacy regulations, weΓÇÖve designed a workflow to guide you through an end-to-end process to plan and implement capabilities across Microsoft 365, including using Compliance Manager. For more information, see [Deploy information protection for data privacy regulations with Microsoft 365](../solutions/information-protection-deploy.md) (aka.ms/m365dataprivacy).
compliance Meet Data Protection And Regulatory Reqs Using Microsoft Cloud https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud.md
Title: Meet data protection and regulatory requirements with Compliance Manager for Microsoft cloud services f1.keywords: - NOCSH--++ audience: Admin
search.appverid:
ms.assetid: 429e686f-d8a6-455e-a2b6-3791d763f000 description: Learn how to use Compliance Manager in the Microsoft Service Trust Portal to satisfy data protection and regulatory requirements. ++ # Microsoft Compliance Manager (classic) > [!IMPORTANT]
-> **Compliance Manager (classic) will soon be removed from the Microsoft Service Trust Portal.** We recommend that you transition to the new [Compliance Manager in the Microsoft 365 compliance center](https://compliance.microsoft.com/), which provides an enhanced user experience and updated control mapping. Customers who have assessments in the classic version will need to create new assessments in the new Compliance Manager. Any existing data, including your assessments, controls, and other data, will not be transferred over to the new Compliance Manager. [Learn more about the transition](compliance-manager-faq.yml#what-s-happening-to-compliance-manager--classic--in-the-service-trust-portal-).
+> **Compliance Manager (classic) will soon be removed from the Microsoft Service Trust Portal.** We recommend that you transition to the new [Compliance Manager in the Microsoft 365 compliance center](https://compliance.microsoft.com/), which provides an enhanced user experience and updated control mapping. Customers who have assessments in the classic version will need to create new assessments in the new Compliance Manager. Any existing data, including your assessments, controls, and other data, will not be transferred over to the new Compliance Manager.
*Compliance Manager isn't available in Office 365 operated by 21Vianet, Office 365 Germany, Office 365 U.S. Government Community High (GCC High), or Office 365 Department of Defense.*
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application version required for each
|[Let users assign permissions: <br /> - Do Not Forward](encryption-sensitivity-labels.md#let-users-assign-permissions) | 1910+ | 16.21+ | 4.7.1+ | 4.0.39+ | Yes | |[Let users assign permissions: <br /> - Encrypt-Only](encryption-sensitivity-labels.md#let-users-assign-permissions) |2011+ | 16.48+ <sup>\*</sup> | 4.2112.0+ | 4.2112.0+ | Yes | |[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | 2101+ | 16.43+ <sup>\*</sup> | 4.2111+ | 4.2111+ | Yes |
-|[Audit label-related user activity](data-classification-activity-explorer.md) | 2011+ | Rolling out: 16.51+ <sup>\*</sup> | Rolling out: 4.2126+ | Rolling out: 4.2126+ | Under review |
+|[Audit label-related user activity](data-classification-activity-explorer.md) | 2011+ | 16.51+ <sup>\*</sup> | 4.2126+ | 4.2126+ | Rolling out |
|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /> - Using sensitive info types | 2009+ | 16.44+ <sup>\*</sup> | Under review | Under review | Yes | |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /> - Using trainable classifiers | 2009+ | Under review | Under review | Under review | Yes | |[Different settings for default label and mandatory labeling](#outlook-specific-options-for-default-label-and-mandatory-labeling) | 2105+ | 16.43+ <sup>\*</sup> | 4.2111+ | 4.2111+ | Yes |
enterprise Urls And Ip Address Ranges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md
Title: "Office 365 URLs and IP address ranges"
Previously updated : 06/28/2021 Last updated : 07/29/2021 audience: Admin
Office 365 requires connectivity to the Internet. The endpoints below should be
|Notes|Download|Use| ||||
-|**Last updated:** 06/28/2021 - ![RSS](../medi#pacfiles)|
+|**Last updated:** 07/29/2021 - ![RSS](../medi#pacfiles)|
| Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This allows for customers who do not yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you are using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
lti Teams Classes With Blackboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-with-blackboard.md
You'll see a permissions window that explains you're giving permission to Blackb
- If consent hasnΓÇÖt been approved, follow the steps described to generate the URL for consent and send it to the Microsoft 365 Global Admin for approval. 5. Once you've confirmation of approval, select **Retry** to confirm, and then select **Submit**.-
- ![A dialog that indicates your access has been blocked](media/blocked-access.png)
security Linux Support Perf https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-support-perf.md
The following steps can be used to troubleshoot and mitigate these issues:
cat real_time_protection.json | python high_cpu_parser.py > real_time_protection.log ```
- The output of the above is a list of the top contributors to performance issues. The first column is the process identifier (PID), the second column is te process name, and the last column is the number of scanned files, sorted by impact.
+ The output of the above is a list of the top contributors to performance issues. The first column is the process identifier (PID), the second column is the process name, and the last column is the number of scanned files, sorted by impact.
For example, the output of the command will be something like the below: ```Output
The following steps can be used to troubleshoot and mitigate these issues:
For more information, see [Configure and validate exclusions for Microsoft Defender for Endpoint on Linux](linux-exclusions.md). ## See also-- [Investigate agent health issues](health-status.md)
+- [Investigate agent health issues](health-status.md)
security Web Content Filtering https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-content-filtering.md
Web content filtering is part of [Web protection](web-protection-overview.md) ca
Configure policies across your device groups to block certain categories. Blocking a category prevents users within specified device groups from accessing URLs associated with the category. For any category that's not blocked, the URLs are automatically audited. Your users can access the URLs without disruption, and you'll gather access statistics to help create a more custom policy decision. Your users will see a block notification if an element on the page they're viewing is making calls to a blocked resource.
-Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome, Firefox, Brave and Opera). For more information about browser support, see the prerequisites section.
+Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome, Firefox, Brave, and Opera). For more information about browser support, see the prerequisites section.
Summarizing the benefits:
Summarizing the benefits:
- Your security team can conveniently deploy policies to groups of users using device groups defined in [Microsoft Defender for Endpoint role-based access control settings](/microsoft-365/security/defender-endpoint/rbac) - Your security team can access web reports in the same central location, with visibility over actual blocks and web usage
-## User experience
-
-The blocking experience for 3rd party supported browsers is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. For a more user-friendly, in-browser experience, consider using Microsoft Edge.
- ## Prerequisites Before trying out this feature, make sure you meet the following requirements: -- Windows 10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security, Microsoft 365 E3 + Microsoft 365 E5 Security add-on or the Microsoft Defender for Endpoint standalone license.
+- Windows 10 Enterprise E5, Microsoft 365 E5, Microsoft 365 E5 Security, Microsoft 365 E3 + Microsoft 365 E5 Security add-on, or the Microsoft Defender for Endpoint standalone license.
- Access to Microsoft 365 Defender portal (https://security.microsoft.com). - Devices running Windows 10 Anniversary Update (version 1607) or later with the latest MoCAMP update.-- Windows Defender SmartScreen and Network protection enabled.
+- Windows Defender SmartScreen and Network Protection enabled.
+
+## User experience
+The blocking experience for third-party supported browsers is provided by Network Protection, which provides a system-level toast notifying the user of a blocked connection. For a more user-friendly, in-browser experience, consider using Microsoft Edge.
## Data handling
To add a new policy:
5. Review the summary and save the policy. The policy refresh may take up to 2 hours to apply to your selected devices. > [!NOTE]
-> - You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy.
+> - You can deploy a policy without selecting any category on a device group. This action will create an audit only policy to help you understand user behavior before creating a block policy.
> - If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment. > - Blocking the "Uncategorized" category may lead to unexpected and undesired results.
It's possible to override the blocked category in web content filtering to allow
3. Set the policy action to **Allow**.
-### Reporting inaccuracies
+### Dispute categories
-If you encounter a domain that has been incorrectly categorized, you can report inaccuracies directly to us from the Web Content Filtering reports page. This feature is available only in the new Microsoft 365 security center (security.microsoft.com).
+If you encounter a domain that has been incorrectly categorized, you can dispute the category directly from the portal.
-To report an inaccuracy, navigate to **Reports** > **Web protection** > **Web Content Filtering Details** > **Domains**. On the domains tab of our Web Content Filtering reports, you will see an ellipsis beside each of the domains. Hover over this ellipsis and select **Report Inaccuracy**.
+To dispute the category of a domain, navigate to **Reports** > **Web protection** > **Web Content Filtering Details** > **Domains**. On the domains tab of the Web Content Filtering reports, you will see an ellipsis beside each of the domains. Hover over this ellipsis and select **Dispute Category**.
A panel will open where you can select the priority and add additional details such as the suggested category for re-categorization. Once you complete the form, select **Submit**. Our team will review the request within one business day. For immediate unblocking, create a [custom allow indicator](indicator-ip-domain.md).
+### URL category lookup
+
+To determine the category of a website, you can use the URL search function available on the Microsoft 365 Defender portal (https://security.microsoft.com). In the URL search results, the web content filtering category appears under **URL/Domain details**. Administrators can also dispute the category of the domain directly from this page, as shown in the image below. If the category result is not shown, the URL is not currently assigned to an existing web content filtering category.
+
+![Image of web content filtering category lookup results](../../media/web-content-filtering-category-lookup.png)
+ ## Web content filtering cards and details Select **Reports** > **Web protection** to view cards with information about web content filtering and web threat protection. The following cards provide summary information about web content filtering.
Use the time range filter at the top left of the page to select a time period. Y
### Limitations and known issues in this preview -- Only Microsoft Edge is supported if your device's OS configuration is Server (**cmd** > **Systeminfo** > **OS Configuration**). Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across supported 3rd party browsers.
+- Only Microsoft Edge is supported if your device's OS configuration is Server (**cmd** > **Systeminfo** > **OS Configuration**). Network Protection is only supported in Inspect mode on Server devices, which is responsible for securing traffic across supported third-party browsers.
- Unassigned devices will have incorrect data shown within the report. In the **Report details** > **Device groups** pivot, you might see a row with a blank Device Group field. This group contains your unassigned devices before they get put into your specified group. The report for this row might not contain an accurate count of devices or access counts.
security Web Protection Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-overview.md
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**+ - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-main-abovefoldlink&rtc=1)
-Web protection in Microsoft Defender for Endpoint is a capability made up of [Web threat protection](web-threat-protection.md) and [Web content filtering](web-content-filtering.md). Web protection lets you secure your devices against web threats and helps you regulate unwanted content. You can find Web protection reports in the Microsoft 365 Defender portal by going to **Reports > Web protection**.
+
+## About web protection
+
+Web protection in Microsoft Defender for Endpoint is a capability made up of [Web threat protection](web-threat-protection.md), [Web content filtering](web-content-filtering.md), and [Custom indicators](manage-indicators.md). Web protection lets you secure your devices against web threats and helps you regulate unwanted content. You can find Web protection reports in the Microsoft 365 Defender portal by going to **Reports > Web protection**.
:::image type="content" alt-text="Image of all web protection cards" source="images/web-protection.png" lightbox="images/web-protection.png":::
-## Web threat protection
+### Web threat protection
The cards that make up web threat protection are **Web threat detections over time** and **Web threat summary**. Web threat protection includes: -- Comprehensive visibility into web threats affecting your organization-- Investigation capabilities over web-related threat activity through alerts and comprehensive profiles of URLs and the devices that access these URLs-- A full set of security features that track general access trends to malicious and unwanted websites
+- Comprehensive visibility into web threats affecting your organization.
+
+- Investigation capabilities over web-related threat activity through alerts and comprehensive profiles of URLs and the devices that access these URLs.
+
+- A full set of security features that track general access trends to malicious and unwanted websites.
+
+For more information, see [Web threat protection](web-threat-protection.md).
+
+### Custom indicators
+
+Custom indicator detections are also summarized in your organizations web threat reports under **Web threat detections over time** and **Web threat summary**.
-## Web content filtering
+Custom indicator includes:
-The cards that comprise web content filtering are **Web activity by category**, **Web content filtering summary**, and **Web activity summary**.
+- Ability to create IP and URL-based indicators of compromise to protect your organization against threats.
+
+- Investigation capabilities over activities related to your custom IP/URL profiles and the devices that access these URLs.
+
+- The ability to create Allow, Block, and Warn policies for IPs and URLs.
+
+For more information, see [Create indicators for IPs and URLs/domains](indicator-ip-domain.md)
+
+### Web content filtering
+
+Web content filtering includes **Web activity by category**, **Web content filtering summary**, and **Web activity summary**.
Web content filtering includes: -- Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away-- You can conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender for Endpoint role-based access control settings](/microsoft-365/security/defender-endpoint/rbac)-- You can access web reports in the same central location, with visibility over actual blocks and web usage
+- Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away.
+
+- You can conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender for Endpoint role-based access control settings](/microsoft-365/security/defender-endpoint/rbac).
+
+- You can access web reports in the same central location, with visibility over actual blocks and web usage.
+
+For more information, see [Web content filtering](web-content-filtering.md).
+
+## Order of precedence
+
+Web protection is made up of the following components, listed in order of precedence. Each of these components is enforced by the SmartScreen client in Microsoft Edge and by the Network Protection client in all other browsers and processes.
+
+- Custom indicators (IP/URL, Microsoft Cloud App Security (MCAS) policies)
+
+ - Allow
+ - Warn
+ - Block
+
+- Web threats (malware, phish)
+
+ - SmartScreen Intel, including Exchange Online Protection (EOP)
+ - Escalations
+
+- Web Content Filtering (WCF)
+
+>[!Note]
+>Microsoft Cloud App Security (MCAS) currently generates indicators only for blocked URLs.
+
+The order of precedence relates to the order of operations by which a URL or IP is evaluated. For example, if you have a web content filtering policy you can create exclusions through custom IP/URL indicators. Custom Indicators of compromise (IoC) are higher in the order of precedence than WCF blocks.
+
+Similarly, during a conflict between indicators, allows always take precedence over blocks (override logic). That means that an allow indicator will win over any block indicator that is present.
+
+The table below summarizes some common configurations that would present conflicts within the web protection stack. It also identifies the resulting determinations based on the precedence listed above.
+
+<br>
+
+****
+
+|Custom Indicator policy|Web threat policy|WCF policy|MCAS policy|Result|
+||||||
+|Allow|Block|Block|Block|Allow (Web protection override)|
+|Allow|Allow|Block|Block|Allow (WCF exception)|
+|Warn|Block|Block|Block|Warn (override)|
-## In this section
+Internal IP addresses are not supported by custom indicators. For a warn policy when bypassed by the end user, the site will be unblocked for 24 hours for that user by default. This time frame can be modified by the Admin and is passed down by the SmartScreen cloud service. The ability to bypass a warning can also be disabled in Microsoft Edge using CSP for web threat blocks (malware/phishing). For more information, see [Microsoft Edge SmartScreen Settings](/DeployEdge/microsoft-edge-policies#smartscreen-settings-policies).
+
+## Protect browsers
+
+In all web protection scenarios, SmartScreen and Network Protection can be used together to ensure protection across both first and third-party browsers and processes. SmartScreen is built directly into Microsoft Edge, while Network Protection monitors traffic in third-party browsers and processes. The diagram below illustrates this concept. This diagram of the two clients working together to provide multiple browser/app coverages is accurate for all features of Web Protection (Indicators, Web Threats, Content Filtering).
++
+## Troubleshoot endpoint blocks
+
+Responses from the SmartScreen cloud are standardized. Tools like Fiddler can be used to inspect the response from the cloud service, which will help determine the source of the block.
+
+When the SmartScreen cloud service responds with an allow, block, or warn response, a response category and server context is relayed back to the client. In Microsoft Edge, the response category is what is used to determine the appropriate block page to show (malicious, phishing, organizational policy).
+
+The table below shows the responses and their correlated features.
+
+<br>
+
+****
+
+|ResponseCategory|Feature responsible for the block|
+|||
+|CustomPolicy|WCF|
+|CustomBlockList|Custom indicators|
+|CasbPolicy|MCAS|
+|Malicious|Web threats|
+|Phishing|Web threats|
+
+## Advanced hunting for web protection
+
+Kusto queries in advanced hunting can be used to summarize web protection blocks in your organization for up to 30 days. These queries use the information listed above to distinguish between the various sources of blocks and summarize them in a user-friendly manner. For example, the query below lists all WCF blocks originating from Microsoft Edge.
+
+```kusto
+DeviceEventsΓÇ»
+| where ActionType == "SmartScreenUrlWarning"
+| extend ParsedFields=parse_json(AdditionalFields)
+| project DeviceName, ActionType, Timestamp, RemoteUrl, InitiatingProcessFileName, Experience=tostring(ParsedFields.Experience)
+| where Experience == "CustomPolicy"
+```
+
+Similarly, you can use the query below to list all WCF blocks originating from Network Protection (for example, a WCF block in a third-party browser). Note that the ActionType has been updated and 'Experience' has been changed to 'ResponseCategory'.
+
+```kusto
+DeviceEventsΓÇ»
+| where ActionType == "ExploitGuardNetworkProtectionBlocked"
+| extend ParsedFields=parse_json(AdditionalFields)
+| project DeviceName, ActionType, Timestamp, RemoteUrl, InitiatingProcessFileName, ResponseCategory=tostring(ParsedFields.ResponseCategory)
+| where ResponseCategory == "CustomPolicy"
+```
+
+To list blocks that are due to other features (like Custom Indicators), refer to the table above outlining each feature and their respective response category. These queries may also be modified to search for telemetry related to specific machines in your organization. Note that the ActionType shown in each query above will show only those connections that were blocked by a Web Protection feature, and not all network traffic.
+
+## User experience
+
+If a user visits a web page that poses a risk of malware, phishing, or other web threats, Microsoft Edge will trigger a block page that reads ΓÇÿThis site has been reported as unsafeΓÇÖ along with information related to the threat.
+
+> [!div class="mx-imgBorder"]
+> ![Page blocked by Microsoft Edge](../../media/web-protection-malicious-block.png)
+
+If blocked by WCF or a custom indicator, a block page shows in Microsoft Edge that tells the user this site is blocked by their organization.
+
+> [!div class="mx-imgBorder"]
+> ![Page blocked by your organization](../../media/web-protection-indicator-blockpage.png)
+
+In any case, no block pages are shown in third-party browsers, and the user sees a ΓÇÿSecure Connection FailedΓÇÖ page along with a toast notification. Depending on the policy responsible for the block, a user will see a different message in the toast notification. For example, web content filtering will display the message ΓÇÿThis content is blockedΓÇÖ.
+
+> [!div class="mx-imgBorder"]
+> ![Page blocked by WCF](../../media/web-protection-np-block.png)
+
+## Report false positives
+
+To report a false positive for sites that have been deemed dangerous by SmartScreen, use the link that appears on the block page in Microsoft Edge (as shown above).
+
+For WCF, you can dispute the category of a domain. Navigate to the **Domains** tab of the WCF reports and then click **Report Inaccuracy**. A flyout will open. Set the priority of the incident and provide some additional details, such as the suggested category. For more information on how to turn on WCF and how to dispute categories, see [Web content filtering](web-content-filtering.md).
+
+For more information on how to submit false positives/negatives, see [Address false positives/negatives in Microsoft Defender for Endpoint](defender-endpoint-false-positives-negatives.md).
+
+## Related information
Topic|Description |
-[Web threat protection](web-threat-protection.md) | Stop access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, as well as sites that you have blocked.
+[Web threat protection](web-threat-protection.md) | Stop access to phishing sites, malware vectors, exploit sites, untrusted or low-reputation sites, and sites that you have blocked.
[Web content filtering](web-content-filtering.md) | Track and regulate access to websites based on their content categories.+
security Microsoft Secure Score Whats Coming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-coming.md
Microsoft Secure Score can be found at https://security.microsoft.com/securescor
## Proposed changes
-We're making some changes in the near future to make [Microsoft Secure Score](microsoft-secure-score.md) a better representative of your security posture and improve usability. Your score and the maximum possible score may change.
-
-### July 2021
-
-#### Add improvement action related to Microsoft Teams
--- Restrict dial-in users from bypassing a meeting lobby.-- Limit external participants from having control in a Teams meeting.-- Restrict anonymous users from starting Teams meetings.-- Require lobbies to be set up for Teams meetings.-- Configure which users are allowed to be present in Teams meetings.
+No upcoming changes are scheduled at this time. Please check back later.
## Related resources
security Microsoft Secure Score Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-new.md
Microsoft Secure Score can be found at https://security.microsoft.com/securescor
## July 2021
+### Added improvement action related to Microsoft Teams
+
+- Restrict dial-in users from bypassing a meeting lobby
+- Limit external participants from having control in a Teams meeting
+- Restrict anonymous users from starting Teams meetings
+- Require lobbies to be set up for Teams meetings
+- Configure which users are allowed to be present in Teams meetings
+ ### Added improvement action related to Microsoft Defender for Endpoint+ - Fix Microsoft Defender for Endpoint sensor data collection for macOS - Fix Microsoft Defender for Endpoint impaired communications for macOS - Set minimum password length to 15 or more characters in macOS
security Configure Advanced Delivery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-advanced-delivery.md
ms.prod: m365-security
- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md) - [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
-> [!NOTE]
-> The feature that's described in this article is in Preview, isn't available to everyone, and is subject to change.
- To keep your organization [secure by default](secure-by-default.md), Exchange Online Protection (EOP) does not allow safe lists or filtering bypass for messages that are identified as malware or high confidence phishing. But, there are specific scenarios that require the delivery of unfiltered messages. For example: - **Third-party phishing simulations**: Simulated attacks can help you identify vulnerable users before a real attack impacts your organization.
Messages that are identified by the advanced delivery policy aren't security thr
- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the **Advanced delivery** page, open <https://security.microsoft.com/advanceddelivery>. -- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell).
+- To connect to Security & Compliance Center PowerShell, see [Connect to Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell).
- You need to be assigned permissions before you can do the procedures in this article: - To create, modify, or remove configured settings in the advanced delivery policy, you need to be a member of the **Security Administrator** role group in the **Microsoft 365 Defender portal** and a member of the **Organization Management** role group in **Exchange Online**.
The SecOps mailbox entries that you configured are displayed on the **SecOps mai
3. On the **Edit third-party phishing simulation** flyout that opens, configure the following settings:
+The `5321.MailFrom` address (also known as the **MAIL FROM** address, P1 sender, or envelope sender) is the email address that's used in the SMTP transmission of the message.
+ - **Sending domain**: Expand this setting and enter at least one email address domain (for example, contoso.com) by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. Repeat this step as many times as necessary. You can add up to 10 entries.+
+ > [!NOTE]
+ > Use the domain from the `5321.MailFrom` address (also known as the **MAIL FROM** address, P1 sender, or envelope sender) that's used in the SMTP transmission of the message. This email address is typically recorded in the **Return-Path** header field in the message header.
+ - **Sending IP**: Expand this setting and enter at least one valid IPv4 address by clicking in the box, entering a value, and then pressing Enter or selecting the value that's displayed below the box. Repeat this step as many times as necessary. You can add up to 10 entries. Valid values are: - Single IP: For example, 192.168.1.1. - IP range: For example, 192.168.0.1-192.168.0.254.
In addition to the two scenarios that the advanced delivery policy can help you
- **False positives under review**: You might want to temporarily allow certain messages that are still being analyzed by Microsoft via [admin submissions](admin-submission.md) to report known good messages that are incorrectly being marked as bad to Microsoft (false positives). As with all overrides, we ***highly recommended*** that these allowances are temporary.
-## Exchange Online PowerShell procedures for SecOps mailboxes in the advanced delivery policy
+## Security & Compliance Center PowerShell procedures for SecOps mailboxes in the advanced delivery policy
-In Exchange Online PowerShell, the basic elements of SecOps mailboxes in the advanced delivery policy are:
+In Security & Compliance Center PowerShell, the basic elements of SecOps mailboxes in the advanced delivery policy are:
- **The SecOps override policy**: Controlled by the **\*-SecOpsOverridePolicy** cmdlets. - **The SecOps override rule**: Controlled by the **\*-SecOpsOverrideRule** cmdlets.
This example creates the SecOps mailbox rule with the specified settings.
New-SecOpsOverrideRule -Name SecOpsOverrideRule -Policy SecOpsOverridePolicy ```
-**Note**: **Regardless of the Name value you specify, the rule name will be SecOpsOverrideRule\<GUID\> where \<GUID\> is a unique GUID value (for example, 6fed4b63-3563-495d-a481-b24a311f8329).
+**Note**: Regardless of the Name value you specify, the rule name will be SecOpsOverrideRule\<GUID\> where \<GUID\> is a unique GUID value (for example, 6fed4b63-3563-495d-a481-b24a311f8329).
For detailed syntax and parameter information, see [New-SecOpsOverrideRule](/powershell/module/exchange/new-secopsoverriderule).
Remove-SecOpsOverrideRule -Identity SecOpsOverrideRule6fed4b63-3563-495d-a481-b2
For detailed syntax and parameter information, see [Remove-SecOpsOverrideRule](/powershell/module/exchange/remove-secopsoverriderule).
-## Exchange Online PowerShell procedures for third-party phishing simulations in the advanced delivery policy
+## Security & Compliance Center PowerShell procedures for third-party phishing simulations in the advanced delivery policy
-In Exchange Online PowerShell, the basic elements of third-party phishing simulations in the advanced delivery policy are:
+In Security & Compliance Center PowerShell, the basic elements of third-party phishing simulations in the advanced delivery policy are:
- **The phishing simulation override policy**: Controlled by the **\*-PhishSimOverridePolicy** cmdlets. - **The phishing simulation override rule**: Controlled by the **\*-PhishSimOverrideRule** cmdlets.
security Recommended Settings For Eop And Office365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365.md
In PowerShell, you use the [New-SafeAttachmentPolicy](/powershell/module/exchang
|Security feature name|Default|Standard|Strict|Comment| ||::|::|::||
-|**Safe Attachments unknown malware response** <p> _Action_|**Off** <p> `Block`|**Block** <p> `Block`|**Block** <p> `Block`||
-|**Redirect attachment with detected attachments** : **Enable redirect** <p> _Redirect_ <p> _RedirectAddress_|Not selected and no email address specified. <p> `$true` <p> none|Selected and specify an email address. <p> `$true` <p> an email address|Selected and specify an email address. <p> `$true` <p> an email address|Redirect messages to a security admin for review.|
+|**Safe Attachments unknown malware response** <p> _Enable_ and _Action_|**Off** <p> `-Enable $false`|**Block** <p> `-Enable $true` and `-Action Block`|**Block** <p> `-Enable $true` and `-Action Block`|When the _Enable_ parameter is $false, the value of the _Action_ parameter doesn't matter.|
+|**Redirect attachment with detected attachments** : **Enable redirect** <p> _Redirect_ <p> _RedirectAddress_|Not selected and no email address specified. <p> `-Redirect $false` <p> _RedirectAddress_ is blank (`$null`)|Selected and specify an email address. <p> `$true` <p> an email address|Selected and specify an email address. <p> `$true` <p> an email address|Redirect messages to a security admin for review.|
|**Apply the Safe Attachments detection response if scanning can't complete (timeout or errors)** <p> _ActionOnError_|Selected <p> `$true`|Selected <p> `$true`|Selected <p> `$true`|| |
In PowerShell, you use the [New-SafeLinksPolicy](/powershell/module/exchange/new
|**Do not track user clicks** <p> _DoNotTrackUserClicks_|Not selected <p> `$false`|Not selected <p> `$false`|Not selected <p> `$false`|Turning off this setting (setting _DoNotTrackUserClicks_ to `$false`) tracks users clicks.| |**Do not let users click through to the original URL** <p> _DoNotAllowClickThrough_|Not selected <p> `$false`|Selected <p> `$true`|Selected <p> `$true`|Turning on this setting (setting _DoNotAllowClickThrough_ to `$true`) prevents click through to the original URL.| |**Display the organization branding on notification and warning pages** <p> _EnableOrganizationBranding_|Not selected <p> `$false`|Not selected <p> `$false`|Not selected <p> `$false`|We have no specific recommendation for this setting. <p> Before you turn on this setting, you need to follow the instructions in [Customize the Microsoft 365 theme for your organization](../../admin/setup/customize-your-organization-theme.md) to upload your company logo.|
-|**Do no rewrite the following URLs** <p> _DoNotRewriteUrls_|Not selected <p> `$false`|Not selected <p> `$true`|Not selected <p> `$true`|We have no specific recommendation for this setting. For more information, see ["Do not rewrite the following URLs" lists in Safe Links policies](safe-links.md#do-not-rewrite-the-following-urls-lists-in-safe-links-policies).|
+|**Do not rewrite the following URLs** <p> _DoNotRewriteUrls_|Not selected <p> blank|Not selected <p> blank|Not selected <p> blank|We have no specific recommendation for this setting. For more information, see ["Do not rewrite the following URLs" lists in Safe Links policies](safe-links.md#do-not-rewrite-the-following-urls-lists-in-safe-links-policies).|
|**Notification**||||| |**How would you like to notify your users?**|**Use the default notification text**|**Use the default notification text**|**Use the default notification text**|We have no specific recommendation for this setting. <p> You can select **Use custom notification text** (_CustomNotificationText_) to enter customized notification text to use. You can also select **Use Microsoft Translator for automatic localization** (_UseTranslatedNotificationText_) to translate the custom notification text into the user's language. |
security Safe Links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links.md
At a high level, here's how Safe Links protection works on URLs in email message
## Safe Links settings for Microsoft Teams
-> [!IMPORTANT]
-> As of March 2020, this feature is in Preview and is available only to members of the Microsoft Teams Technology Adoption Program (TAP). For information about the release schedule, check out the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap?rtc=1&filters=&searchterms=Safe%2CLinks%2CProtection%2Cfor%2CMicrosoft%2CTeams).
- You enable or disable Safe Links protection for Microsoft Teams in Safe Links policies. Specifically, you use the **Select the action for unknown or potentially malicious URLs within Microsoft Teams** setting. The recommended value is **On**. The following settings in Safe Links policies that apply to links in email messages also apply to links in Teams:
security Whats New In Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365.md
Learn more by watching [this video](https://www.youtube.com/watch?v=Tdz6KfruDGo&
## July 2021 - [Email analysis improvements in automated investigations](email-analysis-investigations.md)
+- [Safe Links for Microsoft Teams](safe-links.md#safe-links-settings-for-microsoft-teams)
## June 2021