Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
compliance | Create Apply Retention Labels | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-apply-retention-labels.md | f1.keywords: Previously updated : 06/24/2023 Last updated : 07/03/2023 audience: Admin Your published retention labels display in Outlook alongside any legacy [MRM ret To label an item in the Outlook desktop client, select the item. On the **Home** tab on the ribbon, select **Assign Policy**, and then choose the retention label. For example: -![Assign Policy button.](../media/30684dea-dd73-4e4a-9185-8e29f403b6ca.png) +![Apply retention label from Outlook, Assign Policy button.](../media/outlook-retention-labels.png) If you don't immediately see the option to assign policy, look for the **Tags** group on the ribbon. -You can also right-click an item, select **Assign Policy** in the context menu, and then choose the retention label. When you select multiple items, you can use this method to apply the same retention label to multiple items at once. +You can also right-click an item from a folder, such as the **Inbox** folder for emails received or the **Drafts** folder for an email to be sent. Then, select **Assign Policy** in the context menu, and then choose the retention label. When you select multiple items, you can use this method to apply the same retention label to multiple items at once. -To label an item in Outlook on the web, right-click the item, select **Assign policy**, and then choose the retention label. Unlike Outlook desktop, you can't use this method if you multi-select items. +To label an item in Outlook on the web, first right-click the item from a folder. Then, select **Advanced actions** \> **Assign policy**, and then choose the retention label. For example: -![Assign policy menu in Outlook on the web.](../media/146a23cf-e478-4595-b2e8-f707fc4e6ea3.png) - -After the retention label is applied, you can view that retention label at the top of the item. For example: +![Assign policy menu in Outlook on the web.](../media/owa-retention-labels.png) ++As with Outlook desktop, you can also use this labeling method if you multi-select items. ++After the retention label is applied, you can view that retention label at the top of the item, and the calculated expired date. For example: -![Label assigned to email in Outlook on the web.](../media/16f6c91b-5eab-4574-9d13-6d12be00a783.png) +![Label assigned to email in Outlook on the web.](../media/outlook-retention-label-applied.png) For more information about the expiry date displayed to users, see [User notification of expiry date](retention-policies-exchange.md#user-notification-of-expiry-date). For more information about the expiry date displayed to users, see [User notific Manually applying retention labels is supported in the new experience only, and not the classic experience. -To label a document (including OneNote files) in OneDrive or SharePoint, first select the item. Then in the upper-right corner, open the details pane, and choose the retention label from **Apply retention label**. +To label a document (including OneNote files) in OneDrive or SharePoint, first select the item. Then in the upper-right corner, open the details pane, and choose the retention label from **Apply label**. You can also apply a retention label to a list item, folder, or document set, and you can set a [default retention label for a document library](#default-labels-for-sharepoint-and-outlook). When you use default retention labels, there are some scenarios that can result For a document library, the default label configuration is done on the **Library settings** page for a document library. When you choose the default retention label, you can also choose to apply it to existing items in the library. For example, if you have a retention label for marketing materials, and you know a specific document library contains only that type of content, you can make the **Marketing Materials** retention label the default label for all documents in that library.- -![Apply label option on library Settings page.](../media/0787d651-63dc-43b4-8768-716a5ecc64ec.png) + ##### Label behavior when you use a default label for SharePoint When labels are applied that aren't standard retention labels but mark items as You can apply a default retention label to Outlook folders so that the label is inherited by all unlabeled items. -In the Outlook desktop client, right-click the folder, select **Properties**, the **Policy** tab, and then select the retention label you want to use as that folder's default retention label. +In the Outlook desktop client, right-click the folder, select **Properties**, the **Policy** tab, and then change **Use parent folder policy** to the retention label you want to use as that folder's default retention label. For example: +++In Outlook on the web, right-click the folder, select **Assign policy**, and change **Use parent folder policy** to the retention label you want to use as that folder's default retention label. For example: -In Outlook on the web, right-click the folder, select **Assign policy**, and change **Use parent folder policy** to the retention label you want to use as that folder's default retention label. +![Apply default retention label for Outlook on the web folder.](../media/owa-default-retention-label.png) ##### Label behavior when you use a default label for Outlook |
enterprise | Connect To Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-microsoft-365-powershell.md | Title: "Connect to Microsoft 365 with PowerShell" Previously updated : 08/10/2020 Last updated : 06/30/2023 audience: ITPro These steps are required only one time on your computer. But you'll likely need 1. If you're not running Windows 10, install the 32-bit version of the Microsoft Online Services Sign-in Assistant: [Microsoft Online Services Sign-in Assistant for IT Professionals RTW](https://download.microsoft.com/download/7/1/E/71EF1D05-A42C-4A1F-8162-96494B5E615C/msoidcli_32bit.msi). -2. Follow these steps to install the Microsoft Azure Active Directory Module for Windows PowerShell: +2. Follow these steps to install and import the Microsoft Azure Active Directory Module for Windows PowerShell: 1. Open an elevated Windows PowerShell command prompt (run Windows PowerShell as an administrator). 1. Run the **Install-Module MSOnline** command. 1. If you're prompted to install the NuGet provider, type **Y** and press Enter. 1. If you're prompted to install the module from PSGallery, type **Y** and press Enter.+ 1. Run the **Import-Module MSOnline** command to import the module. ### Step 2: Connect to Azure AD for your Microsoft 365 subscription |
enterprise | Desktop Deployment Center Home | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/desktop-deployment-center-home.md | f1.keywords: Previously updated : 08/10/2020 Last updated : 06/30/2023 audience: ITPro |
includes | Microsoft 365 Content Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md | +## Week of June 26, 2023 +++| Published On |Topic title | Change | +|||--| +| 6/26/2023 | [SharePoint & OneDrive insights report](/microsoft-365/compliance/information-barriers-insights-report?view=o365-worldwide) | added | +| 6/26/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | +| 6/26/2023 | [Microsoft Purview solutions trial user guide](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-worldwide) | modified | +| 6/26/2023 | [Publish and apply retention labels](/microsoft-365/compliance/create-apply-retention-labels?view=o365-worldwide) | modified | +| 6/26/2023 | [Learn about the DLP alerts dashboard](/microsoft-365/compliance/dlp-alerts-dashboard-learn?view=o365-worldwide) | modified | +| 6/26/2023 | [Learn about the Microsoft Purview Data Loss Prevention migration assistant for Symantec](/microsoft-365/compliance/dlp-migration-assistant-for-symantec-learn?view=o365-worldwide) | modified | +| 6/26/2023 | [Plan for data loss prevention](/microsoft-365/compliance/dlp-overview-plan-for-dlp?view=o365-worldwide) | modified | +| 6/26/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | +| 6/26/2023 | [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) | modified | +| 6/26/2023 | [Configure and validate Microsoft Defender Antivirus network connections](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus?view=o365-worldwide) | modified | +| 6/26/2023 | [Frequently asked questions (FAQs) on tamper protection](/microsoft-365/security/defender-endpoint/faqs-on-tamper-protection?view=o365-worldwide) | modified | +| 6/26/2023 | [Manage tamper protection for your organization using Microsoft Intune](/microsoft-365/security/defender-endpoint/manage-tamper-protection-intune?view=o365-worldwide) | modified | +| 6/26/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified | +| 6/26/2023 | [Microsoft Defender for Identity in Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-center-mdi?view=o365-worldwide) | modified | +| 6/26/2023 | [Search the audit log in the Microsoft Purview compliance portal](/microsoft-365/compliance/audit-log-search?view=o365-worldwide) | modified | +| 6/26/2023 | [Assign security roles and permissions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-worldwide) | modified | +| 6/26/2023 | [Protect your organization's data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-worldwide) | modified | +| 6/27/2023 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide) | modified | +| 6/27/2023 | [Onboard Windows devices in Azure Virtual Desktop](/microsoft-365/security/defender-endpoint/onboard-windows-multi-session-device?view=o365-worldwide) | modified | +| 6/27/2023 | [Find sensitive data stored on sites with eDiscovery](/microsoft-365/compliance/ediscovery-find-sensitive-data-stored-on-sites?view=o365-worldwide) | added | +| 6/28/2023 | [Assign admin roles the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles?view=o365-worldwide) | modified | +| 6/28/2023 | [Microsoft Adoption Score](/microsoft-365/admin/adoption/adoption-score?view=o365-worldwide) | modified | +| 6/28/2023 | [Add another email alias for a user](/microsoft-365/admin/email/add-another-email-alias-for-a-user?view=o365-worldwide) | modified | +| 6/28/2023 | [Set the password expiration policy for your organization](/microsoft-365/admin/manage/set-password-expiration-policy?view=o365-worldwide) | modified | +| 6/28/2023 | [Assign security roles and permissions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-worldwide) | modified | +| 6/28/2023 | [Configure spam filter policies](/microsoft-365/security/office-365-security/anti-spam-policies-configure?view=o365-worldwide) | modified | +| 6/28/2023 | [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection-about?view=o365-worldwide) | modified | +| 6/28/2023 | [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) | modified | +| 6/28/2023 | [Other endpoints not included in the Office 365 IP Address and URL Web service](/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls?view=o365-worldwide) | modified | +| 6/28/2023 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) | modified | +| 6/29/2023 | [Data loss prevention policy tip reference for Outlook for Microsoft 365](/microsoft-365/compliance/dlp-ol365-win32-policy-tips?view=o365-worldwide) | added | +| 6/29/2023 | [Data Loss Prevention policy tips reference](/microsoft-365/compliance/dlp-policy-tips-reference?view=o365-worldwide) | modified | +| 6/29/2023 | [Maintain your environment](/microsoft-365/business-premium/m365bp-mdb-maintain-environment?view=o365-worldwide) | added | +| 6/29/2023 | Tenant administration guide for Microsoft 365 Business Premium | removed | +| 6/29/2023 | Maintain your environment | removed | +| 6/29/2023 | Security administration guide for Microsoft 365 Business Premium | removed | +| 6/29/2023 | Security operations guide for Microsoft 365 Business Premium | removed | +| 6/29/2023 | Manage protected devices with Microsoft 365 Business Premium | removed | +| 6/29/2023 | Tenant administration guide for Microsoft Defender for Business | removed | +| 6/29/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified | +| 6/29/2023 | Security administration guide for Microsoft Defender for Business | removed | +| 6/29/2023 | Security operations guide for Microsoft Defender for Business | removed | +| 6/29/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | +| 6/30/2023 | [Microsoft 365 admin center activity reports](/microsoft-365/admin/activity-reports/activity-reports?view=o365-worldwide) | modified | +| 6/30/2023 | [Investigate insider risk management activities](/microsoft-365/compliance/insider-risk-management-activities?view=o365-worldwide) | modified | +| 6/30/2023 | [Take action on insider risk management cases](/microsoft-365/compliance/insider-risk-management-cases?view=o365-worldwide) | modified | +| 6/30/2023 | [Maintain your environment](/microsoft-365/business-premium/m365bp-mdb-maintain-environment?view=o365-worldwide) | modified | +| 6/30/2023 | [Administering Exchange Online mailboxes in a multi-geo environment](/microsoft-365/enterprise/administering-exchange-online-multi-geo?view=o365-worldwide) | modified | +| 6/30/2023 | [Review or edit your next-generation protection policies Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-generation-protection?view=o365-worldwide) | modified | +| 6/30/2023 | [Microsoft Defender for Office 365 support for Microsoft Teams (Preview)](/microsoft-365/security/office-365-security/mdo-support-teams-about?view=o365-worldwide) | modified | ++ ## Week of June 19, 2023 | 6/2/2023 | [Understanding deployment insights in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deployment-insights-overview?view=o365-worldwide) | modified | | 6/2/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | | 6/2/2023 | Configuration Analyzer for Microsoft Purview | removed |---## Week of May 22, 2023 ---| Published On |Topic title | Change | -|||--| -| 5/22/2023 | [Working with improvement actions in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-improvement-actions?view=o365-worldwide) | modified | -| 5/22/2023 | [Data Loss Prevention policy tips reference](/microsoft-365/compliance/dlp-policy-tips-reference?view=o365-worldwide) | modified | -| 5/22/2023 | [Microsoft 365 Network Provider Program](/microsoft-365/enterprise/microsoft-365-networking-partner-program?view=o365-worldwide) | modified | -| 5/22/2023 | [Microsoft 365 Lighthouse frequently asked questions (FAQs)](/microsoft-365/lighthouse/m365-lighthouse-faq?view=o365-worldwide) | modified | -| 5/22/2023 | [Configure and validate exclusions for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-exclusions?view=o365-worldwide) | modified | -| 5/22/2023 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified | -| 5/22/2023 | [Configure and validate exclusions for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-exclusions?view=o365-worldwide) | modified | -| 5/22/2023 | [Respond to a compromised connector in Microsoft 365](/microsoft-365/security/office-365-security/connectors-detect-respond-to-compromise?view=o365-worldwide) | modified | -| 5/22/2023 | [Migrate to Microsoft Defender for Office 365 Phase 3: Onboard](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-onboard?view=o365-worldwide) | modified | -| 5/22/2023 | [Migrate to Microsoft Defender for Office 365 Phase 1: Prepare](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-prepare?view=o365-worldwide) | modified | -| 5/22/2023 | [Migrate to Microsoft Defender for Office 365 Phase 2: Setup](/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365-setup?view=o365-worldwide) | modified | -| 5/22/2023 | [Responding to a Compromised Email Account](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide) | modified | -| 5/22/2023 | [Safe Documents in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-documents-in-e5-plus-security-about?view=o365-worldwide) | modified | -| 5/22/2023 | [Microsoft 365 network provider assessments (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppdata?view=o365-worldwide) | added | -| 5/22/2023 | [Network provider connectivity attribution in the Microsoft 365 Admin Center (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppux?view=o365-worldwide) | added | -| 5/23/2023 | [Guest access in eDiscovery (Premium) (preview)](/microsoft-365/compliance/ediscovery-guest-access?view=o365-worldwide) | added | -| 5/23/2023 | [Protect Dev Drive using performance mode](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-antivirus-performance-mode?view=o365-worldwide) | added | -| 5/23/2023 | [Get started with Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-worldwide) | modified | -| 5/23/2023 | [Learn about regulations in Microsoft Purview Compliance Manager](/microsoft-365/compliance/compliance-manager-templates?view=o365-worldwide) | modified | -| 5/23/2023 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) | modified | -| 5/23/2023 | [Learn about optical character recognition in Microsoft Purview (preview)](/microsoft-365/compliance/ocr-learn-about?view=o365-worldwide) | modified | -| 5/23/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | -| 5/23/2023 | [Microsoft 365 network provider assessments (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppdata?view=o365-worldwide) | modified | -| 5/23/2023 | [Network provider connectivity attribution in the Microsoft 365 Admin Center (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppux?view=o365-worldwide) | modified | -| 5/23/2023 | [Set preferences for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-preferences?view=o365-worldwide) | modified | -| 5/23/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | -| 5/23/2023 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide) | modified | -| 5/23/2023 | [What's new in Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-worldwide) | modified | -| 5/23/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | -| 5/23/2023 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide) | modified | -| 5/23/2023 | [Configure and review priority account protection in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/priority-accounts-turn-on-priority-account-protection?view=o365-worldwide) | modified | -| 5/23/2023 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags-about?view=o365-worldwide) | modified | -| 5/24/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified | -| 5/24/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | -| 5/24/2023 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) | modified | -| 5/24/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | -| 5/25/2023 | [Create conditional sections for templates in Microsoft Syntex](/microsoft-365/syntex/content-assembly-conditional-sections) | added | -| 5/25/2023 | [Trainable classifiers definitions](/microsoft-365/compliance/classifier-tc-definitions?view=o365-worldwide) | modified | -| 5/25/2023 | [Get started with eDiscovery (Standard)](/microsoft-365/compliance/ediscovery-standard-get-started?view=o365-worldwide) | modified | -| 5/25/2023 | [Built-in protection helps guard against ransomware](/microsoft-365/security/defender-endpoint/built-in-protection?view=o365-worldwide) | modified | -| 5/25/2023 | [Onboard non-persistent virtual desktop infrastructure (VDI) devices](/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-worldwide) | modified | -| 5/25/2023 | [Enable and configure Microsoft Defender Antivirus always-on protection](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 5/25/2023 | [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 5/25/2023 | [Get started with troubleshooting mode in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-worldwide) | modified | -| 5/25/2023 | [Frequently asked questions (FAQs) on tamper protection](/microsoft-365/security/defender-endpoint/faqs-on-tamper-protection?view=o365-worldwide) | modified | -| 5/25/2023 | [Manage tamper protection on an individual device](/microsoft-365/security/defender-endpoint/manage-tamper-protection-individual-device?view=o365-worldwide) | modified | -| 5/25/2023 | [Manage tamper protection for your organization using Microsoft Intune](/microsoft-365/security/defender-endpoint/manage-tamper-protection-intune?view=o365-worldwide) | modified | -| 5/25/2023 | [Manage tamper protection for your organization using Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/manage-tamper-protection-microsoft-365-defender?view=o365-worldwide) | modified | -| 5/25/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified | -| 5/25/2023 | [Troubleshoot problems with tamper protection](/microsoft-365/security/defender-endpoint/troubleshoot-problems-with-tamper-protection?view=o365-worldwide) | modified | -| 5/25/2023 | [Configure Microsoft Defender Antivirus with Group Policy](/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 5/25/2023 | [Tenant administration guide for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-admin-guide?view=o365-worldwide) | added | -| 5/25/2023 | [Maintain your Microsoft Defender for Business environment](/microsoft-365/security/defender-business/mdb-maintain-environment?view=o365-worldwide) | added | -| 5/25/2023 | [Security administration guide for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-security-admin-guide?view=o365-worldwide) | added | -| 5/25/2023 | [Security operations guide for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-security-operations-guide?view=o365-worldwide) | added | -| 5/25/2023 | [Submit files in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-worldwide) | modified | -| 5/25/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | -| 5/26/2023 | [Report phishing and suspicious emails in Outlook for admins](/microsoft-365/security/office-365-security/submissions-outlook-report-messages?view=o365-worldwide) | modified | -| 5/26/2023 | [Onboard non-persistent virtual desktop infrastructure (VDI) devices](/microsoft-365/security/defender-endpoint/configure-endpoints-vdi?view=o365-worldwide) | modified | -| 5/26/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | modified | |
lighthouse | M365 Lighthouse Device Health Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-device-health-overview.md | Devices must be enrolled in Microsoft Intune. For more information on enrollment > [!NOTE]-> If data doesnΓÇÖt show up for a specific tenant, verify that the policy is enabled. From the tenantΓÇÖs deployment plan, under **Set up device enrollment**, verify that **Device health monitoring policy** is compliant. If not compliant, deploy the policy. +> If data doesn't show up for a specific tenant, verify that the policy is enabled. From the tenant's deployment plan, under **Set up device enrollment**, verify that **Device health monitoring policy** is compliant. If not compliant, deploy the policy. ## Overview tab The Overview tab provides a multi-tenant view of device health, including the to The Overview tab also includes the following options: -- **Tenant filter:** Filter by tenant or tag.+- **Tenants filter:** Filter by tenant or tag. - **Date filter:** Filter by date range. Select a device from the list for more detailed device information, including a The Devices tab also includes the following options: -- **Tenant filter:** Filter by tenant or tag.+- **Tenants filter:** Filter by tenant or tag. - **Date filter:** Filter by date range. |
lighthouse | M365 Lighthouse Manage Tenant List | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-tenant-list.md | Tags that are currently assigned have a check mark to the right of the name. You ## Next steps -After you've created and assigned tags, you can use them to filter your tenants. Go to any of the other pages (Users, Devices, Threat management, or Windows 365) and select one or more tags from the Tenant filter. You can create new tags to support specific views based on each page. +After you've created and assigned tags, you can use them to filter your tenants. Go to any of the other pages (Users, Devices, Threat management, or Windows 365) and select one or more tags from the Tenants filter. You can create new tags to support specific views based on each page. ## Related content |
lighthouse | M365 Lighthouse Tenants Page Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview.md | The Tenants page also includes the following options: ## Tenant list -The tenant list provides insights into the different customer tenants that you have a contract with, including their Lighthouse management status. The tenant list also lets you tag tenants to provide different filters throughout Lighthouse, and drill down to learn more about a given tenant and the status of its deployment plan. +The tenant list provides insights into the different customer tenants that you have a contract with, including their Lighthouse management status. The tenant list also lets you tag tenants to provide different filters throughout Lighthouse, manage services for tenants in the applicable admin center, and drill down to learn more about a given tenant and the status of its deployment plan. After your customer tenants meet the [Lighthouse onboarding requirements](m365-lighthouse-requirements.md), their status will show as **Active** in the tenant list. The tenant list lets you: +- Access applicable admin centers to manage services for your customer tenants. - Automatically sort tenants by active, inactive, and ineligible. - Export the tenant list. - Assign and manage tags. - Search for tenants by name. - Filter tenants by status, delegated admin privilege (DAP), and tags. -To inactivate a tenant or view and manage tags, select the three dots (more actions) next to the tenant name. You can view individual tenants by either selecting the tenant name or by selecting one of the tags assigned to the tenant. +To inactivate a tenant, manage tenant services, or view and manage tags, select the three dots (more actions) next to the tenant name. You can view individual tenants by either selecting the tenant name or by selecting one of the tags assigned to the tenant. ++> [!TIP] +> You can also use the Tenants filter at the top of any page in Lighthouse to select a tenant and then access applicable admin centers to manage services for that tenant. For information on how to add customer tenants, see [Add and manage multiple tenants in your Partner Center account](/partner-center/multi-tenant-account). |
security | Tamper Resiliency | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/tamper-resiliency.md | Attackers can be preventing from discovering existing antivirus exclusions by en When tampering is detected, an alert is raised. Some of the alert titles for tampering are: +- Attempt to bypass Microsoft Defender for Endpoint client protection +- Attempt to stop Microsoft Defender for Endpoint sensor +- Attempt to tamper with Microsoft Defender on multiple devices +- Attempt to turn off Microsoft Defender Antivirus protection +- Defender detection bypass +- Driver-based tampering attempt blocked +- Image file execution options set for tampering purposes +- Microsoft Defender Antivirus protection turned off +- Microsoft Defender Antivirus tampering +- Modification attempt in Microsoft Defender Antivirus exclusion list +- Pending file operations mechanism abused for tampering purposes - Possible Antimalware Scan Interface (AMSI) tampering+- Possible remote tampering +- Possible sensor tampering in memory - Potential attempt to tamper with MDE via drivers+- Security software tampering +- Suspicious Microsoft Defender Antivirus exclusion - Tamper protection bypass+- Tampering activity typical to ransomware attacks +- Tampering with Microsoft Defender for Endpoint sensor communication +- Tampering with Microsoft Defender for Endpoint sensor settings - Tampering with the Microsoft Defender for Endpoint sensor-- Possible tampering with protected processes+ If the [Block abuse of exploited vulnerable signed drivers](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-abuse-of-exploited-vulnerable-signed-drivers) attack surface reduction (ASR) rule is triggered, the event is viewable in the [ASR Report](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report) and in [Advanced Hunting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize#asr-rules-advanced-hunting) |
security | Microsoft 365 Security Center Mdi | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-mdi.md | The table below lists the changes in navigation between Microsoft Defender for I | **Defender for** Identity | **Microsoft 365 Defender** | | -- | | | **Timeline** |- Microsoft 365 Defender Alerts/Incidents queue |-| **Reports** |- Lateral movement path and passwords exposed in cleartext reports are covered by the [Identity security posture assessments](/defender-for-identity/security-assessment#assessment-reports) (ISPM)<br><br>- Health issues are available in **Settings** -> **Identities** -> **Health issues**<br><br>- View a summary of alerts by exporting the alerts queue or from the **Advanced hunting** page, which provides 30 days of data<br><br>- Modify sensitive groups from the **Advanced hunting** page<br><br>**Tip**: Use the **Advanced hunting** page to create customized reports in Microsoft 365 Defender. | +| **Reports** |The following types of reports are available from the **Settings > Identities > Report management** page in Microsoft 365 Defender, either for immediate download or scheduled for a periodic email delivery: <br><br>- A summary report of alerts and health issues you should take care of. <br>- A list of each time a modification is made to sensitive groups. <br>- A list of source computer and account passwords that are detected as being sent in clear text.<br>- A list of the sensitive accounts exposed in lateral movement paths. <br><br>For more information, see [Report management](/defender-for-identity/reports). | | **Identity page** | Microsoft 365 Defender user details page | | **Device page** | Microsoft 365 Defender device details page | | **Group page** | Microsoft 365 Defender groups side pane | |
security | Protect Against Threats | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/protect-against-threats.md | Here's a quick-start guide that breaks the configuration of Defender for Office > [!IMPORTANT] > **Initial recommended settings are included for each kind of policy; however, many options are available, and you can adjust your settings to meet your specific organization's needs**. Allow approximately 30 minutes for your policies or changes to work their way through your datacenter. >-> To skip manual configuration of most policies in Defender for Office 365, you can use preset security policies at the Standard or Strict level. For more information, see [Preset security policies in EOP and Microsoft Defender for Office 365](preset-security-policies.md). +> To skip manual configuration of policies in Defender for Office 365, you can use preset security policies at the Standard or Strict level. For more information, see [Preset security policies in EOP and Microsoft Defender for Office 365](preset-security-policies.md). Unless you have a very large or complex environment, preset security policies are the best way to start. ## Requirements Threat protection features are included in *all* Microsoft or Office 365 subscri ||| |Audit logging (for reporting purposes)|[Exchange Online](/office365/servicedescriptions/exchange-online-service-description/exchange-online-service-description)| |Anti-malware protection|[Exchange Online Protection](/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description) (**EOP**)|-|Anti-phishing protection|[EOP](/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description)| +|Anti-phishing protection ([spoof intelligence](anti-spoofing-spoof-intelligence.md))|[EOP](/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description)| +|Anti-phishing protection ([impersonation protection](anti-phishing-policies-about.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365))|[Microsoft Defender for Office 365](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description)| |Anti-spam protection|[EOP](/office365/servicedescriptions/exchange-online-protection-service-description/exchange-online-protection-service-description)| |Protection from malicious URLs and files in email and Office documents (Safe Links and Safe Attachments)|[Microsoft Defender for Office 365](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description)| To configure Defender for Office 365 policies, you must be assigned an appropria |Role or role group|Where to learn more| |||-|global administrator|[About Microsoft 365 admin roles](../../admin/add-users/about-admin-roles.md)| -|Security Administrator|[Azure AD built-in roles](/azure/active-directory/roles/permissions-reference#security-administrator) +|Global Administrator in Azure AD|[About Microsoft 365 admin roles](../../admin/add-users/about-admin-roles.md)| +|Organization Management in Email & collaboration role groups|[Role groups in Microsoft Defender for Office 365](scc-permissions.md#role-groups-in-microsoft-defender-for-office-365-and-microsoft-purview-compliance)| +|Security Administrator in Azure AD|[Azure AD built-in roles](/azure/active-directory/roles/permissions-reference#security-administrator) +|Security Administrator in Email & collaboration role groups|[Role groups in Microsoft Defender for Office 365](scc-permissions.md#role-groups-in-microsoft-defender-for-office-365-and-microsoft-purview-compliance)| |Exchange Online Organization Management|[Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo)| To learn more, see [Permissions in the Microsoft 365 Defender portal](mdo-portal-permissions.md). ### Turn on audit logging for reporting and investigation -- Start your audit logging early. You'll need auditing to be **ON** for some of the following steps. Audit logging is available in subscriptions that include [Exchange Online](/office365/servicedescriptions/exchange-online-service-description/exchange-online-service-description). In order to view data in threat protection reports, [email security reports](reports-email-security.md), and [Explorer](threat-explorer-about.md), audit logging must be *On*. To verify that audit logging is turned on or to turn it on, see [Turn auditing on or off](../../compliance/audit-log-enable-disable.md).+- Audit logging is turned on by default for Microsoft 365 and Office 365 enterprise organizations. To view data in threat protection reports, [email security reports](reports-email-security.md), and [Explorer](threat-explorer-about.md), audit logging must be *On*. To verify that audit logging is turned on or to turn it on, see [Turn auditing on or off](../../compliance/audit-log-enable-disable.md). ## Part 1 - Anti-malware protection in EOP For more information about the recommended settings for anti-malware, see [EOP a 1. Open the **Anti-malware** page in the Microsoft 365 Defender portal at <https://security.microsoft.com/antimalwarev2>. -2. On the **Anti-malware** page, select the policy named **Default (Default)** by clicking on the name. +2. On the **Anti-malware** page, select the policy named **Default (Default)** by clicking anywhere in the row other than the check box next to the name. -3. In the policy details flyout that opens, click **Edit protection settings**, and then configure the following settings: +3. In the policy details flyout that opens, select **Edit protection settings** in the **Protection settings** section, and then configure the following settings in the **Edit protection settings** flyout that opens: - **Protection settings** section:- - **Enable the common attachments filter**: Select (turn on). Click **Customize file types** to add more file types. + - **Enable the common attachments filter**: Select (turn on). Select **Select file types** to add more file types. + - **When these file types are found**: Verify **Reject the message with a non-delivery report (NDR)** is selected. - **Enable zero-hour auto purge for malware**: Verify this setting is selected. For more information about ZAP for malware, see [Zero-hour auto purge (ZAP) for malware](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-for-malware). - **Quarantine policy**: Leave the default value AdminOnlyAccessPolicy selected. Quarantine policies define what users are able to do to quarantined messages, and whether users receive quarantine notifications. For more information, see [Anatomy of a quarantine policy](quarantine-policies.md#anatomy-of-a-quarantine-policy). - **Notification** section: Verify that none of the notification settings are selected. - When you're finished, click **Save**. + When you're finished in the **Edit protection settings** flyout, select **Save**. -4. Back on the policy details flyout, click **Close**. +4. Back on the policy details flyout, select **Close**. For detailed instructions for configuring anti-malware policies, see [Configure anti-malware policies in EOP](anti-malware-policies-configure.md). The following procedure describes how to configure the default anti-phishing pol 2. On the **Anti-phishing** page, select the policy named **Office365 AntiPhish Default (Default)** by clicking on the name. 3. In the policy details flyout that appears, configure the following settings:- - **Phishing threshold & protection** section: Click **Edit protection settings** and configure the following settings in the flyout that opens: + - **Phishing threshold & protection** section: Select **Edit protection settings** and configure the following settings in the flyout that opens: - **Phishing email threshold**<sup>\*</sup>: Select **2 - Aggressive** (Standard) or **3 - More Aggressive** (Strict). - **Impersonation** section<sup>\*</sup>: Configure the following values:- - Select **Enable users to protect**, click the **Manage (nn) sender(s)** link that appears, and then add internal and external senders to protect from impersonation, such as your organization's board members, your CEO, CFO, and other senior leaders. + - Select **Enable users to protect**, select the **Manage (nn) sender(s)** link that appears, and then add internal and external senders to protect from impersonation, such as your organization's board members, your CEO, CFO, and other senior leaders. - Select **Enable domains to protect**, and then configure the following settings that appear: - Select **Include domains I own** to protect internal senders in your accepted domains (visible by clicking **View my domains**) from impersonation.- - To protect senders in other domains, select **Include custom domains**, click the **Manage (nn) custom domain(s)** link that appears, and then add other domains to protect from impersonation. - - **Add trusted senders and domains** section<sup>\*</sup>: Click **Manage (nn) trusted sender(s) and domains(s)** to configure sender and sender domain exceptions to impersonation protection if needed. + - To protect senders in other domains, select **Include custom domains**, select the **Manage (nn) custom domain(s)** link that appears, and then add other domains to protect from impersonation. + - **Add trusted senders and domains** section<sup>\*</sup>: Select **Manage (nn) trusted sender(s) and domains(s)** to configure sender and sender domain exceptions to impersonation protection if needed. - Mailbox intelligence settings<sup>\*</sup>: Verify that **Enable mailbox intelligence** and **Enable intelligence for impersonation protection** are selected. - **Spoof** section: Verify **Enable spoof intelligence** is selected. - When you're finished, click **Save**. + When you're finished, select **Save**. - - **Actions** section: Click **Edit actions** and configure the following settings in the flyout that opens: + - **Actions** section: Select **Edit actions** and configure the following settings in the flyout that opens: - **Message actions** section: Configure the following settings: - **If a message is detected as user impersonation**<sup>\*</sup>: Select **Quarantine the message**. Select nothing in the **Apply quarantine policy** box that appears to use the default [quarantine policy](quarantine-policies.md#anatomy-of-a-quarantine-policy) that applies to messages that are quarantined by user impersonation protection. - **If a message is detected as domain impersonation**<sup>\*</sup>: Select nothing in the **Apply quarantine policy** box that appears to use the default [quarantine policy](quarantine-policies.md#anatomy-of-a-quarantine-policy) that applies to messages that are quarantined by user domain impersonation protection. The following procedure describes how to configure the default anti-phishing pol - **Show (?) for unauthenticated senders for spoof**: Select (turn on). - **Show "via" tag**: Select (turn on). - When you're finished, click **Save**. + When you're finished, select **Save**. <sup>\*</sup> This setting is available only in Defender for Office 365. -4. Click **Save** and then click **Close** +4. Select **Save** and then select **Close** For detailed instructions for configuring anti-phishing policies, see [Configure anti-phishing policies in EOP](anti-phishing-policies-eop-configure.md) and [Configure anti-phishing policies in Microsoft Defender for Office 365](anti-phishing-policies-mdo-configure.md). For more information about the recommended settings for anti-spam, see [EOP anti 2. On the **Anti-spam policies** page, select the policy named **Anti-spam inbound policy (Default)** from the list by clicking on the name. 3. In the policy details flyout that appears, configure the following settings:- - **Bulk email threshold & spam properties** section: Click **Edit spam threshold and properties**. In the flyout that appears, configure the following settings: + - **Bulk email threshold & spam properties** section: Select **Edit spam threshold and properties**. In the flyout that appears, configure the following settings: - **Bulk email threshold**: Set this value to 5 (Strict) or 6 (Standard). - Leave other settings at their default values (**Off** or **None**). - When you're finished, click **Save**. + When you're finished, select **Save**. - - **Actions** section: Click **Edit actions**. In the flyout that appears, configure the following settings: + - **Actions** section: Select **Edit actions**. In the flyout that appears, configure the following settings: - **Message actions** section: - **Spam**: Verify **Move message to Junk Email folder** is selected (Standard) or select **Quarantine message** (Strict). - **High confidence spam**: Select **Quarantine message**. For more information about the recommended settings for anti-spam, see [EOP anti - **Enable for phishing messages**: Verify this setting is selected (turned on). For more information, see [Zero-hour auto purge (ZAP) for phishing](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-for-phishing). - **Enable for spam messages**: Verify this setting is selected (turned on). For more information, see [Zero-hour auto purge (ZAP) for spam](zero-hour-auto-purge.md#zero-hour-auto-purge-zap-for-spam). - When you're finished, click **Save**. + When you're finished, select **Save**. - **Allowed and blocked senders and domains** section: Review or edit your allowed senders and allowed domains as described in [Create blocked sender lists in EOP](create-block-sender-lists-in-office-365.md) or [Create safe sender lists in EOP](create-safe-sender-lists-in-office-365.md). - When you're finished, click **Save**. + When you're finished, select **Save**. -4. When you're finished, click **Close**. +4. When you're finished, select **Close**. For detailed instructions for configuring anti-spam policies, see [Configure anti-spam policies in EOP](anti-spam-policies-configure.md). ## Part 4 - Protection from malicious URLs and files (Safe Links and Safe Attachments in Defender for Office 365) -Time-of-click protection from malicious URLs and files is available in subscriptions that include [Microsoft Defender for Office 365](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description). It's set up through [Safe Attachments](safe-attachments-about.md) and [Safe Links](safe-links-about.md) policies. +Time of click protection from malicious URLs and files is available in subscriptions that include [Microsoft Defender for Office 365](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description). It's set up through [Safe Attachments](safe-attachments-about.md) and [Safe Links](safe-links-about.md) policies. ### Safe Attachments policies in Microsoft Defender for Office 365 -For more information about the recommended settings for Safe Attachments, see .[Safe Attachments settings](recommended-settings-for-eop-and-office365.md#safe-attachments-settings). +For more information about the recommended settings for Safe Attachments, see [Safe Attachments settings](recommended-settings-for-eop-and-office365.md#safe-attachments-settings). 1. Open the **Safe Attachments** page in the Microsoft 365 Defender portal at <https://security.microsoft.com/safeattachmentv2>. -2. On the **Safe Attachments** page, click **Global settings**, and then configure the following settings on the flyout that appears: +2. On the **Safe Attachments** page, select **Global settings**, and then configure the following settings on the flyout that appears: - **Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams**: Turn on this setting (![Toggle on.](../../media/scc-toggle-on.png)). > [!IMPORTANT] For more information about the recommended settings for Safe Attachments, see .[ - **Turn on Safe Documents for Office clients**: Turn on this setting (![Toggle on.](../../medi). - **Allow people to click through Protected View even if Safe Documents identified the file as malicious**: Verify this setting is turned off (![Toggle off.](../../media/scc-toggle-off.png)). - When you're finished, click **Save** + When you're finished, select **Save** -3. Back on the **Safe Attachments** page, click ![Create icon.](../../media/m365-cc-sc-create-icon.png). +3. Back on the **Safe Attachments** page, select ![Create icon.](../../media/m365-cc-sc-create-icon.png). 4. In the **Create Safe Attachments policy** wizard that opens, configure the following settings: - **Name your policy** page: For more information about the recommended settings for Safe Attachments, see .[ - **Redirect attachment with detected attachments** : **Enable redirect**: Turn this setting on (select) and enter an email address to receive detected messages. - **Apply the Safe Attachments detection response if scanning can't complete (timeout or errors)**: Verify this setting is selected. -5. When you're finished, click **Submit**, and then click **Done**. +5. When you're finished, select **Submit**, and then select **Done**. 6. (Recommended) As a global administrator or a SharePoint Online administrator, run the **[Set-SPOTenant](/powershell/module/sharepoint-online/Set-SPOTenant)** cmdlet with the *DisallowInfectedFileDownload* parameter set to `$true` in SharePoint Online PowerShell. - `$true` blocks all actions (except Delete) for detected files. People can't open, move, copy, or share detected files. For detailed instructions for configuring Safe Attachments policies and global s For more information about the recommended settings for Safe Links, see [Safe Links policy settings](recommended-settings-for-eop-and-office365.md#safe-links-policy-settings). -1. Open the **Safe Links** page in the Microsoft 365 Defender portal at <https://security.microsoft.com/safelinksv2>, and then click ![Create icon.](../../media/m365-cc-sc-create-icon.png). +1. Open the **Safe Links** page in the Microsoft 365 Defender portal at <https://security.microsoft.com/safelinksv2>, and then select ![Create icon.](../../media/m365-cc-sc-create-icon.png). 2. In the **Create Safe Links policy** wizard that opens, configure the following settings: - **Name your policy** page: For more information about the recommended settings for Safe Links, see [Safe Li - **Notification** page: - **How would you like to notify users?** section: Optionally, you can select **Use custom notification text** to enter customized notification text to use. You can also select **Use Microsoft Translator for automatic localization** to translate the custom notification text into the user's language. Otherwise, leave **Use the default notification text** selected. -3. When you're finished, click **Submit**, and then click **Done**. +3. When you're finished, select **Submit**, and then select **Done**. For detailed instructions for configuring Safe Links policies and global settings for Safe Links, see [Set up Safe Links policies in Microsoft Defender for Office 365](safe-links-policies-configure.md). To receive notification when a file in SharePoint Online or OneDrive for Busines 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Email & collaboration** \> **Polices & rules** \> **Alert policy**. -2. On the **Alert policy** page, click **New alert policy**. +2. On the **Alert policy** page, select **New alert policy**. 3. The **New alert policy** wizard opens. On the **Name** page, configure the following settings: - **Name**: Enter a unique and descriptive name. For example, you could type Malicious Files in Libraries. To receive notification when a file in SharePoint Online or OneDrive for Busines - **Severity**: Select **Low**, **Medium** or **High**. - **Category**: Select **Threat management**. - When you're finished, click **Next** + When you're finished, select **Next** 4. On the **Create alert settings** page, configure the following settings: - **What do you want to alert on?** section: **Activity is** \> **Detected malware in file**. - **How do you want the alert to be triggered** section: Verify **Every time an activity matches the rule** is selected. - When you're finished, click **Next** + When you're finished, select **Next** 5. On the **Set your recipients** page, configure the following settings: - **Send email notifications**: Verify this setting is selected. - **Email recipients**: Select one or more global administrators, security administrators, or security readers who should receive notification when a malicious file is detected. - **Daily notification limit**: Verify **No limit** is selected. - When you're finished, click **Next** + When you're finished, select **Next** -6. On the **Review your settings** page, review your settings, verify **Yes, turn it on right away** is selected, and then click **Finish** +6. On the **Review your settings** page, review your settings, verify **Yes, turn it on right away** is selected, and then select **Finish** To learn more about alert policies, see [Alert policies in the Microsoft Purview compliance portal](../../compliance/alert-policies.md). |
security | Quarantine Admin Manage Messages Files | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files.md | You can sort the entries by clicking on an available column header. Select :::im - **Time received**<sup>\*</sup> - **Subject**<sup>\*</sup> - **Sender**<sup>\*</sup>-- **Quarantine reason**<sup>\*</sup>-- **Release status**<sup>\*</sup>-- **Policy type**<sup>\*</sup>+- **Quarantine reason**<sup>\*</sup> (see the possible values in the :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** description.) +- **Release status**<sup>\*</sup> (see the possible values in the :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** description.) +- **Policy type**<sup>\*</sup> (see the possible values in the :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** description.) - **Expires**<sup>\*</sup> - **Recipient** - **Message ID** To filter the entries, select :::image type="icon" source="../../media/m365-cc-s - **Malware**: Anti-malware policies in EOP or Safe Attachments policies in Defender for Office 365. The **Policy Type** value indicates which feature was used. - **Phishing**: The spam filter verdict was **Phishing** or anti-phishing protection quarantined the message ([spoof settings](anti-phishing-policies-about.md#spoof-settings) or [impersonation protection](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)). - **High confidence phishing**+ - **Admin action - File type block**: Messages blocked as malware by the common attachments filter in anti-malware policies. For more information, see [Anti-malware policies](anti-malware-protection-about.md#anti-malware-policies). - **Recipient**: **All users** or **Only me**. End users can only manage quarantined messages sent to them. - **Release status**: Any of the following values: - **Needs review** To filter the entries, select :::image type="icon" source="../../media/m365-cc-s - **Released** - **Preparing to release** - **Error**-- **Policy Type**: Filter messages by policy type:+- **Policy type**: Filter messages by policy type: - **Anti-malware policy** - **Safe Attachments policy** - **Anti-phishing policy** - **Anti-spam policy** - **Transport rule** (mail flow rule) -When you're finished in the **Filters** flyout, select **Apply**. To clear the filters, select :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**. + The **Policy type** and **Quarantine reason** values are interrelated. For example, **Bulk** is always associated with an **Anti-spam policy**, never with an **Anti-malware policy**. ++When you're finished on the **Filters** flyout, select **Apply**. To clear the filters, select :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**. Use the :::image type="icon" source="../../media/m365-cc-sc-search-icon.png" border="false"::: **Search** box and a corresponding value to find specific messages. Wildcards aren't supported. You can search by the following values: |
security | Quarantine End User | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-end-user.md | description: Users can learn how to view and manage quarantined messages in Exch adobe-target: true Previously updated : 6/19/2023 Last updated : 6/30/2023 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> You can sort the entries by clicking on an available column header. Select :::im - **Time received**<sup>\*</sup> - **Subject**<sup>\*</sup> - **Sender**<sup>\*</sup>-- **Quarantine reason**<sup>\*</sup>-- **Release status**<sup>\*</sup>-- **Policy type**<sup>\*</sup>+- **Quarantine reason**<sup>\*</sup> (see the possible values in the :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** description.) +- **Release status**<sup>\*</sup> (see the possible values in the :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** description.) +- **Policy type**<sup>\*</sup> (see the possible values in the :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** description.) - **Expires**<sup>\*</sup> - **Recipient**<sup>\*</sup> - **Message ID** To filter the entries, select :::image type="icon" source="../../media/m365-cc-s - **Malware**: Anti-malware policies in EOP or Safe Attachments policies in Defender for Office 365. The **Policy Type** value indicates which feature was used. - **Phishing**: The spam filter verdict was **Phishing** or anti-phishing protection quarantined the message ([spoof settings](anti-phishing-policies-about.md#spoof-settings) or [impersonation protection](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)). - **High confidence phishing**+ - **Admin action - File type block**: Messages blocked as malware by the common attachments filter in anti-malware policies. For more information, see [Anti-malware policies](anti-malware-protection-about.md#anti-malware-policies). - **Recipient**: **All users** or **Only me**. End users can only manage quarantined messages sent to them. - **Release status**: Any of the following values: - **Needs review** To filter the entries, select :::image type="icon" source="../../media/m365-cc-s - **Anti-spam policy** - **Transport rule** (mail flow rule) -When you're finished in the **Filters** flyout, select **Apply**. To clear the filters, select :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**. + The **Policy type** and **Quarantine reason** values are interrelated. For example, **Bulk** is always associated with an **Anti-spam policy**, never with an **Anti-malware policy**. ++When you're finished on the **Filters** flyout, select **Apply**. To clear the filters, select :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**. Use the :::image type="icon" source="../../media/m365-cc-sc-search-icon.png" border="false"::: **Search** box and a corresponding value to find specific messages. Wildcards aren't supported. You can search by the following values: |
security | Reports Defender For Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-defender-for-office-365.md | The details table below the chart provides the following near-real-time view of - **URL** - **Action** - **App**+- **Tags**: For more information about user tags, see [User tags](user-tags-about.md). Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** to modify the report and the details table by selecting one or more of the following values in the flyout that opens: Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" bord - **Evaluation**: Select **Yes** or **No**. For more information, see [Try Microsoft Defender for Office 365](try-microsoft-defender-for-office-365.md). - **Domains (separated by commas)**: The URL domains listed in the report results. - **Recipients (separated by commas)**+- **Tag**: **All** or the specified user tag (including priority accounts). When you're finished configuring the filters, select **Apply**, **Cancel**, or :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**. The details table below the chart provides the following near-real-time view of - **URL** - **Action**: The same URL click protection actions as previously described for the [View data by URL click protection action](#view-data-by-url-click-protection-action-in-the-url-protection-report) view. - **App**+- **Tags**: For more information about user tags, see [User tags](user-tags-about.md). Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" border="false"::: **Filter** to modify the report and the details table by selecting one or more of the following values in the flyout that opens: Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" bord - **Evaluation**: Select **Yes** or **No**. For more information, see [Try Microsoft Defender for Office 365](try-microsoft-defender-for-office-365.md). - **Domains (separated by commas)**: The URL domains listed in the report results. - **Recipients (separated by commas)**+- **Tag**: **All** or the specified user tag (including priority accounts). When you're finished configuring the filters, select **Apply**, **Cancel**, or :::image type="icon" source="../../media/m365-cc-sc-clear-filters-icon.png" border="false"::: **Clear filters**. |
security | Reports Email Security | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-email-security.md | Select :::image type="icon" source="../../media/m365-cc-sc-filter-icon.png" bord - **Date (UTC)** **Start date** and **End date** - **Detection**: The same values as in the chart.+- **Bulk complaint level**: When the **Detection** value **Bulk** is selected, the slider is available to filter the report by the selected BCL range. You can use this information to confirm or adjust the BCL threshold in anti-spam policies to allow more or less bulk email into your organization. ++ If the **Detection** value **Bulk** isn't selected, the slider is grayed-out and bulk detections aren't included in the report. + - **Priority account protection**: **Yes** and **No**. For more information, see [Configure and review priority account protection in Microsoft Defender for Office 365](priority-accounts-turn-on-priority-account-protection.md). - **Direction**: - **All** |