+The task before you is thisΓÇölet Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following missions which will help you fortify your environment, train your team, and safeguard managed devices. The missions are organized as follows:

+- **[Fortify your environment](m365bp-setup-overview.md)** (tasks your admin does);

+- **[Train your team](m365bp-devices-overview.md)** (tasks that all staff members do); and

+- **[Safeguard managed devices](m365bp-protect-devices.md)** (tasks your admin or security team does).

+Completing all the missions is the most effective way to thwart hackers, protect against ransomware, and help ensure your organizationΓÇÖs future is safeguarded with the best cybersecurity defenses. Let's get started.

+Use the following tabs to learn about each mission and how to set up Microsoft 365 Business Premium security.

+## [**Fortify your environment**](#tab/Fortify)

+## Fortify your environment

+In these first missions, you sign in and set up your initial walls of defense, starting with account access protections.

+1. [**Set up your environment**](m365bp-setup-overview.md). Complete the basis setup process for Microsoft 365 for your company.

+2. [**Bump up cybersecurity protections**](m365bp-security-overview.md). Set up critical front-line security measures to prevent cyberattacks.

+Click (or tap) the infographic to see a larger version, or [Download a copy of the Cybersecurity playbook poster](https://download.microsoft.com/download/9/c/1/9c167271-8209-492e-acc2-38a39d1834c2/m365bp-cybersecurity-playbook.pdf)!

+[Get the PDF](https://download.microsoft.com/download/9/c/1/9c167271-8209-492e-acc2-38a39d1834c2/m365bp-cybersecurity-playbook.pdf).

+## How Microsoft 365 Business Premium helps your business

+Microsoft 365 Business Premium is a comprehensive security and collaboration solution for small and medium businesses. [Learn more about the benefits of Microsoft 365 Business Premium](m365bp-secure-users.md).

+## [**Train your team**](#tab/Train)

+## Train your team

+1. [**Set up BYOD devices**](m365bp-protect-pcs-macs.md). In this mission, you set up all the unmanaged (BYOD) devices so they are safely part of the ecosystem.

+2. [**Protect email**](m365bp-protect-email-overview.md). Take the necessary steps to protect the email systems from attack.

+3. [**Collaborate and share securely**](m365bp-collaborate-share-securely.md). The objectives of this mission require you to set up secure file sharing for all members of the organization.

+Click (or tap) the infographic to see a larger version, or [Download a copy of the Cybersecurity playbook poster](https://download.microsoft.com/download/9/c/1/9c167271-8209-492e-acc2-38a39d1834c2/m365bp-cybersecurity-playbook.pdf)!

+[Get the PDF](https://download.microsoft.com/download/9/c/1/9c167271-8209-492e-acc2-38a39d1834c2/m365bp-cybersecurity-playbook.pdf).

+## How Microsoft 365 Business Premium helps your business

+Microsoft 365 Business Premium is a comprehensive security and collaboration solution for small and medium businesses. [Learn more about the benefits of Microsoft 365 Business Premium](m365bp-secure-users.md).

+> If a term or directive is unclear, see the [glossary of terms](m365bp-glossary.yml).

+## [**Safeguard managed devices**](#tab/Safeguard)

+## Safeguard managed devices

+Managed devices are safer because they are monitored for threat detections. In this last critical mission, you onboard and enroll devices in Defender for Business, so they are secured and protected with the best tools available.

+- [**Set up and secure managed devices**](m365bp-protect-devices.md). Take the steps to secure those devices so they are monitored and protected by the organization!

+Click (or tap) the infographic to see a larger version, or [Download a copy of the Cybersecurity playbook poster](https://download.microsoft.com/download/9/c/1/9c167271-8209-492e-acc2-38a39d1834c2/m365bp-cybersecurity-playbook.pdf)!

+[Get the PDF](https://download.microsoft.com/download/9/c/1/9c167271-8209-492e-acc2-38a39d1834c2/m365bp-cybersecurity-playbook.pdf).

+## How Microsoft 365 Business Premium helps your business

+Microsoft 365 Business Premium is a comprehensive security and collaboration solution for small and medium businesses. [Learn more about the benefits of Microsoft 365 Business Premium](m365bp-secure-users.md).

+## How your staff will sign in

+## Customize your sign-in page with a privacy and consent notice

+## Customize the text on your sign-in page

+## Visual guide: Help protect yourself and your campaign from digital threats

+To help your staff learn about steps to protect your campaign from cyber threats, use this downloadable guide:

+[](https://download.microsoft.com/download/f/c/5/fc58bc0c-773a-4ac8-a232-6f986f61ef58/M365CampaignsWhatCanUsersDoToSecure.pdf)

+[PDF](https://download.microsoft.com/download/f/c/5/fc58bc0c-773a-4ac8-a232-6f986f61ef58/M365CampaignsWhatCanUsersDoToSecure.pdf) | [PowerPoint](https://download.microsoft.com/download/f/c/5/fc58bc0c-773a-4ac8-a232-6f986f61ef58/M365CampaignsWhatCanUsersDoToSecure.pptx)

+- [Create Teams for collaboration](create-teams-for-collaboration.md).

+- [Set up meetings](set-up-meetings.md).

+- [Share files and videos](share-files-and-videos.md).

+- [Create a communication site](create-communications-site.md).

+After you complete these objectives, start your final mission: [Safeguard managed devices](m365bp-protect-devices.md).

+Every device is a possible attack avenue into your network and must be monitored and managed properly, even those devices that are personally owned but used for work. In this critical mission, you set up protection for all the bring-your-own devices (BYODs), which are those that are most risky to your organization due to being unmanaged. It's important to help everyone get their devices protected as soon as possible.

+- [Get everyone to set up MFA](m365bp-multifactor-authentication.md).

+- [Get Office apps installed on devices](m365bp-install-office-apps.md).

+- [Protected unmanaged Windows and Mac devices](m365bp-protect-pcs-macs.md).

+In this objective, you increase your threat protection with Microsoft 365 Business Premium. It's critical to protect your business against phishing, malware, and other threats. This article includes information about:

+- [Custom security policies](#create-custom-security-policies) that you can define to suit your business needs.

+- [How to adjust your sharing settings for SharePoint and OneDrive files and folders](#set-sharing-settings-for-sharepoint-and-onedrive-files-and-folders).

+|**Application manager** | Assign the Application manager role to users who manage the application lifecycle for mobile apps, configure policy-managed apps, and view device info and configuration profiles. |

+|**Help desk operator** | Assign the help desk operator role to users who assign apps and policies to users and devices. |

+|**Intune role administrator** | Assign the Intune role administrator to users who can assign Intune permissions to other admins and can manage custom and built in Intune roles. |

+|**Policy and profile manager** | Assign the policy and profile manager role to users manage compliance policy, configuration profiles and Apple enrollment. |

+|**Read only operator** | Assign the read only operator role to users who can only view users, devices, enrollment details and configurations. |

+|**School administrator** | Assign the school administrator role to users for full access to manage Windows 10-11 and iOS devices, apps, and configurations in Intune for Education. |

+|**Cloud PC Administrator** | A Cloud PC Administrator has read and write access to all Cloud PC features located within the Cloud PC blade. |

+|**Cloud PC Reader** | A Cloud PC Reader has read access to all Cloud PC features located within the Cloud PC blade. |

+As the users on your network change over time, a secure environment must be maintained. The missions you've completed so far have been about getting the system secured. But in addition to this, you also need to be able to safely and cleanly remove users from the system, thereby removing their access to all data and information. And, there are certain security management tasks to perform.

+- [Review the Microsoft 365 Business Premium security operations guide](m365bp-security-incident-quick-start.md).

+- [Remove user accounts](m365bp-review-remediation-actions-devices.md).

+- [Add new users](m365bp-add-users.md).

+- [Reset passwords (as needed)](m365bp-reset-passwords.md).

+- [Remove company data from devices (when necessary)](../admin/devices/remove-company-data.md).

+- [Reset devices to factory settings (when needed)](../admin/devices/reset-devices-to-factory-settings.md).

+## See also

+[Security incident management](m365bp-security-incident-management.md)

+- [How to set up an another administrator account for emergencies](#create-other-admin-accounts).

+- [How to create an emergency admin account](#create-an-emergency-admin-account).

+- [How to create a user account for yourself](#create-a-user-account-for-yourself).

+- [How to protect admin accounts](#protect-admin-accounts).

+- [Additional recommendations](#additional-recommendations) and your [next objective](#next-objective).

+## Create other admin accounts

+Use admin accounts only for Microsoft 365 administration. Admins should have a separate user account for their regular use of Office apps, and only use their administrative account when necessary to manage accounts and devices, and while working on other admin functions. It's also a good idea to remove the Microsoft 365 license from your admin accounts so you don't have to pay for extra licenses.

+You'll want to set up at least one other Global admin account to give admin access to another trusted employee. You can also create separate admin accounts for user management (this role is called **User management administrator**). For more information, see [about admin roles](/office365/admin/add-users/about-admin-roles).

+> [!IMPORTANT]

+> Although we recommend setting up a set of admin accounts, you'll want to limit the number of global admins for your organization. In addition, we recommend adhering to the concept of least-privilege access, which means you grant access to only the data and operations needed to perform their jobs. [Learn more about the principle of least privilege](/azure/active-directory/develop/secure-least-privileged-access).

+To create more admin accounts:

+ 2. On the **Active users** page, select **Add a user** at the top of the page.

+ 3. In the **Add a user** panel, enter basic information such as name and username information.

+ 4. Enter and set up **Product licenses** information.

+ 5. In **Optional settings**, define the role of the user, including adding Admin center access if appropriate.

+ 6. Finish and review your settings and select **Finish adding** to confirm the details.

+You should also create a backup account that isn't set up with multi-factor authentication (MFA) so you don't accidentally lock yourself out (for example, if you lose your phone that you're using as a second form of verification). Make sure that the password for this account is a phrase or at least 16 characters long. This emergency admin account is often referred to as a "break-glass account."

+If you're an admin, you'll need a user account for regular work tasks, such as checking mail. Name your accounts so that you know which is which. For example, your admin credentials might be similar to *Alice.Chavez<span></span>@Contoso.org*, and your regular user account might be similar to *Alice<span></span>@Contoso.com*.

+2. On the **Active users** page, select **Add a user** at the top of the page, and on the **Add a user** panel, enter the name and other information.

+3. In the **Product Licenses** section, select the check box for **Microsoft 365 Business Premium (no administrative access)**.

+4. In the **Optional settings** section, leave the default radio button selected for **User (no admin center access)**.

+5. Finish and review your settings and select **Finish adding** to confirm the details.

+## Protect admin accounts

+To protect all your admin accounts, make sure to follow these recommendations:

+- Require all admin accounts to use passwordless authentication (such as Windows Hello or an authenticator app), or MFA. To learn more about why passwordless authentication is important, see the [Microsoft Security whitepaper: Passwordless protection](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2KEup).

+- Avoid using custom permissions for admins. Instead of granting permissions to specific users, assign permissions through roles in Azure Active Directory (Azure AD). And, grant access to only the data and operations needed to perform the task at hand. [Learn about least-privileged roles in Azure AD](/azure/active-directory/roles/delegate-by-task).

+- Use built-in roles for assigning permissions where possible. Azure role-based access control (RBAC) has several built-in roles that you can use. [Learn more about Azure AD built-in roles](/azure/active-directory/roles/permissions-reference).

+Welcome to your final critical mission. Here, you'll onboard and implement protection for all the managed devices in your organization. You'll want to onboard your devices to Defender for Business to help ensure your antivirus and anti-malware protection is always up to date, and set policies that help lock down your systems. You can also make sure Windows devices are protected and ready for Office deployment. When you're done, you can rest assured, knowing you've done what you can to protect your organization when these objectives have been achieved!

+Once these objectives have been achieved, your overall mission to protect your organization against cyberattacks and other cybersecurity threats is a success! Now, make sure to set up your response teams to deal with any situation that may arise while defending the integrity of the system. See your next steps!

+## Next steps

+1. [Set up a security operations process](m365bp-security-incident-quick-start.md).

+2. [Learn about security incident management](m365bp-security-incident-management.md).

+3. [Learn how to maintain your environment](m365bp-maintain-environment.md).

+As you probably already know, email can contain malicious attacks cloaked as harmless communications. Additionally, email systems are especially vulnerable, because email is handled by everyone in the organization, and safety relies on humans making consistently good decisions with those communications. In this mission, learn how members of the organizations can all help to keep the system safe from attackers.

+- [Protect against phishing and other attacks](m365bp-avoid-phishing-and-attacks.md).

+- [Set up encrypted email](send-encrypted-email.md).

+## [Windows 10 or 11](#tab/Windows10-11)

+## Windows 10 or 11

+### Turn on device encryption

+### Protect your device with Windows Security

+If you have Windows 10 or 11, you'll get the latest antivirus protection with Windows Security. When you start up Windows 10 for the first time, Windows Security is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and security threats. Windows Security uses real-time protection to scan everything you download or run on your PC.

+### Turn on Windows Defender Firewall

+You should always run Windows Defender Firewall even if you have another firewall turned on. Turning off Windows Defender Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access. See [Turn Windows Firewall on or off](https://support.microsoft.com/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off) for instructions.

+## [macOS](#tab/macOS)

+## macOS

+### Use FileVault to encrypt your Mac disk

+### Protect your Mac from malware

+### Turn on firewall protection

+- [How to use the Action center](#how-to-use-your-action-center).

+- [Types of remediation actions](#types-of-remediation-actions).

+# How Microsoft 365 Business Premium helps your business

+Microsoft 365 Business Premium is a cost-effective solution that empowers small and medium-sized businesses to work more efficiently and more securely than before. This article describes how Microsoft 365 Business Premium can help your business or campaign. This article includes the following sections:

+1. Get either [Microsoft 365 Business Premium](get-microsoft-365-business-premium.md) or [Microsoft 365 for Campaigns](get-microsoft-365-campaigns.md).

+3. [Bump up security](m365bp-security-overview.md).

+2. [Review detected threats and take action](m365bp-review-threats-take-action.md).

+3. [Review remediation actions](m365bp-review-remediation-actions-devices.md).

+4. [Respond to a compromised email account](../security/office-365-security/responding-to-a-compromised-email-account.md).

+ Title: "A security operations guide for Microsoft 365 Business Premium"

+If you're new to Microsoft 365 Business Premium, or if you don't already have a security operations guide in place, this article can serve as a starting point. If you already have a security operations guide, review it against the recommendations in this article.

+You can use this guidance to make decisions about security incident priorities and tasks your security team will perform in the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).

+| Suggested frequency | Tasks |

+|||

+| Daily | [Check your threat vulnerability](#check-your-threat-vulnerability).<br/>[Review pending actions in the Action center](#review-pending-actions-in-the-action-center).<br/>[Review devices with threat detections](#review-devices-with-threat-detections).<br/>[Learn about new incidents or alerts](#learn-about-new-incidents-or-alerts). |

+| Weekly | [Monitor and improve your Microsoft Secure score](#monitor-and-improve-your-microsoft-secure-score).<br/>[Review the secure score for devices](#review-the-secure-score-for-devices).<br/>[Improve your secure score for devices](#improve-your-secure-score-for-devices). |

+| Monthly | [Run reports](#run-reports).<br/>[Run a simulation tutorial](#run-a-simulation-tutorial).<br/>[Explore the Learning hub](#explore-the-learning-hub). |

+| As needed | [Use the Threat analytics dashboard](#use-the-threat-analytics-dashboard).<br/>[Run a scan or automated investigation](#run-a-scan-or-automated-investigation).<br/>[Remediate an item](#remediate-an-item). |

+The following sections provide more details about each task.

+- [Check your threat vulnerability](#check-your-threat-vulnerability).

+- [Review pending actions in the Action center](#review-pending-actions-in-the-action-center).

+- [Review devices with threat detections](#review-devices-with-threat-detections).

+- [Learn about new incidents or alerts](#learn-about-new-incidents-or-alerts).

+### Check your threat vulnerability

+In brief, you can get a snapshot of threat vulnerability by looking at the Vulnerability management dashboard. It reflects how vulnerable your organization is to cybersecurity threats. A high exposure score means your devices are more vulnerable to exploitation.

+1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Vulnerability management > Dashboard**.

+2. Take a look at your Organization exposure score. If it's in the acceptable or "High" range, you can move on. If it isn't, select **Improve score** to see more details and security recommendations to improve this score.

+Being aware of your exposure score helps you:

+- Quickly understand and identify high-level takeaways about the state of security in your organization

+- Detect and respond to areas that require investigation or action to improve the current state

+- Communicate with peers and management about the impact of security efforts

+### Review pending actions in the Action center

+As threats are detected, remediation actions come into play. Depending on the particular threat and how your security settings are configured, remediation actions might be taken automatically or only upon approval, which is why these should be monitored regularly. Examples of remediation actions include sending a file to quarantine, stopping a process from running, and removing a scheduled task. All remediation actions are tracked in the Action center.

+1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Action center**.

+2. Select the **Pending** tab to view and approve (or reject) any pending actions. Such actions can arise from antivirus or antimalware protection, automated investigations, manual response activities, or live response sessions.

+3. Select the **History** tab to view a list of completed actions.

+### Review devices with threat detections

+To find out if you have any devices that have had threats at them, do the following.

+1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Reports > General > Security report**.

+2. Scroll down to the Vulnerable devices row. If threats were detected on devices, you'll see that information in this row.

+### Learn about new incidents or alerts

+1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation menu, select **Incidents**. Incidents are displayed on the page with associated alerts.

+2. Select an alert to open its flyout pane, where you can learn more about the alert.

+3. In the flyout, you can see the alert title, view a list of assets (such as endpoints or user accounts) that were affected, take available actions, and use links to view more information and even open the details page for the selected alert.

+### Run a scan or automated investigation

+2. Select a device to open its flyout panel, and review the information that is displayed.

+3. Select the ellipsis (...) to open the actions menu.

+4. Select an action, such as **Run antivirus scan** or **Initiate Automated Investigation**.

+- [Monitor and improve your Microsoft Secure score](#monitor-and-improve-your-microsoft-secure-score).

+- [Review the secure score for devices](#review-the-secure-score-for-devices).

+- [Improve your secure score for devices](#improve-your-secure-score-for-devices).

+### Monitor and improve your Microsoft Secure score

+1. To check your secure score, in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane choose **Secure score**.

+2. Review and make decisions about the remediations and actions in order to improve your overall Microsoft secure score.

+1. To check your secure score, in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane select **Secure score**.

+2. From the **Microsoft Secure Score for Devices** card in the Defender Vulnerability Management dashboard, select one of the categories. A list of recommendations related to that category displays, along with recommendations.

+3. Select an item on the list to display details related to the recommendation.

+4. Select **Remediation options**.

+5. Read the description to understand the context of the issue and what to do next. Choose a due date, add notes, and select Export all remediation activity data to CSV so you can attach it to an email for follow-up. A confirmation message tells you the remediation task has been created.

+6. Send a follow-up email to your IT Administrator and allow for the time that you've allotted for the remediation to propagate in the system.

+7. Return to the Microsoft Secure Score for Devices card on the dashboard. The number of security controls recommendations has decreased as a result of your actions.

+8. Select **Security controls** to go back to the Security recommendations page. The item that you addressed isn't listed there anymore, which results in your Microsoft secure score improving.

+These tasks should be done on at least a monthly basis, if not more often.

+- [Run reports](#run-reports).

+- [Run a simulation tutorial](#run-a-simulation-tutorial).

+- [Explore the Learning hub](#explore-the-learning-hub).

+### Run reports

+Several reports are available in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)).

+1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Reports**.

+2. Choose a report to review. Each report displays many pertinent categories for that report.

+3. Select **View details** to see deeper information for each category.

+4. Select the title of a particular threat to see details specific to it.

+### Run a simulation tutorial

+It's always a good idea to increase the security preparedness for you and your team through training. You can access simulation tutorials in the Microsoft 365 Defender portal. The tutorials cover several types of cyber threats.

+To get started:

+1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Tutorials**.

+2. Read the walk-through for a tutorial you're interested in running, and then download the file, or copy the script needed to run the simulation according to the instructions.

+### Explore the Learning hub

+There are many areas in the Learning hub through which you can increase your knowledge of many of the threats that are out there, and how to address them. We recommend that you and your teams spend some time exploring the resources that are offered, especially in the Microsoft 365 Defender and Endpoints sections.

+1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Learning hub**.

+2. Select an area, such as **Microsoft 365 Defender** or **Endpoints**.

+3. Select an item to learn more about each concept.

+> [!NOTE]

+> Some resources in the Learning hub might cover functionality that isn't actually included in Microsoft 365 Business Premium. For example, advanced hunting capabilities are included in enterprise subscriptions, such as Defender for Endpoint Plan 2 or Microsoft 365 Defender, but not in Microsoft 365 Business Premium. [Compare security features in Microsoft 365 plans for small and medium-sized businesses](../security/defender-business/compare-mdb-m365-plans.md).

+## As needed

+Perform these tasks as needed or as appropriate:

+- [Use the Threat analytics dashboard](#use-the-threat-analytics-dashboard).

+- [Run a scan or automated investigation](#run-a-scan-or-automated-investigation).

+- [Remediate an item](#remediate-an-item).

+### Use the Threat analytics dashboard

+Use the threat analytics dashboard to get an overview of the current threat landscape by highlighting reports that are most relevant to your organization.

+1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, select **Threat analytics** to display the Threat analytics dashboard.

+ The dashboard summarizes the threats into the following sections:

+ - Latest threatsΓÇölists the most recently published or updated threat reports, along with the number of active and resolved alerts.

+ - High-impact threatsΓÇölists the threats that have the highest impact to your organization. This section lists threats with the highest number of active and resolved alerts first.

+ - Highest exposureΓÇölists threats with the highest exposure levels first. The exposure level of a threat is calculated using two pieces of information: how severe the vulnerabilities associated with the threat are, and how many devices in your organization could be exploited by those vulnerabilities.

+2. Select the title of the one you want to investigate, and read the associated report.

+3. You can also review the full Analyst report for more details, or select other headings to view the related incidents, impacted assets, and exposure and mitigations.

+Microsoft 365 Business Premium includes several remediation actions. These actions include manual response actions, actions following automated investigation, and live response actions.

+1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Device inventory**.

+ :::image type="content" source="./../medib-deviceinventory.png" alt-text="Screenshot of device inventory":::

+2. Select a device, such as one with a high risk level or exposure level. A flyout pane opens and displays more information about alerts and incidents generated for that item, as shown in the following image:

+ :::image type="content" source="./../medib-deviceinventory-selecteddeviceflyout.png" alt-text="Screenshot of the flyout pane for a selected device":::

+3. On the flyout, view the information that is displayed. Select the ellipsis (...) to open a menu that lists available actions, as shown in the following image:

+ :::image type="content" source="./../medib-deviceinventory-selecteddeviceflyout-menu.png" alt-text="Screenshot of available actions for a selected device":::

+4. Select an available action. For example, you might choose **Run antivirus scan**, which will cause Microsoft Defender Antivirus to start a quick scan on the device. Or, you could select **Initiate Automated Investigation** to trigger an automated investigation on the device.

+#### Remediation actions in Microsoft 365 Business Premium

+The following table summarizes remediation actions that are available in Microsoft 365 Business Premium:

+| Source | Actions |

+|||

+| Automated investigations | - Quarantine a file <br/>- Remove a registry key <br/>- Kill a process <br/>- Stop a service <br/>- Disable a driver <br/>- Remove a scheduled task |

+| Manual response actions | - Run antivirus scan <br/>- Isolate device <br/>- Stop and quarantine <br/>- Add an indicator to block or allow a file |

+| Live response | - Collect forensic data <br/>- Analyze a file <br/>- Run a script <br/>- Send a suspicious entity to Microsoft for analysis <br/>- Remediate a file <br/>- Proactively hunt for threats |

+In this mission, you set up your security defenses. Admin account access is a high-value target for the enemy hackers, and protecting those accounts is critical because the access and control they provide can impact the entire system. You also need to protect your email content and devices.

+To be successful in this mission, you'll set up the different admin roles and specific levels of security for them. You'll also enforce multifactor authentication (MFA) requirements, and set up your security defaults. Stay vigilant - the safety and reliability of the system relies upon you.

+- [Protect your admin accounts](m365bp-protect-admin-accounts.md).

+- [Turn on security defaults](m365bp-conditional-access.md).

+- [Protect against malware and other threats](m365bp-increase-protection.md).

+Now that you have Microsoft 365 Business Premium, your first critical mission is to complete your initial setup process right away. Let's get you going.

+Your objective is to:

+- [Set up your Microsoft 365 Business Premium environment](m365bp-setup.md); or

+Once you've achieved this objective, go [increase security protections](m365bp-security-overview.md).

+> [!TIP]

+> Save this playbook to your browser favorites. When links in the playbook take you away from this location, simply return to this playbook to continue.

+If you have Windows devices running Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro, your Microsoft 365 Business Premium subscription entitles you to upgrade those devices to Windows 10 or 11 Pro.

+- [Purchase Windows 10 or 11 Pro to upgrade from Windows 10 Home](#purchase-windows-10-or-11-pro-to-upgrade-from-windows-10-home)

+*The Windows Update method is preferred. However, you can select this option if the device that you're using right now is the same device that you want to update.*

+## Purchase Windows 10 or 11 Pro to upgrade from Windows 10 Home

+On 30 September 2022, Microsoft and other online merchants will no longer store credit card information. To comply with this regulation, Microsoft will remove all stored card details from the Microsoft 365 admin center. To avoid service interruption, you must add a payment method and make a one-time payment for all subscriptions and billing profiles.

+ 

+ 

+

+- In an Exchange hybrid deployment, you can search for Teams chat data in on-premises mailboxes. For more information, see [Teams chat data for on-premises users](/microsoft-365/compliance/search-cloud-based-mailboxes-for-on-premises-users).

+#### Blocking and notifications in SharePoint Online and OneDrive for Business

+This table shows the DLP blocking and notification behavior for policies that are scoped to SharePoint Online and OneDrive for Business.

+|Conditions |Actions config |User Notification config|Incident Reports config |Blocking and Notification behavior|

+||||||

+|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** |No actions are configured |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected |- **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** set to **On** </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |- Notifications will be sent only when a file is shared with an external user and an external user access the file. |

+|- **Content is shared from Microsoft 365** </br>- **only with people inside my organization** | No actions are configured |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |- Notifications are sent when a file is uploaded |

+|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiveing email or accessing shared SharePoint, OndeDrive, and Teams files** is selected </br>- **Block only people outside your organization** is selected |- **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** | - Access to a sensitive file is blocked as soon as it is uploaded </br>- Notifications sent when content is shared from Microsoft 365 with people outside my organization |

+|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** | - **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block users from receiveing email or accessing shared SharePoint, OndeDrive, and Teams files** is selected </br>- **Block everyone** is selected | - **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected </br>- **Notify the user who sent, shared, or last modified the content** is selected | - **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |Notifications are sent when a file is shared with an external user and an external user access that file. |

+|- **Content is shared from Microsoft 365** </br>- **with people outside my organization** |- **Restrict access or encrypt the content in Microsoft 365 locations** is selected </br>- **Block only people who were given access to the content through the "Anyone with the link" option** is selected. | - **User notifications** set to **On** </br>- **Notify users in Office 365 service with a policy tip** is selected. </br>- **Notify the user who sent, shared, or last modified the content** is selected |- **Send an alert to admins when a rule match occurs** set to **On** </br>- **Send alert every time an activity matches the rule** is selected </br>- **Use email incident reports to notify you when a policy match occurs** set to **On** |Notifications are sent as soon as a file is uploaded |

+- DLP policies apply to workspaces. Only workspaces hosted in Premium Gen2 capacities are supported. For more information, see [What is Power BI Premium Gen2?](/power-bi/enterprise/service-premium-gen2-what-is).

+description: "Learn about the key concepts and metrics of the predictive coding tool in Microsoft Purview eDiscovery (Premium)."

+description: "Learn about performing the first training round for predictive coding."

+[Microsoft Purview](/purview/purview) risk and compliance solutions help you manage and monitor your data, protect information, minimize compliance risks, and meet regulatory requirements. This article will help you learn about Microsoft Purview risk and compliance solutions and quickly get started with deploying these solutions to meet specific compliance needs for your organization.

+

+> [!NOTE]

+> The **Extract info from an image or PDF file with a form processing model** flow is automatically available for a library with a form processing model associated. The **Extract info from files with a form processing model** flow is a template that must be added to the library if required.

+[Training: Improve business performance with AI Builder](/learn/paths/improve-business-performance-ai-builder/?source=learn)

+To use SharePoint Syntex, your organization must have a subscription to SharePoint Syntex, and each user must have a licenses assigned. SharePoint Syntex licenses include the following apps, which must all be assigned:

+To use form processing, you also need AI Builder credits. For each licensed user of SharePoint Syntex, an allocation of AI Builder credits is provided each month.

+To help identify the *Contract Start Date*, you can create an explanation.

+ b. In the **Explanation type** field, select **Phrase list**.

+ Title: Onboard Microsoft Defender for IoT with Microsoft Defender for Endpoint

+description: Onboard with Microsoft Defender for IoT to gain visibility and security assessments focused on IoT devices.

+# Onboard with Microsoft Defender for IoT

+Microsoft Defender for Endpoint now seamlessly integrates with Microsoft Defender for IoT. This integration extends your device discovery capabilities with the agentless monitoring capabilities provided by Defender for IoT. This will help secure enterprise IoT devices connected to IT networks, such as Voice over Internet Protocol (VoIP) devices, printers, and cameras. It allows organizations to take advantage of a single integrated solution that secures all of their IoT, and Operational Technology (OT) infrastructure. For more information, see [Enterprise IoT network protection](/azure/defender-for-iot/organizations/overview-eiot).

+Once you've defined a Defender for IoT plan and set up an Enterprise IoT network sensor, device data automatically starts streaming into both the Defender for Endpoint and Defender for IoT portals.

+The Defender for IoT integration provides increased visibility to help locate, identify, and secure the IoT devices in your network. This will give you a single unified view of your complete OT/IoT inventory alongside the rest of your IT devices (workstations, servers, and mobile).

+Customers who've onboarded to Defender for IoT also have security recommendations for vulnerability assessments and misconfigurations for IoT devices.

+To modify settings for your Defender for Endpoint integration, the user must have the following roles:

+## Onboard a Defender for IoT plan

+1. In the navigation pane of the [https://security.microsoft.com](https://security.microsoft.com/) portal, select **Settings** \> **Device discovery** \> **Enterprise IoT**.

+1. Select the following options for your plan:

+ - Select the Azure subscription from the list of available subscriptions in your Azure Active Directory tenant where you'd like to add a plan.

+ - Select a pricing plan, either a monthly or annual commitment, or a trial. Microsoft Defender for IoT provides a 30-day free trial for the first 1,000 committed devices for evaluation purposes.

+ For more information, see the [Microsoft Defender for IoT pricing page](https://azure.microsoft.com/pricing/details/iot-defender/).

+

+ - Select the number of committed devices you'll want to monitor. If you selected a trial, this section doesn't appear as you have a default of 1000 devices.

+To set up a network sensor your Azure subscription must have a Defender for IoT plan with Enterprise IoT devices added. For more information, see [Get started with Defender for IoT](/azure/defender-for-iot/organizations/getting-started).

+To add a network sensor, under **Set up network sensors** choose the **Microsoft Defender for IoT** link. This brings you to the Onboard sensor setup process in the Azure portal. For more information, see [Get started with Enterprise IoT](/azure/defender-for-iot/organizations/tutorial-getting-started-eiot-sensor).

+## Managing your IoT devices

+To view and manage your IoT devices in the [Microsoft 365 Defender portal](https://security.microsoft.com/) go to the **Device inventory** from the **Endpoints** navigation menu and select the **IoT devices** tab.

+For information on how to view the devices in Defender for IoT, see [Manage your IoT devices with the device inventory for organizations](/azure/defender-for-iot/organizations/how-to-manage-device-inventory-for-organizations).

+## View devices, alerts, recommendations, and vulnerabilities

+After defining your plan and setting up a network sensor, view detected data and security assessments in the following locations:

+- View device data in Defender for Endpoint or Defender for IoT

+- View alerts, recommendations, and vulnerabilities in Defender for Endpoint

+For more information, see the [Defender for IoT pricing page](https://azure.microsoft.com/pricing/details/iot-defender/).

+## Cancel your Defender for IoT plan

+You can cancel your Defender for IoT plan from the Defender for Endpoint settings page in the [https://security.microsoft.com](https://security.microsoft.com/) portal. Once you cancel your plan, the integration stops and you'll no longer get security assessment value in Defender for Endpoint, or detect new devices in Defender for IoT.

+- [Prerequisites and system requirements](#prerequisites-and-system-requirements)

+- [Configure the Linux software repository](#configure-the-linux-software-repository)

+ - [RHEL and variants (CentOS, Fedora, Oracle Linux and Amazon Linux 2)](#rhel-and-variants-centos-fedora-oracle-linux-and-amazon-linux-2)

+ - [SLES and variants](#sles-and-variants)

+ - [Ubuntu and Debian systems](#ubuntu-and-debian-systems)

+- [Application installation](#application-installation)

+- [Download the onboarding package](#download-the-onboarding-package)

+- [Client configuration](#client-configuration)

+ |For RHEL/Centos/Oracle 7.2-7.9 & Amazon Linux 2|</azure/cognitive-services/speech-service/how-to-configure-rhel-centos-7>|

+ <!--|For RHEL/Centos 6.7-6.10|<https://packages.microsoft.com/config/rhel/6/[channel].repo>|-->

+ In the following commands, replace *[version]* and *[channel]* with the information you've identified:

+> [!NOTE]

+> Device discovery Integrations with [Microsoft Defender for IoT](/azure/defender-for-iot/organizations/) and [Corelight](https://corelight.com/integrations/iot-security) are available to help locate, identify, and secure your complete OT/IOT asset inventory. Devices discovered with these integrations will appear on the **IoT devices** tab. For more information, see [Device discovery integrations](device-discovery.md#device-discovery-integrations).

+>

+> When Defender for IoT is configured, you also can view the devices there. See [Manage your IoT devices with the device inventory for organizations](/azure/defender-for-iot/organizations/how-to-manage-device-inventory-for-organizations).

+| **Settings** | Navigates to general settings for your Microsoft 365 Defender portal (listed as **Security center**) and Defender for Endpoint (listed as **Endpoints**). <br/><br/> To learn more, see [Settings](../defender/microsoft-365-defender-portal.md). |

+The **Certificate inventory** lets you view a list of the certificates installed across your organization in a single central certificate inventory page. This can help you:

+>[!Note]

+>Only certificates found on Windows devices (in the local machine certificate store) will be displayed in certificate inventory list.

+The color of the **Exposed devices** graph changes as the trend changes. If the number of exposed devices is on the rise, the color changes to red. If there's a decrease in the number of exposed devices, the color of the graph will change to green.

+### Recommendations on devices

+To see the list of security recommendations that apply to a device you can:

+1. Select the device from the **Exposed devices** tab in the recommendation flyout panel or select the device directly from the **Device inventory** page.

+2. Select the **Security recommendations** tab to see a list of security recommendations for this device.

+ :::image type="content" source="../../media/defender-vulnerability-management/security-recommendation-devicepage.png" alt-text="Screenshot of the certificate inventory page" lightbox="../../media/defender-vulnerability-management/security-recommendation-devicepage.png":::

+> [!NOTE]

+> If you have the [Microsoft Defender for IoT](/azure/defender-for-iot/organizations/index.yml) integration enabled in Defender for Endpoint, recommendations for Enterprise IoT devices that appear on IoT devices tab will appear on the security recommendations page. For more information, see [Enable Microsoft Defender for IoT integration](../defender-endpoint/enable-microsoft-defender-for-iot-integration.md)

+Select a security recommendation you would like to create an exception for, and then select **Exception options**.

+ Title: Microsoft 365 Defender portal

+description: The Microsoft 365 Defender portal combines protection, detection, investigation, and response to email, collaboration, identity, device, and app threats, in a central place.

+keywords: introduction to MMicrosoft 365 Defender, cyber security, advanced persistent threat, enterprise security, devices, device, identity, users, data, applications, incidents, automated investigation and remediation, advanced hunting

+search.product: eADQiWindows 10XVcnh

+search.appverid: met150

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+f1.keywords:

+ - NOCSH

+ms.localizationpriority: medium

+audience: ITPro

+ - M365-security-compliance

+ - m365initiative-m365-defender

+ - admindeeplinkDEFENDER

+ - intro-overview

+ms.technology: m365d

+adobe-target: true

+# Microsoft 365 Defender portal

+The [Microsoft 365 Defender portal](https://sip.security.microsoft.com/homepage?tid=72f988bf-86f1-41af-91ab-2d7cd011db47) combines protection, detection, investigation, and response to email, collaboration, identity, device, and cloud app threats, in a central place. The Microsoft 365 Defender portal emphasizes quick access to information, simpler layouts, and bringing related information together for easier use. It includes:

+- **[Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365)** Microsoft Defender for Office 365 helps organizations secure their enterprise with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.

+- **[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-advanced-threat-protection)** delivers preventative protection, post-breach detection, automated investigation, and response for devices in your organization.

+- **[Microsoft Defender for Identity](/defender-for-identity/what-is)** is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.

+- **[Microsoft Defender for Cloud Apps](/cloud-app-security/)** is a comprehensive cross-SaaS and PaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.

+Watch this short video to learn about the Microsoft 365 Defender portal.

+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWBKau]

+## What to expect

+The Microsoft 365 Defender portal helps security teams investigate and respond to attacks by bringing in signals from different workloads into a set of unified experiences for:

+- Incidents & alerts

+- Hunting

+- Actions & submissions

+- Threat analytics

+- Secure score

+- Learning hub

+- Trials

+Microsoft 365 Defender emphasizes *unity, clarity, and common goals*.

+> [!NOTE]

+> The Microsoft 365 Defender portal is accessible without any need for customers to take migration steps or purchase a new license. For example, this new portal is accessible to administrators with an E3 subscription, just as it is to those with Microsoft Defender for Office 365 Plan 1 and Plan 2; however, Exchange Online Protection, or Defender for Office 365 Plan 1 customers see only the security features their subscription license supports. The goal of the portal is to centralize security.

+## Incident and alert investigations

+Centralizing security information creates a single place for investigating security incidents across Microsoft 365. A primary example is **Incidents** under **Incidents & alerts**.

+Selecting an incident name displays a page that demonstrates the value of centralizing security information as you'll have better insights into the full extend of a threat, from email, to identity, to endpoints.

+Take the time to review the incidents in your environment, drill down into each alert, and practice building an understanding of how to access the information and determine next steps in your analysis.

+For more information, see [incidents in Microsoft 365 Defender](incidents-overview.md).

+## Hunting

+You can build custom detection rules and hunt for specific threats in your environment. **Hunting** uses a query-based threat hunting tool that lets you proactively inspect events in your organization to locate threat indicators and entities. These rules run automatically to check for, and then respond to, suspected breach activity, misconfigured machines, and other findings.

+For more information, see [Proactively hunt for threats with advanced hunting in Microsoft 365 Defender](advanced-hunting-overview.md).

+## Improved processes

+Common controls and content either appear in the same place, or are condensed into one feed of data making it easier to find. For example, unified settings.

+### Unified settings

+### Permissions & roles

+Access to Microsoft 365 Defender is configured with Azure AD global roles or by using custom roles.

+- Learn more about how to [manage access to Microsoft 365 Defender](m365d-permissions.md)

+- Learn more about how to [create custom roles](custom-roles.md) in Microsoft 365 Defender

+### Integrated reports

+Reports are also unified in Microsoft 365 Defender. Admins can start with a general security report, and branch into specific reports about endpoints, email & collaboration. The links here are dynamically generated based upon workload configuration.

+### Quickly view your Microsoft 365 environment

+The **Home** page shows many of the common cards that security teams need. The composition of cards and data is dependent on the user role. Because Microsoft 365 Defender portal uses role-based access control, different roles will see cards that are more meaningful to their day to day jobs.

+This at-a-glance information helps you keep up with the latest activities in your organization. Microsoft 365 Defender brings together signals from different sources to present a holistic view of your Microsoft 365 environment.

+You can add and remove different cards depending on your needs.

+### Search across entities (Preview)

+>[!IMPORTANT]

+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

+The search bar is located at the top of the page. As you type, suggestions are provided so that it's easier to find entities. The enhanced search results page centralizes the results from all entities.

+You can search across the following entities in Defender for Endpoint and Defender for Identity:

+- **Devices** - supported for both Defender for Endpoint and Defender for Identity. Supports use of search operators.

+- **Users** - supported for Defender for Endpoint, Defender for Identity, and Defender for Cloud Apps.

+- **Files, IPs, and URLs** - same capabilities as in Defender for Endpoint.

+ >[!NOTE]

+ >IP and URL searches are exact match and don't appear in the search results page ΓÇô they lead directly to the entity page.

+- **TVM** - same capabilities as in Defender for Endpoint (vulnerabilities, software, and recommendations).

+## Threat analytics

+Track and respond to emerging threats with the following Microsoft 365 Defender threat analytics:

+Threat analytics is the Microsoft 365 Defender threat intelligence solution from expert Microsoft security researchers. It's designed to assist security teams to be as efficient as possible while facing emerging threats, such as:

+- Active threat actors and their campaigns

+- Popular and new attack techniques

+- Critical vulnerabilities

+- Common attack surfaces

+- Prevalent malware

+## Learning Hub

+<a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a> includes a learning hub that provides guidance from resources such as the Microsoft security blog, the Microsoft security community on YouTube, and the official documentation.

+> [!NOTE]

+> There are helpful **filters** along the top of Microsoft 365 Defender learning hub that will let you choose between products (currently Microsoft 365 Defender, Microsoft Defender for Endpoint, and Microsoft Defender for Office 365). Notice that the number of learning resources for each section is listed, which can help learners keep track of how many resources they have at hand for training and learning.

+>

+> Along with the Product filter, current topics, types of resources (from videos to webinars), levels of familiarity or experience with security areas, security roles, and product features are listed.

+> [!TIP]

+> There are lots of other learning opportunities in [Microsoft Learn](/learn/). You'll find certification training such as [Course MS-500T02-A: Implementing Microsoft 365 Threat Protection](/learn/certifications/courses/ms-500t02).

+## Send us your feedback

+We need your feedback. We're always looking to improve, so if there's something you'd like to see, [watch this video to find out how you can trust us to read your feedback](https://www.microsoft.com/videoplayer/embed/RE4K5Ci).

+## Explore what the Microsoft 365 Defender portal has to offer

+Keep exploring the features and capabilities in Microsoft 365 Defender:

+- [Manage incidents and alerts](manage-incidents.md)

+- [Track and respond to emerging threats with threat analytics](threat-analytics.md)

+- [The Action center](m365d-action-center.md)

+- [Hunt for threats across devices, emails, apps, and identities](./advanced-hunting-query-emails-devices.md)

+- [Custom detection rules](./custom-detection-rules.md)

+- [Email & collaboration alerts](../../compliance/alert-policies.md#default-alert-policies)

+- [Create a phishing attack simulation](../office-365-security/attack-simulation-training.md) and [create a payload for training your teams](/microsoft-365/security/office-365-security/attack-simulation-training-payloads)

+## Training for security analysts

+With this learning path from Microsoft Learn, you can understand Microsoft 365 Defender and how it can help identify, control, and remediate security threats.

+|Training:|Detect and respond to cyber attacks with Microsoft 365 Defender|

+|||

+||Microsoft 365 Defender unifies threat signals across endpoints, identities, email, and applications to provide integrated protection against sophisticated cyber attacks. Microsoft 365 Defender is the central experience to investigate and respond to incidents and proactively search for ongoing malicious cyber security activities.<p> 1 hr 38 min - Learning Path - 5 Modules|

+> [!div class="nextstepaction"]

+> [Start >](/learn/paths/defender-detect-respond/)

+## See also

+- [What's new in Microsoft 365 Defender](whats-new.md)

+- [Microsoft Defender for Office 365 in Microsoft 365 Defender](microsoft-365-security-center-mdo.md)

+- [Microsoft Defender for Endpoint in Microsoft 365 Defender](microsoft-365-security-center-mde.md)

+ Title: What is Microsoft 365 Defender?

+# What is Microsoft 365 Defender?

+> The new Defender for Cloud Apps experience in the Microsoft 365 Defender portal is currently available for all users detailed in [Manage admin access](/defender-cloud-apps/manage-admins), except for:

+> * **App/Instance admin**, **User group admin**, **Cloud Discovery global admin**, and **Cloud Discovery report admin**, as defined in [Built-in admin roles in Defender for Cloud Apps](/defender-cloud-apps/manage-admins#built-in-admin-roles-in-defender-for-cloud-apps).

+> * User privacy groups as defined in [Activity privacy](/defender-cloud-apps/activity-privacy)

+The improved [Microsoft 365 Defender](microsoft-365-defender-portal.md) at <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">https://security.microsoft.com</a> combines security capabilities that protect, detect, investigate, and respond to email, collaboration, identity, and device threats. This brings together functionality from existing Microsoft security portals, including Microsoft Defender Security Center and the Office 365 Security & Compliance center.

+Logging in to multiple tenants simultaneously in the same browsing session is currently not supported in the unified portal. You can opt out of the automatic redirection by [reverting to the former Microsoft Defender for Endpoint portal](microsoft-365-security-mde-redirection.md#can-i-go-back-to-using-the-former-portal), to maintain this functionality until the issue is resolved.

+[Microsoft Secure Score](microsoft-secure-score.md) is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken. It can be found at https://security.microsoft.com/securescore in the [Microsoft 365 Defender portal](microsoft-365-defender-portal.md).

+Microsoft Secure Score can be found at https://security.microsoft.com/securescore in the [Microsoft 365 Defender portal](microsoft-365-defender-portal.md).

+Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken. It can be found at https://security.microsoft.com/securescore in the [Microsoft 365 Defender portal](microsoft-365-defender-portal.md).

+While [Microsoft 365 Defender portal](microsoft-365-defender-portal.md) is the new home for monitoring and managing security across your identities, data, devices, and apps, you will need to access various portals for certain specialized tasks.

+ The improved [Microsoft 365 Defender](https://security.microsoft.com) portal is now available. This new experience brings together Defender for Endpoint, Defender for Office 365, Defender for Identity, and more into a single portal. This is the new home to manage your security controls. [Learn what's new](microsoft-365-defender-portal.md).

+description: Admins can learn how to use the Submissions portal in the Microsoft 365 Defender portal to submit legitimate email getting blocked, suspicious email, suspected phishing email, spam, other potentially harmful messages, URLs, and email attachments to Microsoft for rescanning.

+# Use the Submissions portal to submit suspected spam, phish, URLs, legitimate email getting blocked, and email attachments to Microsoft

+ > .

+ > .

+If you're already using AIR capabilities in Microsoft Defender for Office 365, you're about to see some changes in the [improved Microsoft 365 Defender portal](../defender/microsoft-365-defender-portal.md).

+description: Admins can learn about the different ways to report good and bad messages, URLs, email attachments, and admins to Microsoft for analysis.

+# Report items to Microsoft

+In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, users and admins have several different methods for reporting email messages, URLs, and email attachments to Microsoft.

+In addition, Microsoft 365 organizations with Microsoft Defender for Endpoint admins also have several methods for reporting files.

+|[Use the Submissions portal to submit suspected spam, phish, URLs, and email attachments to Microsoft](admin-submission.md)|The recommended reporting method for admins in organizations with Exchange Online mailboxes (not available in standalone EOP).|

+|[Submit suspicious files to Microsoft for analysis](submitting-malware-and-non-malware-to-microsoft-for-analysis.md)|Use the Microsoft Security Intelligence site to submit attachments and other files.|

+[Microsoft 365 Defender portal](../defender/microsoft-365-defender-portal.md)

+# Submit malware, non-malware, and other suspicious files to Microsoft for analysis

+> If you're an admin in an organization with Exchange Online mailboxes, we recommend that you use the **Submissions** page in the Microsoft 365 Defender portal. For more information, see [Use Admin Submission to submit legitimate email getting blocked, suspected spam, phish, URLs, and email attachments to Microsoft](/microsoft-365/security/office-365-security/admin-submission).

+- Avoid opening files downloaded from the internet unless they're from a verified source.

+- Don't use anonymous USB drives.

+But what can you do if you receive a message with a suspicious attachment or have a suspicious file on your system? Or what if you suspect that your computer or device was infected by an email attachment that made it past our filters or a file you downloaded from the internet? In these cases, you should submit the suspicious attachment or file to Microsoft. Conversely, if an attachment in an email message or file was incorrectly identified as malware or some other threat, you can submit that, too.

+- Files that block you from your accessing your system and demand money to open them are considered ransomware.

+Organizations that have a Microsoft 365 Defender subscription, Microsoft 365 Defender for Endpoint Plan 2, or Microsoft 365 Defender for Office Plan 2 can submit files using the **Submissions** page in the Microsoft 365 Defender portal. For more information, see [Use admin submission for submitting files in Microsoft Defender for Endpoint](../defender-endpoint/admin-submissions-mde.md).

+Or, you can go to the Microsoft Security Intelligence page at <https://www.microsoft.com/wdsi/filesubmission> to submit the file. To receive analysis updates, sign in or enter a valid email address. We recommend using your Microsoft work or school account.

+Organizations that have a Microsoft 365 Defender Subscription, Microsoft 365 Defender for Endpoint Plan 2, or Microsoft 365 Defender for Office Plan 2 can submit files using the **Submissions** page in the Microsoft 365 Defender portal. For more information, see [Use admin submission for submitting files in Microsoft Defender for Endpoint](../defender-endpoint/admin-submissions-mde.md).

+Or, you can go to the Microsoft Security Intelligence page at <https://www.microsoft.com/wdsi/filesubmission> to submit the file. To receive analysis updates, sign in or enter a valid email address. We recommend using your Microsoft work or school account.

+You can also submit a file that you believe was incorrectly identified as malware to the website. (Just select **No** for the question **Do you believe this file contains malware?**)

+- [Create an anti-malware policy](configure-anti-malware-policies.md#use-the-microsoft-365-defender-portal-to-create-anti-malware-policies) for the custom mailbox with the following settings:

+ - Zero-hour auto purge (ZAP) for malware is turned off (**Protection settings** section \> **Enable zero-hour auto purge for malware** is not selected).

+ - The common attachment filter option is turned off (**Protection settings** section \> **Enable the common attachments filter** is not selected).

+- Regarding quarantine operations for shared mailboxes, if you use nested security groups to grant access to a shared mailbox, we recommend no more than two levels of nested groups. For example, Group A is a member of Group B, which is a member of Group C. To assign permissions to a shared mailbox, don't add the user to Group A and then assign Group C to the shared mailbox.

+- As of July 2022, users with primary SMTP addresses that are different from their user principal names (UPNs) should be able to access quarantined messages for the shared mailbox.

+- [Get started with the Microsoft 365 Defender portal](./defender/microsoft-365-defender-portal.md)

+ Title: Configure privacy settings in Microsoft Whiteboard

+audience: admin

+search.appverid: MET150

+ms.localizationpriority: medium

+description: Learn about compliance and how to configure privacy settings in Microsoft Whiteboard.

+# Configure privacy settings in Microsoft Whiteboard

+>[!NOTE]

+> This article is currently in development.

+ Title: Manage GDPR data subject requests in Microsoft Whiteboard

+audience: admin

+search.appverid: MET150

+ms.localizationpriority: medium

+description: Learn how to export, transfer, or delete personal information from Microsoft Whiteboard.

+# Manage GDPR data subject requests in Microsoft Whiteboard

+>[!NOTE]

+> This article is currently in development.