+description: Learn how Microsoft 365 global administrators can apply your organization's branding to encrypted email messages & the contents of the encryption portal.

+Apply your company branding to customize the look of your organization's email messages and the encryption portal. You need to apply global administrator permissions to your work or school account before you can get started. You customize branding in one of two ways, using Exchange Online PowerShell or Microsoft Purview Data Loss Prevention (DLP) policies.

+For more information about using Microsoft Purview Data Loss Prevention (DLP) policies to add customized branding to encrypted messages, see these resources.

+- [Exchange location actions](dlp-policy-reference.md#exchange-location-actions) for details on this action.

+- [Design a data loss prevention policy](dlp-policy-design.md) if you're new to DLP and want to learn more about what goes into preparing to create a DLP policy.

+- [Create and Deploy data loss prevention policies](dlp-create-deploy-policy.md) for examples on how to create and deploy a DLP policy.

+The rest of this article describes using Exchange Online PowerShell.

+Use the Get-OMEConfiguration and Set-OMEConfiguration cmdlets in Exchange Online PowerShell to customize these parts of encrypted email messages:

+Once you've created the templates, apply them to encrypted emails sent from your online mailbox by using Exchange mail flow rules. If you have Microsoft Purview Advanced Message Encryption, you can revoke any email that you have branded.

+After you've either modified the default template or created new branding templates, you can create Exchange mail flow rules to apply your custom branding based on certain conditions. Most importantly, the email must be encrypted. Such a rule applies custom branding to mail sent from your online mailbox in the following scenarios:

+To ensure Microsoft Purview Message Encryption applies your custom branding, set up a mail flow rule to encrypt your messages. The priority of the encryption rule should be higher than the branding rule so that the encryption rule is processed first. By default, if you create the encryption rule before the branding rule, then the encryption rule has a higher priority. For information, see [Define mail flow rules to encrypt email messages in Office 365](define-mail-flow-rules-to-encrypt-email.md). For information on setting the priority of a mail flow rule, see [Manage mail flow rules](/exchange/security-and-compliance/mail-flow-rules/manage-mail-flow-rules#set-the-priority-of-a-mail-flow-rule).

+ The list of templates includes default templates and options and any custom templates you create. If the list is empty, ensure that you have set up Microsoft Purview Message Encryption. For instructions, see [Set up Microsoft Purview Message Encryption](set-up-new-message-encryption-capabilities.md). For information about the default templates, see [Configuring and managing templates for Azure Information Protection](/information-protection/deploy-use/configure-policy-templates). For information about the **Do Not Forward** option, see the [Do Not Forward option for emails](/information-protection/deploy-use/configure-usage-rights#do-not-forward-option-for-emails). For information about the **Encrypt Only** option, see [Encrypt Only option for emails](/information-protection/deploy-use/configure-usage-rights#encrypt-only-option-for-emails).

+5. For the page **Assign admin units**: If your organization is using [administrative units in Azure Active Directory](/azure/active-directory/roles/administrative-units), auto-labeling policies for Exchange and OneDrive can be automatically restricted to specific users by selecting administrative units. If your account has been [assigned administrative units](microsoft-365-compliance-center-permissions.md#administrative-units-preview), you must select one or more administrative units.

+4. For the **Assign admin units**: If your organization is using [administrative units in Azure Active Directory](/azure/active-directory/roles/administrative-units), the label policy can be automatically restricted to specific users by selecting administrative units. If your account has been [assigned administrative units](microsoft-365-compliance-center-permissions.md#administrative-units-preview), you must select one or more administrative units.

+Sensitivity labels support [administrative units that have been configured in Azure Active Directory](/azure/active-directory/roles/administrative-units):

+## July 2023

+### Sensitivity labels

+- **General availability (GA)**: [Support for administrative units](get-started-with-sensitivity-labels.md#support-for-administrative-units).

+- **New Alert ID field and Case ID field**: New static ID fields make it easier to search for alerts, and track and share alerts between admins.

+- Update to clarify that there's [no limit on the number of users for forensic evidence policies](insider-risk-management-policy-templates.md#policy-template-limits).

+- [Viva Connections](#viva-connections) [Learn what Viva Connections is](https://support.microsoft.com/office/your-intranet-is-now-in-microsoft-teams-8b4e7f76-f305-49a9-b6d2-09378476f95b)

+### Viva Connections

+ Title: "Overview of the Alerts page in Microsoft 365 Lighthouse"

+f1.keywords: NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Tier1

+- scotvorg

+- M365-subscription-management

+- Adm_O365

+- AdminSurgePortfolib

+- M365-Lighthouse

+search.appverid: MET150

+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to view alerts in Lighthouse."

+# Overview of the Alerts page in Microsoft 365 Lighthouse

+As an MSP provider, you need to monitor and respond to the security issues of your customers efficiently and effectively. Microsoft 365 Lighthouse introduces alerts, a powerful tool that gives you a consolidated view of all the high priority detections and alerts across your customers. You can see a prioritized list of the most urgent issues that require your attention and take immediate action to resolve them. You can also enable push alerts to your existing support systems and flows, so you never miss a critical alert that needs your intervention.

+To help you get started, Lighthouse provides a default set of alerting rules based on best practices and recommendations. You can use these rules as they are or modify them according to your preferences and needs. You can also create rules from scratch for more control and flexibility.

+## Alerts tab

+The **Alerts** tab provides a consolidated view of potential security issues across all your customers. The tab contains two sections:

+- **Alert resolution rate** ΓÇô a graph that displays historical information about alerts and their status over time.

+- **Alert report** ΓÇô a table of current alerts that can be filtered by alert type, severity, status, and assigned to.

+From the table, you can select any alert to see more detailed information, including:

+- Alert description

+- Affected tenant(s)

+- Rule that triggered the alert

+- Alert type

+- Time stamp (First detected, last updated)

+- Impacted entity

+You can update the severity and status of the alert and assign the alert to a specific user to resolve. From the **Comments and history** tab, you have a complete history of the alert. You can also add additional comments to the alert as needed.

+### Alert Types

+Lighthouse defines six alert types.

+- Non-compliant

+- Device without antivirus protection

+- Variance detection

+- Risky user

+- Security incident

+- Active threat on device

+The **Alerts** tab also includes the following options:

+- **Export:** Select to export alert data to an Excel comma-separated values (.csv) file.

+- **Refresh:** Select to retrieve the most current alert data.

+- **Search:** Enter keywords to locate a specific alert in the list.

+## Alert rules tab

+The **Alert rules** tab lets you create and edit alert rules. Lighthouse provides six default alert rules that are automatically applied to all customers. You can edit existing rules or create your own custom rules. Select **Create alert rule**, and Lighthouse will guide you step by step in creating your first alert rule.

+The Alert rules tab also includes the following options:

+- **Create alert rule:** Select to create a new alert.

+- **Edit alert rule:** Select to edit an existing alert rule.

+- **Delete:** Select to delete an alert rule from the list.

+- **Search:** Enter keywords to locate a specific alert rule in the list.

+## Related content

+[Create and manage alert rules](m365-lighthouse-alerts-overview.md) (article)\

+[Overview of the Threat management page in Microsoft 365 Lighthouse](m365-lighthouse-threat-management-page-overview.md) (article)\

+[Mitigate threats in Microsoft 365 Lighthouse with Microsoft Defender Antivirus](m365-lighthouse-mitigate-threats.md) (article)\

+[Overview of the Device security page in Microsoft 365 Lighthouse](m365-lighthouse-device-security-overview.md) (article)\

+[Overview of the Vulnerability management page in Microsoft 365 Lighthouse](m365-lighthouse-vulnerability-management-page-overview.md) (article)

+ Title: "Create and manage alert rules in Microsoft 365 Lighthouse"

+f1.keywords: NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Tier1

+- scotvorg

+- M365-subscription-management

+- Adm_O365

+- AdminSurgePortfolib

+- M365-Lighthouse

+search.appverid: MET150

+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to create alert rules."

+# Create and manage alert rules in Microsoft 365 Lighthouse

+Alert rules allow you to configure high priority alerts from various data sources, such as Risky Users, Microsoft Defender for Business, Microsoft Defender Antivirus, Device Compliance, and more. Lighthouse supports the creation of six alert types:

+- Non-compliant

+- Device without antivirus protection

+- Variance detection

+- Risky user

+- Security incident

+- Active threat on device

+## Before you begin

+You must be a Global Administrator to create and manage alert rules.

+## Create a new alert rule

+1. In the left navigation pane in Lighthouse, select **Alerts**.

+2. On the **Alerts** page, select **Alerts rules** tab.

+3. Select **Create alert rule**. The alert rules wizard opens.

+4. From the **Set up the basics** page, configure the following basic information:

+ 1. Name of the alert

+ 2. Alert type

+ 3. Description of the alert

+5. Select **Next**.

+6. From the **Settings** page, configure alert settings. The number of settings vary based on the alert type you choose.

+7. Select **Next**.

+8. From the **Tenants** page, select which tenants to monitor.

+9. From the **Recipients** page, select who should receive email notification when this alert is triggered. You can send notifications to users, security groups, or ticketing system.

+10. Review the information and then select **Create alert rule**.

+## Edit an existing alert rule

+1. In the left navigation pane in Lighthouse, select **Alerts**.

+2. On the **Alerts** page, select **Alerts rules** tab.

+3. From the list, select an alert rule you want to edit.

+4. Select **Edit alert rule**. The alert rules wizard opens.

+5. Step through each page and edit any settings as needed.

+6. Review your changes and then select **Edit alert rule**.

+## Delete an alert rule

+1. In the left navigation pane in Lighthouse, select **Alerts**.

+2. On the **Alerts** page, select **Alerts rules** tab.

+3. From the list, select an alert rule you want to delete.

+4. Select **Delete**.

+5. In the confirmation window, select **Delete**.

+## Related content

+[Overview of the Alerts page in Microsoft 365 Lighthouse](m365-lighthouse-alerts-overview.md) (article)

+Microsoft 365 Lighthouse allows you to manage multifactor authentication (MFA) settings across all tenants. The Multifactor Authentication page provides detailed information on the status of MFA enablement and the ability to take action on specific users.

+For small- and medium-sized business (SMB) customers, Microsoft recommends enabling [security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) at a minimum. For more complex scenarios, you can use [Conditional Access](/azure/active-directory/conditional-access/overview) to configure specific policies.

+The customer tenant must be active within Microsoft 365 Lighthouse. To determine if a tenant is active, see [Microsoft 365 Lighthouse tenant list overview](m365-lighthouse-tenant-list-overview.md).

+## Notify users who aren't registered for MFA

+1. In the left navigation pane in Lighthouse, select **Users** \> **Multifactor authentication**.

+2. Select the tenant that contains the user(s) that you want to notify.

+3. Select **Users not registered for MFA** tab.

+4. Select the tenant containing the user(s) you want to notify.

+5. Select **Create email**.

+ Your default email application creates a sample email addressed to each selected user.

+6. Edit the notification email if needed.

+7. Send the email.

+> [!TIP]

+> Select the **Admin**, **Guest**, or **Members** counts to filter the list by type. If any user accounts in the list are emergency access or service accounts for which you don't want to require MFA, select those user accounts and then select **Exclude users**. The excluded user accounts will no longer appear in the list of users not registered for MFA.

+> [!NOTE]

+> Lighthouse opens your default email client and prepopulates the email message with instructions to register for MFA. All the selected users will be included on the BCC line. If you prefer to individually email users, you can select the email icon next to the username.

+>

+> If you want to use a different email account, you can export the list of users to a file. You can also download sample email templates you can customize with your company branding.

+## Exclude users from MFA registration

+1. In the left navigation pane in Lighthouse, select **Users \> Multifactor authentication**.

+2. Select the tenant containing the user(s) you want to exclude.

+4. Select the user(s) that you want to exclude.

+5. Select **Exclude users**.

+6. In the **Exclude users** pane, select **Save changes** to save the changes in both Lighthouse and the tenant.

+> Ensure that the **Microsoft 365 Lighthouse - MFA Exclusions** security group is excluded from the tenantΓÇÖs Conditional Access policies that require MFA and from the applicable deployment tasks in the tenantΓÇÖs deployment plan in Lighthouse.

+## Block sign-in for users not registered for MFA

+1. In the left navigation pane in Lighthouse, select **Users \> Multifactor authentication**.

+2. Select the tenant that contains the user(s) you want to block.

+3. Select **Users not registered for MFA** tab.

+4. Select the user(s) that you want to block.

+5. Select **Block sign-in**.

+6. In the **Manage sign-in status** pane, select **Block users from signing in**.

+7. Select **Save**.

+> [!NOTE]

+> Ensure If any shared mailbox accounts or inactive user accounts appear in the list of users not registered for MFA, we recommend you block sign-in for those accounts to remove them from the list.

+Blocking a user prevents anyone from signing in as this user and is a good idea when you think their password or username may be compromised. Blocking a user immediately stops any new sign-ins for that account. The account will be automatically signed out from all Microsoft services within 60 minutes if the account is signed in. This won't stop the account from receiving mail and doesn't delete any account data.

+## Remove a user from the Excluded users group

+1. In the left navigation pane in Lighthouse, select **Users \> Multifactor authentication**.

+2. Select the tenant that contains the user(s) you want to remove.

+3. Select **Exclude users** tab.

+4. Select the user(s) that you want to remove.

+5. Select **Remove**.

+6. In the confirmation message, select **Remove**.

+> [!NOTE]

+> The excluded users listed in Lighthouse will reflect the current membership **Microsoft 365 Lighthouse - MFA exclusions** security group but will not confirm that the group has been excluded from the tenantΓÇÖs Conditional Access policies that require MFA or from the applicable deployment tasks in the tenantΓÇÖs deployment plan in Lighthouse.

+Once MFA is enabled, you can enable Azure Active Directory (Azure AD) self-service password reset (SSPR). SSPR allows users to change or reset passwords without administrator or help desk involvement. For more information, see Manage self-service password reset in Microsoft 365 Lighthouse. For more information, see [Manage self-service password reset in Microsoft 365 Lighthouse](m365-lighthouse-manage-sspr.md).

+[Overview of multifactor authentication in Lighthouse](m365-lighthouse-mfa-overview.md) (article)\

+[Plan an Azure Active Directory Multi-Factor Authentication deployment](/azure/active-directory/authentication/howto-mfa-getstarted) (article)\

+[What are security defaults?](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) (article)\

+[What is Conditional Access?](/azure/active-directory/conditional-access/overview) (article)\

+[Learn how to convert users from per-user MFA to Conditional Access](/azure/active-directory/authentication/howto-mfa-getstarted#convert-users-from-per-user-mfa-to-conditional-access-based-mfa) (article)

+ Title: "Overview of the Multifactor authentication page in Microsoft 365 Lighthouse"

+f1.keywords: NOCSH

+audience: Admin

+ms.localizationpriority: medium

+- Tier1

+- scotvorg

+- M365-subscription-management

+- Adm_O365

+- AdminSurgePortfolio

+- M365-Lighthouse

+search.appverid: MET150

+description: "For Managed Service Providers (MSPs), learn more about multifactor authentication in Microsoft 365 Lighthouse."

+# Overview of the Multifactor authentication page in Microsoft 365 Lighthouse

+Multifactor authentication (MFA) in Azure Active Directory (Azure AD) helps protect your customer tenants against breaches due to lost or stolen credentials by using a second form of authentication to provide an extra layer of security.

+There are several ways to enable MFA:

+- **Conditional Access policies (Recommended)** ΓÇô Enable conditional access policies for tenants with Azure AD Premium licensing.

+- **Security defaults** ΓÇô Enable security defaults for tenants without Azure AD Premium licensing.

+- **Per-user MFA** ΓÇô It isn't recommended to enable MFA on a per-user basis unless the tenant doesn't have Azure AD Premium licensing and you don't want to use security defaults.

+The **Multifactor authentication** page provides detailed information on the status of MFA enablement across your customer tenants and recommended actions to enhance your customersΓÇÖ security. Select any tenant in the list to see more details about that tenant, including which Conditional Access policies requiring MFA are already configured and which users still need to register for MFA.

+## Multifactor Authentication page

+The Multifactor Authentication page includes the following:

+- MFA enforcement

+- MFA registration

+- MFA insights

+- MFA insights by tenant

+## MFA enforcement

+The MFA enforcement graph measures MFA enforcement progress by tenant, reporting the enforcement status of MFA for each tenant as either:

+- **Conditional Access policy enablement** – one or more policies requiring MFA is enabled.

+- **Security defaults** – Security defaults are enabled.

+- **No MFA detected** - No Conditional Access policies that require MFA are enabled, and Security defaults have been disabled.

+> [!NOTE]

+> The detection of a Conditional Access policy that requires MFA with a deployment state of enabled does not mean that all targeted users will be required to authenticate with MFA. An assessment of a tenant's conditional access policies in Microsoft 365 Lighthouse or the tenant's Azure Active Directory portal is needed to confirm the tenant is secure.

+## MFA registration

+The MFA registration graph measures MFA registration progress by user, reporting the registration status of MFA for each user as either:

+- **Registered** – the user has registered for MFA.

+- **Not registered for MFA** – the user hasn't registered for MFA.

+- **Excluded from MFA** ΓÇô the user has been excluded from MFA registration in Lighthouse.

+- **Data unavailable due to missing license** ΓÇô the user is a member of a tenant for which data is unavailable due to a missing license.

+> [!NOTE]

+> The exclusion of a user from MFA registration in Lighthouse does not automatically result in the userΓÇÖs exclusion from the applicable deployment task in Lighthouse or from a Conditional Access policy configured in the tenant. To ensure that the user is excluded from the applicable deployment task in Lighthouse and from Conditional Access policies configured in the tenant, see [Manage multifactor authentication](m365-lighthouse-manage-mfa.md).

+## MFA insights

+The MFA insights table can be filtered by MFA enablement method and availability of MFA registration progress.

+The table provides the following information for each tenant:

+|Column |Description |

+|--|--|

+|Tenant | The name of the tenant. |

+|Total users | The number of users in the tenant. |

+|Users excluded from MFA registration | The number of users that have been excluded from MFA registration in Lighthouse. |

+|Registration progress | The number of users not excluded from MFA registration in Lighthouse that have registered. <br> **NOTE:** The number of Registered users may include users excluded from MFA registration in Lighthouse. |

+|MFA enablement method | The MFA enablement method employed by the tenant. |

+|Recommended actions | The actions that are recommended to optimize the security of the tenant. |

+|Last refreshed | The date at which the data was last refreshed. |

+### Recommended actions

+Recommended actions are determined for each tenant based on MFA enablement, licensing, and registration progress.

+| **MFA enablement** | **Licensing** | **Registration progress** | **Recommended actions** |

+|--|--|--||

+| Conditional Access policy enabled | With Azure AD Premium | Complete | Assess deployment |

+| | | Not complete | Assess deployment, complete MFA registration |

+| Security defaults | With Azure AD Premium | Complete | Deploy Conditional Access |

+| | | Not complete | Deploy Conditional Access, complete MFA registration |

+| | Without Azure AD Premium | Data unavailable due to missing license | |

+| No MFA detected | With Azure AD Premium | Complete | Deploy Conditional Access |

+| | | Not complete | Enable security defaults, complete MFA registration |

+| | Without Azure AD Premium | Data unavailable due to missing license | |

+## MFA insights by tenant

+Selecting any tenant from the list opens the MFA insights details pane for that tenant, which provides the following information for each tenant:

+- MFA enablement method

+- Conditional access policies

+- Users not registered for MFA

+- Excluded users

+## MFA enablement method tab

+The tab provides tenant-specific details around the tenantΓÇÖs MFA enablement method, links to additional information, and the next steps that should be taken to optimize tenant security.

+If the tenantΓÇÖs MFA enablement status is **No MFA detected**, Lighthouse prompts you to enable security defaults by selecting the **Use security defaults** box.

+## Conditional access policies tab

+The tab lists, links to, and reports the state of each Conditional Access policy detected in the tenant that requires MFA. You can use the links provided to view or edit the detected policy as needed to optimize tenant security.

+## Users not registered for MFA tab

+The tab provides recommended actions for managing MFA registration and lists the user accounts that have already been enabled for MFA but still need to register using their allowed verification options to be capable of using MFA.

+The users not registered for MFA table can be exported, refreshed, or filtered by admins, members, and guest users, and it allows you to select user accounts to email, exclude, or block.

+## Excluded users tab

+The **Excluded users** tab lists the user accounts that are part of the **Microsoft 365 Lighthouse - MFA exclusions** security group and have been excluded from the MFA report. You can export and refresh the list and remove users from the excluded users list.

+## Related content

+[Manage multifactor authentication in Lighthouse](m365-lighthouse-manage-mfa.md) (article)\

+[Plan an Azure Active Directory Multi-Factor Authentication deployment](/azure/active-directory/authentication/howto-mfa-getstarted) (article)\

+[What are security defaults?](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) (article)\

+[What is Conditional Access?](/azure/active-directory/conditional-access/overview) (article)\

+[Learn how to convert users from per-user MFA to Conditional Access](/azure/active-directory/authentication/howto-mfa-getstarted#convert-users-from-per-user-mfa-to-conditional-access-based-mfa) (article)

+|Policy item and location|Default setting <br/>(if not configured)|PowerShell `Set-MpPreference` parameter <br/>or WMI property for `MSFT_MpPreference` class|

+|Email scanning <br/> **Scan** \> **Turn on e-mail scanning**<br/>See [Email scanning limitations](#email-scanning-limitations) (in this article)|Disabled|`-DisableEmailScanning`|

+| Script scanning | Enabled | This policy setting allows you to configure script scanning. If you enable or do not configure this setting, script scanning is enabled. <br/><br/>See [Defender/AllowScriptScanning](/windows/client-management/mdm/policy-csp-defender) |

+|Scan [reparse points](/windows/win32/fileio/reparse-points) <br/> **Scan** \> **Turn on reparse point scanning**|Disabled|Not available <br/>See [Reparse points](/windows/win32/fileio/reparse-points)|

+|Scan mapped network drives<br/>**Scan** \> **Run full scan on mapped network drives**|Disabled|`-DisableScanningMappedNetworkDrivesForFullScan`|

+|Scan archive files (such as .zip or .rar files). <br/>**Scan** \> **Scan archive files**|Enabled|`-DisableArchiveScanning` <br/><br/>The [extensions exclusion list](configure-extension-file-exclusions-microsoft-defender-antivirus.md) will take precedence over this setting.|

+|Scan files on the network <br/>**Scan** \> **Scan network files**|Enabled|`-DisableScanningNetworkFiles`|

+|Scan packed executables<br/>**Scan** \> **Scan packed executables**|Enabled|Not available <br/><br/>Scan packed executables were removed from the following templates:<br/>- Administrative Templates (.admx) for Windows 11 2022 Update (22H2)<br/>- Administrative Templates (.admx) for Windows 11 October 2021 Update (21H2)|

+|Scan removable drives during full scans only<br/>**Scan** \> **Scan removable drives**|Disabled|`-DisableRemovableDriveScanning`|

+|Specify the maximum CPU load (as a percentage) during a scan. <p> **Scan** \> **Specify the maximum percentage of CPU utilization during a scan**|50|`-ScanAvgCPULoadFactor`<br/><br/> The maximum CPU load is not a hard limit, but is guidance for the scanning engine to not exceed the maximum on average. Manual scans ignore this setting and run without any CPU limits.|

+|Specify the maximum size (in kilobytes) of archive files that should be scanned.<br/>**Scan** \> **Specify the maximum size of archive files to be scanned**|No limit|Not available <br/><br/>The default value of 0 applies no limit|

+|Configure low CPU priority for scheduled scans<br/>**Scan** \> **Configure low CPU priority for scheduled scans**|Disabled|Not available|

+> If real-time protection is turned on, files are scanned before they are accessed and executed. The scanning scope includes all files, including files on mounted removable media, such as USB drives. If the device performing the scan has real-time protection or on-access protection turned on, the scan also includes network shares.

+For more information on how to use PowerShell with Microsoft Defender Antivirus, see the following articles:

+If Microsoft Defender Antivirus detects a threat inside an email message, the following information is displayed to assist you in identifying the compromised email so you can remediate the threat manually:

+Next-generation protection is included in both [Defender for Endpoint Plan 1 and Plan 2](defender-endpoint-plan-1-2.md). Next-generation protection is also included in Microsoft Defender for Business and Microsoft 365 Business Premium (See [Security features in Microsoft 365 plans for small and medium-sized businesses](../defender-business/compare-mdb-m365-plans.md)).

+To configure next-generation protection services, see [Configure Microsoft Defender Antivirus features](configure-microsoft-defender-antivirus-features.md).

+If you're looking for antivirus-related information for other platforms, see one of the following articles:

+- [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)

+- [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)

+- [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)

+- [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)

+- [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)

+- [Configure Defender for Endpoint on Android features](android-configure.md)

+- [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)

+> See [Performance analyzer for Microsoft Defender Antivirus](tune-performance-defender-antivirus.md).

+| Subscription | Your subscription must include one of the following:<br/>- [Windows 10/11 Enterprise E5](/windows/deployment/deploy-enterprise-licenses)<br/>- [Microsoft 365 E5](https://www.microsoft.com/microsoft-365/enterprise/e5?activetab=pivot%3aoverviewtab)<br/>- Microsoft 365 A5<br/>- Microsoft 365 E5 Security<br/>- [Microsoft 365 E3](https://www.microsoft.com/microsoft-365/enterprise/e3?activetab=pivot%3aoverviewtab)<br/>- [Microsoft Defender for Endpoint Plan 1 or Plan 2](../defender/eval-defender-endpoint-overview.md)<br/>- [Microsoft Defender for Business](../defender-business/mdb-overview.md)<br/>- [Microsoft 365 Business Premium](https://www.microsoft.com/microsoft-365/business/microsoft-365-business-premium)|

+**Criminal activity**: Sites that give instruction on, advice about, or promotion of illegal activities.

+ > Only Microsoft 365 groups are eligible to be selected.

+ >