-Communication compliance policies using classifiers inspect and evaluate messages that meet a minimum word count requirement, depending upon the language of the content. For a complete list of supported languages, word count requirements, and file types for these classifiers, see [Trainable classifier definitions](/microsoft-365/compliance/classifier-tc-definitions). To identify and take action on messages containing inappropriate language content that don't meet the word count requirement, you can create a [custom keyword dictionary](#custom-keyword-dictionaries) for communication compliance policies detecting this type of content.

-| [Threat](classifier-tc-definitions.md#threat) | Detects potential threatening content in multiple languages aimed at committing violence or physical harm to a person or property. |

-> Classifiers may detect a large volume of bulk sender/newsletter content due to a known issue. You can mitigate the detection of large volumes of bulk sender/newsletter content by selecting the [**Filter email blasts** check box](communication-compliance-configure.md#step-5-required-create-a-communication-compliance-policy) when you create the policy. You can also edit an existing policy to turn on this feature.

-> Microsoft Purview includes [OCR (preview) settings](ocr-learn-about.md) for Microsoft Purview Insider Risk Management, Microsoft Purview Data Loss Prevention, Microsoft Purview Data Loss Management, and autolabeling. You can use the OCR (preview) settings to provide image-scanning capabilities for those solutions and technologies. Communication compliance has its own built-in OCR scanning functionality as described below and doesnΓÇÖt support the OCR (preview) settings at this time.

-description: "DLP policy tip reference for Outlook 2013 for Win32."

-|**SharePoint Online/OneDrive for Business Web client**|:::image type="icon" source="../media/rightmrk.png" border="false":::|all|all SPO/ODB predicates and actions in DLP||

-4. On the bottom of the flyout page, select **Actions** > **Commit collection**.

- .

- A. **Teams and Yammer conversations**: Select this option to add conversation threads to the collection that include the chat items returned by the search query in the collection. This means that the chat conversation that contains items that match the search criteria is reconstructed. This lets you review chat items in the context of the back and forth conversation. Collect up to 12 hours of related conversations when a message matches a search. For more information, see [Conversation threading in eDiscovery (Premium)](ediscovery-conversation-review-sets.md).

- B. **Cloud attachments**: Select this option to include modern attachments or linked files when the collection results are added to the review set. This means the target file of a modern attachment or linked file is added to the review set.

- D. **All document versions**: Select this option to enable the collection of all versions of a SharePoint document per the version limits and search parameters of the collection. Selecting this option will significantly increase the size of items that are added to the review set.

- C. **Partially indexed items**: Select this option to add partially indexed items from additional data sources to the review set. If the collection searched additional data sources (as specified on the **Additional locations** page in the collections wizard), there may be partially indexed items from these locations that you want to add to the review set. Custodial and non-custodial data sources typically don't have partially indexed items. That's because the Advanced indexing process reindexes items when custodial and non-custodial data sources are added to a case. Also, Adding partially indexed items will increase the number of items added to the review set.

- > [!NOTE]

- > The options to select retrieval options are configured on the global eDiscovery **Settings** > **Collections** page. Retrieval options selected on the **Collections** setting page will be selected as the default retrieval settings for all collections.

-6. Configure the settings to define the scale of the collection to add to the review set:

-7. Select **Submit** to commit the collection to the review set.

-Setting up a connector for HR data that insider risk management policies can use to generate risk indicators consists of creating a CSV file that contains that contains the HR data, creating an app in Azure Active Directory that's used for authentication, creating an HR data connector in the compliance portal, and then running a script (on a scheduled basis) that ingests the HR data in CSV files to the Microsoft cloud so it's available to the insider risk management solution.

-No, you need the Exchange Role Management role assigned to accounts that manage privileged access in Office 365. If you don't want to configure the Role Management role as a stand-alone account permission, the Global Administrator role includes this role by default and can manage privileged access. Users included in an approvers' group don't need to be a Global Admin or have the Role Management role assigned to review and approve requests with PowerShell.

-|[Scope labels to files or emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails) |Current Channel: 2301+ <br /><br> Monthly Enterprise Channel: 2302+ <br /><br> Semi-Annual Enterprise Channel:2302+ |16.69+ |Preview: Rolling out to [Beta Channel](https://insider.office.com/join/ios) |Preview: Rolling out to [Beta Channel](https://insider.office.com/join/android)| [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |

-|[Display label color](sensitivity-labels-office-apps.md#label-colors) |Current Channel: 2302+ <br /><br> Monthly Enterprise Channel: 2303+ <br /><br> Semi-Annual Enterprise Channel: 2302+ |Preview: [Current Channel (Preview)](https://office.com/insider) ^\* |Rolling out: 4.2316.0+ |4.2316.0+ |Under review |

-[Create and manage alert rules](m365-lighthouse-alerts-overview.md) (article)\

-keywords: Microsoft Defender for Endpoint (MDE) attack surface reduction rules, ASR rules intune, defender ASR rules, Windows 10 ASR rules, defender asr rules, ASR rules report, microsoft Attack surface reduction rules deployment, ASR rules event viewer, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules

-search.product: eADQiWindows 10XVcnh

-ms.sitesec: library

-ms.pagetype: security

-> For Customers who are using a non-Microsoft HIPS and are transitioning to Microsoft Defender for Endpoint attack surface reduction rules: Microsoft advises customers to run their HIPS solution side-by-side with their ASR rules deployment until the moment you shift from Audit to Block mode. Keep in mind that you must reach out to your 3rd-party antivirus vendor for exclusion recommendations.

-[Microsoft 365 Defender](https://security.microsoft.com) combines security capabilities that protect, detect, investigate, and respond to email, collaboration, identity, and device threats, and now includes all functionality provided in the [classic Defender for Identity portal](/defender-for-identity/classic-workspace-portal).

-description: How to redirect accounts and sessions from Defender for Identity to Microsoft 365 Defender.

-keywords: Microsoft 365 Defender, Getting started with Microsoft 365 Defender, security center redirection

-search.product: eADQiWindows 10XVcnh

-ms.sitesec: library

-ms.pagetype: security

- - NOCSH

- - m365-security

- - tier3

-# Redirecting accounts from Microsoft Defender for Identity to Microsoft 365 Defender

-**Applies to:**

-This guide explains how to route accounts to Microsoft 365 Defender by enabling automatic redirection from the former Microsoft Defender for Identity portal (portal.atp.azure.com), to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a>.

-## What to expect

-Starting January 31, 2023, the portal redirection setting will be automatically enabled for each tenant. Once the redirection setting is enabled, any requests to the standalone Defender for Identity portal (`portal.atp.azure.com`) will be redirected to Microsoft 365 Defender (<https://security.microsoft.com>) along with any direct links to its functionality. Accounts accessing the former Microsoft Defender for Identity portal will be automatically routed to the Microsoft 365 Defender portal.

-> [!IMPORTANT]

-> As of June 30th, customers still using the classic Microsoft Defender for Identity portal will be automatically redirected to Microsoft 365 Defender, with no option to revert back to the classic portal.

->

-> For more information, see [Microsoft Defender for Identity in Microsoft 365 Defender.](microsoft-365-security-center-mdi.md).

-## When does this take effect?

-Once enabled, this update might take effect almost immediately for some accounts. But the redirection might take longer to propagate to every account in your organization. Accounts in active sessions while this setting is applied won't be ejected from their session and will only be routed to Microsoft 365 Defender after ending their current session and signing back in again.

-### Set up portal redirection

-To start routing accounts to Microsoft 365 Defender:

-1. Make sure you're a global administrator or have security administrator permissions in Azure Active Directory.

-1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a>.

-1. Navigate to **Settings** > **Identities** > **General** > **Portal redirection** or [go here](https://security.microsoft.com/preferences2/portal_redirection).

- :::image type="content" source="../../media/portal-redirection.png" alt-text="Portal redirection."lightbox="../../media/portal-redirection.png":::

-1. Toggle the Automatic redirection setting to **On**.

-> [!IMPORTANT]

-> Enabling this setting will not terminate active user sessions. Accounts who are in an active session while this setting is applied will only be directed to Microsoft 365 Defender after ending their current session and signing in again.

-> [!NOTE]

-> You must be a global administrator or have security administrator permissions in Azure Active Directory to enable or disable this setting.

-## Can I go back to using the former portal?

-If something isn't working for you or if there's anything you're unable to complete through Microsoft 365 Defender, we want to hear about it. If you've encountered any issues with redirection, we encourage you to let us know by using the Give feedback submission form.

-To revert to the former Microsoft Defender for Identity portal:

-1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a> as a global administrator or using and account with security administrator permissions in Azure Active directory.

-2. Navigate to **Settings** > **Identities** > **General** > **Portal redirection** or [open the page here](https://security.microsoft.com/preferences2/portal_redirection).

-3. Toggle the Automatic redirection setting to **Off**.

-This setting can be enabled again at any time.

-Once disabled, accounts will no longer be routed to security.microsoft.com.

-> [!NOTE]

-> For tenants created after March 15, 2023, the option to disable the setting toggle is not available.

-## Related information

-4. For the new site, provide a **Site name**, **Primary administrator**, and a **Language**.</br>

- > [!NOTE]

- > You can select a content center site to render in any of the available languages, but note that currently models can only be created for English files. Also note that like other site templates, the default site language isn't editable after the site is created.

-After you create a content center site, you'll see it listed on <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites**</a> in the SharePoint admin center.

-> [!NOTE]

-> For structured document processing models, there's a known issue where extracted tables aren't being processed into the corresponding list. A fix for this issue is rolling out. In the meantime, you'll need to reapply the model to the document library.

- Start here if want to learn how to use PowerShell to publish custom models to document libraries.

- Start here if you want to learn how to use PowerShell to trigger processing of custom models on a document library.

-^{**Applies to:** &ensp; &#10003; All custom models}

-^{**Applies to:** &ensp; &#10003; All custom models}

- C:\TestBase\App\scripts\install\job.ps1