Updates from: 07/08/2021 03:21:04
Category Microsoft Docs article Related commit history on GitHub Change details
admin Set Password To Never Expire https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md
A global admin for a Microsoft cloud service can use the [Azure Active Directory
This guide applies to other providers, such as Intune and Microsoft 365, which also rely on Azure AD for identity and directory services. Password expiration is the only part of the policy that can be changed.
-> [!NOTE]
-> Only passwords for user accounts that are not synchronized through directory synchronization can be configured to not expire. For more information about directory synchronization, see [Connect AD with Azure AD](/azure/active-directory/connect/active-directory-aadconnect).
## How to check the expiration policy for a password
Run one of the following commands:
[Let users reset their own passwords](../add-users/let-users-reset-passwords.md) (article)\ [Reset passwords](../add-users/reset-passwords.md) (article)\
-[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md) (article)
+[Set the password expiration policy for your organization](../manage/set-password-expiration-policy.md) (article)
compliance Communication Compliance Feature Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-feature-reference.md
Communications are scanned every 24 hours from the time policies are created. Fo
## Pausing a policy (preview)
-After you've created a communication compliance policy, the policy may be temporarily paused if needed. Pausing a policy may be used for testing or troubleshooting policy matches, or for optimizing policy conditions. Instead of deleting a policy in these circumstances, pausing a policy also preserves existing policy alerts and messages for ongoing investigations and reviews. Pausing a policy prevents inspect and alert generation for all user message conditions defined in the policy for the time the policy is paused. To pause or restart a policy, users must be a member of the *Communication Compliance Admin* role group.
+After you've created a communication compliance policy, the policy may be temporarily paused if needed. Pausing a policy may be used for testing or troubleshooting policy matches, or for optimizing policy conditions. Instead of deleting a policy in these circumstances, pausing a policy also preserves existing policy alerts and messages for ongoing investigations and reviews. Pausing a policy prevents inspection and alert generation for all user message conditions defined in the policy for the time the policy is paused. To pause or restart a policy, users must be a member of the *Communication Compliance Admin* role group.
To pause a policy, navigate to the **Policy** page, select a policy, and then select **Pause policy** from the actions toolbar. On the **Pause policy** pane, confirm you'd like to pause the policy by selecting **Pause**. In some cases, it may take up to 24 hours for a policy to be paused. Once the policy is paused, alerts for messages matching the policy aren't created. However, messages associated with alerts that were created prior to pausing the policy remain available for investigation, review, and remediation.
Built-in trainable and global classifiers scan sent or received messages across
Communication compliance built-in trainable and global classifiers scan communications for terms, images, and sentiment for the following types of language and content: -- **Threat**: Scans for threats to commit violence or physical harm to a person or property.-- **Targeted harassment**: Scans for offensive conduct targeting people regarding race, color, religion, national origin.-- **Profanity**: Scans for profane expressions that embarrass most people. - **Adult images**: Scans for images that are sexually explicit in nature.-- **Racy images**: Scans for images that are sexually suggestive in nature, but contain less explicit content than images deemed Adult.
+- **Discrimination (preview)**: Scans for explicit discriminatory language and is particularly sensitive to discriminatory language against the African American/Black communities when compared to other communities.
- **Gory images**: Scans for images that depict violence and gore.
+- **Profanity**: Scans for profane expressions that embarrass most people.
+- **Racy images**: Scans for images that are sexually suggestive in nature, but contain less explicit content than images deemed Adult.
+- **Targeted harassment**: Scans for offensive conduct targeting people regarding race, color, religion, national origin.
+- **Threat**: Scans for threats to commit violence or physical harm to a person or property.
The *Adult*, *Racy*, and *Gory* image classifiers scan files in .jpeg, .png, .gif, and .bmp formats. The size for image files must be less than 4 megabytes (MB) and the dimensions of the images must be greater than 50x50 pixels and greater than 50 kilobytes (KB) for the image to qualify for evaluation. Image identification is supported for Exchange Online email messages and Microsoft Teams channels and chats.
This example returns activities that match your current communication compliance
Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -Operations SupervisionRuleMatch ```
-Communication compliance policy matches are stored in a supervision mailbox for each policy. In some cases, you may need to check the size of your supervision mailbox for a policy to make sure you aren't approaching the current 50 GB limit. If the mailbox limit is reached, policy matches aren't captured and you'll need to create a new policy (with the same settings) to continue to capture matches for the same activities.
+Communication compliance policy matches are stored in a supervision mailbox for each policy. In some cases, you may need to check the size of your supervision mailbox for a policy to make sure you aren't approaching the current 50-GB limit. If the mailbox limit is reached, policy matches aren't captured and you'll need to create a new policy (with the same settings) to continue to capture matches for the same activities.
To check the size of a supervision mailbox for a policy, complete the following steps:
compliance Communication Compliance Investigate Remediate https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-investigate-remediate.md
No matter where you start to review alerts or the filtering you configure, the n
### Step 1: Examine the message basics
- Sometimes it's obvious from the source or subject that a message can be immediately remediated. It may be that the message is spurious or incorrectly matched to a policy and it should be resolved as a false positive. Select the **False Positive** control to immediately resolve the alert and remove from the pending alert queue. From the source or sender information, you may already know how the message should be routed or handled in these circumstances. Consider using the **Tag as** or **Escalate** controls to assign a tag to applicable messages or to send messages to a designated reviewer.
+ Sometimes it's obvious from the source or subject that a message can be immediately remediated. It may be that the message is spurious or incorrectly matched to a policy and it should be resolved as misclassified. Select the **Report as misclassified** control to share misclassified content with Microsoft, immediately resolve the alert, and remove from the pending alert queue. From the source or sender information, you may already know how the message should be routed or handled in these circumstances. Consider using the **Tag as** or **Escalate** controls to assign a tag to applicable messages or to send messages to a designated reviewer.
![Communication compliance remediation controls](../media/communication-compliance-remediation-controls.png)
After reviewing the message basics, it's time to open a message to examine the d
Now that you've reviewed the details of the message for the alert, you can choose several remediation actions: - **Resolve**: Selecting the **Resolve** control immediately removes the message from the **Pending alerts** queue and no further action can be taken on the message. By selecting **Resolve**, you've essentially closed the alert without further classification and it can't be reopened for further actions. All resolved messages are displayed in the **Resolved** tab.-- **False Positive**: You can always resolve a message as a false positive at any point during the message review workflow. False positive signifies that the alert was non-actionable or that the alert was incorrectly generated by the alerting process. The message cannot be reopened and all false positive messages are displayed in the **Resolved** tab.
+- **Report as misclassified (preview)**: You can always resolve a message as misclassified at any point during the message review workflow. Misclassified signifies that the alert was non-actionable or that the alert was incorrectly generated by the alerting process and any trainable classifiers. Resolving the item as misclassified sends message content, attachments, and the message subject (including metadata) to Microsoft to help improve trainable classifiers. Data that is sent to Microsoft does not contain information that may identify or be used to identify any users in your organization. Further actions cannot be taken on the message and all misclassified messages are displayed in the **Resolved** tab.
- **Power Automate (preview)**: Use a Power Automate flow to automate process tasks for an alert message. By default, communication compliance includes the *Notify manager when a user has a communication compliance alert* flow template that reviewers can use to automate the notification process for users with message alerts. For more information about creating and managing Power Automate flows in communication compliance, see the [Communication compliance feature reference](communication-compliance-feature-reference.md#power-automate-flows) article. - **Tag as**: Tag the message as *compliant*, *non-compliant*, or as *questionable* as it relates to the policies and standards for your organization. Adding tags and tagging comments helps you micro-filter policy alerts for escalations or as part of other internal review processes. After tagging is complete, you can also choose to resolve the message to move it out of the pending review queue. - **Notify**: You can use the **Notify** control to assign a custom notice template to the alert and to send a warning notice to the user. Choose the appropriate notice template configured in the **Communication compliance settings** area and select **Send** to email a reminder to the user that sent the message and to resolve the issue.
compliance Communication Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance.md
Communication compliance in Microsoft 365 offers several important features to h
Intelligent customizable templates in communication compliance allow you to apply machine learning to intelligently detect communication violations in your organization. - **Customizable pre-configured templates**: New policy templates help address the most common communications risks. Initial policy creation and follow-on updating are now quicker with pre-defined anti-harassment and offensive language, sensitive information, conflict of interest, and regulatory compliance templates.-- **New machine learning support**: Built-in threat, harassment, profanity, and image [classifiers](classifier-get-started-with.md) help reduce false positives in scanned messages, saving reviewers time during the investigation and remediation process.
+- **New machine learning support**: Built-in discrimination, threat, harassment, profanity, and image [classifiers](classifier-get-started-with.md) help reduce misclassified content in scanned messages, saving reviewers time during the investigation and remediation process.
- **Improved condition builder**: Configuring policy conditions is now streamlined into a single, integrated experience in the policy wizard, reducing confusion in how conditions are applied for policies. ### Flexible remediation workflows
In this step, you look deeper into the issues detected as matching your communic
The next step is to remediate communication compliance issues you've investigated using the following options: -- **Resolve**: After reviewing an issue, you can remediate by resolving the alert. Resolving an alert removes it from the pending alert queue, and the action is preserved as an entry in the Resolved queue for the matching policy. Alerts are automatically resolved after marking the alert as a false positive, sending a notice to a user about the alert, or opening a new case for the alert.
+- **Resolve**: After reviewing an issue, you can remediate by resolving the alert. Resolving an alert removes it from the pending alert queue, and the action is preserved as an entry in the *Resolved queue* for the matching policy. Alerts are automatically resolved after marking the alert as misclassified, sending a notice to a user about the alert, or opening a new case for the alert.
- **Tag a message**: As part of the resolution of an issue, you can tag the detected message as compliant, non-compliant, or as questionable as it relates to the policies and standards for your organization. Tagging can help you micro-filter policy alerts for escalations or as part of other internal review processes. - **Notify the user**: Often, users accidentally or inadvertently violate a communication compliance policy. You can use the notify feature to provide a warning notice to the user and to resolve the issue. - **Escalate to another reviewer**: Sometimes, the initial reviewer of an issue needs input from other reviewers to help resolve the incident. You can easily escalate message issues to reviewers in other areas of your organization as part of the resolution process.-- **Mark as a false positive**: Messages incorrectly detected as matches of compliance policies will occasionally slip through to the review process. You can mark these types of alerts as false positives and automatically resolve the issue.
+- **Report as misclassified**: Messages incorrectly detected as matches of compliance policies will occasionally slip through to the review process. You can mark these types of alerts as misclassified, submit feedback to Microsoft about the misclassification to help improve global classifiers, and automatically resolve the issue.
- **Remove message in Teams (preview)**: Inappropriate messages may be removed from displaying in Microsoft Teams channels or personal and group chat messages. Inappropriate messages that are removed are replaced with a notification that the message has been removed for a policy violation. - **Escalate for investigation**: In the most serious situations, you may need to share communication compliance information with other reviewers in your organization. Communication compliance is tightly integrated with other Microsoft 365 compliance features to help you with end-to-end risk resolution. Escalating a case for investigation allows you to transfer data and management of the case to Advanced eDiscovery in Microsoft 365. Advanced eDiscovery provides an end-to-end workflow to preserve, collect, review, analyze, and export content that's responsive to your organization's internal and external investigations. It allows legal teams to manage the entire legal hold notification workflow. To learn more about Advanced eDiscovery cases, see [Overview of Advanced eDiscovery in Microsoft 365](overview-ediscovery-20.md).
compliance Compliance Manager Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-faq.md
- Title: "Microsoft Compliance Manager FAQ"-- NOCSH-----
-localization_priority: Normal
--- MOE150-- MET150
-description: "Find answers to frequently asked questions about Microsoft Compliance Manager, which helps organizations simplify and automate risk assessments."
--
-# Compliance Manager frequently asked questions
-
-## Is Compliance Manager and Compliance Score the same thing, or are they different?
-
-There is now just one solution: Compliance Manager. This section walks you through the transition, starting with a basic overview below. You may also find it helpful to jump directly to one of the following sections:
--- [Your organization primarily used Compliance Manager (either the classic or public preview versions), located in the Microsoft Service Trust Portal](#your-organization-regularly-used-compliance-manager-in-the-service-trust-portal)--- [Your organization primarily used Compliance Score (public preview), located in the Microsoft 365 compliance center](#your-organization-used-compliance-score-public-preview-in-the-microsoft-365-compliance-center)--- [Your organization is new to Compliance Manager](#youre-new-to-compliance-manager
-)
-#### The basics
-
-Microsoft Compliance Manager began as a compliance management solution inside the Microsoft Service Trust Portal. As compliance solutions came into in the Microsoft 365 compliance center, we developed a new experience with a more user-friendly design for this location. Compliance Score public preview was released in the Microsoft 365 compliance center in November 2019. Compliance Score shared the same backend as Compliance Manager, allowing customers to work in both places. Since November 2019, weΓÇÖve released several updates as we built new functionality and responded to customer feedback.
-
-The general availability of Compliance Manager in the Microsoft 365 compliance center in September 2020 completes this evolution. Compliance Manager is the unified, end-to-end compliance solution. Your compliance score remains a key component of Compliance Manager.
-
-Read this [blog post](https://aka.ms/compliancemanager/GAblog) to learn more about whatΓÇÖs new with the GA release of Compliance Manager.
-
-#### Your organization regularly used Compliance Manager in the Service Trust Portal
-
-If you used Compliance Manager in the Service Trust Portal, all of your organizationΓÇÖs data now exists in Compliance Manager in the Microsoft 365 compliance center at https://compliance.microsoft.com/compliancemanager. ThereΓÇÖs nothing you need to do to resume your Compliance Manager work in its new location, other than to update any bookmarks you have to its previous location. All of your assessments and other data have been brought over for you.
-
-Note that Compliance Manager (preview) is no longer accessible in the Service Trust Portal, and all links to it will redirect you to its new location in the Microsoft 365 compliance center. Compliance Manager (classic) remains in the Service Trust Portal, though its use is discouraged.
-
-Everything you used to do in previous versions of Compliance Manager, such as completing actions (now called ΓÇ£improvement actionsΓÇ¥) and creating assessments, can be done in the new Compliance Manager. WeΓÇÖve added over 150 new assessment templates and improved the template creation process. We'll add more enhancements in future releases.
-
-Below are some helpful resources:
--- [Get familiar with your new Compliance Manager experience](compliance-manager-setup.md#understand-the-compliance-manager-dashboard)-- [Find permissions and other setup information for Compliance Manager in its new home](compliance-manager-setup.md#who-can-access-compliance-manager)-- [Learn more about the Microsoft 365 compliance center](microsoft-365-compliance-center.md)-
-#### Your organization used Compliance Score (public preview) in the Microsoft 365 compliance center
-
-If you used Compliance Score in public preview, youΓÇÖll notice Compliance Manager looks largely the same, with your score featured prominently on your dashboard. With the GA release, you no longer need to leave the Microsoft 365 compliance center in order to perform certain assessment management functions, such as creating and modifying templates for assessments. All functionality now resides in one place. Any data you had in the preview version of Compliance Score remains in the GA version of Compliance Manager.
-
-Note that if you filtered your Compliance Score dashboard view, those filters were reset when we deployed the new Compliance Manager in September. You will need to reapply any filters you had.
-
-Compliance Manager also has new licensing terms. See the question below on licensing.
-
-#### You're new to Compliance Manager
-
-Compliance Manager is an end-to-end solution in the Microsoft 365 compliance center for managing and tracking compliance activities. ItΓÇÖs a great place to begin your compliance journey because it gives you an initial assessment of your compliance posture the first time you visit. Below are good places to start learning more:
--- [Get an overview of Compliance Manager](compliance-manager.md)-- [Use our quickstart guide to help ramp up in stages](compliance-manager-quickstart.md)-- [Learn more about the Microsoft 365 compliance center](microsoft-365-compliance-center.md)-
-## Are there licensing requirements for using Compliance Manager?
-
-Yes. The GA release of Compliance Manager contains new licensing terms. All organizations with Office 365 and Microsoft 365 licenses, and US Government Community (GCC) Moderate, GCC High, and Department of Defense (DoD) customers, have access to Compliance Manager. However, the assessments available to your organization and how you manage assessment templates depends on your licensing agreement. Visit the [Microsoft 365 licensing guidance for security and compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance) for details.
-
-## If I have a high score, does it mean IΓÇÖm fully compliant?
-
-No. Your compliance score measures your progress in completing recommended actions that help reduce risks around data protection and regulatory standards. It does not express an absolute measure of organizational compliance with regard to a particular standard or regulation. Compliance Manager, and your compliance score, should not be interpreted as a guarantee in any way.
-
-## Can I use Compliance Manager for non-Microsoft products?
-
-While Compliance Manager provides continuous monitoring and recommended actions only for Microsoft cloud services, you can add custom assessments in Compliance Manager for your third-party services. In this way, you can use Microsoft Compliance Manager as a SaaS compliance management tool to help you manage all the controls across your digital assets.
-
-## WhatΓÇÖs happening to Compliance Manager (classic) in the Service Trust Portal?
-
-The classic version of Compliance Manager, which resides in the Microsoft Service Trust Portal, will soon be retired. A Microsoft 365 Message Center notice will go out at least 60 days before the final retirement of Compliance Manager (classic). Customers who are managing their compliance activities in Compliance Manager (classic) will need to move their data, including assessments and controls, over to the new Compliance Manager solution in the Microsoft 365 compliance center. Customer data will not automatically transfer over to Compliance Manager in the Microsoft 365 compliance center when Compliance Manager (classic) is retired.
-
-To learn how you can quickly set up the new Compliance Manager, read our [Compliance Manager quickstart](compliance-manager-quickstart.md) guide.
compliance Compliance Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager.md
Compliance Manager is now generally available (GA) as an end-to-end compliance m
What began as the public preview of Compliance Score has evolved into a centralized tool with enhanced compliance management capabilities and greater ease of use. The GA release brings a larger collection of pre-built assessments to help you scale your compliance activities. **Learn more about the GA release:**-- Our [frequently asked questions](compliance-manager-faq.md) walk you through the evolution in greater detail.
+- Our [frequently asked questions](compliance-manager-faq.yml) walk you through the evolution in greater detail.
- Read about GA feature enhancements in [this blog post](https://aka.ms/compliancemanager/GAblog). Watch the video below to learn how Compliance Manager can help simplify how your organization manages compliance:
compliance Create A Custom Sensitive Information Type In Scc Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell.md
The Version element is also important. When you upload your rule package for the
When complete, your RulePack element should look like this. ![XML markup showing RulePack element](../media/fd0f31a7-c3ee-43cd-a71b-6a3813b21155.png)+
+## Validators
+
+Microsoft 365 exposes function processors for commonly used SITs as validators. Here's a list of them.
+
+### List of validators currently available
+
+- Func_credit_card
+- Func_ssn
+- Func_unformatted_ssn
+- Func_randomized_formatted_ssn
+- Func_randomized_unformatted_ssn
+- Func_aba_routing
+- Func_south_africa_identification_number
+- Func_brazil_cpf
+- Func_iban
+- Func_brazil_cnpj
+- Func_swedish_national_identifier
+- Func_india_aadhaar
+- Func_uk_nhs_number
+- Func_Turkish_National_Id
+- Func_australian_tax_file_number
+- Func_usa_uk_passport
+- Func_canadian_sin
+- Func_formatted_itin
+- Func_unformatted_itin
+- Func_dea_number_v2
+- Func_dea_number
+- Func_japanese_my_number_personal
+- Func_japanese_my_number_corporate
+
+This gives you the ability to define your own regex and validate them. To use validators, define your own regex and while defining the regex use the validator property to add the function processor of your choice. Once defined, you can use this regex in an SIT.
+
+In the example below, a regular expression - Regex_credit_card_AdditionalDelimiters is defined for Credit card which is then validated using the checksum function for credit card by using Func_credit_card as a validator.
+
+```xml
+<Regex id="Regex_credit_card_AdditionalDelimiters" validators="Func_credit_card"> (?:^|[\s,;\:\(\)\[\]"'])([0-9]{4}[ -_][0-9]{4}[ -_][0-9]{4}[ -_][0-9]{4})(?:$|[\s,;\:\(\)\[\]"'])</Regex>
+<Entity id="675634eb7-edc8-4019-85dd-5a5c1f2bb085" patternsProximity="300" recommendedConfidence="85">
+<Pattern confidenceLevel="85">
+<IdMatch idRef="Regex_credit_card_AdditionalDelimiters" />
+<Any minMatches="1">
+<Match idRef="Keyword_cc_verification" />
+<Match idRef="Keyword_cc_name" />
+<Match idRef="Func_expiration_date" />
+</Any>
+</Pattern>
+</Entity>
+```
+
+Microsoft 365 provides two generic validators
+
+### Checksum validator
+
+In this example, a checksum validator for employee ID is defined to validate the regex for EmployeeID.
+
+```xml
+<Validators id="EmployeeIDChecksumValidator">
+<Validator type="Checksum">
+<Param name="Weights">2, 2, 2, 2, 2, 1</Param>
+<Param name="Mod">28</Param>
+<Param name="CheckDigit">2</Param> <!-- Check 2nd digit -->
+<Param name="AllowAlphabets">1</Param> <!ΓÇö 0 if no Alphabets -->
+</Validator>
+</Validators>
+<Regex id="Regex_EmployeeID" validators="ChecksumValidator">(\d{5}[A-Z])</Regex>
+<Entity id="675634eb7-edc8-4019-85dd-5a5c1f2bb085" patternsProximity="300" recommendedConfidence="85">
+<Pattern confidenceLevel="85">
+<IdMatch idRef="Regex_EmployeeID"/>
+</Pattern>
+</Entity>
+```
+
+### Date Validator
+
+In this example, a date validator is defined for a regex part of which is date.
+
+```xml
+<Validators id="date_validator_1"> <Validator type="DateSimple"> <Param name="Pattern">DDMMYYYY</Param> <!ΓÇösupported patterns DDMMYYYY, MMDDYYYY, YYYYDDMM, YYYYMMDD, DDMMYYYY, DDMMYY, MMDDYY, YYDDMM, YYMMDD --> </Validator> </Validators>
+<Regex id="date_regex_1" validators="date_validator_1">\d{8}</Regex>
+```
## Changes for Exchange Online
Note that in the Compliance center, you use the **[New-DlpSensitiveInformationTy
## Upload your rule package -- To upload your rule package, do the following steps: 1. Save it as an .xml file with Unicode encoding.
Microsoft 365 uses the search crawler to identify and classify sensitive informa
In Microsoft 365, you can't manually request a recrawl of an entire tenant, but you can do this for a site collection, list, or library ΓÇö see [Manually request crawling and re-indexing of a site, a library or a list](/sharepoint/crawl-site-content).
-## Remove a custom sensitive information type
-
-> [!NOTE]
-> Before your remove a custom sensitive information type, verify that no DLP policies or Exchange mail flow rules (also known as transport rules) still reference the sensitive information type.
-
-In Compliance center PowerShell, there are two methods to remove custom sensitive information types:
--- **Remove individual custom sensitive information types**: Use the method documented in [Modify a custom sensitive information type](#modify-a-custom-sensitive-information-type). You export the custom rule package that contains the custom sensitive information type, remove the sensitive information type from the XML file, and import the updated XML file back into the existing custom rule package.--- **Remove a custom rule package and all custom sensitive information types that it contains**: This method is documented in this section.-
-1. [Connect to Compliance center PowerShell](/powershell/exchange/exchange-online-powershell)
-
-2. To remove a custom rule package, use the [Remove-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/remove-dlpsensitiveinformationtyperulepackage) cmdlet:
-
- ```powershell
- Remove-DlpSensitiveInformationTypeRulePackage -Identity "RulePackageIdentity"
- ```
-
- You can use the Name value (for any language) or the `RulePack id` (GUID) value to identify the rule package.
-
- This example removes the rule package named "Employee ID Custom Rule Pack".
-
- ```powershell
- Remove-DlpSensitiveInformationTypeRulePackage -Identity "Employee ID Custom Rule Pack"
- ```
-
- For detailed syntax and parameter information, see [Remove-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/remove-dlpsensitiveinformationtyperulepackage).
-
-3. To verify that you've successfully removed a custom sensitive information type, do any of the following steps:
-
- - Run the [Get-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/get-dlpsensitiveinformationtyperulepackage) cmdlet and verify the rule package is no longer listed:
-
- ```powershell
- Get-DlpSensitiveInformationTypeRulePackage
- ```
-
- - Run the [Get-DlpSensitiveInformationType](/powershell/module/exchange/get-dlpsensitiveinformationtype) cmdlet to verify the sensitive information types in the removed rule package are no longer listed:
-
- ```powershell
- Get-DlpSensitiveInformationType
- ```
-
- For custom sensitive information types, the Publisher property value will be something other than Microsoft Corporation.
-
- - Replace \<Name\> with the Name value of the sensitive information type (for example, Employee ID) and run the [Get-DlpSensitiveInformationType](/powershell/module/exchange/get-dlpsensitiveinformationtype) cmdlet to verify the sensitive information type is no longer listed:
-
- ```powershell
- Get-DlpSensitiveInformationType -Identity "<Name>"
- ```
-
-## Modify a custom sensitive information type
-
-In Compliance center PowerShell, modifying a custom sensitive information type requires you to:
-
-1. Export the existing rule package that contains the custom sensitive information type to an XML file (or use the existing XML file if you have it).
-
-2. Modify the custom sensitive information type in the exported XML file.
-
-3. Import the updated XML file back into the existing rule package.
-
-To connect to Compliance Center PowerShell, see [Connect to Compliance Center PowerShell](/powershell/exchange/exchange-online-powershell).
-
-### Step 1: Export the existing rule package to an XML file
-
-> [!NOTE]
-> If you have a copy of the XML file (for example, you just created and imported it), you can skip to the next step to modify the XML file.
-
-1. If you don't already know it, run the [Get-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/get-dlpsensitiveinformationtype) cmdlet to find the name of the custom rule package:
-
- ```powershell
- Get-DlpSensitiveInformationTypeRulePackage
- ```
-
- > [!NOTE]
- > The built-in rule package that contains the built-in sensitive information types is named Microsoft Rule Package. The rule package that contains the custom sensitive information types that you created in the Compliance center UI is named Microsoft.SCCManaged.CustomRulePack.
-
-2. Use the [Get-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/get-dlpsensitiveinformationtyperulepackage) cmdlet to store the custom rule package to a variable:
-
- ```powershell
- $rulepak = Get-DlpSensitiveInformationTypeRulePackage -Identity "RulePackageName"
- ```
-
- For example, if the name of the rule package is "Employee ID Custom Rule Pack", run the following cmdlet:
-
- ```powershell
- $rulepak = Get-DlpSensitiveInformationTypeRulePackage -Identity "Employee ID Custom Rule Pack"
- ```
-
-3. Use the [Set-Content](/powershell/module/microsoft.powershell.management/set-content) cmdlet to export the custom rule package to an XML file:
-
- ```powershell
- Set-Content -Path "XMLFileAndPath" -Encoding Byte -Value $rulepak.SerializedClassificationRuleCollection
- ```
-
- This example export the rule package to the file named ExportedRulePackage.xml in the C:\My Documents folder.
-
- ```powershell
- Set-Content -Path "C:\My Documents\ExportedRulePackage.xml" -Encoding Byte -Value $rulepak.SerializedClassificationRuleCollection
- ```
-
-#### Step 2: Modify the sensitive information type in the exported XML file
-
-Sensitive information types in the XML file and other elements in the file are described earlier in this topic.
-
-#### Step 3: Import the updated XML file back into the existing rule package
-
-To import the updated XML back into the existing rule package, use the [Set-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/set-dlpsensitiveinformationtyperulepackage) cmdlet:
-
-```powershell
-Set-DlpSensitiveInformationTypeRulePackage -FileData ([Byte[]]$(Get-Content -Path "C:\My Documents\External Sensitive Info Type Rule Collection.xml" -Encoding Byte -ReadCount 0))
-```
-
-For detailed syntax and parameter information, see [Set-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/set-dlpsensitiveinformationtyperulepackage).
- ## Reference: Rule package XML schema definition You can copy this markup, save it as an XSD file, and use it to validate your rule package XML file.
compliance Dlp Use Policies Non Microsoft Cloud Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-use-policies-non-microsoft-cloud-apps.md
description: Learn how to use dlp policies for non-Microsoft cloud apps.
-# Use data loss prevention policies for non-Microsoft cloud apps (preview)
+# Use data loss prevention policies for non-Microsoft cloud apps
Data loss prevention (DLP) policies to non-Microsoft cloud apps are part of the Microsoft 365 DLP suite of features; using these features, you can discover and protect sensitive items across Microsoft 365 services. For more information about all Microsoft DLP offerings, see [Learn about data loss prevention](dlp-learn-about-dlp.md).
compliance Insider Risk Management Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-activities.md
+
+ Title: Investigate insider risk management activities
+description: Learn about investigating insider risk management activities in Microsoft 365
+keywords: Microsoft 365, insider risk, risk management, compliance
+localization_priority: Normal
+
+f1.keywords:
+- NOCSH
+++
+audience: itpro
+++
+# Investigate insider risk management activities
+
+Investigating risky user activities is an important first step in minimizing insider risks for your organization. These risks may be activities that generate alerts from insider risk management policies, or risks from activities that are detected by policies but do not immediately create an insider risk management alert for users. You can investigate these types of activities by using the **User activity reports (preview)** or with the **Alert dashboard**.
+
+## User activity reports (preview)
+
+User activity reports allow you to examine activities for specific users for a defined time period without having to assign them temporarily or explicitly to an insider risk management policy. In most insider risk management scenarios, users are explicitly defined in policies, and they may have policy alerts (depending on triggering events) and risk scores associated with the activities. But in some scenarios, you may want to examine the activities for users that aren't explicitly defined in a policy. These may be users that you've received a tip about the user and potentially risky activities, or users that typically don't need to be assigned to an insider risk management policy.
+
+After you've configured indicators on the insider risk management **Settings** page, user activity is detected for risky activity associated with the selected indicators. You do not have to configure a policy for user activity reports to detect and report risky activities by users in your organization. Activities included in user activity reports do not require triggering events for the activities to be displayed. This configuration means that all detected activity for the user is available for review, regardless if it has a triggering event or if it creates an alert. Reports are created on a per-user basis and can include all activities for a custom 90-day period. Multiple reports for the same user aren't supported.
+
+After examining activities for a user, investigators can dismiss individual activities as benign, share or email a link to the report with other investigators, or choose to assign the user temporarily or explicitly to an insider risk management policy. Users must be assigned to the *Insider Risk Management Investigators* role group to view the **User activity reports** page.
+
+![Insider risk management user activity report overview](../media/insider-risk-user-activity-report-overview.png)
+
+You can get started by selecting **Manage reports** in the **Investigate user activity** section on the insider risk management **Overview** page. To view activities for a user, first select **Create user activity report** and complete the following fields in the **New user activity report** pane:
+
+- **User**: Search for a user by name or email address
+- **Start date**: Use the calendar control to select the start date for user activities.
+- **End date**: Use the calendar control to select the end date for user activities. The end date selected must be greater than two days after the selected start date and no greater than 90 days from the selected start date.
+New reports typically take up to 10 hours before they are ready for review. When the report is ready, you'll see *Report ready* in the **Status** column on the User activity report page. Select the user to view the detailed report:
+
+![Insider risk management user activity report](../media/insider-risk-user-activity-report.png)
+
+The **User activity report** for the selected user contains the **User activity** and **Activity explorer** tabs:
+
+- **User activity**: Use this chart view to investigate activities and view potential activities that occur in sequences. This tab is structured to enable quick review of a case, including a historical timeline of all activities, activity details, the current risk score for the user in the case, the sequence of risk events, and filtering controls to help with investigative efforts.
+- **Activity explorer**: The **Activity explorer** tab provides risk investigators with a comprehensive analytic tool that provides detailed information about activities. With the Activity explorer, reviewers can quickly review a timeline of detected risky activity and identify and filter all risk activities associated with alerts. To learn more about using the Activity explorer, see the *Activity explorer* section later in this article.
+
+## Alert dashboard
+
+Insider risk management alerts are automatically generated by risk indicators defined in insider risk management policies. These alerts give compliance analysts and investigators an all-up view of the current risk status and allow your organization to triage and take actions for discovered risks. By default, policies generate a certain amount of low, medium, and high severity alerts, but you can [increase or decrease the alert volume](insider-risk-management-settings.md#alert-volume) to suit your needs. Additionally, you can configure the [alert threshold for policy indicators](insider-risk-management-settings.md#indicator-level-settings-preview) when creating a new policy with the policy wizard.
+
+Check out the [Insider Risk Management Alerts Triage Experience video](https://www.youtube.com/watch?v=KgmpxBLJLPI) for an overview of how alerts provide details, context, and related content for risky activity and how to make your investigation process more effective.
+
+The insider risk **Alert dashboard** allows you to view and act on alerts generated by insider risk policies. Each report widget displays information for last 30 days.
+
+- **Total alerts that need review**: The total number of alerts needing review and triage are listed, including a breakdown by alert severity.
+- **Open alerts over past 30 days**: The total number of alerts created by policy matches over the last 30 days, sorted by high, medium, and low alert severity levels.
+- **Average time to resolve alerts**: A summary of useful alert statistics:
+ - Average time to resolve high severity alerts, listed in hours, days, or months.
+ - Average time to resolve medium severity alerts, listed in hours, days, or months.
+ - Average time to resolve low severity alerts, listed in hours, days, or months.
+
+![Insider risk management alert dashboard](../media/insider-risk-alerts-dashboard.png)
+
+> [!NOTE]
+> Insider risk management uses built-in alert throttling to help protect and optimize your risk investigation and review experience. This throttling guards against issues that might result in an overload of policy alerts, such as misconfigured data connectors or DLP policies. As a result, there might be a delay in displaying new alerts for a user.
+
+## Alert status and severity
+
+You can triage alerts into one of the following statuses:
+
+- **Confirmed**: An alert confirmed and assigned to a new or existing case.
+- **Dismissed**: An alert dismissed as benign in the triage process.
+- **Needs review**: A new alert where triage actions have not yet been taken.
+- **Resolved**: An alert that is part of a closed and resolved case.
+
+Alert risk scores are automatically calculated from several risk activity indicators. These indicators include the type of risk activity, the number and frequency of the activity occurrence, the history of user risk activity, and the addition of activity risks that may boost the seriousness of the activity. The alert risk score drives the programmatic assignment of a risk severity level for each alert and cannot be customized. If alerts remain untriaged and risk activities continue to accrue to the alert, the risk severity level can increase. Risk analysts and investigators can use the alert risk severity to help triage alerts in accordance with your organization's risk policies and standards.
+
+Alert risk severity levels are:
+
+- **High severity**: The activities and indicators for the alert pose significant risk. The associated risk activities are serious, repetitive, and corelate strongly to other significant risk factors.
+- **Medium severity**: The activities and indicators for the alert pose a moderate risk. The associated risk activities are moderate, frequent, and have some correlation to other risk factors.
+- **Low severity**: The activities and indicators for the alert pose a minor risk. The associated risk activities are minor, more infrequent, and do not corelate to other significant risk factors.
+
+## Filter alerts on the Alert dashboard
+
+Depending on the number and type of active insider risk management policies in your organization, reviewing a large queue of alerts can be challenging. Using alert filters can help analysts and investigators sort alerts by several attributes. To filter alerts on the **Alerts dashboard**, select the **Filter** control. You can filter alerts by one or more attributes:
+
+- **Status**: Select one or more status values to filter the alert list. The options are *Confirmed*, *Dismissed*, *Needs review*, and *Resolved*.
+- **Severity**: Select one or more alert risk severity levels to filter the alert list. The options are *High*, *Medium*, and *Low*.
+- **Time detected**: Select the start and end dates for when the alert was created.
+- **Policy**: Select one or more policies to filter the alerts generated by the selected policies.
+
+## Search alerts on the Alert dashboard
+
+To search the alert name for a specific word, select the **Search** control and type the word to search. The search results display any policy alert containing the word defined in the search.
+
+## Triage alerts
+
+To triage an insider risk alert, complete the following steps:
+
+1. In the [Microsoft 365 compliance center](https://compliance.microsoft.com), go to **Insider risk management** and select the **Alerts** tab.
+2. On the **Alerts dashboard**, select the alert you want to triage.
+3. On the **Alerts detail pane**, you can review the following tabs and triage the alert:
+ - **Summary**: This tab contains general information about the alert and allows you to confirm the alert and create a new case or allows you to dismiss the alert. It includes the current status for the alert and the alert risk severity level, listed as *High*, *Medium*, or *Low*. The severity level may increase or decrease over time if the alert is not triaged.
+ - **What happened (preview)**: Displays the top three risk activities and policy matches during the activity evaluation period, including the type of violation associated with the activity and the number of occurrences.
+ - **User details**: Displays general information about the user assigned to the alert. If anonymization is enabled, the username, email address, alias, and organization fields are anonymized.
+ - **Alert details**: Includes the length of time since the alert was generated, the policies that generated the alert are listed, and the case generated from the alert is listed. For new alerts, the **Case** field displays None.
+ - **Content detected (preview)**: Includes content associated with the risk activities for the alert and summarizes activity events by key areas. Selecting an activity link opens the Activity explorer and displays additional details about the activity.
+ - **User activity**: This tab displays the activity history for the user associated with the alert. This history includes other alerts and activities related to risk indicators defined in the template assigned to the policy for this alert. This history allows risk analysts and investigators to factor in any past risky behavior for the employee as part of the triage process.
+ - **Actions**: The following actions are available for each alert:
+ - **Open expanded view**: Opens the **Activity explorer** dashboard.
+ - **Confirm and create case**: Use this action to confirm and create a new case for all the alerts associated with a user. This action automatically changes the alert status to *Confirmed*.
+ - **Dismiss alert**: Use this action to dismiss the alert. This action changes the alert status to *Resolved*.
+
+## Activity explorer (preview)
+
+> [!NOTE]
+> Activity explorer is available in the alert management area for users with triggering events after this feature is available in your organization.
+
+The Activity explorer provides risk investigators and analysts with a comprehensive analytic tool that provides detailed information about alerts. With the Activity explorer, reviewers can quickly review a timeline of detected risky activity and identify and filter all risk activities associated with alerts. To filter alerts on the Activity explorer, select the Filter control. You can filter alerts by one or more attributes listed in the details pane for the alert. Activity explorer also supports customizable columns to help investigators and analysts focus the dashboard on the information most important to them.
+
+![Insider risk management activity explorer overview](../media/insider-risk-activity-explorer.png)
+
+To use the **Activity explorer**, complete the following steps:
+
+1. In the Microsoft 365 compliance center, go to **Insider risk management** and select the **Alerts** tab.
+2. On the **Alerts dashboard**, select the alert you want to triage.
+3. On the **Alerts detail pane**, select **Open expanded view**.
+4. On the page for the selected alert, select the **Activity explorer** tab.
+
+When reviewing activities in the Activity explorer, investigators and analysts can select a specific activity and open the activity details pane. The pane displays detailed information about the activity that investigators and analysts can use during the alert triage process. The detailed information may provide context for the alert and assist with identifying the full scope of the risk activity that triggered the alert.
+
+![Insider risk management activity explorer details](../media/insider-risk-activity-explorer-details.png)
+
+## Create a case for an alert
+
+As alert is reviewed and triaged, you can create a new case to further investigate the risk activity. To create a case for an alert, follow these steps:
+
+1. In the [Microsoft 365 compliance center](https://compliance.microsoft.com), go to **Insider risk management** and select the **Alerts** tab.
+2. On the **Alerts dashboard**, select the alert you want to confirm and create a new case for.
+3. On the **Alerts details pane**, select **Actions** > **Confirm alerts & create case**.
+4. On the **Confirm alert and create insider risk case** dialog, enter a name for the case, select users to add as contributors, and add comments as applicable. Comments are automatically added to the case as a case note.
+5. Select **Create case** to create a new case or select **Cancel** to close the dialog without creating a case.
+
+After the case is created, investigators and analysts can manage and act on the case. For more information, see the [Insider risk management case](insider-risk-management-cases.md) article.
compliance Insider Risk Management Cases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-cases.md
The **User activity** tab is one of the most powerful tools for internal risk an
The **Activity explorer** tab allows risk analysts and investigators to review activity details associated with risk alerts. For example, as part of the case management actions, investigators and analysts may need to review all the risk activities associated with the case for more details. With the **Activity explorer**, reviewers can quickly review a timeline of detected risky activity and identify and filter all risk activities associated with alerts.
-For more information about the Activity explorer, see the [Insider risk management alerts](insider-risk-management-alerts.md#activity-explorer-preview) article.
+For more information about the Activity explorer, see the [Insider risk management alerts](insider-risk-management-activities.md#activity-explorer-preview) article.
### Content explorer
compliance Insider Risk Management Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-configure.md
Insider risk management policies include assigned users and define which types o
After you've completed these steps to create your first insider risk management policy, you'll start to receive alerts from activity indicators after about 24 hours. Configure additional policies as needed using the guidance in Step 4 of this article or the steps in [Create a new insider risk policy](insider-risk-management-policies.md#create-a-new-policy).
-To learn more about investigating insider risk alerts and the **Alerts dashboard**, see [Insider risk management alerts](insider-risk-management-alerts.md).
+To learn more about investigating insider risk alerts and the **Alerts dashboard**, see [Insider risk management activities](insider-risk-management-activities.md#alert-dashboard).
compliance Insider Risk Management Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-plan.md
If you don't see any alerts immediately after configuring an insider risk manage
Share insider risk management documentation with the stakeholders in your organization that are included in your management and remediation workflow: - [Create and manage insider risk policies](insider-risk-management-policies.md)-- [Investigate insider risk alerts](insider-risk-management-alerts.md)
+- [Investigate insider risk activities](insider-risk-management-activities.md)
- [Take action on insider risk cases](insider-risk-management-cases.md) - [Review case data with the insider risk Content explorer](insider-risk-management-content-explorer.md) - [Create insider risk notice templates](insider-risk-management-notices.md)
compliance Insider Risk Management Solution Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-solution-overview.md
Use the following steps to configure insider risk management for your organizati
## More information about insider risk management - [Manage insider risk policies](insider-risk-management-policies.md)-- [Investigate insider risk alerts](insider-risk-management-alerts.md)
+- [Investigate insider risk activities](insider-risk-management-activities.md)
- [Act on insider risk cases](insider-risk-management-cases.md)
compliance Insider Risk Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management.md
You can select from the following policy templates to quickly get started with i
### Alerts
-Alerts are automatically generated by risk indicators that match policy conditions and are displayed in the [Alerts dashboard](insider-risk-management-alerts.md). This dashboard enables a quick view of all alerts needing review, open alerts over time, and alert statistics for your organization. All policy alerts are displayed with the following information to help you quickly identify the status of existing alerts and new alerts that need action:
+Alerts are automatically generated by risk indicators that match policy conditions and are displayed in the [Alerts dashboard](insider-risk-management-activities.md#alert-dashboard). This dashboard enables a quick view of all alerts needing review, open alerts over time, and alert statistics for your organization. All policy alerts are displayed with the following information to help you quickly identify the status of existing alerts and new alerts that need action:
- Status - Severity
Alerts are resolved by opening a new case, assigning the alert to an existing ca
### Investigate
+Quickly investigate all activities for a selected user with [User activity reports (preview)](insider-risk-management-activities.md#user-activity-reports-preview). These reports allow investigators in your organization to examine activities for specific users for a defined time period without having to assign them temporarily or explicitly to an insider risk management policy. After examining activities for a user, investigators can dismiss individual activities as benign, share or email a link to the report with other investigators, or choose to assign the user temporarily or explicitly to an insider risk management policy.
+ [Cases](insider-risk-management-cases.md) are created for alerts that require deeper review and investigation of the activity details and circumstances around the policy match. The **Case dashboard** provides an all-up view of all active cases, open cases over time, and case statistics for your organization. Reviewers can quickly filter cases by status, the date the case was opened, and the date the case was last updated. Selecting a case on the case dashboard opens the case for investigation and review. This step is the heart of the insider risk management workflow. This area is where risk activities, policy conditions, alerts details, and user details are synthesized into an integrated view for reviewers. The primary investigation tools in this area are:
compliance Meet Data Protection And Regulatory Reqs Using Microsoft Cloud https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud.md
# Microsoft Compliance Manager (classic) > [!IMPORTANT]
-> **Compliance Manager (classic) will soon be removed from the Microsoft Service Trust Portal.** We recommend that you transition to the new [Compliance Manager in the Microsoft 365 compliance center](https://compliance.microsoft.com/), which provides an enhanced user experience and updated control mapping. Customers who have assessments in the classic version will need to create new assessments in the new Compliance Manager. Any existing data, including your assessments, controls, and other data, will not be transferred over to the new Compliance Manager. [Learn more about the transition](compliance-manager-faq.md#whats-happening-to-compliance-manager-classic-in-the-service-trust-portal).
+> **Compliance Manager (classic) will soon be removed from the Microsoft Service Trust Portal.** We recommend that you transition to the new [Compliance Manager in the Microsoft 365 compliance center](https://compliance.microsoft.com/), which provides an enhanced user experience and updated control mapping. Customers who have assessments in the classic version will need to create new assessments in the new Compliance Manager. Any existing data, including your assessments, controls, and other data, will not be transferred over to the new Compliance Manager. [Learn more about the transition](compliance-manager-faq.yml#what-s-happening-to-compliance-manager--classic--in-the-service-trust-portal-).
*Compliance Manager isn't available in Office 365 operated by 21Vianet, Office 365 Germany, Office 365 U.S. Government Community High (GCC High), or Office 365 Department of Defense.*
An Assessment is made of several components, which are:
Here's an example of three Microsoft-managed controls in the **Security** control family from an Assessment of Office 365 and the GDPR.
- ![Details of Microsoft-managed controls in the Compliance Manager](../media/d1351212-1ebf-424e-91b8-930c2b2edef1.png)
+ ![Details of Microsoft-managed controls in the Compliance Manager](../media/d1351212-1ebf-424e-91b8-930c2b2edef1.png)
- a. Specifies the following information from the certification or regulation that maps to the Microsoft-managed control.
+ 1. Specifies the following information from the certification or regulation that maps to the Microsoft-managed control.
- - **Control ID** - The section or article number from the certification or regulation that the control maps to.
+ - **Control ID** - The section or article number from the certification or regulation that the control maps to.
- - **Title** - The title from the corresponding certification or regulation.
+ - **Title** - The title from the corresponding certification or regulation.
- - **Article ID** - This field is included only for GDPR assessments, as it specifies the corresponding GDPR article number.
+ - **Article ID** - This field is included only for GDPR assessments, as it specifies the corresponding GDPR article number.
- - **Description** - Text of the standard or regulation that maps to the selected Microsoft-managed control.
+ - **Description** - Text of the standard or regulation that maps to the selected Microsoft-managed control.
- b. The Compliance Score for the control, which indicates the level of risk (due to non-compliance or control failure) associated with each Microsoft-managed control. See [Understanding the Compliance Score](#understanding-the-compliance-score) for more information. Note that Compliance Scores are rated from 1 to 10 and are color-coded. Yellow indicates low risk controls, orange indicates medium-risk controls, and red indicated high-risk controls.
+ 1. The Compliance Score for the control, which indicates the level of risk (due to non-compliance or control failure) associated with each Microsoft-managed control. See [Understanding the Compliance Score](#understanding-the-compliance-score) for more information. Note that Compliance Scores are rated from 1 to 10 and are color-coded. Yellow indicates low risk controls, orange indicates medium-risk controls, and red indicated high-risk controls.
- c. Information about the implementation status of a control, the date the control was tested, who performed the test, and the test result.
+ 1. Information about the implementation status of a control, the date the control was tested, who performed the test, and the test result.
- d. For each control, you can click **More** to see additional information, including details about Microsoft's implementation of the control and details about how the control was tested and validated by an independent third-party auditor.
+ 1. For each control, you can click **More** to see additional information, including details about Microsoft's implementation of the control and details about how the control was tested and validated by an independent third-party auditor.
- **Customer-Managed Controls** - This is the collection of controls that are managed by your organization. Your organization is responsible for implementing these controls as part of your compliance process for a given standard or regulation. Customer-managed controls are also organized into control families for the corresponding certification or regulation. Use the customer-managed controls to implement the recommended actions suggested by Microsoft as part of your compliance activities. Your organization can use the prescriptive guidance and recommended Customer Actions in each customer-managed control to manage the implementation and assessment process for that control.
For example, the User Access Management assessment control shown below has a ver
![Compliance Manager - Assessment control high severity - score 10](../media/174ecb2c-aaed-436e-9950-74da7dadf5db.png)
- By comparison, the Information Backup assessment control shown below has a lower severity risk ranking, and displays an assigned value of 3.
+By comparison, the Information Backup assessment control shown below has a lower severity risk ranking, and displays an assigned value of 3.
![Compliance Manager - Assessment control low severity - score 3](../media/11749f20-5f22-40c2-bbc1-eaccbf29e2ae.png)
The essence of the control is based on whether the control is Mandatory or Discr
### Mandatory or discretionary
- *Mandatory controls* are controls that cannot be bypassed either intentionally or accidentally. An example of a common mandatory control is a centrally-managed password policy that sets requirements for password length, complexity, and expiration. Users must comply with these requirements in order to access the system.
+*Mandatory controls* are controls that cannot be bypassed either intentionally or accidentally. An example of a common mandatory control is a centrally-managed password policy that sets requirements for password length, complexity, and expiration. Users must comply with these requirements in order to access the system.
- *Discretionary controls* rely upon users to understand policy and act accordingly. For example, a policy requiring users to lock their computer when they leave it is a discretionary control because it relies on the user.
+*Discretionary controls* rely upon users to understand policy and act accordingly. For example, a policy requiring users to lock their computer when they leave it is a discretionary control because it relies on the user.
### Preventative, detective, or corrective
By clicking the **Office 365 ΓÇö GDPR** assessment, and using the filter control
![Compliance Manager Assessment ΓÇö shared controls](../media/aafb106e-0abc-4918-8038-de11cf326dfe.png)
- Here we show the completion of the implementation and testing of GDPR control 6.10.1.2.
+Here we show the completion of the implementation and testing of GDPR control 6.10.1.2.
![Compliance Manager Assessment control GDPR 6.10.1.2 ΓÇö passed](../media/ee9e83b6-9d51-4b3b-85eb-96bec0fef2e1.png)
To add an Assessment to Compliance
3. Click **Next**, and do the following:
- a. Choose a Microsoft cloud service to assess for compliance from the **Select a product** drop-down list.
+ 1. Choose a Microsoft cloud service to assess for compliance from the **Select a product** drop-down list.
- b. Choose a certification to assess the selected cloud service against from the **Select a certification** drop-down list.
+ 1. Choose a certification to assess the selected cloud service against from the **Select a certification** drop-down list.
4. Click **Add to Dashboard** to create the Assessment; the assessment will be added to the Compliance Manager dashboard as a new tile at the end of the list of existing tiles.
compliance Retention Policies Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-teams.md
If a user who has a mailbox in Exchange Online leaves your organization and thei
If the user stored any files in Teams, see the [equivalent section](retention-policies-sharepoint.md#when-a-user-leaves-the-organization) for SharePoint and OneDrive.
-## Limitations
-
-We're continuously working on optimizing retention functionality in Teams. In the meantime, be aware of the following limitation when you use retention policies for Teams channel messages and chats:
--- **Incorrect display issue in Outlook**. If you create retention policies for Skype or Teams locations, one of those policies is shown as the default folder policy when a user views the properties of a mailbox folder in the Outlook desktop client. This is an incorrect display issue in Outlook and [a known issue](https://support.microsoft.com/help/4491013/outlook-client-displays-teams-or-skype-for-business-retention-policies). Instead, you should see the mailbox retention policy that's applied to the folder. The Skype or Teams retention policy is not applied to the user's mailbox.- ## Configuration guidance If you're new to configuring retention in Microsoft 365, see [Get started with retention policies and retention labels](get-started-with-retention.md).
compliance Sensitivity Labels Sharepoint Onedrive Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files.md
For more information about using managed properties, see [Manage the search sche
## Remove encryption for a labeled document
-There might be rare occasions when a SharePoint administrator needs to remove encryption from a document stored in SharePoint. Any user who has the [Rights Management usage right](/azure/information-protection/configure-usage-rights#usage-rights-and-descriptions) of Export or Full Control assigned to them for that document can remove encryption that was applied by the Azure Rights Management service from Azure Information Protection. For example, users with either of these usage rights can replace a label that applies encryption with a label without encryption. Alternatively, a [super user](/azure/information-protection/configure-super-users) could download the file and save a local copy without the encryption.
+There might be rare occasions when a SharePoint administrator needs to remove encryption from a document stored in SharePoint. Any user who has the [Rights Management usage right](/azure/information-protection/configure-usage-rights#usage-rights-and-descriptions) of Export or Full Control assigned to them for that document can remove encryption that was applied by the Azure Rights Management service from Azure Information Protection. For example, users with either of these usage rights can replace a label that applies encryption with a label without encryption. A [super user](/azure/information-protection/configure-super-users) could also download the file and save a local copy without the encryption.
As an alternative, a global admin or [SharePoint admin](/sharepoint/sharepoint-admin-role) can run the [Unlock-SPOSensitivityLabelEncryptedFile](/powershell/module/sharepoint-online/unlock-sposensitivitylabelencryptedFile) cmdlet, which removes both the sensitivity label and the encryption. This cmdlet runs even if the admin doesn't have access permissions to the site or file, or if the Azure Rights Management service is unavailable.
compliance Sit Custom Sit Filters https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-custom-sit-filters.md
+
+ Title: "Custom Sensitive Information Type Filters Reference"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-security-compliance
+search.appverid:
+- MOE150
+- MET150
+description: "This article presents a list of the filters that can be encoded into custom sensitive information types."
++
+# Custom sensitive information type filters reference
+
+In Microsoft you can define filters or additional checks while creating a custom sensitive information types (SIT).
+
+## List of supported filters and use cases
+
+### AllDigitsSame Exclude
+
+Description: Allows you to exclude matches which have all digits as duplicate digits, like 111111111 or 111-111-111
+
+Defining filters
+```xml
+<Filters id="ssn_filters">
+ <Filter type="AllDigitsSameFilter"></Filter>
+</Filters>
+```
+
+Using it in rule package at the entity level
+```xml
+<Entity id="50842eb7-edc8-4019-85dd-5a5c1f2bb085" patternsProximity="300" recommendedConfidence="85" filters="ssn_filters">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_ssn" />
+ </Pattern>
+</Entity>
+```
+
+Using it in rule package at the pattern level
+```xml
+<Entity id="50842eb7-edc8-4019-85dd-5a5c1f2bb085" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85" filters="ssn_filters">
+ <IdMatch idRef="Func_ssn" />
+ </Pattern>
+</Entity>
+```
+
+### TextMatchFilter StartsWith
+
+Description: Allows you to define the starting characters for the entity. It has two variants, include and exclude.
+
+For example to exclude the numbers starting with 0500, 91, 091, 010 in a list like this:
+
+- 0500-4500-027
+- 91564721450
+- 91-8523697410
+- 700-8956-7844
+- 1000-3265-9874
+- 0100-7892-3012
+
+you can use this xml
+
+```xml
+<Filters id="phone_number_filters_exc">
+ <Filter type="TextMatchFilter" direction="StartsWith" logic="Exclude" textProcessorId="Keyword_false_positives_sw">
+</Filter>
+</Filters>
+
+ <Keyword id="Keyword_false_positives_sw">
+ <Group matchStyle="string">
+ <Term>0500</Term>
+ <Term>91</Term>
+ <Term>091</Term>
+ <Term>0100</Term>
+ </Group>
+ </Keyword>
+```
+For example, to include the numbers starting with 0500, 91, 091, 0100 in a list like this:
+
+- 0500-4500-027
+- 91564721450
+- 91-8523697410
+- 700-8956-7844
+- 1000-3265-9874
+- 0100-7892-3012
+
+you can use this xml
+
+```xml
+<Filters id="phone_filters_inc">
+ <Filter type="TextMatchFilter" direction="StartsWith" logic="Include" textProcessorId="Keyword_false_positives_sw">
+</Filter>
+```
+
+### TextMatchFilter EndsWith
+
+Description: Allows you to define the ending characters for the entity.
+
+For example, to exclude the numbers ending with 0500,91,091, 0100 in a list like this:
+
+- 1234567891
+- 1234-5678-0091
+- 1234.4567.7091
+- 1234-8091-4564
+
+you can use this xml
+
+```xml
+<Filters id="phone_number_filters_exc">
+ <Filter type="TextMatchFilter" direction="EndsWith" logic="Exclude" textProcessorId="Keyword_false_positives_sw">
+</Filter>
+
+ <Keyword id="Keyword_false_positives_sw">
+ <Group matchStyle="string">
+ <Term>0500</Term>
+ <Term>91</Term>
+ <Term>091</Term>
+ <Term>0100</Term>
+ </Group>
+ </Keyword>
+```
+
+For example, to include the numbers ending with 0500, 91, 091, 0100, in a list like this:
+
+- 1234567891
+- 1234-5678-0091
+- 1234.4567.7091
+- 1234-8091-4564
+
+you can use this xml
+
+```xml
+<Filters id="phone_filters_inc">
+ <Filter type="TextMatchFilter" direction=" EndsWith" logic="Include" textProcessorId="Keyword_false_positives_sw">
+</Filter>
+```
+
+### TextMatchFilter Full
+
+Description: Allows you to prohibit certain matches to prevent them from triggering the rule. For example, exclude 4111111111111111 from the list of valid credit card matches.
+
+For example, to exclude credit card numbers like 4111111111111111 and 3241891031113111 in a list like this:
+
+- 4485 3647 3952 7352
+- 4111111111111111
+- 3241891031113111
+
+you can use this xml
+
+```xml
+<Filters id="cc_number_filters_exc">
+ <Filter type="TextMatchFilter" direction="Full" logic="Exclude" textProcessorId="Keyword_false_positives_full">
+</Filter>
+
+ <Keyword id="Keyword_false_positives_full">
+ <Group matchStyle="string">
+ <Term>4111111111111111</Term>
+ <Term>3241891031113111</Term>
+ </Group>
+ </Keyword>
+```
+
+For example, to include credit card numbers like 4111111111111111 and 3241891031113111 in a list like this:
+
+- 4485 3647 3952 7352
+- 4111111111111111
+- 3241891031113111
+
+you can use this xml
+
+```xml
+<Filters id="cc_filters_inc">
+ <Filter type="TextMatchFilter" direction="Full" logic="Include" textProcessorId="Keyword_false_positives_full">
+</Filter>
+```
+
+### TextMatchFilter Prefix
+
+Description: Allows you to define the preceding characters that should be always included or excluded. For example, if Credit card number is preceded by ΓÇÿOrder ID:ΓÇÖ then remove the match from the valid matches.
+
+For example, to exclude occurrences of phone numbers which have **Phone number** and **call me at** strings before the phone number, in a list like this:
+
+- phone number 091-8974-653278
+- Phone 45-124576532-123
+- 45-124576532-123
+
+you can use this xml
+
+```xml
+<Filters id="cc_number_filters_exc">
+ <Filter type="TextMatchFilter" direction="Prefix" logic="Exclude" textProcessorId="Keyword_false_positives_prefix">
+</Filter>
+ <Keyword id="Keyword_false_positives_prefix">
+ <Group matchStyle="string">
+ <Term>phone number</Term>
+ <Term>call me at</Term>
+ </Group>
+ </Keyword>
+```
+
+For example, to include occurrences that have **credit card** and **card #** strings before the credit card number, in a list like this:
+
+- Credit card 45-124576532-123
+- 45-124576532-123 (which could be phone number)
+
+you can use this xml
+
+```xml
+<Filters id="cc_filters_inc">
+ <Filter type="TextMatchFilter" direction="Full" logic="Include" textProcessorId="Keyword_true_positives_prefix">
+</Filter>
+
+ <Keyword id="Keyword_true_positives_prefix">
+ <Group matchStyle="string">
+ <Term>credit card</Term>
+ <Term>card #</Term>
+ </Group>
+ </Keyword
+```
+
+### TextMatchFilter Suffix
+
+Description: Allows you to define the following characters that should be always included or excluded. For example, if Credit card number is followed by ΓÇÿ/xuidΓÇÖ then remove the match from the valid matches.
+
+For example, top exclude occurrences if there are 5 more instances of four digits as suffix in a list like this:
+
+- 1234-5678-9321 4500 9870 6321 48925566
+- 1234-5678-9321
+
+you can use this xml
+
+```xml
+<Filters id="cc_number_filters_exc">
+ <Filter type="TextMatchFilter" direction="Prefix" logic="Exclude" textProcessorId="Regex_false_positives_suffix">
+</Filter>
+
+ <Regexid="Regex_false_positives_suffix">(\d{4}){5,}</Regex>
+```
+For example, to exclude occurrences if they are followed by **/xuidsuffix**, like one in this list:
+
+- 1234-5678-9321 /xuid
+- 1234-5678-9321
+
+you can use this xml
+
+``xml
+<Filters id="cc_number_filters_exc">
+ <Filter type="TextMatchFilter" direction="Prefix" logic="Exclude" textProcessorId="Keyword_false_positives_suffix">
+</Filter>
+
+ <Keyword id="Keyword_false_positives_suffix">
+ <Group matchStyle="string">
+ <Term>/xuid</Term>
+ </Group>
+ </Keyword>
+```
+
+For example, to include an occurrence only if it is followed by **cvv** or **expires**, like two in this list:
+
+- 45-124576532-123
+- 45-124576532-123 cvv 966
+- 45-124576532-123 expires 03/23
+
+you can use this xml
+
+```xml
+<Filters id="cc_filters_inc">
+ <Filter type="TextMatchFilter" direction="Full" logic="Include" textProcessorId="Keyword_true_positives_suffix">
+</Filter>
+
+ <Keyword id="Keyword_true_positives_suffix">
+ <Group matchStyle="string">
+ <Term>cvv</Term>
+ <Term>expires</Term>
+ </Group>
+ </Keyword>
+```
+
+## Using filters in rule packages
+
+Filters can be defined on the entire SIT or on a pattern. Here are some code snippets examples.
+
+### At sensitive information type level
+
+Filters at Entity - will cover all child patterns
+
+The filters will be applied on **all** the instances classified by any of the patterns in that entity / sensitive type
+
+```xml
+<Entity id="6443b88f-2808-482a-8e1a-3ae5026645e1" patternsProximity="300" recommendedConfidence="85" filters="CompositeFiltersAtEntityLevel">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_denmark_id" />
+ </Pattern>
+</Entity>
+```
+
+### At the individual pattern of the sensitive information type level
+
+Filters only at the pattern level.
+
+The filter will be applied on the instances matched by the pattern.
+
+```xml
+<Entity id="50842eb7-edc8-4019-85dd-5a5c1f2bb085" patternsProximity="300" recommendedConfidence="85">
+ <Pattern confidenceLevel="85" filters="CompositeFiltersAtPattern">
+ <IdMatch idRef="Keyword_cc_verification" />
+ </Pattern>
+</Entity>
+```
++
+### At sensitive information type level and an additional filter on some of the patterns of that entity
+
+Filters at Entity + pattern
+
+The filters will be applied on **all** the instances classified by any of the patterns in that entity / sensitive type. The pattern level filter will filter the instances matched by that pattern.
+
+```xml
+<Entity id="6443b88f-2808-482a-8e1a-3ae5026645e1" patternsProximity="300" recommendedConfidence="85" filters="CompositeFiltersAtEntityLevel">
+ <Pattern confidenceLevel="85" filters="CompositeFiltersAtPattern">
+ <IdMatch idRef="Regex_denmark_id" />
+ </Pattern>
+</Entity>
+```
+
+
+
+## More information
+
+- [Learn about data loss prevention](dlp-learn-about-dlp.md)
+
+- [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md)
+
+- [What the DLP functions look for](what-the-dlp-functions-look-for.md)
compliance Sit Modify A Custom Sensitive Information Type In Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-modify-a-custom-sensitive-information-type-in-powershell.md
+
+ Title: "Modify a custom sensitive information type using PowerShell"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-security-compliance
+search.appverid:
+- MOE150
+- MET150
+description: "Learn how to modify a custom sensitive information using PowerShell."
++
+# Modify a custom sensitive information type using PowerShell
+
+In Compliance center PowerShell, modifying a custom sensitive information type requires you to:
+
+1. Export the existing rule package that contains the custom sensitive information type to an XML file (or use the existing XML file if you have it).
+
+2. Modify the custom sensitive information type in the exported XML file.
+
+3. Import the updated XML file back into the existing rule package.
+
+To connect to Compliance Center PowerShell, see [Connect to Compliance Center PowerShell](/powershell/exchange/exchange-online-powershell).
+
+### Step 1: Export the existing rule package to an XML file
+
+> [!NOTE]
+> If you have a copy of the XML file (for example, you just created and imported it), you can skip to the next step to modify the XML file.
+
+1. If you don't already know it, run the [Get-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/get-dlpsensitiveinformationtype) cmdlet to find the name of the custom rule package:
+
+ ```powershell
+ Get-DlpSensitiveInformationTypeRulePackage
+ ```
+
+ > [!NOTE]
+ > The built-in rule package that contains the built-in sensitive information types is named Microsoft Rule Package. The rule package that contains the custom sensitive information types that you created in the Compliance center UI is named Microsoft.SCCManaged.CustomRulePack.
+
+2. Use the [Get-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/get-dlpsensitiveinformationtyperulepackage) cmdlet to store the custom rule package to a variable:
+
+ ```powershell
+ $rulepak = Get-DlpSensitiveInformationTypeRulePackage -Identity "RulePackageName"
+ ```
+
+ For example, if the name of the rule package is "Employee ID Custom Rule Pack", run the following cmdlet:
+
+ ```powershell
+ $rulepak = Get-DlpSensitiveInformationTypeRulePackage -Identity "Employee ID Custom Rule Pack"
+ ```
+
+3. Use the [Set-Content](/powershell/module/microsoft.powershell.management/set-content) cmdlet to export the custom rule package to an XML file:
+
+ ```powershell
+ Set-Content -Path "XMLFileAndPath" -Encoding Byte -Value $rulepak.SerializedClassificationRuleCollection
+ ```
+
+ This example export the rule package to the file named ExportedRulePackage.xml in the C:\My Documents folder.
+
+ ```powershell
+ Set-Content -Path "C:\My Documents\ExportedRulePackage.xml" -Encoding Byte -Value $rulepak.SerializedClassificationRuleCollection
+ ```
+
+#### Step 2: Modify the sensitive information type in the exported XML file
+
+Sensitive information types in the XML file and other elements in the file are described earlier in this topic.
+
+#### Step 3: Import the updated XML file back into the existing rule package
+
+To import the updated XML back into the existing rule package, use the [Set-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/set-dlpsensitiveinformationtyperulepackage) cmdlet:
+
+```powershell
+Set-DlpSensitiveInformationTypeRulePackage -FileData ([Byte[]]$(Get-Content -Path "C:\My Documents\External Sensitive Info Type Rule Collection.xml" -Encoding Byte -ReadCount 0))
+```
+
+For detailed syntax and parameter information, see [Set-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/set-dlpsensitiveinformationtyperulepackage).
++
+## More information
+
+- [Learn about data loss prevention](dlp-learn-about-dlp.md)
+
+- [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md)
+
+- [What the DLP functions look for](what-the-dlp-functions-look-for.md)
compliance Sit Remove A Custom Sensitive Information Type In Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-remove-a-custom-sensitive-information-type-in-powershell.md
+
+ Title: "Remove a custom sensitive information type using PowerShell"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-security-compliance
+search.appverid:
+- MOE150
+- MET150
+description: "Learn how to remove a custom sensitive information type using PowerShell"
++
+# Remove a custom sensitive information type using PowerShell
+++
+In Compliance center PowerShell, there are two methods to remove custom sensitive information types:
+
+- **Remove individual custom sensitive information types**: Use the method documented in [Modify a custom sensitive information type using PowerShell](sit-modify-a-custom-sensitive-information-type-in-powershell.md#modify-a-custom-sensitive-information-type-using-powershell). You export the custom rule package that contains the custom sensitive information type, remove the sensitive information type from the XML file, and import the updated XML file back into the existing custom rule package.
+
+- **Remove a custom rule package and all custom sensitive information types that it contains**: This method is documented in this section.
+
+> [!NOTE]
+> Before your remove a custom sensitive information type, verify that no DLP policies or Exchange mail flow rules (also known as transport rules) still reference the sensitive information type.
+
+1. [Connect to Compliance center PowerShell](/powershell/exchange/exchange-online-powershell)
+
+2. To remove a custom rule package, use the [Remove-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/remove-dlpsensitiveinformationtyperulepackage) cmdlet:
+
+ ```powershell
+ Remove-DlpSensitiveInformationTypeRulePackage -Identity "RulePackageIdentity"
+ ```
+
+ You can use the Name value (for any language) or the `RulePack id` (GUID) value to identify the rule package.
+
+ This example removes the rule package named "Employee ID Custom Rule Pack".
+
+ ```powershell
+ Remove-DlpSensitiveInformationTypeRulePackage -Identity "Employee ID Custom Rule Pack"
+ ```
+
+ For detailed syntax and parameter information, see [Remove-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/remove-dlpsensitiveinformationtyperulepackage).
+
+3. To verify that you've successfully removed a custom sensitive information type, do any of the following steps:
+
+ - Run the [Get-DlpSensitiveInformationTypeRulePackage](/powershell/module/exchange/get-dlpsensitiveinformationtyperulepackage) cmdlet and verify the rule package is no longer listed:
+
+ ```powershell
+ Get-DlpSensitiveInformationTypeRulePackage
+ ```
+
+ - Run the [Get-DlpSensitiveInformationType](/powershell/module/exchange/get-dlpsensitiveinformationtype) cmdlet to verify the sensitive information types in the removed rule package are no longer listed:
+
+ ```powershell
+ Get-DlpSensitiveInformationType
+ ```
+
+ For custom sensitive information types, the Publisher property value will be something other than Microsoft Corporation.
+
+ - Replace \<Name\> with the Name value of the sensitive information type (for example, Employee ID) and run the [Get-DlpSensitiveInformationType](/powershell/module/exchange/get-dlpsensitiveinformationtype) cmdlet to verify the sensitive information type is no longer listed:
+
+ ```powershell
+ Get-DlpSensitiveInformationType -Identity "<Name>"
+ ```
+
+## More information
+
+- [Learn about data loss prevention](dlp-learn-about-dlp.md)
+
+- [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md)
+
+- [What the DLP functions look for](what-the-dlp-functions-look-for.md)
contentunderstanding Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/index.md
Title: "Introduction to Microsoft SharePoint Syntex"
+ Title: Introduction to Microsoft SharePoint Syntex
- enabler-strategic - m365initiative-syntex localization_priority: Priority
-description: "Learn how to find resources for Microsoft SharePoint Syntex."
+description: Learn how to find resources for Microsoft SharePoint Syntex.
# Introduction to Microsoft SharePoint Syntex
-Microsoft SharePoint Syntex is an Microsoft 365 service that helps organizations to:
+SharePoint Syntex is an Microsoft 365 service that helps organizations to:
- Use advanced AI and machine teaching to amplify human experiences - Automate content processing
Learn more about how to use and implement SharePoint Syntex in your organization
| If you're looking for this information: | Go to this resource: | |:--|:--| |Learn how to start planning to use SharePoint Syntex |[SharePoint Syntex adoption: get started](./adoption-getstarted.md)|
-|See example scenarios to give you ideas about how you can use SharePoint Syntex in your organization |[Scenarios and use cases for Microsoft SharePoint Syntex](./adoption-scenarios.md)|
+|See example scenarios to give you ideas about how you can use SharePoint Syntex in your organization |[Scenarios and use cases for SharePoint Syntex](./adoption-scenarios.md)|
+|Set up and run a trial pilot program for SharePoint Syntex |[Run a trial](./trial-syntex.md)|
|Learn how to use SharePoint Syntex to automate document processes |[Manage contracts using a Microsoft 365 solution](./solution-manage-contracts-in-microsoft-365.md)| ## Set up SharePoint Syntex
The resources in this section help your admin in your organization to set up and
| If you're looking for this information: | Go to this resource: | |:--|:--|
-|Set up and configure SharePoint Syntex|[Set up Microsoft SharePoint Syntex](./set-up-content-understanding.md)|
+|Set up and configure SharePoint Syntex|[Set up SharePoint Syntex](./set-up-content-understanding.md)|
|Learn about image tagging and how to disable|[Image tagging in SharePoint Syntex](./image-tagging.md)| ## Models
The resources in this section help your users learn how to create and configure
|:--|:--| |Learn how to work with models|[Create a content center](./create-a-content-center.md)<br><br>[Create a classifier](./create-a-classifier.md)<br><br>[Create an extractor](./create-an-extractor.md)<br><br>[Create a form processing model](./create-a-form-processing-model.md)<br><br>[Explanation types](./explanation-types-overview.md)<br><br>[Apply a document understanding model](./apply-a-model.md)<br><br>[Learn about document understanding models through the sample model](./learn-about-document-understanding-models-through-the-sample-model.md)<br><br>| |Apply a retention label to your model|[Apply a retention label to a document understanding model](./apply-a-retention-label-to-a-model.md)|
+|Apply a sensitivity label to your model|[Apply a sensitivity label to a document understanding model](./apply-a-sensitivity-label-to-a-model.md)|
|Use Managed Metadata services term store taxonomy when creating an extractor|[Leverage term store taxonomy when creating an extractor](./leverage-term-store-taxonomy.md)| |Learn how to see data about your models|[Model usage analytics](./model-usage-analytics.md)| |Learn how to use accessibility mode when training a model|[SharePoint Syntex accessibility mode](./accessibility-mode.md)|
A SharePoint Syntex license gives your users premium content services that give
|Learn how to make content types more consistently available to SharePoint libraries and lists|[Push content types to a hub](./push-content-type-to-hub.md)| |Learn about the term store reports that are available to you|[Term store reports](./term-store-analytics.md)|
-## See Also
contentunderstanding Trial Syntex https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/trial-syntex.md
+
+ Title: Run a trial of Microsoft SharePoint Syntex
++++ Last updated :
+audience: admin
++
+ - enabler-strategic
+ - m365initiative-syntex
+
+search.appverid:
+localization_priority: Normal
+description: Learn how to plan and run a trial pilot program for SharePoint Syntex in your organization.
++
+# Run a trial of Microsoft SharePoint Syntex
+
+This article describes how to set up and run a trial pilot program to deploy SharePoint Syntex in your organization. It also recommends best practices for the trial.
+
+## Sign up for a trial
+
+The trial of SharePoint Syntex gives access to 300 users for 30 days.
+
+> [!NOTE]
+> Up to 300 users are included in the trial to ensure the automatic addition of 1 million AI Builder credits. You do not have to include 300 users for a trial to succeed.
+
+You can get the trial version from one of the following sources:
+
+- The [SharePoint Syntex product page](https://www.microsoft.com/microsoft-365/enterprise/sharepoint-syntex?activetab=pivot:overviewtab)
+
+- The [Microsoft 365 admin center](https://admin.microsoft.com)
+ 1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com).
+ 2. Go to **Billing** > **Purchase Services**.
+ 3. Scroll down to the **Add-Ons** section.
+ 4. On the SharePoint Syntex tile, select **Details**.
+ 5. Select **Get free trial**.
+ 6. To confirm the trial, follow the remaining wizard steps.
+
+You must be a Microsoft 365 global administrator or billing administrator to activate a trial.
+
+### Who should be involved in a trial
+
+|Role |Activity |
+|||
+|Microsoft 365 global admin or billing admin | Activate the trial and assign licenses |
+|Microsoft 365 global admin or SharePoint admin | Configure SharePoint Syntex and create content centers |
+|Business users | Model building and testing |
+
+### Before you activate a trial
+
+To successfully plan a SharePoint Syntex trial, consider the following factors:
+
+- The most meaningful testing is completed on ΓÇ£real worldΓÇ¥ scenarios and data.
+- You can only activate a SharePoint Syntex trial once per tenant.
+
+A test or demo tenant can be used as a ΓÇ£dry runΓÇ¥ to walk through the activation steps and administrative controls. But itΓÇÖs probably best to evaluate model building on a production tenant.
+
+To maximize the value of a trial on a production tenant, planning and business engagement are essential. You should engage one or more business areas to identify three-to-six use cases that could potentially be addressed by SharePoint Syntex. These use cases should:
+
+- Include scenarios that could be solved by either the forms processing or document understanding model.
+- Have a clear understanding of the purpose for any extracted metadata; for example, view formatting or automation by using Power Automate. While SharePoint Syntex is focused on classifying documents and extracting metadata, the value to quantify is what this metadata enables.
+- Be based on a defined set of data; for example, specific SharePoint sites or libraries. A common misconception of SharePoint Syntex is that general purpose models can be applied across all organization content. A more accurate view is that models are built to help solve specific business problems in targeted locations.
+
+All of these use cases might not be a good fit for SharePoint Syntex. The goal of a quality trial isn't to prove that SharePoint Syntex will fit all the scenarios. Instead, the trial should help you better understand the value of product.
+
+For each of the planned use cases, identify users who are subject matter experts in the related content or process. The creation of SharePoint Syntex models is focused on domain experts in the content, rather than on IT professionals or developer resources.
+
+## Activate a trial
+
+When you initiate a trial, you need to:
+
+- Assign licenses to the relevant users.
+- Perform [additional setup of SharePoint Syntex](set-up-content-understanding.md).
+ - You might want to [create additional content centers](create-a-content-center.md).
+
+After the trial is activated, you can create models and process files. See [guidance for model creation](create-a-content-center.md).
+
+## During a trial
+
+Trial periods are limited, so itΓÇÖs best to focus initially on whether SharePoint Syntex models can classify documents and extract metadata for the defined use cases. After the trial period is over, you can evaluate how the metadata can be exploited.
+
+## After a trial
+
+Based on the outcome of the trial, you can decide whether to proceed to production use of SharePoint Syntex.
+
+### Proceed to production use
+
+To ensure continuity of service, you need to purchase the required number of licenses and assign those licenses to users. Trial users who donΓÇÖt have a full license at the end of the trial period wonΓÇÖt be able to fully utilize SharePoint Syntex.
+
+You might have to estimate your projected use of forms processing and plan for the expected amount of AI Builder credits. For help, see [Estimate the AI Builder capacity thatΓÇÖs right for you](https://powerapps.microsoft.com/ai-builder-calculator/).
+
+### Don't proceed to production use
+
+If you donΓÇÖt purchase licenses following the trial:
+
+- You wonΓÇÖt be able to create new models.
+- Libraries that were running models will no longer automatically classify files or extract models.
+- Any previously classified files or extracted metadata wonΓÇÖt be affected.
+- Content centers and any document-understanding models wonΓÇÖt be automatically deleted. These will remain available for use if you decide to purchase licenses in the future.
+- Forms-processing models will be stored in the Common Data Services (CDS) instance of the default Power Platform environment. These could be used with future licensing for SharePoint Syntex or with AI Builder capabilities in the Power Platform.
+
+## See also
+
+[Microsoft SharePoint Syntex adoption: Get started](adoption-getstarted.md)
knowledge Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/index.md
Title: "Introduction to Microsoft Viva Topics"
+ Title: Introduction to Microsoft Viva Topics
- enabler-strategic - m365initiative-viva-topics localization_priority: None
-description: "Learn how to find resources for Microsoft Viva Topics."
+description: Learn how to find resources for Microsoft Viva Topics.
# Introduction to Microsoft Viva Topics
The resources in this section help you learn more about what Viva Topics is and
| If you're looking for this information: | Go to this resource: | |:--|:--|
-|Learn more about Viva Topics|[Microsoft Viva Topics overview](topic-experiences-overview.md)|
+|Learn more about Viva Topics|[Viva Topics overview](topic-experiences-overview.md)|
|Learn how topics are discovered and suggested by AI|[Microsoft Viva Topics discovery](topic-experiences-discovery.md)|
-|Learn about topic security|[Microsoft Viva security and privacy](topic-experiences-security-privacy.md)|
-|Learn how to get Viva Topics|[Microsoft Viva Topics product page](https://www.microsoft.com/microsoft-viva/topics?activetab=pivot%3aoverviewtab)|
-|See resources in the Microsoft Tech Community Resource Center|[Microsoft Viva Topics Tech Community](https://resources.techcommunity.microsoft.com/viva-topics/)|
+|Learn about topic security|[Viva Topics security and privacy](topic-experiences-security-privacy.md)|
+|Learn how to get Viva Topics|[Viva Topics product page](https://www.microsoft.com/microsoft-viva/topics?activetab=pivot%3aoverviewtab)|
+|See resources in the Microsoft Tech Community Resource Center|[Viva Topics Tech Community](https://resources.techcommunity.microsoft.com/viva-topics/)|
Learn more about how to use and implement Viva Topics in your organization to he
| If you're looking for this information: | Go to this resource: | |:--|:--|
-|Learn how to start planning to use Microsoft Viva. |[Get started](topics-adoption-getstarted.md)<br><br>|
+|Learn how to start planning to use Viva Topics |[Get started](topics-adoption-getstarted.md)|
+|Set up and run a trial pilot program for Viva Topics |[Run a trial](trial-topics.md)|
## Set up and administration
The resources in this section help your admin in your organization to set up and
| If you're looking for this information: | Go to this resource: | |:--|:--|
-|Learn how to set up and configure Microsoft Viva|[Set up Microsoft Viva](set-up-topic-experiences.md)|
+|Learn how to set up and configure Viva Topics|[Set up Viva Topics](set-up-topic-experiences.md)|
|Learn how to configure user permissions|[Manage topic permissions](topic-experiences-user-permissions.md)| |Learn how to manage who can view topics|[Manage topic visibility](topic-experiences-knowledge-rules.md)| |Learn how to manage your topic discovery settings|[Manage topic discovery](topic-experiences-discovery.md)|
knowledge Trial Topics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/knowledge/trial-topics.md
+
+ Title: Run a trial of Microsoft Viva Topics
++++ Last updated :
+audience: admin
++
+search.appverid:
+localization_priority: Normal
+description: Learn how to plan and run a trial pilot program for Microsoft Viva Topics in your organization.
++
+# Run a trial of Microsoft Viva Topics
+
+This article describes how to set up and run a trial pilot program to deploy Viva Topics to your organization. This article also recommends best practices for the trial.
+
+## Sign up for a trial
+
+Trials are publicly available from one of the following sources. These trials offer 25 users access to Viva Topics for 30 days.
+
+- The [Viva Topics product page](https://www.microsoft.com/microsoft-viva/topics?activetab=pivot:overviewtab)
+
+- The [Microsoft 365 admin center](https://admin.microsoft.com)
+ 1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com).
+ 2. Go to **Billing** > **Purchase Services**.
+ 3. Scroll down to the **Add-Ons** section.
+ 4. On the **Topic Experiences** tile, select **Details**.
+ 5. Select **Get free trial**.
+ 6. Follow the remaining wizard steps to confirm the trial.
+
+You must be a Microsoft 365 global administrator or billing administrator to activate a trial.
+
+> [!NOTE]
+> Public trials can only be added once for each Microsoft 365 tenant.
+
+### Who should be involved in a trial
+
+|Role |Activity |
+|||
+|Microsoft 365 global admin or billing admin | Activate the trial and assign licenses |
+|Microsoft 365 global admin or SharePoint admin | Configure Viva Topics and create topic centers |
+|Business user | Perform knowledge manager, topic contributor, and topic consumer roles |
+
+### Before you activate a trial
+
+Planning is essential for an effective trial of Viva Topics. The trial period is limited and must include topic discovery and exploring topic quality, management, and end-user experiences.
+
+#### Discovery
+
+There are two high-level strategy options for configuration of topic discovery during a trial:
+
+- Index all or most of your SharePoint Online content.
+ - Large tenants can take up to two weeks to fully index. While topics will be generated incrementally throughout this period, full indexing could consume up to half the trial period.
+ - For tenants with a significant volume of data, this option can produce a very large number of topics, perhaps tens of thousands.
+
+- Identify a subset of your SharePoint sites for indexing.
+
+The choice of these strategies is a balance of the following two factors:
+
+- Having enough data to generate meaningful topics. The AI in Viva Topics is tuned to work on large datasets, ideally ones that have more than 10,000 documents.
+- Not generating so many topics during the trial period that evaluating them during the available time period is overwhelming.
+
+For most organizations, the second strategy produces the best outcome.
+
+> [!NOTE]
+> Due to the number of documents required by the AI, we recommend that you run Viva Topics trials on a production tenant. ThereΓÇÖs no impact on the performance of the tenant during this period. Only users who have a trial license can access Viva Topics user experiences.
+
+#### Roles
+
+During the trial, there are three roles that must be active, which are described in the following table.
+
+|Role |Activity |
+|||
+|Knowledge manager | Control the lifecycle stages of topics; confirm and remove topics; act as a community manager for topic contributors |
+|Topic contributor | Content subject matter experts, who can:<br> Review topics to evaluate the quality of AI-defined content<br>Curate discovered topics with additional content<br>Create additional topics that werenΓÇÖt discovered by AI |
+|Topic consumer | Consume topics through page highlights and search<br>Provide feedback on the value of the topics presented |
+
+#### Expected topics
+
+It can be useful to document the topics you expect to be generated by the AI, even if this is based only on assumptions. This task is most easily completed when you index a defined subset of your SharePoint sites for which SMEs can be easily identified.
+
+Having a documented list will help you to:
+
+- Review the list of AI-generated topics, which might be larger than you expect.
+- Know the topics you might need to manually create or that are priorities for curation.
+
+There will always be a need for a mixture of AI-defined and human-created topics in a successful deployment or trial of Viva Topics.
+
+## Activate a trial
+
+When you initiate a trial, you need to:
+
+- Assign licenses to the relevant users.
+- Perform [additional setup](set-up-topic-experiences.md) of Viva Topics.
+
+When the trial is activated, the topic discovery process begins.
+
+## During a trial
+
+The trial period should be used to evaluate the following components of Viva Topics:
+
+- The AI-suggested topics and topic content
+- The end-user experiences, surfacing topic cards on modern SharePoint pages and in Microsoft Search
+
+Consider these factors:
+
+- For Viva Topics to deliver the maximum value, the content in topics needs to be a combination of AI-defined content and human-curated content.
+- All user experiences are ΓÇ£permission trimmedΓÇ¥ (including the knowledge managerΓÇÖs view on the **Manage topics** page). Users will only see a topic if they have permissions to view some of the resources that were used to generate the topic. This means that different users might see different content on the same topic page.
+- Users might see multiple topics that have the same name in the **Manage topics** page. These topics aren't necessarily duplicates but might be because of a single term thatΓÇÖs used in multiple contexts in the data, such as a project code name thatΓÇÖs used by two distinct projects.
+
+## After a trial
+
+Based on the outcome of the trial, you can decide whether to proceed to production use of Viva Topics.
+
+### Proceed to production use
+
+To ensure continuity of service, you must purchase the required number of licenses and assign those licenses to users. Trial users who donΓÇÖt have a full license at the end of the trial period wonΓÇÖt be able to access any Viva Topics experiences.
+
+### DonΓÇÖt proceed to production use
+
+If you donΓÇÖt purchase licenses following the trial:
+
+- Topic discovery will stop.
+- Users will no longer see topic highlights or cards.
+- The topic center wonΓÇÖt be deleted, but the suggested topics and manage topics experiences wonΓÇÖt be available.
+- Any AI-defined topics will be lost.
+- Topics that have been edited by a topic contributor will remain in the topic center pages library. Only the manually provided content will remain on these pages, not any AI-suggested content.
+
+## See also
+
+[Get started driving adoption of Microsoft Viva Topics](topics-adoption-getstarted.md)
+
lti Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/index.md
For configuration steps, see [Use Microsoft Teams meetings with Canvas](teams-me
The Microsoft Teams classes LTI app helps educators and students navigate between their LMS and Teams. Users can access their class teams associated with their course directly from within their LMS. You can find configuration steps below: - **Teams Classes LTI with Canvas** [Use Microsoft Teams classes with Canvas](teams-classes-with-canvas.md).+
+- **Teams Classes LTI with Blackboard** [Use Microsoft Teams classes with Blackboard Learn Ultra](teams-classes-with-blackboard.md)
lti Onedrive Lti https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/onedrive-lti.md
Integrating Microsoft OneDrive LTI with Canvas is a two step process. The first
1. Sign into the <a href="https://onedrivelti.microsoft.com/admin" target="_blank">Microsoft OneDrive LTI Registration Portal</a> 1. Select the **Admin Consent** button and accept the permissions.
-1. Select the **Create new LTI Tenant** button. On the LTI Registration page select **Canvas** in the dropdown and enter the base URL of your Canvas instance.
+
+> [!CAUTION]
+> If this step isn't performed, the following step will give you an error, and you won't be able to take this step for an hour once you've gotten the error.
+
+3. Select the **Create new LTI Tenant** button. On the LTI Registration page select **Canvas** in the dropdown and enter the base URL of your Canvas instance.
> [!NOTE] > If your Canvas instance is, for example, https://contoso.test.instructure.com](https://contoso.test.instructure.com), then the complete URL should be entered.
lti Teams Classes With Blackboard Old https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-with-blackboard-old.md
- Title: Use Microsoft Teams classes with Blackboard-------- CSH-
-localization_priority: Normal
-
-description: "Integrate Microsoft Teams classes in your Learning Management System"
--
-# Use Microsoft Teams classes with Blackboard
-
-> [!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-Microsoft Teams classes is a Learning Tools Interoperability (LTI) app that helps educators and students easily navigate between their Learning Management System (LMS) and Teams. Users can access their class teams associated with their course directly from within their LMS.
-
-## Approve the app in the Microsoft Azure tenant
-
-The following tasks are completed by the Microsoft Office 365 admin and the Blackboard Learn Ultra admin.
-
-Before managing the integration within Blackboard Learn Ultra, the Microsoft Office 365 admin must approve the Blackboard **MSFT Teams for Learn Ultra Azure** app for the institutionΓÇÖs Microsoft Azure tenant.
-
-1. Find your Microsoft Tenant ID. See [how to find the tenant](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant).
-
-2. Redirect the Microsoft Identity Platform Admin Consent Endpoint according to the following example:
-
- `https://login.microsoftonline.com/{tenant}/adminconsent?client_id=2d94989f-457a-47c1-a637-e75acdb11568`
-
- > [!NOTE]
- > Replace {tenant} with your organizationΓÇÖs Microsoft tenant ID.
-
-## Register the integration apps
-
-As a Blackboard Learn Ultra admin, you'll need to register 2 LTI 1.3 integration apps within your Test environment:
--- The Blackboard Learn Class Teams integration to support the roster sync--- The Microsoft Teams class team LTI app-
-1. Make a note of the following LTI Client IDs for both Apps:
-
- - Blackboard - f1561daa-1b21-4693-ba90-6c55f1a0eb41
-
- - Microsoft - 027328b7-c2e3-4c9e-aaa1-07802dae6c89
-
-2. Access the Admin Panel, and under **Integrations**, locate the LTI Tool Providers.
-
- ![this is the LTI Tool Provider dialog shows a list of providers](../media/lti-media/lti-tool-providers.png)
-
-3. Select **Register LTI1.3/Advantage Tool**.
-
-4. Enter the first of the Client IDs provided (either Blackboard or Microsoft), and select **Submit**.
-
-5. Review the pre-populated settings and ensure that the tool status is marked as approved.
-
-6. Scroll to the bottom, and then select **Submit**.
-
-7. Repeat the previous steps to register the second of the LTI apps within your environment.
-
-## Set up the REST Application and Cross Origin Resource Sharing
-
-The Blackboard Learn Ultra admin will also need to configure the REST Application and the Cross Origin Resource Sharing configuration.
-
-Complete the following to set up the REST Application
-
-1. Access the Learn Administration Tools, and then select **REST API Integrations** from the **Integrations** section.
-
-2. Select **Create integrations** and enter the same Application/Client ID that you entered for the Blackboard Learn Class Teams Integration LTI tool.
-
-3. Enter the Learn User (this could be your own learn admin username), or select **Browse** to locate.
-
-4. Select **Yes** for **End User Access**.
-
-5. Select **Yes** for **Authorized to Act as User**
-
-6. Select **Submit** once complete.
-
-## Set up Cross-Origin Resource Sharing
-
-1. Access the Learn Administration Tools, and select **Cross-Origin Resource Sharing** from the **Integrations** section.
-
-2. Select **Create Configuration**.
-
-3. Enter `https://bb-ms-teams-ultra-ext.api.blackboard.com` in the origin.
-
-4. Add the word **Authorization** in the **Allowed Headers**.
-
-5. Set **Available** to **Yes**.
-
-6. Select **Submit** once complete.
-
-## Enable Class Teams in Blackboard Learn
-
-Once you've enabled the LTI tools, your next step will be to set up the Microsoft Class Teams integration from your own Microsoft Office 365 tenant. You can do this by following these steps as the Blackboard Learn Ultra admin.
-
-1. In **Learn Admin** > **Tools and Utilities**, select **Microsoft Teams Integration Admin**.
-
- ![the tools and utilities dialog with a list of available tools](../media/lti-media/tools-utilities.png)
-
-2. Select the checkbox for **Enable Microsoft Teams**.
-
-3. Enter your tenant ID as referenced in the section under Microsoft O365 Admin
-
- > [!NOTE]
- > You won't be able to save the settings until the app has been approved by the O365 admin. See [Approve the app in Microsoft Azure tenant](#approve-the-app-in-the-microsoft-azure-tenant).
-
-4. When the global O365 admin has approved the Blackboard Teams application in your Microsoft Tenant, select **Submit**.
lti Use Onedrive With Lms Old https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/use-onedrive-with-lms-old.md
- Title: Use OneDrive Learning Tools Interoperability-------- CSH-
-localization_priority: Normal
-
-description: "Create and grade assignments, build and curate course content, and collaborate on files in real time with the new OneDrive Learning Tools Interoperability App."
--
-# Use Microsoft OneDrive LTI with Canvas
-
-> [!IMPORTANT]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-## Integrate with Canvas
-
-The person who performs this integration should be an admin of Canvas and an admin of the Microsoft 365 tenant.
-
-1. Sign in to the Microsoft Azure portal with the tenant admin account. The Azure tenant administrator should also have the Group administrator role.
-
- ![group administrator highlighted](../media/lti-media/lti-group-admin.png)
-
-2. Sign in to the Microsoft [OneDrive LTI portal](https://odltiappnl.azurewebsites.net/admin).
-
-3. Accept the permissions to complete the sign-in.
-
- ![accept permissions](../media/lti-media/lti-permissions.png)
-
-4. Select **Add LTI Tenant**.
-
- ![add LTI tenant](../media/lti-media/lti-add-tenant.png)
-
-5. Select **LTI Consumer Platform** as **Canvas** from the dropdown.
-
-6. Select **Canvas Base URL** and then select **Next**.
-
- ![select Canvas and add base URL](../media/lti-media/lti-canvas-base-url.png)
-
- The next screen shows fields that are confidential to you.
-
-7. Select **Next** from ?? page. CAN REVIEWERS FILL IN THE BLANK HERE?
-
-8. Select **Next** in the screen that shows information that's confidential to you.
-
- The final screen of the Azure portal shows the next steps for adding your Canvas instance.
-
-9. Copy the Developer Keys from this screen. You'll use when you create the Canvas instance.
-
-## Add the Canvas instance
-
-1. In your Canvas instance, deselect **Admin** > **Developer Keys**.
-
-2. Choose **LTI Key** in the dropdown on **Developer Key**.
-
- ![Get the LTI developer keys](../media/lti-media/lti-developer-keys.png)
-
-3. Paste the developer keys here.
-
- ![Paste the developer keys](../media/lti-media/lti-developer-keys.png)
-
- The key gets created in **OFF** mode
-
- ![The created developer keys in the off mode](../media/lti-media/lti-copy-developer-keys.png)
-
-4. Copy the highlighted text.
- This serves as Client ID in Microsoft OneDrive LTI portal.
-
-5. Paste the text into the **Client ID** field in Microsoft OneDrive LTI portal, and then select **Next**.
-
-6. Select **Save**.
-
-7. View the settings by selecting **View LTI Tenants**.
managed-desktop Readiness Assessment Fix https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/get-ready/readiness-assessment-fix.md
You have a security baseline profile that targets all users, all devices, or bot
Make sure that any security baseline policies you have exclude Microsoft Managed Desktop devices. For steps, see [Use security baselines to configure Windows 10 devices in Intune](/mem/intune/protect/security-baselines). During enrollment, we apply a new security baseline to all Microsoft Managed Desktop devices. The **Modern Workplace Devices -All** Azure AD group is a dynamic group that we create when you enroll in Microsoft Managed Desktop, so you'll have to come back to exclude this group after enrollment.
+### Unlicensed admins
+
+This setting must be enabled to avoid a "lack of permissions" error when we interact with your Azure AD organization.
+
+**Not ready**
+
+**Allow access to unlicensed admins** should be enabled. For steps, see [Prerequisites for guest accounts](/microsoft-365/managed-desktop/get-ready/guest-accounts).
### Windows apps
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
#### [Use audit mode for attack surface reduction](audit-windows-defender.md) ### Next-generation protection
-#### [Overview of Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md)
+#### [Next-generation protection overview](next-generation-protection.md)
+##### [Overview of Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md)
##### [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server.md) ##### [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md) ##### [Better together: Microsoft Defender Antivirus and Office 365](office-365-microsoft-defender-antivirus.md)
security Configure Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-email-notifications.md
This section lists various issues that you may encounter when using email notifi
- [Update data retention settings](data-retention-settings.md) - [Configure advanced features](advanced-features.md)
+- [Configure vulnerability email notifications in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications)
security Configure Endpoints Gp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-endpoints-gp.md
You can use Group Policy (GP) to configure settings, such as settings for the sa
4. Click **Policies**, then **Administrative templates**.
-5. Click **Windows components** and then **Windows Defender SmartScreen**.
+5. Click **Windows components** and then **Windows Defender ATP**.
6. Choose to enable or disable sample sharing from your devices.
security Device Control Removable Storage Access Control https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control.md
ms.technology: mde
[!INCLUDE [Prerelease](../includes/prerelease.md)] Microsoft Defender for Endpoint Device Control Removable Storage Access Control enables you to do the following task:+ - auditing, allowing or preventing the read, write or execute access to removable storage with or without exclusion |Privilege |Permission |
Deploy Removable Storage Access Control on Windows 10 devices that have antimalw
- **4.18.2105 or later**: Add Wildcard support for HardwareId/DeviceId/InstancePathId/FriendlyNameId/SerialNumberId, the combination of specific user on specific machine, removeable SSD (a SanDisk Extreme SSD)/USB Attached SCSI (UAS) support
+- **4.18.2107 or later**: Add Windows Portable Device (WPD) support (for mobile devices, such as tablets)
+ :::image type="content" source="images/powershell.png" alt-text="The PowerShell interface"::: > [!NOTE]
You can use the following properties to create a removable storage group:
**Property name: DescriptorIdList**
-1. Description: List the device properties you want to use to cover in the group.
-List the device properties you want to use to cover in the group.
+2. Description: List the device properties you want to use to cover in the group.
For each device property, see **Device Properties** section above for more detail.
-1. Options:
-
- - Primary ID
+3. Options:
+ - PrimaryId
- RemovableMediaDevices - CdRomDevices
+ - WpdDevices
- DeviceId - HardwareId - InstancePathId: InstancePathId is a string that uniquely identifies the device in the system, for example, USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0. The number at the end (for example **&0**) represents the available slot and may change from device to device. For best results, use a wildcard at the end. For example, USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611*
For each device property, see **Device Properties** section above for more detai
1. Description: When there are multiple device properties being used in the DescriptorIDList, MatchType defines the relationship.
-1. Options:
+2. Options:
- MatchAll: Any attributes under the DescriptorIdList will be **And** relationship; for example, if administrator puts DeviceID and InstancePathID, for every connected USB, system will check to see whether the USB meets both values. - MatchAny: The attributes under the DescriptorIdList will be **Or** relationship; for example, if administrator puts DeviceID and InstancePathID, for every connected USB, system will do the enforcement as long as the USB has either an identical **DeviceID** or **InstanceID** value.
Following are the access control policy properties:
**Property name: IncludedIdList**
-2. Description: The group(s) that the policy will be applied to. If multiple groups are added, the policy will be applied to any media in all those groups.
+1. Description: The group(s) that the policy will be applied to. If multiple groups are added, the policy will be applied to any media in all those groups.
-3. Options: The Group ID/GUID must be used at this instance.
+2. Options: The Group ID/GUID must be used at this instance.
The following example shows the usage of GroupID:
When there are conflict types for the same media, the system will apply the firs
**Property name: Sid**
-Description: Defines whether apply this policy over specific user or user group; one entry can have maximum one Sid and an entry without any Sid means applying the policy over the machine.
+Description: Local computer Sid or the Sid of the AD object, defines whether to apply this policy over a specific user or user group; one entry can have a maximum of one Sid and an entry without any Sid means applying the policy over the machine.
**Property name: ComputerSid**
-Description: Defines whether apply this policy over specific machine or machine group; one entry can have maximum one ComputerSid and an entry without any ComputerSid means applying the policy over the machine. If you want to apply an Entry to a specific user and specific machine, add both Sid and ComputerSid into the same Entry.
+Description: Local computer Sid or the Sid of the AD object, defines whether to apply this policy over a specific machine or machine group; one entry can have a maximum of one ComputerSid and an entry without any ComputerSid means applying the policy over the machine. If you want to apply an Entry to a specific user and specific machine, add both Sid and ComputerSid into the same Entry.
**Property name: Options**
DeviceEvents
:::image type="content" source="images/block-removable-storage.png" alt-text="The screen depicting the blockage of the removable storage"::: ## Frequently asked questions+ **What is the removable storage media limitation for the maximum number of USBs?** We have validated one USB group with 100,000 media - up to 7 MB in size. The policy works in both Intune and GPO without performance issues.
DeviceFileEvents
| summarize dcount(DeviceName) by PlatformVersion // check how many machines are using which platformVersion | order by PlatformVersion desc ```-
security Microsoft Defender Antivirus Compatibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility.md
ms.technology: mde Previously updated : 05/08/2021 Last updated : 07/06/2021 # Microsoft Defender Antivirus compatibility
Last updated 05/08/2021
## Summary
-Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another (non-Microsoft) antivirus/antimalware solution is used? It depends on whether you're using [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) together with your antivirus protection. This article describes what happens with antivirus/antimalware solutions when endpoints are onboarded to Microsoft Defender for Endpoint.
+Microsoft Defender Antivirus is automatically enabled and installed on endpoints and devices that are running Windows 10. But what happens when another (non-Microsoft) antivirus/antimalware solution is used? Can you run Microsoft Defender Antivirus alongside another antivirus product? The answers depend on several factors, such as operating system and whether you're using [Microsoft Defender for Endpoint](microsoft-defender-endpoint.md) together with your antivirus protection.
-## Keep the following points in mind
+## Important points to keep in mind
-- In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files are scanned and threats remediated, and detection information are reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the machine itself).
+- In active mode, Microsoft Defender Antivirus is used as the antivirus app on the machine. Settings configured by using Configuration Manager, Group Policy, Microsoft Intune, or other management products will apply. Files are scanned, threats are remediated, and detection information is reported in your configuration tool (such as Configuration Manager or the Microsoft Defender Antivirus app on the endpoint itself).
-- In passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are not remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. You might see alerts in the [security center](microsoft-defender-security-center.md) showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode.
+- In passive mode, Microsoft Defender Antivirus is not used as the antivirus app, and threats are *not* remediated by Microsoft Defender Antivirus. Files are scanned and reports are provided for threat detections that are shared with the Microsoft Defender for Endpoint service. You might see alerts in the [security center](microsoft-defender-security-center.md) showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode.
-- When [EDR in block mode](edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not the primary antivirus solution, it will detect and remediate malicious items. EDR in block mode requires Microsoft Defender Antivirus to be enabled in either active mode or passive mode.
+- When [EDR in block mode](edr-in-block-mode.md) is turned on and Microsoft Defender Antivirus is not the primary antivirus solution, EDR in block mode detects and remediate malicious items that are found on the device (post breach). EDR in block mode requires Microsoft Defender Antivirus to be enabled in either active mode or passive mode.
-- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling/uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution.
+- When disabled, Microsoft Defender Antivirus is not used as the antivirus app. Files are not scanned and threats are not remediated. Disabling or uninstalling Microsoft Defender Antivirus is not recommended in general; if possible, keep Microsoft Defender Antivirus in passive mode if you are using a non-Microsoft antimalware/antivirus solution.
-- If you are enrolled in Microsoft Defender for Endpoint and you are using a third-party antimalware product, then passive mode is enabled. The service requires common information sharing from Microsoft Defender Antivirus service in order to properly monitor your devices and network for intrusion attempts and attacks. To learn more, see [Microsoft Defender Antivirus compatibility with Microsoft Defender for Endpoint](defender-compatibility.md).
+- If you are enrolled in Microsoft Defender for Endpoint and you are using a non-Microsoft antivirus/antimalware product, then Microsoft Defender Antivirus is enabled in passive mode. Defender for Endpoint requires common information sharing from Microsoft Defender Antivirus in order to properly monitor your devices and network for intrusion attempts and attacks. To learn more, see [Microsoft Defender Antivirus compatibility with Microsoft Defender for Endpoint](defender-compatibility.md).
-- When Microsoft Defender Antivirus is in passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into active mode if your devices have an up-to-date, non-Microsoft antivirus product that is providing real-time protection from malware. For optimal security layered defense and detection efficacy, make sure to update the [Microsoft Defender Antivirus protection (Security intelligence update, Engine, and Platform)](manage-updates-baselines-microsoft-defender-antivirus.md) even if Microsoft Defender Antivirus is running in passive mode.
+- When Microsoft Defender Antivirus is in passive mode, you can still [manage updates for Microsoft Defender Antivirus](manage-updates-baselines-microsoft-defender-antivirus.md); however, you can't move Microsoft Defender Antivirus into active mode if your devices have a non-Microsoft antivirus product that is providing real-time protection from malware. For optimal security layered defense and detection efficacy, make sure to get your antivirus and antimwalware updates, even if Microsoft Defender Antivirus is running in passive mode. See [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).
-- When Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the protection offered by a non-Microsoft antivirus product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. Automatic re-enabling helps to ensure that antivirus protection is maintained on your devices. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats in addition to your main antivirus app.
+- When Microsoft Defender Antivirus is disabled automatically, it can be re-enabled automatically if the non-Microsoft antivirus/antimalware product expires or otherwise stops providing real-time protection from viruses, malware, or other threats. The automatic re-enabling of Microsoft Defender Antivirus helps to ensure that antivirus protection is maintained on your endpoints. You can also enable [limited periodic scanning](limited-periodic-scanning-microsoft-defender-antivirus.md), which uses the Microsoft Defender Antivirus engine to periodically check for threats if you are using a non-Microsoft antivirus app.
## Microsoft Defender Antivirus and non-Microsoft antivirus/antimalware solutions
-The following table summarizes what happens with Microsoft Defender Antivirus when non-Microsoft antivirus/antimalware solutions are used together or without Microsoft Defender for Endpoint.
+The operating system, antivirus product, and Defender for Endpoint affect whether Microsoft Defender Antivirus is in active mode, passive mode, or disabled. The following table summarizes what happens with Microsoft Defender Antivirus when non-Microsoft antivirus/antimalware solutions are used together or without Microsoft Defender for Endpoint.
| Windows version | Antivirus/antimalware solution | Onboarded to <br/> Defender for Endpoint? | Microsoft Defender Antivirus state | |||-|-|
Consider onboarding your endpoints to Defender for Endpoint, even if you are usi
Here's how it works: -- If your organization's client devices are protected by a non-Microsoft antivirus/antimwalware solution, when those devices are onboarded to Defender for Endpoint, Microsoft Defender Antivirus goes into passive mode automatically. In this case, threat detections occur, but real-time protection and threats are not remediated by Microsoft Defender Antivirus. **NOTE**: This particular scenario does not apply to endpoints running Windows Server.
+- If your organization's client devices are protected by a non-Microsoft antivirus/antimwalware solution, when those devices are onboarded to Defender for Endpoint, Microsoft Defender Antivirus goes into passive mode automatically. In this case, threat detections occur, but real-time protection and threats are not remediated by Microsoft Defender Antivirus.
+
+ > [!NOTE]
+ > This particular scenario does not apply to endpoints running Windows Server.
-- If your organization's client devices are protected by a non-Microsoft antivirus/antimalware solution, and those devices are not onboarded to Microsoft Defender for Endpoint, then Microsoft Defender Antivirus goes into disabled mode automatically. In this case, threats are not detected or remediated by Microsoft Defender Antivirus. **NOTE**: This particular scenario does not apply to endpoints running Windows Server.
+- If your organization's client devices are protected by a non-Microsoft antivirus/antimalware solution, and those devices are not onboarded to Microsoft Defender for Endpoint, then Microsoft Defender Antivirus goes into disabled mode automatically. In this case, threats are not detected or remediated by Microsoft Defender Antivirus.
+
+ > [!NOTE]
+ > This particular scenario does not apply to endpoints running Windows Server.
- If your organization's endpoints are running Windows Server and those endpoints are protected by a non-Microsoft antivirus/antimalware solution, when those endpoints are onboarded to Defender for Endpoint, Microsoft Defender Antivirus does not go into either passive mode or disabled mode automatically. In this particular scenario, you must configure your Windows Server endpoints appropriately. - On Windows Server, version 1803 or newer, and Windows Server 2019, you can set Microsoft Defender Antivirus to run in passive mode. - On Windows Server 2016, Microsoft Defender Antivirus must be disabled (passive mode is not supported on Windows Server 2016). -- If your organization's endpoints are protected by a non-Microsoft antivirus/antimalware solution, when those devices are onboarded to Defender for Endpoint with [EDR in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode) enabled, then Defender for Endpoint blocks and remediates malicious artifacts. **NOTE**: This particular scenario does not apply to Windows Server 2016. EDR in block mode requires Microsoft Defender Antivirus to be enabled in either active mode or passive mode.
+- If your organization's endpoints are protected by a non-Microsoft antivirus/antimalware solution, when those devices are onboarded to Defender for Endpoint with [EDR in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode) enabled, then Defender for Endpoint blocks and remediates malicious artifacts.
+
+ > [!NOTE]
+ > This particular scenario does not apply to Windows Server 2016. EDR in block mode requires Microsoft Defender Antivirus to be enabled in either active mode or passive mode.
> [!WARNING]
security Microsoft Defender Antivirus In Windows 10 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-in-windows-10.md
- Title: Next-generation protection
-description: Learn how to manage, configure, and use Microsoft Defender Antivirus, built-in antimalware and antivirus protection.
-keywords: Microsoft Defender Antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security
-search.product: eADQiWindows 10XVcnh
-ms.sitesec: library
-ms.pagetype: security
-localization_priority: Priority
--------
-# Next-generation protection
--
-**Applies to:**
--- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)-
-## Microsoft Defender Antivirus: Your next-generation protection
-
-Microsoft Defender Antivirus is the next-generation protection component of Microsoft Defender for Endpoint. This protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices in your enterprise organization. Your next-generation protection services include the following capabilities:
--- [Behavior-based, heuristic, and real-time antivirus protection](configure-protection-features-microsoft-defender-antivirus.md), which includes always-on scanning using file and process behavior monitoring and other heuristics (also known as *real-time protection*). It also includes detecting and blocking apps that are deemed unsafe, but might not be detected as malware.-- [Cloud-delivered protection](cloud-protection-microsoft-defender-antivirus.md), which includes near-instant detection and blocking of new and emerging threats.-- [Dedicated protection and product updates](manage-updates-baselines-microsoft-defender-antivirus.md), which includes updates related to keeping Microsoft Defender Antivirus up to date.-
-## Try a demo!
-
-Visit the [Microsoft Defender for Endpoint demo website](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following protection features are working and explore them using demo scenarios:
-- Cloud-delivered protection-- Block at first sight (BAFS) protection-- Potentially unwanted applications (PUA) protection-
-## Minimum system requirements
-
-Microsoft Defender Antivirus has the same hardware requirements as of Windows 10. For more information, see the following resources:
--- [Minimum hardware requirements](/windows-hardware/design/minimum/minimum-hardware-requirements-overview)-- [Hardware component guidelines](/windows-hardware/design/component-guidelines/components)-
-## Configure next-generation protection services
-
-For information on how to configure next-generation protection services, see [Configure Microsoft Defender Antivirus features](configure-microsoft-defender-antivirus-features.md).
-
-> [!Note]
-> Configuration and management is largely the same in Windows Server 2016 and Windows Server 2019, while running Microsoft Defender Antivirus; however, there are some differences. To learn more, see [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server.md).
-
-## See also
--- [Microsoft Defender Antivirus on Windows Server 2016 and 2019](microsoft-defender-antivirus-on-windows-server.md)-- [Microsoft Defender Antivirus management and configuration](configuration-management-reference-microsoft-defender-antivirus.md)-- [Evaluate Microsoft Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md)
security Microsoft Defender Antivirus Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows.md
+
+ Title: Microsoft Defender Antivirus
+description: Learn how to manage, configure, and use Microsoft Defender Antivirus, built-in antimalware and antivirus protection.
+keywords: Microsoft Defender Antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security
+search.product: eADQiWindows 10XVcnh
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localization_priority: Priority
++++++
+ms.technology: mde
++
+# Microsoft Defender Antivirus in Windows
+
+**Applies to:**
+
+- [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/)
+
+Microsoft Defender Antivirus is a major component of your next-generation protection in Microsoft Defender for Endpoint. This protection brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices (or endpoints) in your organization. Microsoft Defender Antivirus is built into Windows, and it works with Microsoft Defender for Endpoint to provide protection on your device and in the cloud.
+
+## Compatibility with other antivirus products
+
+If you're using a non-Microsoft antivirus/antimalware product on your device, you might be able to run Microsoft Defender Antivirus in passive mode alongside the non-Microsoft antivirus solution. It depends on the operating system used and whether your device is onboarded to Defender for Endpoint. To learn more, see [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md).
+
+## Comparing active mode, passive mode, and disabled mode
+
+The following table describes what to expect when Microsoft Defender Antivirus is in active mode, passive mode, or disabled.
+
+| Mode | What happens |
+|||
+| Active mode | In active mode, Microsoft Defender Antivirus is used as the primary antivirus app on the device. Files are scanned, threats are remediated, and detected threats are listed in your organization's security reports and in your Windows Security app. |
+| Passive mode | In passive mode, Microsoft Defender Antivirus is not used as the primary antivirus app on the device. Files are scanned, and detected threats are reported, but threats are not remediated by Microsoft Defender Antivirus. |
+| Disabled or uninstalled | When disabled or uninstalled, Microsoft Defender Antivirus is not used. Files are not scanned, and threats are not remediated. In general, we do not recommend disabling or uninstalling Microsoft Defender Antivirus. |
+
+To learn more, see [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md).
+
+## Check the state of Microsoft Defender Antivirus on your device
+
+If you want to check the state of Microsoft Defender Antivirus on your device, you can use one of several methods, such as the Windows Security app or Windows PowerShell.
+
+### Use the Windows Security app to check status of Microsoft Defender Antivirus
+
+1. On your Windows device, select the Start menu, and begin typing `Security`. Then open the Windows Security app in the results.
+
+2. Select **Virus & threat protection**.
+
+3. Under **Virus & threat protection settings**, choose **Manage settings**.
+
+You'll see the name of your antivirus/antimalware solution on the settings page.
+
+### Use PowerShell to check status of Microsoft Defender Antivirus
+
+1. Select the Start menu, and begin typing `PowerShell`. Then open Windows PowerShell in the results.
+
+2. Type `Get-MpComputerStatus`.
+
+3. In the list of results, look at the **AMRunningMode** row.
+
+ - **Normal** means Microsoft Defender Antivirus is running in active mode.
+ - **Passive mode** means Microsoft Defender Antivirus running, but is not the primary antivirus/antimalware product on your device.
+ - **EDR Block Mode** means Microsoft Defender Antivirus is running and a capability in Microsoft Defender for Endpoint that is called "EDR in block mode" is enabled. (See [Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md).)
+ - **SxS Passive Mode** means Microsoft Defender Antivirus is running in passive mode alongside another antivirus/antimalware product, and your device is not onboarded to Microsoft Defender for Endpoint. In this case, limited periodic scanning is used for Microsoft Defender Antivirus. To learn more, see [Use limited periodic scanning in Microsoft Defender Antivirus](limited-periodic-scanning-microsoft-defender-antivirus.md).
+
+To learn more about the Get-MpComputerStatus PowerShell cmdlet, see the reference article [Get-MpComputerStatus](/powershell/module/defender/get-mpcomputerstatus).
+
+## Get your antivirus/antimalware platform updates
+
+It's important to keep Microsoft Defender Antivirus, or any antivirus/antimalware solution, up to date. Microsoft releases regular updates to help ensure that your devices have the latest technology to protect against new malware and attack techniques. To learn more, see [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).
+
+## See also
+
+- [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server.md)
+- [Microsoft Defender Antivirus management and configuration](configuration-management-reference-microsoft-defender-antivirus.md)
+- [Evaluate Microsoft Defender Antivirus protection](evaluate-microsoft-defender-antivirus.md)
security Next Generation Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/next-generation-protection.md
+
+ Title: Overview of next-generation protection in Microsoft Defender for Endpoint
+description: Get an overview of next-generation protection in Microsoft Defender for Endpoint. Reinforce the security perimeter of your network by using next-generation protection designed to catch all types of emerging threats.
+keywords: Microsoft Defender Antivirus, windows defender, antimalware, virus, malware, threat, detection, protection, security
+search.product: eADQiWindows 10XVcnh
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localization_priority: Priority
++++++
+ms.technology: mde
++
+# Next-generation protection overview
+
+Microsoft Defender for Endpoint includes next-generation protection to reinforce the security perimeter of your network. Next-generation protection was designed to catch all types of emerging threats. In addition to Microsoft Defender Antivirus, your next-generation protection services include the following capabilities:
+
+- [Behavior-based, heuristic, and real-time antivirus protection](configure-protection-features-microsoft-defender-antivirus.md), which includes always-on scanning using file and process behavior monitoring and other heuristics (also known as *real-time protection*). It also includes detecting and blocking apps that are deemed unsafe, but might not be detected as malware.
+- [Cloud-delivered protection](cloud-protection-microsoft-defender-antivirus.md), which includes near-instant detection and blocking of new and emerging threats.
+- [Dedicated protection and product updates](manage-updates-baselines-microsoft-defender-antivirus.md), which includes updates related to keeping Microsoft Defender Antivirus up to date.
+
+## Try a demo!
+
+Visit the [Microsoft Defender for Endpoint demo website](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following protection features are working and explore them using demo scenarios:
+
+- Cloud-delivered protection
+- Block at first sight (BAFS) protection
+- Potentially unwanted applications (PUA) protection
+
+## Configure next-generation protection services
+
+For information on how to configure next-generation protection services, see [Configure Microsoft Defender Antivirus features](configure-microsoft-defender-antivirus-features.md).
+
+> [!Note]
+> Configuration and management is largely the same in Windows Server as in Windows clients. However, there are some differences. To learn more, see [Microsoft Defender Antivirus on Windows Server](microsoft-defender-antivirus-on-windows-server.md).
security Non Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/non-windows.md
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) Microsoft has been on a journey to extend its industry leading endpoint security
-capabilities beyond Windows and Windows Server to macOS, Linux, Android, and
-soon iOS.
+capabilities beyond Windows and Windows Server to macOS, Linux, Android, and iOS.
Organizations face threats across a variety of platforms and devices. Our teams have committed to building security solutions not just *for* Microsoft, but also
threats.
## Microsoft Defender for Endpoint on macOS
-Microsoft Defender for Endpoint on macOS offers antivirus and endpoint detection and response (EDR) capabilities for the three
+Microsoft Defender for Endpoint on macOS offers antivirus, endpoint detection and response (EDR), and vulnerability management capabilities for the three
latest released versions of macOS. Customers can deploy and manage the solution through Microsoft Endpoint Manager and Jamf. Just like with Microsoft Office applications on macOS, Microsoft Auto Update is used to manage Microsoft
For more details on how to get started, visit the Defender for Endpoint on macOS
## Microsoft Defender for Endpoint on Linux
-Microsoft Defender for Endpoint on Linux offers preventative (AV) capabilities for Linux
+Microsoft Defender for Endpoint on Linux offers preventative (AV), endpoint detection and response (EDR), and vulnerability management capabilities for Linux
servers. This includes a full command line experience to configure and manage the agent, initiate scans, and manage threats. We support recent versions of the six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/preview.md
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
->[!IMPORTANT]
->The preview versions are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
- **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
Learn about new features in the Defender for Endpoint preview release and be amo
For more information on new capabilities that are generally available, see [What's new in Defender for Endpoint](whats-new-in-microsoft-defender-atp.md).
+ ## What you need to know
+
+When working with features in public preview, these features:
+
+- May have restricted or limited functionality. For example, the feature may only apply to one platform.
+- Typically go through feature changes before they're generally available (GA).
+- Are fully supported by Microsoft.
+- May only be available in selected geographic regions or cloud environments. For example, the feature may not exist in the government cloud.
+- Individual features in preview may have more usage and support restrictions. If so, this information is typically noted in the feature documentation.
+- The preview versions are provided with a standard support level, and it is recommended for production workloads.
+++ ## Turn on preview features You'll have access to upcoming features that you can provide feedback on to help improve the overall experience before features are generally available.
security Troubleshoot Onboarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-onboarding.md
If the verification fails and your environment is using a proxy to connect to th
## Troubleshoot onboarding issues on a server
+>[!NOTE]
+>The following troubleshooting guidance is only applicable for Windows Server 2016 and lower.
+ If you encounter issues while onboarding a server, go through the following verification steps to address possible issues. - [Ensure Microsoft Monitoring Agent (MMA) is installed and configured to report sensor data to the service](configure-server-endpoints.md)
security Microsoft Secure Score Whats Coming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-coming.md
We're making some changes in the near future to make [Microsoft Secure Score](mi
- Require lobbies to be set up for Teams meetings. - Configure which users are allowed to be present in Teams meetings.
+#### Add improvement action related to Microsoft Defender for Endpoint
+- Fix Microsoft Defender for Endpoint sensor data collection for macOS
+- Fix Microsoft Defender for Endpoint impaired communications for macOS
+- Set minimum password length to 15 or more characters in macOS
+- Set 'Enforce password history' to '24 or more password(s)' in macOS
+- Set 'Maximum password age' to '90 or fewer days, but not 0' in macOS
+- Set account lockout threshold to 5 or lower in macOS
+- Turn on Firewall on macOs
+- Enable Gatekeeper
+- Enable System Integrity Protection (SIP)
+- Enable FileVault Disk Encryption
+- Set screen to lock when screensaver starts in macOS
+- Ensure screensaver is set to start in 20 minutes or less in macOS
+- Secure Home Folders
+- Turn on Microsoft Defender Antivirus real-time protection for macOS
+- Turn on Microsoft Defender Antivirus PUA protection in block mode for macOS
+- Enable Microsoft Defender Antivirus cloud-delivered protection for macOS
+- Update Microsoft Defender Antivirus definitions for macOS
+- Fix Microsoft Defender for Endpoint sensor data collection for Linux
+- Fix Microsoft Defender for Endpoint impaired communications for Linux
+- Unrestricted Access Accounts
+- Turn on Microsoft Defender Antivirus real-time protection for Linux
+- Turn on Microsoft Defender Antivirus PUA protection in block mode for Linux
+- Enable Microsoft Defender Antivirus cloud-delivered protection for Linux
+- Update Microsoft Defender Antivirus definitions for Linux
++ ## Related resources
solutions Best Practices Anonymous Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/best-practices-anonymous-sharing.md
Once an *Anyone* link expires, it can no longer be used to access content.
To set an expiration date for Anyone links across the organization 1. Open the [SharePoint admin center](https://admin.microsoft.com/sharepoint).
-2. In the left navigation, click **Sharing**.
+2. In the left navigation, expand **Policies**, and then click **Sharing**.
3. Under **Choose expiration and permissions options for Anyone links**, select the **These links must expire within this many days** check box.</br> ![Screenshot of SharePoint organization-level Anyone link expiration settings](../media/sharepoint-organization-anyone-link-expiration.png) 4. Type a number of days in the box, and then click **Save**.
With content marking enabled for the label, the text you specified will be added
[Limit accidental exposure to files when sharing with guests](share-limit-accidental-exposure.md)
-[Create a secure guest sharing environment](create-secure-guest-sharing-environment.md)
+[Create a secure guest sharing environment](create-secure-guest-sharing-environment.md)
solutions Share Limit Accidental Exposure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/share-limit-accidental-exposure.md
description: "Learn how to limit accidental exposure of information when sharing
# Limit accidental exposure to files when sharing with people outside your organization
-When sharing files and folders with people outside your organization, there are a variety of options to reduce the chances of accidentally sharing sensitive information. You can choose from the options in this article to best meet the needs of your organization.
+When sharing files and folders with people outside your organization, there are various options to reduce the chances of accidentally sharing sensitive information. You can choose from the options in this article to best meet the needs of your organization.
## Use best practices for Anyone links
To turn off *Anyone* links for a site
You can use domain allow or deny lists to specify which domains your users can use when sharing with people outside your organization.
-With an allow list, you can specify a list of domains where users in your organization can share with people outside your organization. Sharing with to other domains is blocked. If your organization only collaborates with people from a list of specific domains, you can use this feature to prevent sharing with other domains.
+With an allow list, you can specify a list of domains where users in your organization can share with people outside your organization. Sharing with other domains is blocked. If your organization only collaborates with people from a list of specific domains, you can use this feature to prevent sharing with other domains.
With a deny list, you can specify a list of domains from which users in your organization cannot share with people outside your organization. Sharing with the listed domains is blocked. This can be useful if you have competitors, for example, who you want to prevent from accessing content in your organization.
Note that this affects files, folders, and sites, but not Microsoft 365 groups o
[Create a secure guest sharing environment](create-secure-guest-sharing-environment.md)
-[Best practices for sharing files and folders with anonymous users](best-practices-anonymous-sharing.md)
+[Best practices for sharing files and folders with anonymous users](best-practices-anonymous-sharing.md)
test-base Binaries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/binaries.md
+
+ Title: Upload Application Binaries
+description: How to get started using Test Base for M365 #Required; article description that is displayed in search results.
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
++
+# Step 3: Upload your binaries, dependencies, and scripts
+
+On this tab, you will upload a single zip package containing your binaries, dependencies and scripts used to run your test suite.
+
+## Upload package zip file
+
+![Upload your binaries](Media/AddBinaries.png)
+
+ - Uploaded dependencies can include test frameworks, scripting engines or data that will be accessed to run your application or test cases. For example, you can upload Selenium and a webdriver installer to help run browser-based tests.
+ - It is best practice to ensure your script activities are kept modular i.e.
+ - The ```Install``` script only performs install operations.
+ - The ```Launch``` script only launches the application.
+ - The ```Close``` script only closes the application.
+ - The optional ```Uninstall``` script only uninstalls the application.
+
+**Currently, the portal only supports PowerShell scripts.**
++
+## Next steps
+
+Advance to the next article to go onto Step 4: **Set your Test Tasks**.
+> [!div class="nextstepaction"]
+> [Go back](uploadApplication.md)
+> [!div class="nextstepaction"]
+> [Next step](testtask.md)
+
test-base Contentguideline https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/contentguideline.md
+
+ Title: 'Test package guidelines'
+description: Review the guidelines around test package
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
+
+# Test package guidelines
+
+## 1. Script referencing
+
+When you upload a .zip file to the portal, we unzip all the content of that file into a root folder. You do not need to write any code to do this initial unzip operation. You also can reference any file within the .zip by using the path relative to the zip file uploaded.
+
+In the example below, we show how you can reference your binaries/scripts from the input field in the Tasks tab. The text in blue should be entered into the **Script path** field **without the quotation marks.**
+
+It is important you are aware of the content within your zip file before uploading it. Often when zipping a folder, your local machine will create a main folder underneath the zip file. In this case, the referencing will be as shown in **bold** below:
+
+ **Contoso_App_Folder.zip**
+~~~
+Γö£ΓöÇΓöÇ Contoso_App_Folder
+
+Γöé Γö£ΓöÇΓöÇ file1.exe
+
+Γöé Γö£ΓöÇΓöÇ ScriptX.ps1
+
+Γöé Γö£ΓöÇΓöÇ folder1
+
+Γöé Γö£ΓöÇΓöÇ file3.exe
+
+Γöé Γö£ΓöÇΓöÇ script.ps1
+~~~
+
+ - ScriptX.ps1 ΓÇô **ΓÇ£Contoso_App_Folder/ScriptX.ps1ΓÇ¥**
+ - Script.ps1 ΓÇô **ΓÇ£Contoso_App_Folder/folder1/script.ps1ΓÇ¥**
+
+Other times, your zip file may have your files or content right underneath it i.e. no 2nd-level folder:
+
+ **Zip_file_uploaded.zip**
+~~~
+Γö£ΓöÇΓöÇ file1.exe
+
+Γö£ΓöÇΓöÇ ScriptX.ps1
+
+Γö£ΓöÇΓöÇ folder1
+
+Γöé Γö£ΓöÇΓöÇ file3.exe
+
+Γöé Γö£ΓöÇΓöÇ script.ps1
+~~~
+ - ScriptX.ps1 ΓÇô **ΓÇ£ScriptX.ps1ΓÇ¥**
+ - Script.ps1 ΓÇô **ΓÇ£folder1/script.ps1ΓÇ¥**
+
+## 2. Script execution
+
+**Out-of-Box tests:** The application package needs to contain at least three PowerShell scripts that will execute unattended installing, launching, and closing of the application and its dependencies. Each script should handle checking its own prerequisites, validating it succeeded, as well as cleaning up after itself (if necessary).
+
+**Functional tests:** The application package needs to contain at least one PowerShell script. Where more than one script is provided, the scripts are run in upload sequence and a failure in a particular script will stop subsequent scripts from executing.
+
+### Script requirements
+
+ΓÇó PowerShell Version 5.1+
+
+ΓÇó Unattended execution
+
+ΓÇó Error return code
+
+ΓÇó Validate success
+
+ΓÇó Logging to script specific log folder
+
+Each script needs to run completely unattended to successfully execute in the test pipeline.
+
+> [!Note]
+> Scripts should return ΓÇ£0ΓÇ¥ on successful completion and a non-zero error code if any error occurs during execution.
+
+Each script should validate that it ran successfully. E.g. the install script should check for the existence of certain binaries and/or registry keys on the system, after the installer binary finishes executing to ensure with a reasonable degree of confidence that the installation was successful.
+
+This is necessary to properly diagnose where errors occur during a test run, e.g. unable to install the application successfully versus being unable to launch it.
+
+> [!Important]
+> **Avoid the following:**
+> Scripts should not reboot the machine, if a reboot is necessary please specify this during the upload of your scripts.
+
+## 3. Log collection
+
+Each script should output any logs it generates into a folder named ```logs```. All folders in the directory named ```logs``` will be copied and presented for download on the ```Test Results``` page.
+
+For example, the installation script (which may be located in the **App/scripts/install** directory) can output its logs to: **logs/install.log**, such that the final log will be at: **Apps/scripts/install/logs/install.log**
+
+The system will pick up the ```install.log``` file along with other files within other ```logs``` folders and collate it for download.
++
+## 4. Application binaries
+
+Any binaries and dependencies should be included in the single zip file.
+
+These should include everything necessary for installation of the application (e.g. the application installer); if the application has a dependency on any frameworks, such as .NET Core/Standard or .NET Framework, these should be included in the file and referenced correctly in the provided scripts.
++
+> [!Note]
+> The uploaded zip file cannot have any spaces or special characters in its name
+
+## Next steps
+
+Advance to the next article to view some **Frequently Asked Questions (FAQ)**
+> [!div class="nextstepaction"]
+> [Next step](faq.md)
test-base Cpu https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/cpu.md
+
+ Title: 'CPU regression analysis'
+description: Understanding regression results and metrics for CPU consumption
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
+
+# Intelligent CPU regression analysis
+
+CPU utilization can indicate whether an application is affected by an operating system update.
+
+Test Base for Microsoft 365 provides software developers with an insight into CPU performance regressions which occur when their application is running on different versions of an upcoming Windows Operating System (OS) update.
+
+These CPU regressions enable developers to detect and resolve application issues (and potential failures) before the OS update is deployed broadly, thus preventing a bad experience for the end user.
++
+### How CPU regression analysis works ###
+
+As a Test Base user, you can upload your application's binaries (in a single .zip file), along with associated test scripts and select the Windows OS version against which you would like to test your application on the Test Base portal on Azure.
+
+The Test Base service then runs the test scripts and performs the **CPU Regression Analysis**.
+
+The service checks if the CPU utilization for the application on the pre-release version of the update for the target OS is in line with the CPU utilization for the released version of the OS.
+
+CPU utilization is not a 100% like-for-like comparison because the processes running on the two versions of the OS may or may not be an exact match due to differing OS versions; however, the analysis performed by Test Base can show you whether CPU utilization for your application is impacted by an upcoming OS update and specifically which processes have regressed from previous test runs.
+
+In the snapshot below, there are two OS releases against which the CPU utilizations are compared for the same application.
+- The CPU utilization tab shows the upper and lower bounds of utilization for both releases at 90th and 10th percentiles respectively.
+- The graphs show the time series of CPU utilization along with the average utilization.
+
+Customers can now use the functionality to determine if their application's CPU utilization is impacted by OS updates and specifically which processes have regressed from their previous execution.
++
+![CPU regression analysis](Media/cpu-regression-analysis.jpg)
+
+### Relevant Process Identification ###
+
+Here, we discuss how to identify regressed processes in the application.
+
+Analyzing performance regression requires tracking different kinds of performance counters for every process running on a virtual machine during the test run.
+
+Such analysis captures a lot of variables for a lot of processes for a given application. Not all processes are associated with a run or application. To work around this challenge, a mutual information ranking algorithm using probability and information theory is applied to figure out which processes are most relevant for a given application.
+
+An application can be considered one type of discrete random variable while a process is considered another kind of discrete random variable. The association of the two random variables is measured using conditional probabilities for relevance.
+
+Processes are then displayed in the order of their relevance for each application. You can also favorite a subset of processes that can be monitored, by default, along with relevant processes for CPU regression analysis. Once a regression is detected, you can download the Windows Performance Analyzer toolkit and analyze reasons for CPU performance regressions.
+
+The Windows Performance Analyzer takes event trace log (ETL) as inputs and these .etl files are available in the log files downloadable for test runs on the portal. If you would like to know more about debugging CPU performance, see the Windows Performance Analyzer documentation.
+
test-base Createaccount https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/createAccount.md
+
+ Title: 'Create a new Test Base account'
+description: Details on how to create a new account on Test Base
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
++
+# Step 1: Create a Test Base account
+
+If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/en-us/free/) before you begin.
+
+## Enter details for test base account
+
+1. Search for **'Test Base'** in the Azure portal.
+
+![Create a Test Base Account search image](Media/CreateTestAccount1.png)
+
+2. Click **'Add'** to create a Test Base account.
+
+![Clicking on add to create the account](Media/CreateTestAccount2.png)
+
+3. Read through the ```Terms of Use``` then select the checkbox to confirm your satisfaction with the ```Terms of Use```.
+
+![Review the terms of use](Media/CreateTestAccount3.png)
+
+4. Fill in the correct information under the following requirements:
+ - Subscription: Resource Group
+ - Instance Details: Name.
+
+**Currently, Test Base only supports Standard Pricing tier.**
+
+![Select subscription, resource group and type in the details](Media/CreateTestAccount4.png)
+
+5. Finally, click on ```Review + Create``` to validate and enable your newly created account.
+
+## Next steps
+
+Advance to the next article to get started with Step 2: **Learn how upload your package.**
+> [!div class="nextstepaction"]
+> [Next step](uploadApplication.md)
+
+<!
+Add button for next page
+-->
test-base Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/faq.md
+
+ Title: Test Base FAQ
+description: Review frequently asked questions
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
++
+# Test Base FAQ
+
+**Q: How do we submit our packages to Test Base team?**
+
+**A:** Submit your packages directly to the Test Base environment using our self-serve portal.
+
+To submit your application package, navigate to the [Azure Portal](https://www.aka.ms/testbaseportal "Test Base Homepage") and upload a zipped folder containing your application's binaries, dependencies, and test scripts via the self-serve Test Base portal dashboard.
+
+Please see the onboarding user guide for more information or contact our team at <testbasepreview@microsoft.com> for assistance and more information.
+
+**Q: What are Out-of-box (OOB) tests?**
+
+**A:** Out-of-box (OOB) tests are standardized, default test runs where application packages are installed, launched and closed thirty (30) times, and then uninstalled.
+
+The packages created for Test Base will have the following test scripts: install, launch, close, and optionally the uninstall script.
+
+The Out-of-box (OOB) tests provide you with standardized telemetry on your application to compare across Windows builds.
+
+**Q: Can we submit tests outside of the Out-of-box tests (install, launch, close, uninstall test scripts)?**
+
+**A:** Yes, customers can also upload application packages for **functional tests** via the self-serve portal dashboard.
+**Functional tests** are tests that enable customers execute their scripts to run custom functionality on their application.
++
+## Testing
+
+**Q: Do you support functional tests?**
+
+**A:** Yes, Test Base supports functional tests. Functional tests are tests that enable our customers execute their scripts to run custom functionality on their application.
+
+To submit your application package for functional testing, simply upload the zipped folder containing your application's binaries, dependencies, and test scripts via our self-serve portal dashboard.
+
+Please see the onboarding user guide for more information or contact our team at <testbasepreview@microsoft.com> for assistance and more information.
+
+**Q: How does Test Base handle our test data?**
+
+**A:** Test Base securely collects and manages your test data on the Azure environment.
+
+**Q: Can Test Base support our automated tests?**
+
+Yes, Test Base supports automated tests however, we do not support manual tests at this time due to service capabilities.
+
+**Q: What languages and frameworks of automated tests do you support?**
+
+**A:** We support all languages and frameworks. We invoke all scripts through PowerShell.
+
+You will also need to provide (upload) the dependent binaries of the required framework.
+
+**Q: How soon does Test Base provide test results?**
+
+**A:** For each test that we run against the pre-release builds, we will provide results within 48 hours on your [Azure Portal](https://www.aka.ms/testbaseportal "Test Base Homepage") dashboard.
+
+**Q: Can you reboot after install?**
+
+**A:** Yes, our process supports rebooting after installation. Be sure to select this option from the ΓÇ£Optional settingsΓÇ¥ drop list when setting your **Tasks** on the onboarding portal.
+
+For Out-of-box (OOB) tests, you can specify whether a reboot is needed for the _Install script._
+
+![Reboot picture](Media/reboot.png)
+
+While for functional tests, you can specify whether a reboot is required for each script that is added.
+
+![How to select functional tests](Media/functionalreboot.png)
+
+**Q: What Windows versions do you support?**
+
+**A:** We currently support Windows 10 clients, Windows Server 2016, Windows Server 2016 Core version, Windows Server 2019, and Windows Server 2019 Core version.
+
+**Q: What is the difference between Security Update tests and Feature Update tests?**
+
+**A:** For Security update tests, we test against the **<ins>monthly pre-release security updates</ins>** on Windows which are focused on keeping our users always secure and protected. For the Feature update tests, we test against the **<ins>bi-annual pre-release feature updates</ins>** which introduces new features and capabilities on Windows.
+
+## Debugging options
+
+**Q: Do we get access to the Virtual Machines (VMs) in case of failures? What does Test Base share?**
+
+**A:** For the service to be compliant and the pre-release updates be secure, only Microsoft has access to the VMs. However, customers can view test results and other test metrics on their portal dashboard, including crash and hang signals, reliability metrics, memory and CPU utilization etc. We also generate and provide logs of test runs on the dashboard for download and further analysis.
+
+We can also provide memory dumps for crash debugging as needed.
+
+**Q: If there are issues found during the testing, what are the next steps to resolve these issues?**
+
+**A:** The Test Base team will perform an initial triage process to determine the root cause of the error, and then depending on our findings, we will route to the customer or internal teams within Microsoft for debugging.
+
+We always work closely with our customers in joint remediation to resolve any issues.
+
+**Q: Does Microsoft hold the release of the security patch until the issue is resolved? What alternate resolutions are available?**
+
+**A:** The goal of Test Base is to ensure our joint end customers do not face any issues. We will work hard with Software Vendors to address any issues before the release, but in case the fix is not feasible we have other resolutions such as shims and blocks.
+
+## Miscellaneous
+
+**Q: How will the service work with an on-prem server?**
+
+**A:** We currently do not provide support for on-prem servers. However, if the server is exposing HTTP endpoint, we can connect to it over the internet.
+
+**Q: Who hosts the VMs?**
+
+**A:** Microsoft provisions the VM for this service, taking the load of doing so from the customer.
+
+**Q: Does this service support web, mobile, or desktop applications?**
+
+**A:** Currently, our focus is on desktop applications, however, we have plans to onboard web applications in the future, but we do not support mobile applications at this time.
+
+**Q: What is the difference between Test Base and SUVP?**
+
+**A:** The biggest difference between Test Base and SUVP is that our partners onboard their applications onto the Test Base Azure environment for validation runs against pre-release updates instead of carrying out the tests themselves.
+
+In addition to pre-release security updates testing, we support pre-release feature updates testing on our platform. We have many other types of updates and OS testing on our roadmap.
+
+**Q: Is there a cost associated with the service?**
+
+**A:** The Test Base service will be free to users until General Availability (GA). At that time, we will announce a cost structure that will be in effect for all customers.
+
+**Q: How can I provide feedback about Test Base?**
+
+**A:** To share your feedback about Test Base, select the **Feedback** icon at the bottom left of the portal. Include a screenshot with your submission to help Microsoft better understand your feedback.
+
+You can also submit product suggestions and upvote other ideas at <testbasepreview@microsoft.com>.
test-base Feature https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/feature.md
+
+ Title: 'Feature update validation'
+description: Details on how to upload your application for feature update validation
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
+
+# Windows Feature update validation
+
+Do you need insights on how your applications will perform with the next release of Windows 10 or Windows 11 - without you maintaining an environment to validate new Windows features?
+
+Do you want to run your validation tests against Windows Insider Program builds in our Azure environment?
+
+**Feature update** validation on Test Base for M365 can help you achieve all these and more!
+
+Check out the step-by-step outline below to find out how to access this new capability in Test Base for M365 service.
+
+To get started with ```Feature update validation``` in Test Base for M365, upload your applications (and related files) through the self-service onboarding portal.
+
+Highlighted below are the steps to take as you fill out the **Test details**:
+
+1. Select **Feature Update** as your OS update type:
+
+![Feature update validation OS type](Media/Feature-update-validation-01.png)
+
+2. Choose the Windows Insider Channel against which you want your application validated.
+
+![Feature update validation. Choosing the Insider beta channel](Media/Feature-update-validation-02.png)
+
+3. Select an in-market release of Windows 10 or Windows 11 as the baseline for your test (and resulting insights!) and provide the other details required to onboard your package successfully.
+
+![Feature update validation with released versions of Windows 10 and Windows 11](Media/Feature-update-validation-03.png)
+
+4. To view the results from the validation of your application against pre-released Windows 10 feature updates, visit the ```Feature Updates Test Results```.
+
+![Feature update validation allows you to review results quickly](Media/Feature-update-validation-04.png)
++
+## Next steps
+
+Advance to the next article to get started with understanding Memory regression analysis.
+> [!div class="nextstepaction"]
+> [Next step](memory.md)
+
+<!
+Add button for next page
+-->
test-base Functional https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/functional.md
+
+ Title: 'Functional testing on Test Base'
+description: Details on how to test your application with your existing automated functional tests
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
+
+# Functional testing
+
+As a software vendor, you can now perform custom functional tests, using the test framework of your choice - via the self-serve Test Base for M365 portal.
+
+When we initially launched the service, we offered the Out-of-box tests, which is a pre-defined set of tests driven through standardized scripting. This, however, could not achieve full test coverage for many Independent Software Vendors (ISVs).
+
+Hence, in response to your feedback, we are providing our ISVs with the ability to upload automated functional tests.
+
+To use this feature, follow the steps below:
+
+1. Upload your files (binaries, dependencies and scripts) as a single .zip package.
+2. Choose if you want to reboot the test Virtual Machines (VMs) at various points of execution.
+3. Manage available options for your scripts.
+4. Choose when to apply the Windows update on the VM during execution.
+
+Detailed descriptions of the above steps are highlighted below:
+
+**Upload a functional test package**
+
+To get started, navigate to the Upload page, select Upload new application under Application catalog on the left-side navigation menu of the Test Base for M365 portal in Azure. From there:
+
+Tab 1 - Enter basic information. Provide the name and version of your application. In the Type of test option, select ```Functional tests```.
+
+*Note that the Out-of-Box (OOB) option is required by default.*
++
+![Select the functional testing tab](Media/functional_testing_tab1.png)
+
+Tab 2 - Upload the components of your package by uploading a zip file with your entire test (binaries, dependencies, scripts etc).
+
+See aka.ms/usl-package-outline for details. (Note: Both the Out-of-Box test scripts and the Functional test contents should be placed into the same zip file). Currently, the file size is limited to 2GB.
+
+Tab 3 - Configure the Out-of-Box and Functional test tasks. Here, choose the path(s) to the PowerShell scripts that will install, launch, close, and uninstall your application (for Out-of-Box) as well as the path(s) to all your custom scripts to perform your functional test. **(Note: A script to uninstall your application is optional).**
+
+Currently, you can upload between 1 and 8 scripts for your functional tests. (Kindly comment on this post if you need more scripts!)
+
+![Upload up to 8 scripts with functional tests](Media/functional_testing_tab3.png)
+
+(Optional) Configure a restart after installation. Some applications require a restart after installation.
+
+Select ```Reboot After Execution``` for the specific Script in the Tasks tab if you would like a restart to be conducted after the execution of that script.
+
+Tab 4 - Choose when the Windows update gets installed: The application of the Windows Update patch is done before any script of your choice. It is recommended that you install a Windows update after the application's installation to closely mimic your real-world application use scenarios.
+
+![The Windows update can get installed after a specific script](Media/functional_testing_tab4.png)
+
+Tab 5 - Review and create the package. Once you have completed the steps listed above, select ```Create``` to finish the uploading process.
+
+Once your package has been created, you can check the verification status of your package.
+
+We run an initial test to install, launch, close, and uninstall your application. This allows us to verify that your package can install on our service error-free.
+
+The verification process could take up to 24 hours. Once verification is complete, you can see the status in the ```Manage packages``` menu, which would be one of two entries:
+
+1. Verification succeeds: The package will be automatically tested against pre-release Windows updates for the OS builds you selected.
+or
+2. Verification fails: You will need to investigate the reasons for the failure, fix the issue, and re-upload your package.
+
+You will also be notified of either outcome via the notification icon in the Azure portal.
test-base Getsupport https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/getsupport.md
+
+ Title: 'For additional support'
+description: Details on how to reach out to the Test Base team
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
+
+# Additional support
+
+### For additional support, please reach out to the Test Base team at TestBasePreview@microsoft.com
test-base Memory https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/memory.md
+
+ Title: 'Memory regression analysis'
+description: How to infer memory regression
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
+++
+# Memory Regression Analysis
+
+Test Base helps you more clearly notice significant memory usage increases in the test VMs running your apps. Performance metrics, such as memory usage, can be indicative of overall application health and we believe this addition will greatly help keep your apps performing optimally.
+
+Read on for more details or watch this video for a quick walk through of the latest improvements.
+
+For more information on Test Base for M365's ability to help with regression analysis, see Regression results based on process reliability.
+
+<b>Looking closer at memory regressions</b>
+
+The Test Base for M365 dashboard shows the memory consumed by your application on a new pre-released Windows update and compares it with the memory used by the last released Windows update.
+
+With this monthΓÇÖs enhancements, memory regression analysis is now featured in your favorited processes. Applications can contain multiple processes and you can manually select your favorite processes through the Reliability tab. Our service will then identify memory regressions in these favorited processes while comparing test runs across different Windows update releases. If a regression is detected, details about the regression are easily available.
+
+Now let's look at this feature in detail and discuss how you can troubleshoot memory regressions using Windows Performance Analyzer.
+
+The failure signal caused by a memory regression is shown in the Test Base for M365 dashboard on the Test results page under Memory Utilization:
+
+![Memory utilization results](Media/01_memory-utilization-results.png)
++
+Failure for the application due to higher memory consumption, will also be displayed as ```Fail``` on the Test Summary page:
+
+![Test summary results](Media/02_test-summary.png)
+
+By providing these failure signals upfront, our goal is to clearly flag potential issues that can disrupt and impact the end user experience for your application.
+
+You can then download the log files and use the Windows Performance Analyzer, or your preferred toolkit, to investigate further. You can also work jointly with the Test Base for M365 team on remediating the issue and help prevent issues impacting end users.
+
+Memory signals are captured in the Memory Utilization tab in the Test Base for M365 service for all test runs. The example below shows a recent test run with the onboarded application ΓÇ£Smoke Test Memory StressΓÇ¥ against the pre-release August 2020 security update. (This application was written by our team to illustrate memory regressions.)
+
+![Memory regression results](Media/03_memory-regression%20comparison.png)
+
+In this example, the favorite process ΓÇ£USLTestMemoryStress.exeΓÇ¥ process consumed an average of approximately 100 MB on the pre-release August update compared to the released July update, hence the Test Base for M365 identified a regression.
+
+The other processesΓÇöshown here as ΓÇ£USLTestMemoryStress_Aux1.exeΓÇ¥ and ΓÇ£USLTestMemoryStress_Aux2.exeΓÇ¥ΓÇöalso belong to the same application, but consumed approximately the same amount of memory for the two releases so they "passed" and were considered healthy.
+
+The regression on the main process was determined to be ΓÇ£statistically significantΓÇ¥ so the service communicated and highlighted this difference to the user. If the comparison was not statistically significant, it would not be highlighted. Memory utilization can be noisy, so we use statistical models to distinguish, across builds and releases, meaningful differences from inconsequential differences.
+
+A comparison may rarely be flagged when there is no true difference (a false positive), but this is a necessary tradeoff to improve the likelihood of correctly identifying regressions (or true positives.)
+
+The next step is to understand what caused the memory regression. You can download the zip files for both executions from the Download log files option, as shown below.
+
+These zip files contain the results of your test run, including script results and memory and CPU performance data which is included in the ETL file.
+
+![Memory regression test files](Media/04_memory-regression-test-files.png)
+
+You can download and unzip the logs for the two test runs, then locate the ETL file within each folder and rename them as target.etl (for the test run on the pre-release update) and baseline.etl (for the test run on last released update) to simplify exploration and navigation.
+
+## Next steps
+
+Advance to the next article to get started with understanding intelligent CPU regression analysis.
+> [!div class="nextstepaction"]
+> [Next step](cpu.md)
+
+<!
+Add button for next page
+-->
test-base Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/overview.md
+
+ Title: 'Overview'
+description: Understanding TEst Base
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
++
+# What is Test Base for Microsoft 365?
+
+Test Base for Microsoft 365 (Test Base) is MicrosoftΓÇÖs validation service based in the secure Azure environment.
+With Test Base, Software Vendors (SVs) and System Integrators (SIs) can accelerate the validation of their applications against pre-released Windows security and feature builds. This is a highly engaged collaboration between SV partners and Microsoft enabling joint testing, validation and remediation.
+
+Test Base provides a great opportunity to build and maintain a secure validation service on Azure, where customers and partners can stage and test their application's workloads against our pre-released security updates.
+
+With Test Base, SVs are provided with more visibility into potential issues that could hinder their application(s) from performing at its best on the new OS release before Microsoft releases the update to the market.
+
+This new service will help SVs make testing efforts simpler and more efficient. Enterprise customers will benefit from SV and Microsoft testing together in a collaborative environment and gain more confidence that their applications will work as expected.
+
+### Advantages Test Base offers Eenterprises and their SV partners include:
+
+ * Faster rollout of security updates to secure your devices;
+
+ * Lowered update validation costs by hosting the OS changes and application in the same environment;
+
+ * World-class intelligence report from Microsoft about your apps (code coverage, API impact analysis etc.);
+
+ * Microsoft's expertise in shifting test content and harnesses to Azure.
++
+### Guide to navigating the Test Base portal
+
+This guide is divided into four (4) parts to ensure a hitch free experience while using our service:
+
+1. The **Overview** which provides detailed, step-by-step guidelines on how to upload your application via our self-serve onboarding portal.
+
+2. The **Quickstarts** section which provides information on the format for the zippped folder structure and what you need to know when preparing your test scripts.
+
+3. The **How-to guide** which provides detailed outline on how to use Test Base to infer test results.
+
+4. The **Reference** section that provides answers to the typical questions we receive from our customers.
+
+### Test Base is in public preview!
+
+Test Base has officially been declared ```Public Preview``` during the Microsoft Inspire conference in July 2021.
+
+This means anyone with a valid enterprise Azure account is able to onboard their test collateral and quickly start testing their applications on the service.
+
+### Who should onboard?
+
+We are encouraging all Software Vendors (SVs), System Integrators (SIs) to onboard their applications, binaries and test scripts onto the service.
+
+## Next steps
+
+Follow the link to get started
+> [!div class="nextstepaction"]
+> [Next step](createaccount.md)
+
test-base Pythonsdkoverview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/pythonsdkOverview.md
+
+ Title: 'Test Base SDK for Python'
+description: Details on understanding Test Base's SDK for Python
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
+
+# Test Base SDK for Python
+
+## Overview
+The Test Base SDK can be used to interact with the Azure test base resource. (i.e. manage your application package, include create package, edit package and delete package)
+
+With the SDK, the test summary and Analysis Result which can be gotten include : scriptExecution, reliability, memoryUtilization, cpuUtilization, memoryRegression, cpuRegression.
+
+With the Test Base SDK, you can integrate test base in your CI/CD pipeline.
+
+## Client Library
+
+Install the test base package with pip.
+
+~~~
+pip install Microsoft.Testbase
+~~~
+
+## Example
test-base Review https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/review.md
+
+ Title: 'Review'
+description: Review section after onboarding.
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
+
+# Step 6: Review your selections to create your package.
+
+1. On this tab, the service displays your test details and runs a quick completeness check.
+
+ A ```Validation passed``` or ```Validation failed``` message shows whether you can proceed to next steps or not.
+
+2. Review your test details and if satisfied, click on the ```Create``` button.
+
+![View validation](Media/validation.png)
+
+3. This will onboard your package to the Test Base environment. If your package is successfully created, an automated test which verifys whether your package can be successfully executed on Azure will be triggered.
+
+![Successful result](Media/successful.png)
+
+> [!Note]
+> You will get a notification from the Azure portal to notify you on the success or failure of the package verification.
+>
+> Please note that the process can take up to 24 hours, so it is likely your webpage will timeout if you are not active on it and hence, the notification will not inform you of the completion of this on-demand run.
+
+ - Peradventure this happens, you can view the status of your package on the ```Manage packages``` tab.
+
+![Image for managing packages](Media/managepackages.png)
+
+ - For succesful tests, their results can be seen via the ```Test Summary```, ```Security Updates Results``` and ```Feature Updates Results``` pages at scheduled intervals, often starting a few days after your upload.
+
+ - While failed tests, require you to upload a new package.
+
+ You can download the ```test logs``` for further analysis from the ΓÇÿ```Security update results``` and ```Feature updates results``` pages.
+
+ - If you experience repeated test failures, please reach out to testbasepreview@microsoft.com with details of your error.
+
+## Next steps
+
+Discover our Content Guidelines via the link below.
+> [!div class="nextstepaction"]
+> [Next step](contentguideline.md)
test-base Server https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/server.md
+
+ Title: 'Windows Server application testing'
+description: How to validate with windows server application testing
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
+
+# Windows Server Application Testing
+
+With Test Base for Microsoft 365, you can now validate your applications against Windows Server 2016 and 2019, including Server Core!
+
+To get started with validating your uploaded applications against pre-release updates for Windows Server 2016 and 2019 operating systems on Test Base for Microsoft 365, kindly adhere to the following steps:
+
+1. Log on to our self-service onboarding portal. From the left-side navigation menu, select ```Upload new package``` under ```Package catalogue``` and fill out the Test details.
+
+2. Select ```Security updates``` as the OS update type:
+
+![Select security updates](Media/selecting-security-updates.png)
+
+3. Under OS versions to test, select the applicable OS versions. You can select Windows Server OS versions or a combination of server and client OS versions.
+
+![Select OS version](Media/selecting-OS-versions.png)
+
+4. Provide other required information, review the details provided, and upload your application package. After uploading, you can view package status on the Manage packages menu tab.
++
+5. To view test results and insights from the validation of your application against pre-release security updates for Windows Server 2016 and 2019, go to the Test summary page or the Security update results page.
+
+![View test results](Media/access-test-results.png)
+
+Advance to the next article to get started with **Functional testing**
+> [!div class="nextstepaction"]
+> [Next step](functional.md)
+
test-base Testoptions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/testoptions.md
+
+ Title: 'Choose your test options'
+description: Choose your test options
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
++
+# Step 5: Choose your test options.
+
+The ```Test Options``` tab is for users who wish to perform functional tests to indicate when the Windows Update patch should be applied in the sequence of executing their functional test scripts.
+
+![Image of test options. Either out-of-box or functional tests](Media/testoptions.png)
+
+Select _**Review**_ to navigate to the next tab and review your selected test options.
+
+## Next steps
+
+Details of the nest step can be seen in the next article via the link below:
+> [!div class="nextstepaction"]
+> [Next step](review.md)
test-base Testtask https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/testtask.md
+
+ Title: 'Set your test tasks'
+description: Set your test tasks
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
++
+# Step 4: The tasks tab
+
+On the tasks tab, you are expected to provide the paths to your test scripts which are in the zip folder you uploaded under the binaries tab.
+
+ - **Out of Box Test Scripts:** Type in the relative paths to your install, launch, close and uninstall scripts. You also have the option to select additional settings for the install script.
+ - **Functional Test Scripts:** Type in the relative path to each functional test script uploaded. Additional functional test scripts can be added using the ```Add Script``` button. You need a minimum of one (1) script and can add up to eight (8) functional test scripts.
+
+ The scripts are run in upload sequence and a failure in a particular script will stop subsequent scripts from executing.
+ You also have the option of selecting additional settings for each script provided.
+
+## Set script path
+
+![Image of test task](Media/testtask.png)
+
+Sample of how to provide the relative path on a folder structure is below:
+
+_**Zip_file_uploaded**_
+~~~
+Γö£ΓöÇΓöÇ file1.exe
+
+Γö£ΓöÇΓöÇ ScriptX.ps1
+
+Γö£ΓöÇΓöÇ folder1
+
+Γöé Γö£ΓöÇΓöÇ file3.exe
+
+Γöé Γö£ΓöÇΓöÇ script.ps1
+~~~
+ - **ScriptX.ps1** would have. _ScriptX.ps1_ as the relative path.
+ - **Script.ps1** would have _folder1/script.ps1_ as the relative path.
++
+## Next steps
+
+View details of the Test Options tab in the next article
+> [!div class="nextstepaction"]
+> [Next step](testoptions.md)
test-base Uploadapplication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/test-base/uploadApplication.md
+
+ Title: 'Upload your package'
+description: How to upload your appplication, binaries and dependencies onto Test Base
+search.appverid: MET150
+++
+audience: Software-Vendor
+ Last updated : 07/06/2021+
+localization_priority: Normal
+++
+f1.keywords: NOCSH
++
+# Step 2: Uploading a Package
+
+On the Test Base portal page, navigate to the ΓÇÿUpload new package option on the left navigation bar as shown below:
+![Upload a new package](Media/Upload-New-Package.png)
+
+Once there, follow the steps below to upload a new package.
+
+## Enter details for your package
+
+On the Test details tab, type in your package's name, version and other details as requested.
+
+**Out-of-Box** and **Functional testing** can be done via this dashboard.
+
+The steps below provides a guide on how to fill out your package details:
+
+1. **Enter the name to be given your package in the ```ΓÇ£Package name``` field.**
+
+> [!Note]
+> The package name and version combination entered must be unique within your organization. This is validated by the checkmark as shown below.
+
+ - If you choose to re-use an package's name, then the version number must be unique (i.e. never been used with an package bearing that particular name).
+ - If the combination of the package name + version does not pass the uniqueness check, you will see an error message which reads, *ΓÇ£Package with this package version already existsΓÇ¥*.
+
+![Image for uploading package instructions](Media/Instructions.png)
+
+2. **Enter a version in the ΓÇ£Package versionΓÇ¥ field.**
+
+![Package version](Media/ApplicationVersion.png)
+
+3. **Select the type of test you want to run on this package**
+
+ An **Out-of-Box (OOB)** test performs an *install*, *launch*, *close* and *uninstall* of your package. After the install, the launch-close routine is repeated 30 times before a single uninstall is run.
+
+ This OOB test provides you with standardized telemetry on your package to compare across Windows builds.
+
+ A **Functional test** would execute your uploaded test script(s) on your package. The scripts are run in upload sequence and a failure in a particular script will stop subsequent scripts from executing.
+
+> [!Note]
+> **All** scripts run for 80 minutes at the most.
+
+4. **Select the OS update type**
+
+ - The ΓÇÿSecurity updatesΓÇÖ enables your package to be tested against incremental churns of Windows pre-release monthly security updates.
+ - The ΓÇÿFeature updatesΓÇÖ enables your package to be tested against Windows pre-release bi-annual feature updates builds from the Windows Insider Program.
+<!
+Change to the correct picture
+-->
+![OS update type](Media/OSUpdateType.png)
+
+5. **Select the OS version(s) for Security update tests.**
+
+In the multi-select dropdown, select the OS version(s) of Windows your package will be installed on.
+
+ - To test your package against Windows Client OSes only, select the applicable Windows 11 OS versions from the menu list.
+ - To test your package against Windows Server OSes only, select the applicable Windows Server OS versions from the menu list.
+ - To test your package against Windows Client and Server OSes, select all applicable OSes from the menu list.
+
+> [!Note]
+> If you select to test your package against both Server and Client OSes, please make sure that the package is compatible and can run on both OSes
++
+![Selecting an OS version](Media/OSVersion.png)
+<!
+Change to the correct picture
+-->
+6. **Select options for Feature update tests:**
+
+ - On the option to ΓÇ£Select Insider ChannelΓÇ¥, select the ```Windows Insider Program Channel``` as the build which your packages should be tested against.
+
+ We currently use builds flighted in the Insider Beta Channel.
+
+ - On the option to ΓÇ£Select OS baseline for InsightΓÇ¥, select the Windows OS version to be used as a baseline in comparing your test results.
+
+> [!Note]
+> We DO NOT support Feature update testing for Server OSes at this time
+<!
+Note to actual note format for markdown
+-->
+<!
+Change to the correct picture
+-->
+![Feature update testing](Media/FeatureUpdate.png)
+
+7. A completed Test details page should look like this:
+
+![Viewing test details](Media/TestDetails.png)
+## Next steps
+
+Our next article covers Uploading your Binaries to our serivce.
+> [!div class="nextstepaction"]
+> [Next step](binaries.md)
+
+<!
+Add button for next page
+-->
+