| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| admin | Activity Reports | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/activity-reports.md | Check out [Microsoft 365 small business help](https://go.microsoft.com/fwlink/?l You can easily see how people in your business are using Microsoft 365 services. For example, you can identify who is using a service a lot and reaching quotas, or who may not need a Microsoft 365 license at all. Perpetual license model won't be included in the reports. -Reports are available for the last 7 days, 30 days, 90 days, and 180 days. Data won't exist for all reporting periods right away. The reports become available within 48 hours. +Reports are available for the last 7 days, 30 days, 90 days, and 180 days. Data won't exist for all reporting periods right away. The reports typically become available within 48 hours, but might sometimes take several days +to become available. ## Watch: Act on a usage report in Microsoft 365 |
| bookings | Bookings In Outlook | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-in-outlook.md | Bookings with me is an ideal solution for enterprise, small business, and users - 1:1 meetings with direct reports - Lunch and coffee breaks +### End users ++For more information on how your users can work with Bookings with me, see the following topics: ++- [Set up Bookings with me](https://support.microsoft.comoffice/bookings-with-me-setup-and-sharing-ad2e28c4-4abd-45c7-9439-27a789d254a2) +- [Bookings with me articles](https://support.microsoft.com/office/bookings-with-me-articles-c69c4703-e812-435c-9fc2-d194e10fd205) + ## Before you begin Bookings with me can be turned on or off for your entire organization or for specific users. When you turn on Bookings for users, they can create a Bookings page, share their page with others, and allow other people to book time with them. This article is for owners and administrators who manage Bookings with me for their organizations. Use the **Get-OrganizationConfig** and **Set-OrganizationConfig** commands to fi - To turn off Bookings with me for your organization, remove **MicrosoftOWSPersonalBookings**, if present, from **EwsAllowList** by running the following command: - ```PowerShell - Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceAllowList -EwsAllowList @{Remove="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceAllowList -EwsAllowList @{Remove="MicrosoftOWSPersonalBookings"} + ``` - To turn on Bookings with me for your organization, you must set the **EwsApplicationAccessPolicy** to **EnforceAllowList** and add **MicrosoftOWSPersonalBookings** to **EwsAllowList** by running the following command: - ```PowerShell - Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceAllowList -EwsAllowList @{Add="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceAllowList -EwsAllowList @{Add="MicrosoftOWSPersonalBookings"} + ``` **B**. If the value of **EwsApplicationAccessPolicy** is **EnforceBlockList**, all applications are allowed to access EWS and REST, except those specified in **EwsBlockList**. - To turn off Bookings with me for your organization, add **MicrosoftOWSPersonalBookings** by running the following command: - ```PowerShell - Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceBlockList -EwsBlockList @{Add="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceBlockList -EwsBlockList @{Add="MicrosoftOWSPersonalBookings"} + ``` - To turn on Bookings with me if blocked, remove **MicrosoftOWSPersonalBookings** by running the following command: - ```PowerShell - Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceBlockList -EwsBlockList @{Remove="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceBlockList -EwsBlockList @{Remove="MicrosoftOWSPersonalBookings"} + ``` **C**. If the value of **EwsApplicationAccessPolicy** is empty, all applications are allowed to access EWS and REST. - To turn off Bookings with me for your organization set the **EnforceBlockList** policy and add **MicrosoftOWSPersonalBookings** to the block list by running the following command: - ```PowerShell - Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceBlockList -EwsBlockList @{Add="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceBlockList -EwsBlockList @{Add="MicrosoftOWSPersonalBookings"} + ``` - If you want to revert the value of **EwsApplicationAccessPolicy** to empty to allow all applications to access EWS and REST, run the following command: - ```PowerShell - Set-OrganizationConfig -EwsApplicationAccessPolicy $null - ``` + ```PowerShell + Set-OrganizationConfig -EwsApplicationAccessPolicy $null + ``` > [!NOTE] > The EwsApplicationAccessPolicy parameter defines which applications other than Entourage, Outlook, and Outlook for Mac can access EWS. Use the **Get-CASMailbox** and **Set-CASMailbox** commands to check user status - To turn off Bookings with me for this user, remove **MicrosoftOWSPersonalBookings**, if present from **EwsAllowList** by running the following command: - ```PowerShell - Set-CASMailbox -Identity adam@contoso.com -EwsAllowList @{Remove="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-CASMailbox -Identity adam@contoso.com -EwsAllowList @{Remove="MicrosoftOWSPersonalBookings"} + ``` - Turn on Bookings with me for this user, add **MicrosoftOWSPersonalBookings** to **EwsAllowList** by running the following command: - ```PowerShell - Set-CASMailbox -Identity adam@contoso.com -EwsAllowList @{Add="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-CASMailbox -Identity adam@contoso.com -EwsAllowList @{Add="MicrosoftOWSPersonalBookings"} + ``` **B**. If the value of **EwsApplicationAccessPolicy** is **EnforceBlockList**, all applications are allowed to access EWS and REST, except those specified in **EwsBlockList**. - To turn off Bookings with me for this user, add **MicrosoftOWSPersonalBookings** to **EnforceBlockList** by running the following command: - ```PowerShell - Set-CASMailbox -Identity adam@contoso.com -EwsBlockList @{Add="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-CASMailbox -Identity adam@contoso.com -EwsBlockList @{Add="MicrosoftOWSPersonalBookings"} + ``` - To turn on Bookings with me for this user, remove **MicrosoftOWSPersonalBookings**, if present from EnforceBlockList by running the following command: - ```PowerShell - Set-CASMailbox -Identity adam@contoso.com -EwsBlockList @{Remove="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-CASMailbox -Identity adam@contoso.com -EwsBlockList @{Remove="MicrosoftOWSPersonalBookings"} + ``` **C**. If the value of EwsApplicationAccessPolicy is empty, all applications are allowed to access EWS and REST. - To turn off Bookings with me for this user, set the **EnforceBlockList** policy and add **MicrosoftOWSPersonalBookings** to EWSBlockList by running the following command: - ```PowerShell - Set-CASMailbox -Identity adam@contoso.com -EwsApplicationAccessPolicy EnforceBlockList -EWSBlockList @{Add="MicrosoftOWSPersonalBookings"} - ``` + ```PowerShell + Set-CASMailbox -Identity adam@contoso.com -EwsApplicationAccessPolicy EnforceBlockList -EWSBlockList @{Add="MicrosoftOWSPersonalBookings"} + ``` ### Create Bookings with me |
| compliance | Audit Teams Audit Log Events | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-teams-audit-log-events.md | Here's a list of all events that are logged for user and admin activities in Tea | Changed sensitivity label | SensitivityLabelChanged | A user changed a sensitivity label on a Teams meeting. | |Created a chat <sup>1, </sup> <sup>2</sup>|ChatCreated|A Teams chat was created.| |Created team|TeamCreated|A user creates a team.|-|Deleted a message|MessageDeleted|A message in a chat or channel was deleted.| +|Deleted a message <sup>2</sup>|MessageDeleted|A message in a chat or channel was deleted.| |Deleted all organization apps|DeletedAllOrganizationApps|Deleted all organization apps from the catalog.| |Deleted app|AppDeletedFromCatalog|An app has been deleted from the catalog.| |Deleted channel|ChannelDeleted|A user deletes a channel from a team.| |
| compliance | Device Onboarding Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-overview.md | f1.keywords: Previously updated : 09/09/2019 Last updated : 07/06/2023 audience: ITPro f1_keywords: If you want to use a custom account to turn on/off device monitoring, it must be Make sure that the Windows devices that you need to onboard meet these requirements. -1. Must be running Windows 10 x64 build 1809 or later or Windows 11. - 1. See [April 11, 2023ΓÇöKB5025221 (OS Builds 19042.2846, 19044.2846, and 19045.2846) - Microsoft Support](https://support.microsoft.com/en-us/topic/april-11-2023-kb5025221-os-builds-19042-2846-19044-2846-and-19045-2846-b00c3356-baac-4a41-8342-7f97ec83445a) for required minimum Windows Operating System builds. +1. Must be running one of the following builds of Windows or Windows Server: + 1. Windows 10 x64 build 1809 or later or Windows 11. (See [April 11, 2023ΓÇöKB5025221 (OS Builds 19042.2846, 19044.2846, and 19045.2846) - Microsoft Support](https://support.microsoft.com/en-us/topic/april-11-2023-kb5025221-os-builds-19042-2846-19044-2846-and-19045-2846-b00c3356-baac-4a41-8342-7f97ec83445a) for required minimum Windows Operating System builds.) + 1. Windows Server 2019 OS: 1809 onwards or Windows Server 2022 OS: 21H2 onwards. 1. Antimalware Client Version is 4.18.2110 or newer. Check your current version by opening Windows Security app, select the Settings icon, and then select About. The version number is listed under Antimalware Client Version. Update to the latest Antimalware Client Version by installing Windows Update KB4052623. |
| compliance | Dlp Create Deploy Policy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-create-deploy-policy.md | This procedure uses a hypothetical distribution group *Finance team* at Contoso. 1. Give the policy a name. -> [!IMPORTANT] -> Policies cannot be renamed. + > [!IMPORTANT] + > Policies cannot be renamed. -5. Fill in a description. You can use the policy intent statement here. +1. Fill in a description. You can use the policy intent statement here. 1. Select **Next**. and a recipient-based condition 1. Give the policy a name. -> [!IMPORTANT] -> Policies cannot be renamed. + > [!IMPORTANT] + > Policies cannot be renamed. -5. Fill in a description. You can use the policy intent statement here. +1. Fill in a description. You can use the policy intent statement here. 1. Select **Next**. and a recipient-based condition 1. Select **Recipient domain is** > **contoso.com**. Choose **Add**. -> [!TIP] -> **Recipient is** and **Recipient is a member of** can also be used in the previous step and will trigger an oversharing popup. + > [!TIP] + > **Recipient is** and **Recipient is a member of** can also be used in the previous step and will trigger an oversharing popup. -17. Select **Add and action** > **Restrict access or encrypt the content in Microsoft 365 locations** > **Restrict access or encrypt the content in Microsoft 365 locations** > **Block users from receiving email or accessing shared SharePoint, OneDrive, and Teams file.** > **Block everyone**. +1. Select **Add and action** > **Restrict access or encrypt the content in Microsoft 365 locations** > **Restrict access or encrypt the content in Microsoft 365 locations** > **Block users from receiving email or accessing shared SharePoint, OneDrive, and Teams file.** > **Block everyone**. 1. Set **User notifications** to **On**. This sample DLP policy is scoped to all users in your organization. Scope your D |Parameter| Configuration| |||-|[-ContentContainsSensitiveInformation](/powershell/module/exchange/new-dlpcompliancerule.md#-contentcontainssensitiveinformation)| Configures one or more sensitivity label conditions. This sample includes one. At least one label is mandatory.| -|[-ExceptIfRecipientDomainIs](/powershell/module/exchange/new-dlpcompliancerule.md#-exceptifrecipientdomainis)| List of trusted domains.| -|[-NotifyAllowOverride](/powershell/module/exchange/new-dlpcompliancerule.md#-notifyallowoverride)| "WithJustification" enables justification radio buttons, "WithoutJustification" disables them.| -|[-NotifyOverrideRequirements](/powershell/module/exchange/new-dlpcompliancerule.md#-notifyoverriderequirements) "WithAcknowledgement" enables the new acknowledgment option. This is optional.| +|[-ContentContainsSensitiveInformation](/powershell/module/exchange/new-dlpcompliancerule?view=exchange-ps#-contentcontainssensitiveinformation&preserve-view=true)| Configures one or more sensitivity label conditions. This sample includes one. At least one label is mandatory.| +|[-ExceptIfRecipientDomainIs](/powershell/module/exchange/new-dlpcompliancerule?view=exchange-ps#-exceptifrecipientdomainis&preserve-view=true)| List of trusted domains.| +|[-NotifyAllowOverride](/powershell/module/exchange/new-dlpcompliancerule?view=exchange-ps#-notifyallowoverride&preserve-view=true)| "WithJustification" enables justification radio buttons, "WithoutJustification" disables them.| +|[-NotifyOverrideRequirements](/powershell/module/exchange/new-dlpcompliancerule?view=exchange-ps#-notifyoverriderequirements&preserve-view=true) "WithAcknowledgement" enables the new acknowledgment option. This is optional.| | To configure a new DLP rule to generate a *warn* popup using trusted domains run this PowerShell code. Actions are what a policy does in response to user activities on sensitive items - **Allow**: The user activity is allowed to occur, so no business processes are impacted. You'll get audit data and there aren't any user notifications or alerts. -> [!NOTE] -> The **Allow** action is only available for policies that are scoped to the **Devices** location. + > [!NOTE] + > The **Allow** action is only available for policies that are scoped to the **Devices** location. - **Audit only**: The user activity is allowed to occur, so no business processes are impacted. You'll get audit data and you can add notifications and alerts to raise awareness and train your users to know that what they're doing is a risky behavior. If your organization intends to enforce more restrictive actions later on, you can tell your users that too. - **Block with override**: The user activity is blocked by default. You can audit the event, raise alerts and notifications. This impacts the business process, but your users are given the option to override the block and provide a reason for the override. Because you get direct feedback from your users, this action can help you identify false positive matches, which you can use to further tune the policy. -> [!NOTE] -> For Exchange online and SharePoint Online, overrides are configured in the user notification section. + > [!NOTE] + > For Exchange online and SharePoint Online, overrides are configured in the user notification section. - **Block**: The user activity is blocked no matter what. You can audit the event, raise alerts and notifications. |
| compliance | Ediscovery Managing Jobs | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-managing-jobs.md | search.appverid: # Manage jobs in eDiscovery (Premium) -## Jobs report (preview) +## Jobs report eDiscovery (Premium) includes a jobs report tool that lists all jobs that count towards the jobs concurrency and daily limits in eDiscovery for a defined time period. eDiscovery administrators can access this report and can use this report to see the job activities across Content Search activities and eDiscovery (Standard and Premium) cases. |
| compliance | Endpoint Dlp Getting Started | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-getting-started.md | For specific guidance to onboarding Windows devices, see: You can onboard virtual machines as monitored devices in Microsoft Purview compliance portal. There's no change to the onboarding procedures listed above. -Here are the virtual operating systems that are supported by virtualization environments. +The table that follows lists the virtual operating systems that are supported by virtualization environments. ++> [!NOTE] +> If you have endpoint devices onboarded to either Windows Server 2019 OS: 1809 onwards or Windows Server 2022 OS: 21H2 onwards, endpoint DLP protection is automatic, regardless of your virtualization platform. |Virtualization </br> platform|Windows 10|Windows 11|Windows Server 2019| Windows Server 2022</br>21H2 Data Center | |:|:|:|:|:| |
| compliance | Sensitivity Labels Versions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-versions.md | description: Identify the minimum versions of Office apps that support specific >*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).* -The capabilities tables on this page supplement [Manage sensitivity labels in Office apps](sensitivity-labels-office-apps.md) by listing the minimum Office version that introduced specific capabilities for sensitivity labels built in to Office apps. Or, if the label capability is in public preview or under review for a future release. +The capabilities tables on this page supplement [Manage sensitivity labels in Office apps](sensitivity-labels-office-apps.md) by listing the minimum Office version that introduced specific capabilities for sensitivity labels built in to Office apps, or if the label capability is in public preview or under review for a future release. -New versions of Office apps are made available at different times for different update channels. For Windows, you'll get the new capabilities earlier when you are on the Current Channel or Monthly Enterprise Channel, rather than Semi-Annual Enterprise Channel. The minimum version numbers can also be different from one update channel to the next. For more information, see [Overview of update channels for Microsoft 365 Apps](/deployoffice/overview-update-channels) and [Update history for Microsoft 365 Apps](/officeupdates/update-history-microsoft365-apps-by-date). +New versions of Office apps are made available at different times for different update channels. For Windows, you'll get the new capabilities earlier when you're on the Current Channel or Monthly Enterprise Channel, rather than Semi-Annual Enterprise Channel. The minimum version numbers can also be different from one update channel to the next. For more information, see [Overview of update channels for Microsoft 365 Apps](/deployoffice/overview-update-channels) and [Update history for Microsoft 365 Apps](/officeupdates/update-history-microsoft365-apps-by-date). -New capabilities that are in private preview are not included in the tables but you might be able to join these previews by nominating your organization for the [Microsoft Information Protection private preview program](https://aka.ms/mip-preview). +New capabilities that are in private preview aren't included in the tables but you might be able to join these previews by nominating your organization for the [Microsoft Information Protection private preview program](https://aka.ms/mip-preview). > [!TIP] > When you compare the minimum versions in the tables with the versions you have, remember the common practice of release versions to omit leading zeros. > -> For example, you have version 4.2128.0 and read that 4.7.1+ is the minimum version. For easier comparison, read 4.7.1 (no leading zeros) as 4.**0007**.1 (and not 4.**7000**.1). Your version of 4.2128.0 is higher than 4.0007.1, so your version is supported. +> For example, you have version 4.2128.0 and read that 4.7.1+ is the minimum version. For easier comparison, read 4.7.1 (no leading zeros) as 4.**0007**.1 (and not 4.**7000**.1). Your version of 4.2128.0 is higher than 4.0007.1; so, your version is supported. ## Sensitivity label capabilities in Word, Excel, and PowerPoint -The numbers listed are the minimum Office application versions required for each capability. +The numbers listed are the minimum Office application versions required for each capability. > [!NOTE]-> For Windows and the Semi-Annual Enterprise Channel, the minimum supported version numbers might not yet be released. [Learn more](/officeupdates/update-history-microsoft365-apps-by-date#supported-versions) +> For Windows and the Semi-Annual Enterprise Channel, the minimum supported version numbers might not yet be released. [Learn more](/officeupdates/update-history-microsoft365-apps-by-date#supported-versions). |Capability |Windows |Mac |iOS |Android |Web | |--|-:|-|-|--|-| The numbers listed are the minimum Office application versions required for each ## Sensitivity label capabilities in Outlook -The numbers listed are the minimum Office application versions required for each capability. +The numbers listed are the minimum Office application versions required for each capability. > [!NOTE] > For Windows and the Semi-Annual Enterprise Channel, the minimum supported version numbers might not yet be released. [Learn more](/officeupdates/update-history-microsoft365-apps-by-date#supported-versions) The numbers listed are the minimum Office application versions required for each |[Different settings for default label and mandatory labeling](sensitivity-labels-office-apps.md#outlook-specific-options-for-default-label-and-mandatory-labeling) |Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ |16.43+ <sup>\*</sup> |4.2111+ |4.2111+ |Yes | |[PDF support](sensitivity-labels-office-apps.md#pdf-support) |Current Channel: 2205+ <br /><br> Monthly Enterprise Channel: 2205+ <br /><br> Semi-Annual Enterprise Channel: 2302+| Under review |Under review |Under review |Under review | |[Apply S/MIME protection](sensitivity-labels-office-apps.md#configure-a-label-to-apply-smime-protection-in-outlook) |Current Channel: 2211+ <br /><br> Monthly Enterprise Channel: 2211+ <br /><br> Semi-Annual Enterprise Channel: 2302+ | 16.61+ <sup>\*</sup> |4.2226+ |4.2203+ |Yes |-|[Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) |Current Channel: 2302+<br /><br> Monthly Enterprise Channel: 2303+ <br /><br> Semi-Annual Enterprise Channel: 2302+ |Under review |Rolling out: 4.2316.0+ |4.2316.0+ |Under review | -|[Display label color](sensitivity-labels-office-apps.md#label-colors) |Current Channel: 2302+ <br /><br> Monthly Enterprise Channel: 2303+ <br /><br> Semi-Annual Enterprise Channel: 2302+ |16.71 |Rolling out: 4.2316.0+ |4.2316.0+ |Under review | +|[Sensitivity bar](sensitivity-labels-office-apps.md#sensitivity-bar) |Current Channel: 2302+<br /><br> Monthly Enterprise Channel: 2303+ <br /><br> Semi-Annual Enterprise Channel: 2302+ |Under review |4.2326.0+ |4.2316.0+ |Under review | +|[Display label color](sensitivity-labels-office-apps.md#label-colors) |Current Channel: 2302+ <br /><br> Monthly Enterprise Channel: 2303+ <br /><br> Semi-Annual Enterprise Channel: 2302+ |Preview: [Current Channel (Preview)](https://office.com/insider) <sup>\*</sup> |4.2316.0+ |4.2316.0+ |Under review | |[Default sublabel for parent label](sensitivity-labels-office-apps.md#specify-a-default-sublabel-for-a-parent-label)|Current Channel: 2302+ <br /><br> Monthly Enterprise Channel: 2302+ <br /><br> Semi-Annual Enterprise Channel: 2302+ |Under review |Under review |Under review |Under review | |[Scope labels to files or emails](sensitivity-labels-office-apps.md#scope-labels-to-just-files-or-emails) |Current Channel: 2302+ <br /><br> Monthly Enterprise Channel: 2302+ <br /><br> Semi-Annual Enterprise Channel: 2302+ |Rolling out: 16.70+ <sup>\*</sup> | Rolling out: 4.2309+ |Rolling out: 4.2309+ |Yes | |[Preventing oversharing as DLP policy tip](dlp-create-deploy-policy.md#scenario-2-show-policy-tip-as-oversharing-popup)|Current Channel: 2305+ <br /><br> Monthly Enterprise Channel: 2307+ <br /><br> Semi-Annual Enterprise Channel: 2302+ |Under review |Under review |Under review |Under review | Requires the [new Outlook for Mac](https://support.microsoft.com/office/the-new- ## Future releases -Use the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=Microsoft%20Information%20Protection&searchterms=label) for details about new labeling capabilities that are planned for future releases. +For information about new labeling capabilities that are planned for future releases, use the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=Microsoft%20Information%20Protection&searchterms=label). |
| enterprise | Manage Folders And Rules Feature | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-folders-and-rules-feature.md | Admin can enable the feature with the help of cmdlet `Set-OrganizationConfig -Is Default Value: false + Regardless of whether the `IsGroupFoldersAndRulesEnabled` parameter is turned off, the **Inbox** and **Deleted items** folders will still be shown, if there are any deleted items in the group. + > [!NOTE] > Once the `IsGroupFoldersAndRulesEnabled` parameter is turned off after creating some folder and rules, > |
| enterprise | Microsoft 365 Monitoring | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-monitoring.md | description: "Use Microsoft 365 monitoring for information about incidents or ad # Learn about Microsoft 365 monitoring -You can use dashboards in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339) to monitor the health of various Microsoft services for your organization's Microsoft 365 subscription. This capability began with Exchange Online and is now being expanded to other Microsoft services like Microsoft Teams, Microsoft 365 Apps, and more services in the future. +You can use dashboards in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339) to monitor the health of various Microsoft services for your organization's Microsoft 365 subscription. This capability began with Exchange Online and has been expanded to other Microsoft services such as Microsoft Teams and Microsoft 365 Apps, with more services being added in the future. Microsoft 365 Monitoring increases observability and minimizes downtime through providing near real-time user telemetry data with enriched alerts in the Microsoft 365 admin center's Service Health dashboard. Monitoring provides you with information about incidents and advisories that are Here's an example of the **Service health** page in the Microsoft 365 admin center, which is available at **Health** > **Service health** for organization scenarios and [priority account](../admin/setup/priority-accounts.md) scenarios. - +[](../media/m365-monitoring-final.png#lightbox) -**Issues in your organization** will be identified and used by organizational-level monitoring and priority account monitoring. +If Microsoft 365 monitoring discovers issues that need your attention, these will be show under the **Issues in your environment that require action** in the Active Issues section of the page. -The value of the **Health** column under **Issues in your organization** indicates whether your organization's infrastructure or third-party software affects the service health experience of your organization's users and/or priority accounts in Exchange Online. Advisories or incidents require your actions to resolve. --The value of the **Health** column under **Microsoft service health** indicates that the service is healthy or has advisories or incidents based on the cloud services that Microsoft maintains. +To access detailed monitoring pages for specific services, select **View** under **Organizational-level monitoring** on the service health page. Here's an example of the Exchange Online monitoring page in the Microsoft 365 admin center that shows the health of organization-level and priority account scenarios available from **Health** > **Service health** > **Exchange Online**. - + With the scenario list page, you can see whether the Microsoft service is healthy or not and whether there are any associated incidents or advisories. For example, with Exchange Online monitoring, you can look at the service health for specific email scenarios and view near real-time signals to determine the impact by organization-level scenario. You can also see health of priority account scenarios, if available. There are two ways you can provide feedback: - Submit feedback using the **Is this post helpful? link for a specific incident or advisory. -  +  ## Frequently asked questions |
| security | Linux Preferences | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-preferences.md | Title: Set preferences for Microsoft Defender for Endpoint on Linux description: Describes how to configure Microsoft Defender for Endpoint on Linux in enterprises. -keywords: microsoft, defender, Microsoft Defender for Endpoint, linux, installation, deploy, uninstallation, puppet, ansible, linux, redhat, ubuntu, debian, sles, suse, centos -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium Previously updated : 02/09/2023 Last updated : 07/07/2023 audience: ITPro Specifies the enforcement preference of antivirus engine. There are three values ||| |**Key**|enforcementLevel| |**Data type**|String|-|**Possible values**|real_time (default) <p> on_demand <p> passive| -|**Comments**|Available in Defender for Endpoint version 101.10.72 or higher.| +|**Possible values**|real_time <p> on_demand <p> passive (default)| +|**Comments**|Available in Defender for Endpoint version 101.10.72 or higher. Default is changed from real_time to passive for Endpoint version 101.23062.0001 or higher.| #### Enable/disable behavior-monitoring Diagnostic data is used to keep Defender for Endpoint secure and up-to-date, det #### Configure cloud block level -This setting determines how aggressive Defender for Endpoint is in blocking and scanning suspicious files. If this setting is on, Defender for Endpoint is more aggressive when identifying suspicious files to block and scan; otherwise, it is less aggressive and therefore block and scan with less frequency. There are five values for setting cloud block level: +This setting determines how aggressive Defender for Endpoint is in blocking and scanning suspicious files. If this setting is on, Defender for Endpoint is more aggressive when identifying suspicious files to block and scan; otherwise, it is less aggressive and therefore blocks and scans with less frequency. There are five values for setting cloud block level: - Normal (`normal`): The default blocking level. - Moderate (`moderate`): Delivers verdict only for high confidence detections. |
| security | Microsoft Defender Antivirus Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates.md | Title: Microsoft Defender Antivirus security intelligence and product updates description: Manage how Microsoft Defender Antivirus receives protection and product updates. ms.localizationpriority: high Previously updated : 06/12/2023 Last updated : 07/07/2023 audience: ITPro -+ All our updates contain ### Known Issues -- None+- Users encounter slow loading webpages in non-Microsoft web browsers with [web content filtering](/microsoft-365/security/defender-endpoint/web-content-filtering) enabled ### May-2023 (Platform: 4.18.23050.3 | Engine: 1.1.23050.2) For more information, see [Microsoft Defender update for Windows operating syste > - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) > - [Configure Defender for Endpoint on Android features](android-configure.md) > - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)++ |
| security | Minimum Requirements | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/minimum-requirements.md | Devices on your network must be running one of these editions. New features or c - Windows Server 2019 and later - Windows Server 2019 core edition - Windows Server 2022+ - Windows Server 2022 core edition - Azure Virtual Desktop - Windows 365 running one of the above operating systems/versions |
| security | Onboarding Endpoint Manager | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding-endpoint-manager.md | Then you will continue by creating several different types of endpoint security 1. Open the Intune admin center. -2. Navigate to **Endpoint security > Endpoint detection and response**. Click on **Create Profile**. +2. Navigate to **Endpoint security > Endpoint detection and response**. Click on **Create Policy**. > [!div class="mx-imgBorder"] > :::image type="content" source="images/58dcd48811147feb4ddc17212b7fe840.png" alt-text="The Microsoft Intune admin center4" lightbox="images/58dcd48811147feb4ddc17212b7fe840.png"::: -3. Under **Platform, select Windows 10 and Later, Profile - Endpoint detection +3. Under **Platform, select Windows 10, Windows 11, and Windows Server, Profile - Endpoint detection and response > Create**. 4. Enter a name and description, then select **Next**. |
| security | Dex Xdr Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/dex-xdr-overview.md | Last updated 05/29/2023 - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > [!IMPORTANT]-> Microsoft Defender Experts for XDR is sold separately from other Microsoft 365 Defender products. If you're a Microsoft 365 Defender customer and are interested in purchasing Defender Experts for XDR, complete a [customer interest form](https://aka.ms/IWantDefenderExperts). +> Microsoft Defender Experts for XDR is sold separately from other Microsoft 365 Defender products. If you're a Microsoft 365 Defender customer and are interested in purchasing Defender Experts for XDR, please contact your account manager. Microsoft Defender Experts for XDR is a managed extended detection and response service that helps your security operations centers (SOCs) focus and accurately respond to incidents that matter. It provides extended detection and response for customers who use Microsoft 365 Defender |
| security | Understand Detection Technology In Email Entity | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/understand-detection-technology-in-email-entity.md | + + Title: Understanding detection technology within the email entity page in Microsoft Defender for Office 365 +description: Guide to understanding the detection technology shown on the email entity page in Microsoft Defender for Office 365, what the detection technologies mean, how they're triggered, and how to resolve false positives (see the admin submission video). +++++ Last updated : 07/03/2023+audience: ITPro +++- m365-guidance-templates +- m365-security +- tier3 +++# Understanding detection technology in the email entity page of Microsoft Defender for Office 365 ++If a threat is detected on the Microsoft Defender for Office 365 [*email entity page*](/microsoft-365/security/office-365-security/mdo-email-entity-page), threat information will display on the left-hand flyout. This panel will also show you the **detection technology** that led to that verdict. ++This article is all about helping you **understand the different detection technologies**, how they work, and how to avoid any false alarms. Stay tuned for the Admin Submissions video at the end. ++## Detection technology details table ++To resolve false positives like the ones listed in the table below, you should always start with an **admin submission**, which will also prompt you to add an entry into the Tenant Allow/Block List (TABL). This entry adds a temporary override signal to the filters that determined the message was *malicious*, while filters are updated (if that's appropriate). See the articles below for more information on Admin submissions & TABL. ++- [Submissions: Report good email to Microsoft](../submissions-admin.md) +- [Tenant Allow/Block List](../tenant-allow-block-list-about.md) ++|The Detection technology|How it reaches a verdict|Notes| +| -- | -- | -- | +|Advanced filter|Machine learning models based detection on email & contents, to detect phish & spam| +|Antimalware protection|Detection from signature based anti-malware engines|| +|Bulk|Detection for advertising / marketing and similar message types with their relative complaint levels|[Step-by-Step guide on how to tune bulk thresholds](tune-bulk-mail-filtering-walkthrough.md)| +|Campaign|Messages identified and grouped as part of a malware or phish campaign|[Learn more about campaigns](track-and-respond-to-emerging-threats-with-campaigns.md)| +|Domain reputation|The message was sent from a domain that was identified as spam or phish domain, based on internal or external signals|| +|File detonation|Safe Attachments detected a malicious attachment during detonation within a sandbox|| +|File detonation reputation|File attachments previously detected by Safe Attachments during detonation|| +|File reputation|The message contains a file that was previously identified as malicious by other sources|| +|Fingerprint matching|The message resembles a previously detected malicious or spam message|| +|General filter|Phishing or spam signals based on analyst heuristics|| +|Impersonation brand|Sender impersonation of well-known brands|| +|Impersonation domain|Impersonation of sender domains that you own or specified for protection in anti-phishing policies|[Impersonation insight overview](../anti-phishing-mdo-impersonation-insight.md)| +|Impersonation user|Impersonation of protected senders that you specified in anti-phishing policies|[Impersonation insight overview](../anti-phishing-mdo-impersonation-insight.md)| +|IP reputation|The message was sent from an IP that was identified as potentially malicious|| +|Mailbox intelligence impersonation|Sender detected as impersonating an address in the user's personal sender map|[Mailbox intelligence impersonation protection](../anti-phishing-policies-about.md)| +|Mixed analysis detection|Multiple filters contributed to the verdict for this message|| +|Spoof DMARC|The message failed DMARC authentication|[How Microsoft 365 handles inbound email that fails DMARC](../email-authentication-dmarc-configure.md)| +|Spoof external domain|Spoof intelligence detected email spoofing of a domain that is external to your organization|| +|Spoof intra-org|Spoof intelligence detected email spoofing of a user or domain that is internal to your organization|| +|URL detonation|Safe Links detected a malicious URL in the message during detonation within a sandbox|| +|URL detonation reputation|URLs previously detected by Safe Links during detonation|| +|URL malicious reputation|The message contains a URL that was previously identified as malicious or spam by other sources|| ++## Watch a video on submitting messages to Microsoft to learn more +> [!VIDEO https://www.youtube.com/embed/ta5S09Yz6Ks] |