| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| admin | Manage Feedback Product Insights | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-feedback-product-insights.md | You need to be an [administrator](../add-users/about-admin-roles.md) to view and 1. In the [Microsoft 365 admin center](https://admin.microsoft.com/), go to **Health** > **Product feedback** > **NPS survey insights**. 2. From the **NPS survey insights** page, navigate on the page to see survey insights related to NPS for your organization. ### Top topic filters We've identified the common themes from user feedback. Then we used machine learning models that train the data sets and automatically organize the feedback into **Top Topics**. You can then identify the top five topics with the most volume of verbatim feedback. > [!NOTE] > We only publish an intelligent topic after it meets a minimum quality bar set in partnership with subject matter experts. Precision and recall metrics are used to determine the same. Charts are filtered by the NPS rating as follows: - Passives are customers that are satisfied with the service but not enough to recommend your product or service. - Promoters- Happy customers that are loyal, enthusiastic and are likely to recommend your product or service. ### Export to CSV and Search The majority of Microsoft 365 for business **Products** can be found under this Use **Feedback Types** (set only to NPS feedback types) to filter feedback that we collect. ### We want to hear from you |
| commerce | Cancel Your Subscription | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/cancel-your-subscription.md | +You can cancel your free trial at any time to stop future charges. After your 1-month free trial ends, you will be charged the applicable subscription fee. + > [!IMPORTANT]-> - This article only applies to Dynamics 365, Intune, Power Platform, and Microsoft 365 for business subscriptions. If you have Microsoft 365 Family or Personal, see [Cancel a Microsoft 365 subscription](https://support.microsoft.com/office/cancel-a-microsoft-365-subscription-46e2634c-c64b-4c65-94b9-2cc9c960e91b?OCID=M365_DocsCancel_Link). +> - This article only applies to Dynamics 365, Intune, Power Platform, Windows 365, and Microsoft 365 for business subscriptions. If you have Microsoft 365 Family or Personal, see [Cancel a Microsoft 365 subscription](https://support.microsoft.com/office/cancel-a-microsoft-365-subscription-46e2634c-c64b-4c65-94b9-2cc9c960e91b?OCID=M365_DocsCancel_Link). > - If you bought your subscription through a Microsoft representative or a reseller partner, you have seven days to cancel for a pro-rated refund. Contact your seller or partner to help you cancel your subscription. [Learn more about partners](../manage-partners.md#what-can-a-partner-do-for-my-organization-or-school). > - If your organization is located in Chile, and you bought your subscription through a partner in Chile, you have 10 days to cancel for a pro-rated refund. -If you want to cancel your subscription, the easiest way to do that is to [turn off recurring billing](renew-your-subscription.md). When you turn off recurring billing, you can continue to use your subscription until it expires at the end of the subscription term. If you want to cancel immediately, use the information and steps in this article to do that. - ## Before you begin - You must be a Global or Billing admin to do the tasks in this article. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md). If you need to cancel within seven days after the start or renewal of your subsc If more than seven days have passed, [turn off recurring billing](renew-your-subscription.md). This prevents your subscription from renewing at the end of its term. You keep access to your products and services for the remainder of your subscription. If you have an annual subscription and are paying monthly, you are charged each month for the remainder of your subscription term. -> [!NOTE] -> Cancel your free trial any time to stop future charges. After your 1-month free trial, you will be charged the applicable subscription fee. - ### If you don't have a billing profile If you cancel after you start or renew your subscription, you receive a prorated credit or refund. The amount is either credited towards your next invoice or returned to you in the next billing cycle. |
| compliance | Apply Retention Labels Automatically | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md | When you choose the option for a trainable classifier, you can select one or mor  -To automatically apply a label by using this option, SharePoint sites, as well as mailboxes, must have at least 10 MB of data. +The available pre-trained classifiers are often updated, so there might be more entries to select than the ones displayed in this screenshot. For more information about trainable classifiers, see [Learn about trainable classifiers](classifier-learn-about.md). +To automatically apply a label by using this option, SharePoint sites, as well as mailboxes, must have at least 10 MB of data. + > [!TIP] > If you use trainable classifiers for Exchange, see [How to retrain a classifier in content explorer](classifier-how-to-retrain-content-explorer.md). |
| compliance | Apply Sensitivity Label Automatically | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md | When you select the **Trainable classifiers** option, select one or more of the  -> [!CAUTION] -> We are deprecating the **Offensive Language** pre-trained classifier because it has been producing a high number of false positives. Don't use this classifier and if you are currently using it, we recommend you move your business processes off it and instead use the **Targeted Harassment**, **Profanity**, and **Threat** pre-trained classifiers. +The available pre-trained classifiers are often updated, so there might be more entries to select than the ones displayed in this screenshot. For more information about these classifiers, see [Learn about trainable classifiers](classifier-learn-about.md). |
| compliance | Compliance Easy Trials Compliance Playbook | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-easy-trials-compliance-playbook.md | Adaptive policy scopes allow you to dynamically target a policy to certain users Policies using adaptive policy scopes stay current as the organization changes with new employees joining or leaving. Additionally, they are not subject to the previous limits of 100/1,000 locations included in a policy. -- Create an Adaptive Policy Scope, and use it with a retention policy+- Create an [Adaptive Policy Scope](retention.md#adaptive-or-static-policy-scopes-for-retention), and use it with a retention policy ### Step 2: Automate labeling to apply a label to all items by default Policies using adaptive policy scopes stay current as the organization changes w Default labels allow you to automatically apply a retention label to all items within a specified library, folder, or document set in SharePoint. -- Publish a label and apply it as default in SharePoint+- Publish a label and apply it as default in [SharePoint](create-apply-retention-labels.md#applying-a-default-retention-label-to-all-content-in-a-sharepoint-library-folder-or-document-set) ## Data Loss Prevention To enable insider risk Analytics, you must be a member of the Insider Risk Manag **Manage high-value items for business, legal, or regulatory record-keeping requirements**: -Use Microsoft Purview Records Management features to automate the retention schedule for organizational regulatory, legal, and business-critical records. Leverage automation capabilities from creation through collaboration, to declare records, retain contents, and dispose of them at the end. +Use integrated Microsoft Purview Records Management features to automate the retention schedule for organizational regulatory, legal, and business-critical records. Leverage automation capabilities from creation through collaboration, to declare records, retain contents, and dispose of them at the end. ### Step 1: Mark contents as records Use Microsoft Purview Records Management features to automate the retention sche When content is declared a record, restrictions are placed on the item in terms of what actions are allowed or blocked, additional activities about the items are logged, and you have proof of disposition if the items are deleted at the end of their retention period. -- Create a retention label that declares content as a record or a regulatory record+- Create a retention label that [declares content as a record or a regulatory record](declare-records.md) ### Step 2: Review content to approve before it's permanently deleted When content is declared a record, restrictions are placed on the item in terms At the end of the retention period, users you specify ("reviewers") can be notified to review the content and approve the permanent disposal action. This supports if a different action than deletion is more appropriate, such as assigning a different retention period to the content or suspending deletion for an audit. -- Create a retention label that uses disposition review+- [Create a retention label that uses disposition review](disposition.md#disposition-reviews) ### Step 3: Apply labels automatically to content that matches specific conditions At the end of the retention period, users you specify ("reviewers") can be notif Auto-applying labels removes the need for you users to manually perform the labeling activities. You can apply retention labels to content automatically when that content doesn't already have a retention label applied and contains sensitive information, keywords or searchable properties, or a match for trainable classifiers. -- Auto-apply retention labels to content with specific types of sensitive information-- Auto-apply retention labels to content using trainable classifiers-- Auto-apply retention labels with keywords or searchable properties+- [Auto-apply retention labels to content with specific types of sensitive information](apply-retention-labels-automatically.md#auto-apply-labels-to-content-with-specific-types-of-sensitive-information) +- [Auto-apply retention labels to content using trainable classifiers](apply-retention-labels-automatically.md#auto-apply-labels-to-content-by-using-trainable-classifiers) +- [Auto-apply retention labels with keywords or searchable properties](apply-retention-labels-automatically.md#auto-apply-labels-to-content-with-keywords-or-searchable-properties) ## Additional trials and add-ons |
| compliance | Encryption Office 365 Tls Certificates Changes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-office-365-tls-certificates-changes.md | The current Root CA, Intermediate CA, and leaf certificates will not be revoked. Under very rare circumstances, enterprise users may see certificate validation errors where the Root CA "DigiCert Global Root G2" appears as revoked. This is due to a known Windows bug under both of the following conditions: - The Root CA is in the [CurrentUser\Root certificate store](/windows/win32/seccrypto/system-store-locations#cert_system_store_current_user) and is missing the `NotBeforeFileTime` and `NotBeforeEKU` properties-- The Root CA is also in the [LocalMachine\AuthRoot certificate store](/windows/win32/seccrypto/system-store-locations#cert_system_store_local_machine) but has both the `NotBeforeFileTime` and `NotBeforeEKU` properties+- The Root CA is in the [LocalMachine\AuthRoot certificate store](/windows/win32/seccrypto/system-store-locations#cert_system_store_local_machine) but has both the `NotBeforeFileTime` and `NotBeforeEKU` properties +- The Root CA is NOT in the [LocalMachine\Root certificate store](/windows/win32/seccrypto/system-store-locations#cert_system_store_local_machine) All leaf certificates issued from this Root CA after the `NotBeforeFileTime` will appear revoked. certutil -store -v authroot DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 certutil -user -store -v root DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 ``` -A user can resolve the issue by deleting the copy of the Root CA in the `CurrentUser\Root` certificate store: +A user can resolve the issue by deleting the copy of the Root CA in the `CurrentUser\Root` certificate store by doing: ``` certutil -user -delstore root DF3C24F9BFD666761B268073FE06D1CC8D4F82A4-``` +``` +or +``` +reg delete HKCU\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 /f +``` +The first approach creates a Windows dialog that a user must click through while the second approach does not. |
| compliance | Retention Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-settings.md | Before you configure retention, first familiarize yourself with capacity and sto #### Relabeling at the end of the retention period > [!NOTE]-> This option is currently rolling out in preview and is subject to change. +> This option is in preview and subject to change. When you configure a retention label to automatically apply a different retention label at the end of the retention period, the item is then subject to the retention settings of the newly selected retention label. This option lets you automatically change the retention settings for the item. |
| compliance | Sensitive Information Type Entity Definitions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md | In addition, patterns that a human would see as indicative of names are also mat - English - Bulgarian-- Chinese - Croatian - Czech - Danish |
| compliance | Sensitivity Labels Aip | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-aip.md | Alternatively, you can interactively disable or remove the **Microsoft Azure Inf Whichever method you choose, the changes take effect when Office apps restart. +If, after making these changes, the **Sensitivity** button doesn't display on the Office ribbon, check whether sensitivity labeling has been [turned off](sensitivity-labels-office-apps.md#if-you-need-to-turn-off-built-in-labeling-in-office-apps-on-windows). Although this isn't the default configuration, an administrator might have explicitly set this configuration by using Group Policy or by directly editing the registry. + > [!NOTE] > Built-in labels require a subscription edition of Office apps. If you have standalone editions of Office, sometimes called "Office Perpetual", we recommend you upgrade to Microsoft 365 Apps for Enterprise to benefit from the [latest labeling capabilities](sensitivity-labels-office-apps.md#support-for-sensitivity-label-capabilities-in-apps). |
| contentunderstanding | Delete A Model | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/delete-a-model.md | + + Title: Delete a model in Microsoft SharePoint Syntex ++++audience: admin +++search.appverid: ++ - enabler-strategic + - m365initiative-syntex +ms.localizationpriority: medium +description: Learn how to delete a document understanding model in Microsoft SharePoint Syntex. +++# Delete a model in Microsoft SharePoint Syntex ++At some point, you might want to delete a document understanding model or a prebuilt model. Before you delete the model, you must first remove the model from all of the SharePoint document libraries where it has been applied. ++## Remove a model from a library ++You can remove a model from a document library either from the model home page, or from the document library (**Automate** > **View applied models** > **Remove from library**). ++> [!NOTE] +> Deleting a model does not delete the associated content type. ++## Delete a model ++Follow these steps to delete a document understanding model or a prebuilt model. ++1. Make sure the model has been [removed](#remove-a-model-from-a-library) from its document library. + +2. From the content center, select **Models** to see your models list. ++3. On the **Models** page, select the model you want to delete. ++4. By using either the ribbon or the **Show actions** button (next to the model name), select **Delete**. ++  ++5. On the **Delete model** panel, select **Delete**. ++## See also ++[Document understanding overview](document-understanding-overview.md) ++[Apply a model](apply-a-model.md) |
| lighthouse | M365 Lighthouse Manage Mfa | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-manage-mfa.md | description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous # Manage multifactor authentication in Microsoft 365 Lighthouse -Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA) helps safeguard access to data and applications, providing another layer of security by using a second form of authentication. The Multifactor Authentication tab provides detailed information on the status of MFA enablement across your tenants. Select any tenant in the list to see more details for that tenant, including which Conditional Access policies requiring MFA are already configured and which users have not yet registered for MFA. +Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA) helps safeguard access to data and applications, providing another layer of security by using a second form of authentication. The Multifactor Authentication tab provides detailed information on the status of MFA enablement across your tenants. Select any tenant in the list to see more details for that tenant, including which Conditional Access policies requiring MFA are already configured and which users haven't yet registered for MFA. For small- and medium-sized business (SMB) customers, Microsoft recommends enabling [security defaults](/azure/active-directory/fundamentals/concept-fundamentals-security-defaults) at a minimum. For more complex scenarios, you can use [Conditional Access](/azure/active-directory/conditional-access/overview) to configure specific policies. |
| security | TOC | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md | #### [Use Group Policy](manage-mde-post-migration-group-policy-objects.md) #### [Use PowerShell, WMI, or MPCmdRun.exe](manage-mde-post-migration-other-tools.md) #### [Server migration scenarios](server-migration.md) +##### [Migrating servers from Microsoft Monitoring Agent to the unified solution](application-deployment-via-mecm.md) ## [Onboard and configure devices]() ### [Onboard devices and configure Microsoft Defender for Endpoint capabilities](onboard-configure.md) |
| security | Application Deployment Via Mecm | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/application-deployment-via-mecm.md | + + Title: Migrating servers from Microsoft Monitoring Agent to the unified solution +description: Learn how to migrate down-level servers from Microsoft Monitoring Agent to the new unified solution step-by-step from this article. +keywords: migrate server, server, 2012r2, 2016, server migration onboard Microsoft Defender for Endpoint servers, MECM, Microsoft Monitoring Agent, MMA, downlevel server, unified solution, UA +search.appverid: met150 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +++ms.localizationpriority: medium ++audience: ITPro +++ms.technology: mde +++# Migrating servers from Microsoft Monitoring Agent to the unified solution ++**Applies to:** ++- Windows Server 2012 R2 +- Windows Server 2016 ++This article guides you in migrating down-level servers from Microsoft Monitoring Agent (MMA) to the unified solution. ++## Prerequisites ++- Microsoft Endpoint Configuration Manager (MECM) older than 2207. +- Down-level OS devices in your environment onboarded with Microsoft Monitoring Agent. To confirm, verify that `MsSenseS.exe` is running in Task Manager. +- Presence of the MMA agent. You can verify it by checking if the correct Workspace ID is present in the Control Panel> Microsoft Monitoring Agent. +- Active Microsoft 365 Defender portal with devices onboarded. +- A Device Collection containing down-level servers such as Windows Server 2012 R2 or Windows Server 2016 using MMA agent is set up in your MECM instance. ++For more information on installing the listed prerequisites, see [related topics](#related-topics) section. ++## Gather required files ++Copy the unified solution package, onboarding script and migration script to the same content source you deploy other apps with MECM. ++1. Download Onboarding Script and the unified solution from [Microsoft 365 Defender settings page](https://sip.security.microsoft.com/preferences2/onboarding). + :::image type="content" source="images/onboarding-script.png" alt-text="Screenshot of onboarding script and unified solution download." lightbox="images/onboarding-script.png"::: +2. Download the migration script from the document: [Server migration scenarios from the previous, MMA-based Microsoft Defender for Endpoint solution](server-migration.md). This script can also be found on GitHub: [GitHub - microsoft/mdefordownlevelserver](https://github.com/microsoft/mdefordownlevelserver). +3. Save all three files in a shared folder used by MECM as a Software Source. + :::image type="content" source="images/ua-migration.png" alt-text="Screenshot of saving the shared folder by MECM."::: ++## Create the package as an application ++1. In the MECM console, follow these steps: **Software Library>Applications>Create Application**. +2. Select **Manually specify the application information**. + :::image type="content" source="images/manual-application-information.png" alt-text="Screenshot of manually specifying the application information selection." lightbox="images/manual-application-information.png"::: +3. Click **Next** on the Software Center screen of the wizard. +4. On the Deployment Types, click **Add**. +5. Select **Manually to specify the deployment type information** and click **Next**. +6. Give a name to your script deployment and click **Next**. + :::image type="content" source="images/manual-deployment-information.png" alt-text="Screenshot specifying the script deployment information."::: +7. On this step, copy the UNC path that your content is located. Example: `\\Cm1\h$\SOFTWARE_SOURCE\UAmigrate`. + :::image type="content" source="images/deployment-type-wizard.png" alt-text="Screenshot that shows UNC path copy."::: +8. Additionally, set the following as the installation program: ++ ```powershell + Powershell.exe -ExecutionPolicy ByPass -File install.ps1 -Log -Etl -RemoveMMA 48594f03-7e66-4e15-8b60-d9da2f92d564 -OnboardingScript .\WindowsDefenderATP.onboarding + ``` ++9. Click **Next** and click add a clause. +10. The clause will be looking in the registry to see if the following key is present: + `HKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\63FAD065BFFD18F1926692665F704C6D` ++ Provide the following inputs: + - Value: **ProductName** + - Data Type: **String** + - Check the option: **This registry setting must exit on the target system to indicate presence of this application.** ++ :::image type="content" source="images/detection-rule-wizard.png" alt-text="Screenshot that shows registry key detection."::: ++ >[!TIP] + >This registry key value was obtained by running the following PowerShell command on a device that has had the unified solution installed. Other creative methods of detection can also be used. The goal is to identity whether the unified solution has already been installed on a specific device. ++ ```powershell + PowerShell Cmd: get-wmiobject Win32_Product | Sort-Object -Property Name |Format-Table IdentifyingNumber, Name, LocalPackage -AutoSize + ``` ++11. In the **User Experience** section, you can choose what suits your environment and click **Next**. For **Installation program visibility**, it's advisable to install with **Normal visibility** during phase testing then change it to **Minimized** for general deployment. + >[!TIP] + > Maximum allowed runtime can be lowered from (default) 120 minutes to 30 minutes. ++ :::image type="content" source="images/user-experience-in-deployment-type-wizard.png" alt-text="Screenshot that shows user experience in deployment-type wizard."::: ++12. Click **Next** on Requirements. +13. Click **Next** on Dependencies. +14. Click **Next** until completion screen comes up, then **Close**. +15. Keep clicking next until the completion of Application Wizard. Verify all have been green checked. +16. Close the wizard, right click on the recently created application and deploy it to your down-level-server collection. + :::image type="content" source="images/deploy-application.png" alt-text="Screenshot that shows deployment of created application." lightbox="images/deploy-application.png"::: +17. Verify in MECM>Monitoring>Deployments the status of this migration. ++ :::image type="content" source="images/deployment-status.png" alt-text="Screenshot that shows deployment status check." lightbox="images/deployment-status.png"::: ++## Related topics ++- [Microsoft Monitoring Agent Setup](/services-hub/health/mma-setup) +- [Deploy applications - Configuration Manager](/mem/configmgr/apps/deploy-use/deploy-applications) +- [Microsoft Defender for Endpoint - Configuration Manager](/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection) +- [Onboard Windows servers to the Microsoft Defender for Endpoint service](configure-server-endpoints.md) +- [Microsoft Defender for Endpoint: Defending Windows Server 2012 R2 and 2016](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/defending-windows-server-2012-r2-and-2016/ba-p/2783292) |
| security | Configure Server Endpoints | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-server-endpoints.md | You'll need to complete the following general steps to successfully onboard serv :::image type="content" source="images/server-onboarding-tools-methods.png" alt-text="An illustration of onboarding flow for Windows Servers and Windows 10 devices" lightbox="images/server-onboarding-tools-methods.png"::: -## Integration with Microsoft Defender for Cloud +## Integration with Microsoft Defender for Servers Microsoft Defender for Endpoint integrates seamlessly with Microsoft Defender for Servers. You can onboard servers automatically, have servers monitored by Microsoft Defender for Cloud appear in Defender for Endpoint, and conduct detailed investigations as a Microsoft Defender for Cloud customer. |
| security | Manage Auto Investigation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-auto-investigation.md | Automation levels affect whether certain remediation actions are taken automatic |Device group setting|Automated investigation results|What to do| |||| |**Full - remediate threats automatically**<br/>(recommended)|A verdict of *Malicious* is reached for a piece of evidence. <p> Appropriate remediation actions are taken automatically.|[Review completed actions](#review-completed-actions)|-|**Full - remediate threats automatically**|A verdict of *Suspicious* is reached for a piece of evidence. <p> Remediation actions are pending approval to proceed.|[Approve (or reject) pending actions](#review-pending-actions)| +|**Full - remediate threats automatically**|A verdict of *Suspicious* is reached for a piece of evidence. <p> Appropriate remediation actions are taken automatically.|[Approve (or reject) pending actions](#review-pending-actions)| |**Semi - require approval for any remediation**|A verdict of either *Malicious* or *Suspicious* is reached for a piece of evidence. <p> Remediation actions are pending approval to proceed.|[Approve (or reject) pending actions](#review-pending-actions)| |**Semi - require approval for core folders remediation**|A verdict of *Malicious* is reached for a piece of evidence. <p> If the artifact is a file or executable and is in an operating system directory, such as the Windows folder or the Program files folder, then remediation actions are pending approval. <p> If the artifact is *not* in an operating system directory, remediation actions are taken automatically.|<ol><li>[Approve (or reject) pending actions](#review-pending-actions)</li><li>[Review completed actions](#review-completed-actions)</li></ol>| |**Semi - require approval for core folders remediation**|A verdict of *Suspicious* is reached for a piece of evidence. <p> Remediation actions are pending approval.|[Approve (or reject) pending actions](#review-pending-actions).| |
| security | Microsoft Defender Endpoint Ios | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-ios.md | ms.technology: mde > [!CAUTION] > Running other third-party endpoint protection products alongside Defender for Endpoint on iOS is likely to cause performance problems and unpredictable system errors. -## Pre-requisites +## Prerequisites **For End Users** ms.technology: mde >[!NOTE] >Apple does not allow redirecting users to download other apps from the app store so this step needs to be done by the user before onboarding to Microsoft Defender for Endpoint app.)- ++ - Device(s) are registered with Azure Active Directory. This requires the end user to be signed in through [Microsoft Authenticator app](https://apps.apple.com/app/microsoft-authenticator/id983156458). - **For unenrolled devices**: Device(s) are registered with Azure Active Directory. This requires the end user to be signed in through [Microsoft Authenticator app](https://apps.apple.com/app/microsoft-authenticator/id983156458). |
| security | Server Migration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/server-migration.md | ms.technology: mde These instructions apply to the new unified solution and installer (MSI) package of Microsoft Defender for Endpoint for Windows Server 2012 R2 and Windows Server 2016. This article contains high-level instructions for various possible migration scenarios from the previous to the current solution. These high-level steps are intended as guidelines to be adjusted to the deployment and configuration tools available in your environment. -**If you are using Microsoft Defender for Cloud to perform deployment, you can automate installation and upgrade. See [Defender for Servers Plan 2 now integrates with MDE unified solution] (https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-servers-plan-2-now-integrates-with-mde-unified/ba-p/3527534)** +**If you are using Microsoft Defender for Cloud to perform deployment, you can automate installation and upgrade. See [Defender for Servers Plan 2 now integrates with MDE unified solution](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-servers-plan-2-now-integrates-with-mde-unified/ba-p/3527534)** > [!NOTE] > Operating system upgrades with Microsoft Defender for Endpoint installed are not supported. Please offboard then uninstall before proceeding with an upgrade. These instructions apply to the new unified solution and installer (MSI) package > [!NOTE] > Full Microsoft Endpoint Configuration Manager automation and integration to perform an automated upgrade will be available in a later release of MECM. From the 2107 release with the latest hotfix rollup, you CAN use the Endpoint Protection node for configuration as well as Group Policy, PowerShell, Microsoft Endpoint Manager tenant attach or local configuration. In addition, you can leverage existing functionality in Microsoft Endpoint Configuration Manager to automate manual upgrade steps; methods for which are described below. - ## Installer script To facilitate upgrades when Microsoft Endpoint Configuration Manager is not yet available or updated to perform the automated upgrade, you can use this [upgrade script](https://github.com/microsoft/mdefordownlevelserver). It can help automate the following required steps: Name: ForceDefenderPassiveMode Type: REG_DWORD Value: 0 +For more information on migrating servers from MMA to unified solution, see [Migrating servers from Microsoft Monitoring Agent to the unified solution](application-deployment-via-mecm.md). ## Other migration scenarios |
| security | Troubleshoot Security Config Mgt | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt.md | If you weren't able to identify the onboarded device in AAD or MEM, and did not The following table lists errors and directions on what to try/check in order to address the error. Note that the list of errors is not complete and is based on typical/common errors encountered by customers in the past: -<br> --**** - |Error Code|Enrollment Status|Administrator Actions| |||| |`5-7`, `9`, `11-12`, `26-33`|General error|The device was successfully onboarded to Microsoft Defender for Endpoint. However, there was an error in the security configuration management flow. This could be due to the device not meeting [prerequisites for Microsoft Defender for Endpoint management channel](security-config-management.md). Running the [Client Analyzer](https://aka.ms/BetaMDEAnalyzer) on the device can help identify the root cause of the issue. If this doesn't help, please contact support.| The following table lists errors and directions on what to try/check in order to ## Azure Active Directory Runtime troubleshooting -### Azure Active Directory Runtime - The main mechanism to troubleshoot Azure Active Directory Runtime (AADRT) is to collect debug traces. Azure Active Directory Runtime on Windows uses **ETW provider with ID bd67e65c-9cc2-51d8-7399-0bb9899e75c1**. ETW traces need to be captured with the reproduction of the failure (for example if join failure occurs, the traces need to be enabled for the duration of time covering calls to AADRT APIs to perform join). See below for a typical error in AADRT log and how to read it: |