+> - Administrative options for an active user under the OneDrive tab in the Microsoft 365 admin center are currently not supported for multi-geo tenants.

+To save the email messages, calendar, tasks, and contacts of the former employee, export the information to an Outlook Data File (.pst). For steps on exporting Outlook data, see [Export emails, contacts, and calendar items to a .pst file](https://support.microsoft.com/office/14252b52-3075-4e9b-be4e-ff9ef1068f91).

+## Give another user access to a former user's email

+To give access to the email messages, calendar, tasks, and contacts of the former employee to another employee, import the information to another employee's Outlook inbox. For steps on exporting Outlook data, see [Import email, contacts, and calendar from an Outlook .pst file](https://support.microsoft.com/topic/431a8e9a-f99f-4d5f-ae48-ded54b3440ac).

+Multi-factor authentication (MFA) is a very important first step in securing your organization. Microsoft 365 for Business gives you the option to use security defaults or Conditional Access policies to turn on MFA for your admins and user accounts. For most organizations, **Security defaults** offer a good level of sign-in security. But if your organization must meet more stringent requirements, you can use **Conditional Access policies** instead.

+Per-user MFA is a legacy service and you should give consideration to using the newer Security defaults or Conditional Access policies.

+If you've previously turned on per-user MFA, you must turn it off before enabling Security defaults. You should also turn off per-user MFA after you've configure your policies and settings in Conditional Access.

+ Title: "Change the billing addresses for your Microsoft business subscription"

+description: "Learn how to change your billing address for Microsoft 365 for business."

+# Change the billing addresses for your Microsoft business subscription

+Your invoice for Microsoft business products and services that you own contains the following addresses:

+- **Sold to Address** Your company name and address, as shown in your organization profile.

+- **Bill to address** The address of your billing department, usually the same as the **Sold to** address.

+- **Service usage address** The address where the service is used, usually the same as the **Sold to** address. If your organization has remote users or multiple offices, use the address where most your users are located. This address is only used by customers with a Microsoft Online Services Agreement (MOSA) billing account type.

+In most cases, these addresses are the same. If you need to change one or more of the addresses, you can do that in the Microsoft 365 admin center.

+## Before you begin

+- [Find out what type of billing account you have](../manage-billing-accounts.md#view-my-billing-accounts).

+- If you have a Microsoft Online Services Agreement (MOSA) billing account type, you must be a global or billing admin to do the tasks in this article. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md).

+- If you have a Microsoft Customer Agreement (MCA) billing account type, you must be a billing account owner or contributor, or a billing profile owner or contributor to do the tasks in this article. For more information about billing account and billing profile roles, see [Understand your Microsoft business billing account](../manage-billing-accounts.md) and [Understand your Microsoft business billing profile](manage-billing-profiles.md).

+> [!NOTE]

+> If you're the person who signed up for the subscription, you're automatically a billing account owner or global admin.

+> [!IMPORTANT]

+> You can't change the country/region for your subscription. That's because the country/region where your organization is headquartered determines which services are available to you, the taxes and billing currency, and the location of the data center. To change your organization's country/region, sign up for a new account, choose the desired country/region, and buy a new subscription.

+## Change your Sold-To address

+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.

+2. In the **Navigation menu**, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2084771" target="_blank">Billing accounts</a> page, then select a billing account.

+3. On the billing account details page, in the **Sold to** section, select **Update sold to** or **Edit**.

+4. Update your organization information, then select **Save**.

+You can change your **Bill to** address in the Microsoft 365 admin center. However, the steps to change the address depend on the type of billing account that you have. [Find out what type of billing account you have](../manage-billing-accounts.md#view-my-billing-accounts).

+**If you have an MCA billing account type:**

+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.

+ - If youΓÇÖre using the **Simplified view**, select **Subscriptions**, then select **View payment methods**.

+ - If youΓÇÖre using the **Dashboard view**, go to the Billing > <a href="https://go.microsoft.com/fwlink/p/?linkid=848039" target="_blank">Bills & payments</a> page.

+2. On the **Bills & payments** page, select the **Billing profile** tab.

+3. Select a billing profile.

+4. On the billing profile details page, under **Bill-to address**, select **Edit**.

+5. In the **Edit bill-to address** pane, update your organization information, then select **Save**.

+**If you have an MOSA billing account type:**

+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.admin center.

+ - If youΓÇÖre using the **Simplified view**, select **Subscriptions**, then select **View payment methods**.

+ - If youΓÇÖre using the **Dashboard view**, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=848039" target="_blank">Bills & payments</a> page.

+2. On the **Bills & payments** page, select the **Payment methods** tab.

+3. Select a payment method.

+4. In the payment methods details pane, select **Edit**.

+5. Update your payment information, select **Save** > **Done**.

+If you have an MOSA billing account type, you can change the service usage address for a subscription. What type of billing account do I have?

+1. Go to the admin center.

+ - If youΓÇÖre using the **Simplified view**, select **Subscriptions**.

+ - If youΓÇÖre using the **Dashboard view**, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page.

+2. Select the subscription to change.

+[View your invoice in the Microsoft 365 admin center](view-your-bill-or-invoice.md)\

+[Understand your invoice for your Microsoft MCA billing account](understand-your-invoice.md)\

+[Understand your invoice for your Microsoft MOSA billing account](understand-your-invoice2.md)\

+[Payment options for your Microsoft business subscription](pay-for-your-subscription.md)\

+[How to pay for your Microsoft business subscription with a billing profile](pay-for-subscription-billing-profile.md)

+ Title: "Tax information for Microsoft 365 for business products and services"

+description: "Learn about tax information for Microsoft 365 billing and payments, including how to update your address and tax status."

+# Tax information for Microsoft 365 for business products and services

+When you buy Microsoft 365 for business products and services, the tax that you pay is determined by one of two things: your business address, or your shipping address, if it's different. If your organization is in the United States, you must provide a Federal Employer Identification Number (FEIN).

+> [!NOTE]

+## Before you begin

+- [Find out what type of billing account you have](../manage-billing-accounts.md#view-my-billing-accounts).

+- If you have a Microsoft Online Services Agreement (MOSA) billing account type, you must be a global or billing admin to do the tasks in this article. For more information, see [About admin roles](../../admin/add-users/about-admin-roles.md).

+- If you have a Microsoft Customer Agreement (MCA) billing account type, you must be a billing account owner or billing account contributor to do the tasks in this article. For more information about billing account roles, see [Understand your Microsoft business billing account](../manage-billing-accounts.md).

+> [!NOTE]

+> If you're the person who signed up for the subscription, you're automatically a billing account owner or global admin.

+When you buy Microsoft 365 products or services in the EMEA region, the purchase could be subject to Value-Added Tax (VAT).

+- If you're located in a European Union Member State, Armenia, Belarus, Norway, Turkey, or United Arab Emirates, and you don't provide your valid local VAT ID, Microsoft Ireland Operations Ltd. applies the current local VAT rate, based on the billing country/region your account is set to.

+You might qualify for VAT zero-rating if you meet one of the following criteria:

+- **You're in a European Union Member State outside Ireland:** You can provide your valid local VAT ID. Providing the VAT ID lets Microsoft Ireland Operations Ltd. VAT zero-rate the transaction. However, you might have a local VAT accounting obligation. If you have any concerns, check with your tax advisors. For instructions about adding the CAR ID for your organization, see [Add your VAT ID](#add-your-vat-id).

+- **You're in Ireland and have the relevant valid VAT exemption certification:** Microsoft Ireland Operations Ltd. might be entitled to exempt the transaction from VAT. If you don't have a VAT exemption certification, Microsoft Ireland Operations Ltd. applies the current Irish VAT rate, whether you provide a VAT ID or not.

+- **You're in Armenia, Belarus, Norway, Turkey, or United Arab Emirates:** You can provide your local VAT ID. Providing the VAT ID entitles Microsoft Ireland Operations Ltd. to VAT zero-rate the transaction. However, you might have a local VAT accounting obligation, so check with your tax advisors if you have any concerns. For instructions about adding the VAT ID for your organization, see [Add your VAT ID](#add-your-vat-id).

+If you're billed from one of the following locations, the current local tax is applied. The location is included on your invoice:

+In the United States, Canada, Mexico, Chile, and Colombia, various tax rates apply depending on the nature of the product or service and your location.

+If your billing is done by Microsoft Corporation (see your invoice), and you signed up for Microsoft 365 outside of the United States, Canada, Puerto Rico, Chile, and Colombia, then tax generally isn't charged.

+You can add your VAT ID in the Microsoft 365 admin center. However, the steps to add a VAT ID depend on the type of billing account that you have. [Find out what type of billing account you have](../manage-billing-accounts.md#view-my-billing-accounts).

+### Add your VAT ID for your MCA billing account

+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.

+2. Select the **Navigation menu**, then select **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2084771" target="_blank">Billing accounts</a>.

+3. On the **Billing accounts** page, select the billing account.

+4. On the billing account details page, select **Add tax ID**.

+5. Enter your VAT ID, then select **Save**.

+### Add your VAT ID for your MOSA billing account

+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.

+ - If you're using the **Simplified view**, select **Subscriptions**.

+ - If you're using the **Dashboard view**, go to the **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">Your products</a> page.

+2. Select the subscription that you want to update.

+4. In the **Edit service usage address** pane, in the **VAT number** box, enter your VAT ID, including the prefix, and without any spaces.

+If you qualify for tax-exempt status in your market, [start a service request](../../admin/get-help-support.md) to establish tax exempt status for your organization. The following table lists the documentation required to apply for tax-exempt status, based on your country/region.

+|Country/region | Documentation |

+[View your invoice in the Microsoft 365 admin center](view-your-bill-or-invoice.md)\

+[Understand your invoice for your Microsoft MCA billing account](understand-your-invoice.md)\

+[Understand your invoice for your Microsoft MOSA billing account](understand-your-invoice2.md)

+>[!Important]

+>As of Nov. 2022, Cross Tenant User Data Migration is available as an add-on to the following Microsoft 365 subscription plans for Enterprise Agreement customers, and is required for cross-tenant migrations. User licenses are per migration (one-time fee) and can be assigned either on the source or target user object. This license also covers Cross-tenant mailbox migration. Contact your Microsoft account team for details.

+>

+>The Cross Tenant User Data Migration add-on is available as a separate purchase for Microsoft 365 Business Basic, Standard, and Premium; Microsoft 365 F1/F3/E3/E5; Office 365 F3/E1/E3/E5; Exchange Online; SharePoint Online; and OneDrive for Business.

+>[!Warning]

+>You must have purchased, or verified that you can purchase, cross tenant user data migration licenses prior to the next steps. Migrations fail if this step has not been completed. Microsoft does not offer exceptions for this licensing requirement.

+- **Confirm that the source OneDrive tenant does not have Service encryption with Microsoft Purview Customer Key enabled.** If enabled on the source tenant, the migration will fail. [Learn more on Service encryption with Microsoft Purview Customer Key](/microsoft-365/compliance/customer-key-overview).

+- **Confirm that the source SharePoint tenant does not have Service encryption with Microsoft Purview Customer Key enabled.** If enabled on Source tenant, the migration will fail. [Learn more on Service encryption with Microsoft Purview Customer Key](/microsoft-365/compliance/customer-key-overview)

+>- Assign the appropriate licenses to each user on either the Source **or** the Target tenant. **The license does not need to be applied in both locations.**

+- You can schedule up to 4,000 moves at a time.

+- As the moves begin, you can schedule more, with a maximum of 4,000 pending moves in the queue and any given time.

+- The maximum size of a OneDrive that can be moved is 2 terabytes (2 TB).

+- The maximum size of a SharePoint site that can be moved is 2 terabytes (2 TB).

+*Applies To: Office 365 operated by 21Vianet - Small Business Admin, Office 365 operated by 21Vianet - Admin*

+**Office 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) | *Office 365 operated by 21 Vianet* | [Office 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) | [Office 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md) |

+<!--China endpoints version 2023073100-->

+<!--File generated 2023-08-09 16:41:39.6547-->

+11 | Default<BR>Required | No | `activation.sls.microsoft.com, crl.microsoft.com, odc.officeapps.live.com, officecdn.microsoft.com, officeclient.microsoft.com` | **TCP:** 443, 80

+17 | Allow<BR>Required | No | `*.auth.microsoft.cn, login.partner.microsoftonline.cn, microsoftgraph.chinacloudapi.cn`<BR>`40.72.70.0/23, 52.130.2.32/27, 52.130.3.64/27, 52.130.17.192/27, 52.130.18.32/27, 2406:e500:5500::/48` | **TCP:** 443, 80

+> [!NOTE]

+> Features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, you should see it soon.

+>

+> To see which new features are currently available in your partner tenant, go to the **Home** page of Microsoft 365 Lighthouse, and then either select the **What's new** link in the upper-right corner of the page or select **What's new** on the **What's new & learning resources** card.

+As an MSP provider, you need to monitor and respond to the security issues of your customers efficiently and effectively. Microsoft 365 Lighthouse introduces alerts, a powerful tool that gives you a consolidated view of all the high-priority detections and alerts across your customers. You can see a prioritized list of the most urgent issues that require your attention and take immediate action to resolve them. You can also enable push alerts to your existing support systems and flows, so you never miss a critical alert that needs your intervention.

+Defender for Endpoint on Android collects information from your configured Android devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint for Android secure, up to date, performing as expected, and to support the service.

+Information is collected to help keep Defender for Endpoint for Android secure, up to date, performing as expected and to support the service.

+1. Verify that **up to date** is displayed for **Virus and spyware definitions.**

+- The list of built-in exclusions in Windows is kept up to date as the threat landscape changes. This article lists some, but not all, of the built-in and automatic exclusions.

+The list of built-in exclusions in Windows is kept up to date as the threat landscape changes.

+The list of built-in exclusions in Windows is kept up to date as the threat landscape changes. To learn more about these exclusions, see [Microsoft Defender Antivirus exclusions on Windows Server: Built-in exclusions](configure-server-exclusions-microsoft-defender-antivirus.md#built-in-exclusions).

+Devices will actively be probed when changes in device characteristics are observed to make sure the existing information is up to date (typically, devices probed no more than once in a three-week period)

+| **up to date** | If the device communicated with the Defender report event ('Signature refresh time') within last seven days, and the Engine or Platform version build time is within last 60 days. |

+|**up to date** | If the security intelligence version on the device was written in the past seven days and the device has communicated with the report event in past seven days. |

+Sensor health and OS cards report on general operating system health, which includes detection sensor health, up to date versus out-of-date operating systems, and Windows 10 versions.

+Defender for Endpoint on iOS collects information from your configured iOS devices and stores it in the same tenant where you have Defender for Endpoint. The information is collected to help keep Defender for Endpoint on iOS secure, up to date, performing as expected, and to support the service.

+#### Advanced scan options

+The following settings can be configured to enable certain advanced scanning features.

+>[!NOTE]

+>Enabling these features might impact device performance. As such, it is recommended to keep the defaults.

+##### Configure scanning of file modify permissions events

+When this feature is enabled, Defender for Endpoint will scan files when their permissions have been changed to set the execute bit(s).

+>[!NOTE]

+>This feature is applicable only when the `enableFilePermissionEvents` feature is enabled. For more information, see [Advanced optional features](linux-preferences.md#configure-monitoring-of-file-modify-permissions-events) section below for details.

+|Description|Value|

+|||

+|**Key**|scanFileModifyPermissions|

+|**Data type**|Boolean|

+|**Possible values**|false (default) <p> true|

+|**Comments**|Available in Defender for Endpoint version 101.23062.0010 or higher.|

+##### Configure scanning of file modify ownership events

+When this feature is enabled, Defender for Endpoint will scan files for which ownership has changed.

+>[!NOTE]

+>This feature is applicable only when the `enableFileOwnershipEvents` feature is enabled. For more information, see [Advanced optional features](linux-preferences.md#configure-monitoring-of-file-modify-ownership-events) section below for details.

+|Description|Value|

+|||

+|**Key**|scanFileModifyOwnership|

+|**Data type**|Boolean|

+|**Possible values**|false (default) <p> true|

+|**Comments**|Available in Defender for Endpoint version 101.23062.0010 or higher.|

+##### Configure scanning of raw socket events

+When this feature is enabled, Defender for Endpoint will scan network socket events such as creation of raw sockets / packet sockets, or setting socket option.

+>[!NOTE]

+>This feature is applicable only when Behavior Monitoring is enabled.

+>[!NOTE]

+>This feature is applicable only when the `enableRawSocketEvent` feature is enabled. For more information, see [Advanced optional features](linux-preferences.md#configure-monitoring-of-raw-socket-events) section below for details.

+|Description|Value|

+|||

+|**Key**|scanNetworkSocketEvent|

+|**Data type**|Boolean|

+|**Possible values**|false (default) <p> true|

+|**Comments**|Available in Defender for Endpoint version 101.23062.0010 or higher.|

+Diagnostic data is used to keep Defender for Endpoint secure and up to date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by the product to Microsoft.

+This setting determines how aggressive Defender for Endpoint is in blocking and scanning suspicious files. If this setting is on, Defender for Endpoint is more aggressive when identifying suspicious files to block and scan; otherwise, it is less aggressive and therefore blocks and scans with less frequency.

+There are five values for setting cloud block level:

+### Advanced optional features

+The following settings can be configured to enable certain advanced features.

+>[!NOTE]

+>Enabling these features might impact device performance. It is recommended to keep the defaults.

+|Description|Value|

+|||

+|**Key**|features|

+|**Data type**|Dictionary (nested preference)|

+|**Comments**|See the following sections for a description of the dictionary contents.|

+#### Module load feature

+Determines whether module load events (file open events on shared libraries) are monitored.

+>[!NOTE]

+>This feature is applicable only when Behavior Monitoring is enabled.

+|Description|Value|

+|||

+|**Key**|moduleLoad|

+|**Data type**|String|

+|**Possible values**|disabled (default) <p> enabled|

+|**Comments**|Available in Defender for Endpoint version 101.68.80 or higher.|

+#### Supplementary sensor configurations

+The following settings can be used to configure certain advanced supplementary sensor features.

+|Description|Value|

+|||

+|**Key**|supplementarySensorConfigurations|

+|**Data type**|Dictionary (nested preference)|

+|**Comments**|See the following sections for a description of the dictionary contents.|

+##### Configure monitoring of file modify permissions events

+Determines whether file modify permissions events (`chmod`) are monitored.

+>[!NOTE]

+>When this feature is enabled, Defender for Endpoint will monitor changes to the execute bits of files, but not scan these events. For more information, see [Advanced scanning features](linux-preferences.md#configure-scanning-of-file-modify-permissions-events) section for more details.

+|Description|Value|

+|||

+|**Key**|enableFilePermissionEvents|

+|**Data type**|String|

+|**Possible values**|disabled (default) <p> enabled|

+|**Comments**|Available in Defender for Endpoint version 101.23062.0010 or higher.|

+##### Configure monitoring of file modify ownership events

+Determines whether file modify ownership events (chown) are monitored.

+>[!NOTE]

+>When this feature is enabled, Defender for Endpoint will monitor changes to the ownership of files, but not scan these events. For more information, see [Advanced scanning features](linux-preferences.md#configure-scanning-of-file-modify-ownership-events) section for more details.

+|Description|Value|

+|||

+|**Key**|enableFileOwnershipEvents|

+|**Data type**|String|

+|**Possible values**|disabled (default) <p> enabled|

+|**Comments**|Available in Defender for Endpoint version 101.23062.0010 or higher.|

+##### Configure monitoring of raw socket events

+Determines whether network socket events involving creation of raw sockets / packet sockets, or setting socket option, are monitored.

+>[!NOTE]

+>This feature is applicable only when Behavior Monitoring is enabled.

+>[!NOTE]

+>When this feature is enabled, Defender for Endpoint will monitor these network socket events, but not scan these events. For more information, see [Advanced scanning features](linux-preferences.md#configure-scanning-of-raw-socket-events) section above for more details.

+|Description|Value|

+|||

+|**Key**|enableRawSocketEvent|

+|**Data type**|String|

+|**Possible values**|disabled (default) <p> enabled|

+|**Comments**|Available in Defender for Endpoint version 101.23062.0010 or higher.|

+##### Configure monitoring of boot loader events

+Determines whether boot loader events are monitored and scanned.

+>[!NOTE]

+>This feature is applicable only when Behavior Monitoring is enabled.

+|Description|Value|

+|||

+|**Key**|enableBootLoaderCalls|

+|**Data type**|String|

+|**Possible values**|disabled (default) <p> enabled|

+|**Comments**|Available in Defender for Endpoint version 101.68.80 or higher.|

+##### Configure monitoring of ptrace events

+Determines whether ptrace events are monitored and scanned.

+>[!NOTE]

+>This feature is applicable only when Behavior Monitoring is enabled.

+|Description|Value|

+|||

+|**Key**|enableProcessCalls|

+|**Data type**|String|

+|**Possible values**|disabled (default) <p> enabled|

+|**Comments**|Available in Defender for Endpoint version 101.68.80 or higher.|

+##### Configure monitoring of pseudofs events

+Determines whether pseudofs events are monitored and scanned.

+> [!NOTE]

+> This feature is applicable only when Behavior Monitoring is enabled.

+|Description|Value|

+|||

+|**Key**|enablePseudofsCalls|

+|**Data type**|String|

+|**Possible values**|disabled (default) <p> enabled|

+|**Comments**|Available in Defender for Endpoint version 101.68.80 or higher.|

+##### Configure monitoring of module load events using eBPF

+Determines whether module load events are monitored using eBPF and scanned.

+>[!NOTE]

+>This feature is applicable only when Behavior Monitoring is enabled.

+|Description|Value|

+|||

+|**Key**|enableEbpfModuleLoadEvents|

+|**Data type**|String|

+|**Possible values**|disabled (default) <p> enabled|

+|**Comments**|Available in Defender for Endpoint version 101.68.80 or higher.|

+#### Network protection configurations

+The following settings can be used to configure advanced Network Protection inspection features to control what traffic gets inspected by Network Protection.

+>[!NOTE]

+>For these to be effective, Network Protection has to be turned on. For more information, see [Turn on network protection for Linux](network-protection-linux.md).

+|Description|Value|

+|||

+|**Key**|networkProtection|

+|**Data type**|Dictionary (nested preference)|

+|**Comments**|See the following sections for a description of the dictionary contents.|

+##### Configure ICMP inspection

+Determines whether ICMP events are monitored and scanned.

+>[!NOTE]

+>This feature is applicable only when Behavior Monitoring is enabled.

+|Description|Value|

+|||

+|**Key**|disableIcmpInspection|

+|**Data type**|Boolean|

+|**Possible values**|true (default) <p> false|

+|**Comments**|Available in Defender for Endpoint version 101.23062.0010 or higher.|

+>[!NOTE]

+>It is not possible to control all Microsoft Defender for Endpoint communication with only a proxy setting in this JSON.

+ >[!NOTE]

+ >Add the comma after the closing curly bracket at the end of the `cloudService` block. Also, make sure that there are two closing curly brackets after adding Tag or Group ID block (please see the above example). At the moment, the only supported key name for tags is `GROUP`.

+

+>[!NOTE]

+>No restart of mdatp daemon is required for changes to _most_ configurations in mdatp_managed.json to take effect.

+Diagnostic data is used to keep Defender for Endpoint secure and up to date, detect, diagnose and fix problems, and also make product improvements.

+- **Required**: The minimum data necessary to help keep Defender for Endpoint secure, up to date, and performing as expected on the device it's installed on.

+**Required diagnostic data** is the minimum data necessary to help keep Defender for Endpoint secure, up to date, and perform as expected on the device it's installed on.

+Diagnostic data is used to keep Microsoft Defender for Endpoint secure and up to date, detect, diagnose and fix problems, and also make product improvements. This setting determines the level of diagnostics sent by Microsoft Defender for Endpoint to Microsoft.

+Diagnostic data is used to keep Microsoft Defender for Endpoint secure and up to date, detect, diagnose and fix problems, and also make product improvements.

+- **Required**: The minimum data necessary to help keep Microsoft Defender for Endpoint secure, up to date, and performing as expected on the device it's installed on.

+**Required diagnostic data** is the minimum data necessary to help keep Microsoft Defender for Endpoint secure, up to date, and perform as expected on the device it's installed on.

+It is important to ensure that client components are up to date to deliver critical protection capabilities and prevent attacks.

+It's important to ensure that client components are up to date to deliver critical protection capabilities and prevent attacks.

+### Version

+- Defender package version: **20230809.1**

+- Security intelligence version: **1.395.68.0**

+- Engine version: **1.1.23070.1005**

+- Platform version: **4.18.23070.1004**

+#### Fixes

+- None

+Microsoft provides several ways to keep devices well protected and up to date against driver based tampering.

+You can configure definition retirement using Group Policy. Definition retirement checks to see if a computer has the required security updates necessary to protect it against a particular vulnerability. If the system isn't vulnerable to the exploit detected by a definition, then that definition is "retired". If all security intelligence for a given protocol is retired, then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up to date with all the latest security updates, network protection has no impact on network performance.

+## July 2023

+Inaccuracy report ID |Description |Fix date |

+:|:|:|

+24162 |Fixed inaccuracy in mysql_workbench| 04-Jul-23

+25736 | Fixed inaccuracy in Keepass | 04-Jul-23

+24598 | Fixed inaccuracy in Adobe flash player plugins |04-Jul-23

+ICM -399305402 | Disabled vulnerability assessment for Lenovo CVEs: </br> CVE-2021-3519, CVE-2021-22499, CVE-2021-22500, CVE-2021-22514| 03-Jul-23

+Not applicable| Added Microsoft Defender Vulnerability Management support for Arcserve_udp | 05-Jul-23

+ICM - 399989383 |Added accurate EOS details for Log4j versions| 05-Jul-23

+27379 | Fixed inaccuracy in adobe_animate | 06-Jul-23

+Not applicable | Added Arcserve_udp affected product details in CVE-2023-26258 |05-Jul-23

+26391 | Fixed inaccuracy in CVE-2020-26941 | 09-Jul-23

+25245 | Fixed inaccuracy in CVE-2022-40011 | 11-Jul-23

+Not applicable |Added Microsoft Defender Vulnerability Management support for Microsoft PowerBi Desktop | 13-Jul-23

+Not applicable | Added zero-day details for CVE-2023-36884 | 12-Jul-23

+26421 | Disabled vulnerability assessment for thinkcentre_m75q_gen_2 & thinkpad_l390_firmware | 14-Jul-23

+23876 | Fixed inaccurate recommendation in Microsoft Teams CVE-2023-24881 | 20-Jul-23

+25969 |Fixed inaccuracy in siemens _-sinec-nms | 24-Jul-23

+Not applicable |Added EOS details for win_server_2012 & win_server_2012_r2 | 25-Jul-23

+29096 | Fixed inaccurate detection of Slack version 1.0.0.0 | 25-Jul-23

+27941 | Disabled vulnerability assessment for application_performance_management | 25-Jul-23

+26116 | Fixed inaccuracy in HP CVEs: </br> CVE-2021-33159, CVE-2022-26845, CVE-2022-27497, CVE-2022-29893 | 27-Jul-23

+25809 | Disabled vulnerability assessment for Visio 2010, 2013, 2016 & 2019 | 31-Jul-23

+25810 | Disabled vulnerability assessment for Project 2019 | 31-Jul-23

+28176 | Fixed inaccuracy in VmWare_tools CVE-2021-31693 | 31-Jul-23

+29089 | Fixed inaccuracy in CVE-2023-24329| 31-Jul-23

+28489 | Fixed inaccuracy in CVE-2020-9484 | 31-Jul-23

+28385 | Fixed inaccuracy in CVE-2023-28759| 31-Jul-23

+Defender Experts for Hunting operational data, such as case tickets and analyst notes, are generated and stored in a Microsoft data center in the US region for the length of the service, irrespective of the Microsoft 365 Defender service storage location. Data generated for the reporting dashboard is stored in customer's Microsoft 365 Defender service storage location. Reporting data and operational data will be retained for a grace period of no more than 90 days after a customerΓÇÖs subscription expires. If the customer terminates their subscription, data will be deleted within 30 days.

+Defender Experts for XDR operational data, such as case tickets and analyst notes, are generated and stored in a Microsoft data center in the US region for the length of the service, irrespective of the Microsoft 365 Defender service storage location. Data generated for the reporting dashboard is stored in customer's Microsoft 365 Defender service storage location. Reporting data and operational data will be retained for a grace period of no more than 90 days after a customerΓÇÖs subscription expires. If the customer terminates their subscription, data will be deleted within 30 days.

+description: Learn how to use File Q&A for Copilot to easily find information in Microsoft Syntex.