Updates from: 08/13/2022 01:42:53
Category Microsoft Docs article Related commit history on GitHub Change details
admin Choose Device Security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/devices/choose-device-security.md
- Title: "Compare different device and app data protection methods"-- NOCSH-------- M365-subscription-management-- Adm_O365-- Adm_TOC--- AdminSurgePortfolio-- MET150
-description: "Choose between different MDM and MAM methods."
--
-# Options for protecting your devices and app data with Microsoft 365
-
-You have several ways to secure your organizations devices and data on them with Microsoft 365 for business and enterprise. You can use the following stand-alone plans:
--- Intune (a part of Microsoft Endpoint Management)-- Azure Active Directory Premium plans.-- Basic Mobility and Security (included in most Microsoft 365 for business and enterprise plans)
-Or use the subscriptions that include some, or all of the previous standalone plans.
-- Microsoft Defender for Business (included in Microsoft 365 Business Premium; also available as a standalone plan)-- A Microsoft 365 Business Premium subscription, which includes security and threat protection for small business under 300 users.-- Microsoft 365 Enterprise plans that include advanced security and threat protection.-
-## Basic Mobility and Security device management
-
-**Basic Mobility and Security** is offered with most Microsoft 365 plans, and is the only built-in choice offered for Microsoft 365 Business Standard and Microsoft 365 Business Basic. For more information, see [availability of Basic Mobility and Security](../basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md#availability-of-basic-mobility-and-security-and-intune).
-
-If you have either Microsoft 365 Business Basic or Microsoft 365 Business Standard, you can also purchase Intune if your organization has more complex security needs.
-
-## Microsoft stand-alone security plans
-
-**Microsoft Intune** is a stand-alone plan that is also included with some Microsoft 365 for business or enterprise plans. If you have Intune either as a stand-alone or a part of your subscription, it provides ability to fine-tune your device and app-data management. For more information on availability with Microsoft 365, see [availability of Intune](../basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md#availability-of-basic-mobility-and-security-and-intune).
-
-Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You control how your organizationΓÇÖs devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. For more information, see [Microsoft Intune documentation](/mem/intune/).
-
-**Azure Active Directory (AD) Premium** plans are standalone plans that also come with some of the Microsoft 365 for business and enterprise plans. For more information, see [Azure AD pricing](https://azure.microsoft.com/pricing/details/active-directory/).
-
-Azure AD Premium P1 and Azure AD Premium P2 allow you to set conditional access features, self-service password reset, etc. For more information on the capabilities of the Premium plans, see [Azure AD pricing](https://azure.microsoft.com/pricing/details/active-directory/) page.
-
-## Microsoft 365 plans with additional device and data protection features
-
-**Microsoft 365 Business Premium** includes Intune and Azure Active Directory Premium P1, Microsoft Defender for Office 365 Plan 1, and Microsoft Defender for Business.
-
-Microsoft 365 Business Premium offers a set of policy templates for securing your devices and app data. It offers a good level of security and threat protection for most businesses under 300 users. For more information, see [Microsoft 365 Business Premium Overview](../../business-premium/index.md) and [Overview of Microsoft Defender for Business](../../security/defender-business/mdb-overview.md).
-
-**Microsoft 365 for enterprise** subscriptions include Microsoft Intune and E5 also includes the Azure AD premium plans 1 and 2.
-
-Microsoft 365 E5 offers the highest level of security and threat protection of all the Microsoft 365 subscriptions. For more information, see [Microsoft 365 for enterprise overview](../../enterprise/microsoft-365-overview.md).
-
-## See also
-
-[Best practices for securing Microsoft 365 for business plans](../security-and-compliance/secure-your-business-data.md)
admin Manage Microsoft Rewards https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-microsoft-rewards.md
- Title: "Manage Microsoft Rewards"-- CSH-------- M365-subscription-management --- AdminSurgePortfolio-- MET150-
-description: "Users who have personal Microsoft accounts can earn Microsoft Rewards points in connection with their work searches if Link AAD with Rewards feature is enabled."
--
-# Manage Microsoft Rewards
-
-Users who have personal Microsoft accounts can earn [Microsoft Rewards](https://www.microsoft.com/rewards) points with their work searches if the *Link Microsoft Azure Active Directory (Azure AD) with Rewards* feature is enabled.
-
-Unless the user opts out of this feature, their personal Microsoft account will be associated with their workplace Azure AD account. Microsoft Rewards receives and logs information that a search has occurred, but doesn't receive any information about the content of the search. The content of queries from your organization won't be shared with Microsoft Rewards as part of this feature.
-
-For administrators of educational organizations with minor children, a parental Microsoft account is required for the child to participate in Microsoft Rewards. The parental account won't be associated with the studentΓÇÖs organizational account. For more information about Microsoft accounts for children, see [Parental consent and Microsoft child accounts](https://support.microsoft.com/account-billing/c6951746-8ee5-8461-0809-fbd755cd902e).
-
-This feature isn't available for Government users. Administrators should ensure that their organizationΓÇÖs compliance policies permit the use of personal Microsoft Rewards accounts with work searches.
-
-## Related content
-
-[Set up Microsoft Search](/microsoftsearch/setup-microsoft-search) (article)
-
-[Top 12 tasks for security teams to support working from home](../../security/top-security-tasks-for-remote-work.md) (article)
-
-[What's new in Microsoft 365](https://support.microsoft.com/office/what-s-new-in-microsoft-365-95c8d81d-08ba-42c1-914f-bca4603e1426) (article)
--
admin Message Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md
For an overview of Message center, see [Message center in Microsoft 365](message
## Related content [Set up the Standard or Targeted release options](../manage/release-options-in-office-365.md) (article)\
-[Manage which Office features appear in What's New](../manage/show-hide-new-features.md) (article)\
[Business subscriptions and billing documentation](../../commerce/index.yml) (link page)
admin Show Hide New Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/show-hide-new-features.md
- Title: "Manage which Office features appear in What's New"-- NOCSH-------- M365-subscription-management-- Adm_O365-- Adm_TOC--- AdminSurgePortfolio-- admindeeplinkMAC-- BCS160-- MET150-- MOE150
-description: "Decide which Office features to show or hide when a user chooses Help > What's New in their Office app on Windows by using the 'What's new in Office' feature in the Microsoft 365 admin center."
--
-# Manage which Office features appear in What's New
-
-When an important Office feature is released, users will get a message about it when they choose **Help** \> **What's New** in their Office app on Windows.
-
-You can control which of these feature messages your users are shown by using the **What's new in Office** feature in the Microsoft 365 admin center. If you decide to hide a feature message to your users, you can always come back later and decide to show it to them.
-
-> [!NOTE]
->
-> - Hiding a feature message from your users doesn't disable the feature in the Office app.
-> - You must be assigned either the Global admin role or the Office apps admin role to use the **What's new in Office** feature.
-
-## Show or hide new features
-
-1. In the Microsoft 365 admin center, under **Settings**, choose **Org settings**, select the <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Services** tab</a>, and then select **What's new in Office**.
-1. When you click on the feature name, a fly-out panel appears with the following information:
- - A short description of the feature.
- - A link to an article to learn more about the feature.
- - The Office applications that the feature appears in.
- - The first version (release) that the feature is available in for that channel.
-1. Choose **Hide from users**. Or, if you previously hid the feature, choose **Show to users**.
-
-You can also select multiple features on the **Manage which Office features appear in What's New** page, and then choose either **Hide** or **Show**.
-
-> [!NOTE]
->
-> - If a feature is available in multiple Office apps, setting the feature to **Hidden** hides the feature message in all of those Office apps.
-> - All feature messages are shown to users by default. This is the default status for all features, and the status only changes if you have chosen to hide or show a feature message.
-> - You can also get to the **What's new in Office** feature from the Microsoft 365 Apps admin center (<https://config.office.com>). The feature is found under **Customization** > **What's New Management**.
-
-## List of features
-
-You can filter which features appear on the **Manage which Office features appear in What's New** page. You can filter by channel, application, or status, or by some combination of them.
-
-New features appear on the page based on the following schedule:
-
-<br>
-
-****
-
-|Channel|Date|Take action|
-||||
-|**Current**|15th of the month|1 - 3 weeks before the monthly release|
-|**Monthly Enterprise**|First of the month|Two weeks before the major release that brings new features|
-|**Semi-Annual Enterprise (Preview)**|Sept 1 and March 1| 2 weeks before the major release that brings new features|
-|**Semi-Annual Enterprise**|Jan 1 and July 1| 2 weeks before the major release that brings new features|
-|
-
-For more information about when new versions are released to each update channel, see [Update history for Microsoft 365 Apps (listed by date)](/officeupdates/update-history-microsoft365-apps-by-date).
-
-## Add the "What's new in Office" card to the admin center home page
-
-1. On the Microsoft 365 admin page, choose **Add card** on top of the page
-2. Locate **Manage which Office features appear in What's New** in the list and choose it.
-3. Once the card is on your home page, you can choose **What's new in Office** to [show or hide the features](#show-or-hide-new-features) for your organization.
-
-## Related articles
-
-[Office What's New management is now generally available](https://techcommunity.microsoft.com/t5/microsoft-365-blog/office-what-s-new-management-is-now-generally-available/ba-p/1179954)
admin Power Bi In Your Organization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/power-bi-in-your-organization.md
- Title: "Power BI in your organization"-- NOCSH-------- Adm_O365-- Adm_NonTOC--- MET150-- PWB150-
-description: "Learn about Power BI and how users in your organization can use this business analytics service."
--
-# Using Power BI data in your organization
-
-This page describes how users in your organization can use Power BI and how you can control how your organization acquires this service.
-
-## What is Power BI?
-
-Microsoft Power BI enables users to visualize data, share discoveries, and collaborate in intuitive new ways. To learn more, see the [Power BI Web site](https://powerbi.microsoft.com/en-us/).
-
-## Does Power BI meet national, regional, and industry-specific compliance requirements?
-
-To learn more about Power BI compliance, see the [Microsoft Trust Center](https://go.microsoft.com/fwlink/?LinkId=785324).
-
-## How do users sign up for Power BI?
-
-As an administrator, you can sign up for Power BI through the [Power BI web site](https://powerbi.microsoft.com/en-us/). You can also sign up through the purchase services page on the Microsoft 365 admin center. When an administrator signs up for Power BI, they can assign user subscription licenses to users who should have access.
-
-Additionally, individual users in your organization may be able to sign up for Power BI through the [Power BI web site](https://powerbi.microsoft.com/en-us/). When a user in your organization signs up for Power BI, that user is assigned a Power BI license automatically.
-
-## How do individual users in my organization sign up?
-
-There are three scenarios that might apply to users in your organization:
-
-### Scenario 1: Your organization already has an existing Microsoft 365 environment and the user signing up for Power BI already has a Microsoft 365 account.
-
-In this scenario, if a user already has a work or school account in the tenant (for example, contoso.com) but does not yet have Power BI, Microsoft will simply activate the plan for that account, and the user will automatically be notified of how to use the Power BI service.
-
-### Scenario 2: Your organization has an existing Microsoft 365 environment and the user signing up for Power BI doesn't have a Microsoft 365 account.
-
-In this scenario, the user has an email address in your organization's domain (for example, contoso.com) but does not yet have a Microsoft 365 account. In this case, the user can sign up for Power BI and will automatically be given an account. This lets the user access the Power BI service. For example, if an employee named Nancy uses her work email address (for example, Nancy@contoso.com) to sign up, Microsoft will automatically add Nancy as a user in the Contoso Microsoft 365 environment and activate Power BI for that account.
-
-### Scenario 3: Your organization does not have a Microsoft 365 environment connected to your email domain.
-
-There are no administrative actions your organization needs to take advantage of Power BI.
-
-> [!IMPORTANT]
-> If your organization has multiple email domains and you prefer all email address extensions to be in the same tenant, before any users create your primary tenant, add all email address domains to that tenant before any users create your primary tenant. There is no automated mechanism to move users across tenants after they have been created. For more information on this process, see [If I have multiple domains, can I control the tenant that users are added to?](#if-i-have-multiple-domains-can-i-control-the-tenant-that-users-are-added-to) later in this article and [Add a domain to Office 365](../setup/add-domain.md) online.
-
-## How will this change the way I manage identities for users in my organization today?
-
-If your organization already has an existing Microsoft 365 environment and all users in your organization have Microsoft 365 accounts, identity management will not change.
-
-If your organization already has an existing Microsoft 365 environment but not all users in your organization have Microsoft 365 accounts, we will create a user in the tenant and assign licenses based on the user's work or school email address. This means that the number of users you are managing at any particular time will grow as users in your organization sign up for the service.
-
-If you are managing your directory on-premises, and use Active Directory Federation Services (AD FS), Microsoft will not add users to your tenant, and users attempting to join your tenant will receive a message to contact their organization's admin.
-
-If your organization does not have a Microsoft 365 environment connected to your email domain, there will be no change in how you manage identity. Users will be added to a new, cloud-only user directory, and you will have the option to elect to take over as the tenant admin and manage them.
-
-## What is the process to manage a tenant created by Microsoft for my users?
-
-If a tenant was created by Microsoft, you can claim and manage that tenant by following these steps:
-
-1. Join the tenant by [signing up for Power BI](https://go.microsoft.com/fwlink/?LinkId=522448) using an email address domain that matches the tenant domain you want to manage. For example, if Microsoft created the contoso.com tenant, you will need to join the tenant with an email address ending with @contoso.com.
-
-1. Claim admin control by verifying domain ownership: once you are in the tenant, you can promote yourself to the admin role by verifying domain ownership. To do so, follow these steps:
--
-3. Go to <a href="https://admin.microsoft.com" target="_blank">https://admin.microsoft.com</a>.
---
-3. Go to <a href="https://portal.partner.microsoftonline.cn" target="_blank">https://portal.partner.microsoftonline.cn</a>.
--
-4. Select the app launcher icon in the upper-left and choose **Admin**.
-
- ![App launcher with the Admin app highlighted.](../../media/4eea9dbc-591b-48be-9916-322d41c6525b.png)
-
-5. Read the instructions on the **Become the admin** page and then select **Yes, I want to be the admin**.
-
- > [!NOTE]
- > If this option doesn't appear, there is already an administrator in place.
-
-## If I have multiple domains, can I control the tenant that users are added to?
-
-If you do nothing, a tenant will be created for each user email domain and subdomain.
-
-If you want all users to be in the same tenant regardless of their email address extensions:
-
-- Create a target tenant ahead of time or use an existing tenant, and add all the existing domains and subdomains that you want consolidated within that tenant. Then all the users with email addresses ending in those domains and subdomains will automatically join the target tenant when they sign up.-
-> [!IMPORTANT]
-> There is no supported automated mechanism to move users across tenants once they have been created. To learn about adding domains to a single Microsoft 365 tenant, see [Add a domain to Office 365](../setup/add-domain.md).
-
-> [!IMPORTANT]
-> For more information and guidance on managing tenants, see [What is Power BI administration?](/power-bi/service-admin-administering-power-bi-in-your-organization).
-
-## How can I prevent users from joining my existing tenant?
-
-There are steps you can take as an admin to prevent users from joining your existing tenant. If you block users from joining the tenant, users' attempts to sign in will fail and they will be directed to contact their organization's admin. You do not need to repeat this process if you have already disabled automatic license distribution before (for example, Office 365 Education for Students, Faculty, and Staff).
-
-These steps require the use of Windows PowerShell. To get started with Windows PowerShell, see the [PowerShell getting started guide](/powershell/scripting/overview).
-
-To perform the following steps, you must install the latest 64-bit version of the [Azure Active Directory V2 PowerShell Module](https://www.powershellgallery.com/packages/AzureADPreview/2.0.2.5).
-
-After you select the link, select **Run** to run the installer package.
-
-**Disable automatic tenant join**: Use this Windows PowerShell command to prevent new users from joining a managed tenant:
-
-To disable automatic tenant join for new users: `Set-MsolCompanySettings -AllowEmailVerifiedUsers $false`
-
-To enable automatic tenant join for new users: `Set-MsolCompanySettings -AllowEmailVerifiedUsers $true`
-
-> [!NOTE]
-> This blocking prevents new users in your organization from signing up for Power BI. Users that sign up for Power BI prior to disabling new signups for your organization will still retain their licenses. See the [How do I remove Power BI for users that already signed up?](#how-do-i-remove-power-bi-for-users-that-already-signed-up) for instructions on how you can remove access to Power BI for users that had previously signed up for the service.
-
-## How can I allow users to join my existing tenant?
-
-To allow users to join your tenant, run the opposite command as described in the question above: `Set-MsolCompanySettings -AllowEmailVerifiedUsers $true`
-
-## How do I verify if I have the block on in the tenant?
-
-Use the following PowerShell script: `Get-MsolCompanyInformation | fl allow*`
-
-## How can I prevent my existing users from starting to use Power BI?
-
-**Disable automatic license distribution:** Use this Windows PowerShell script to disable automatic license distributions for existing users. You do not need to repeat this process if you have already disabled automatic license distribution before (for example, Office 365 Education for Students, Faculty, and Staff).
-
-To disable automatic license distribution for existing users: `Set-MsolCompanySettings -AllowAdHocSubscriptions $false`
-
-To enable automatic license distribution for existing users: `Set-MsolCompanySettings -AllowAdHocSubscriptions $true`
-
-> [!NOTE]
-> The *AllowAdHocSubscriptions* flag is used to control several user capabilities in your organization, including the ability for users to sign up for the Azure Rights Management Service. Changing this flag will affect all of these capabilities.
-
-## How can I allow my existing users to sign up for Power BI?
-
-To allow your existing users to sign up for Power BI, run the opposite command as described in the question above: `Set-MsolCompanySettings -AllowAdHocSubscriptions $true`
-
-## How do I remove Power BI for users that already signed up?
-
-If a user signed up for Power BI, but you no longer want them to have access to Power BI, you can remove the Power BI license for that user.
-
-
-1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">Active users</a> page.
---
- 1. In the admin center, go to the **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=850628" target="_blank">Active users</a> page.
--
-2. Find the user you want to remove the license for, then select their name.
-
-3. On the **Licenses and Apps** tab, clear the **Microsoft Power BI** check box.
-
-4. Select **Save changes**.
-
-## How do I know when new users have joined my tenant?
-
-Users who have joined your tenant as part of this program are assigned a unique license that you can filter on within your active user pane in the admin dashboard.
-
-To create this new view, in the admin center, follow the steps to in [Create a custom user view](../add-users/create-edit-or-delete-a-custom-user-view.md#create-a-custom-user-view). Under **Assigned product license**, select **Microsoft Power BI**. After the new view has been created, you will be able to see all the users in your tenant who have enrolled in this program.
-
-## Are there any additional things I should be prepared for?
-
-You might experience an increase in password reset requests. For information about this process, see [Reset a user's password](../add-users/reset-passwords.md).
-
-You can remove a user from your tenant via the standard process in the admin center. However, if the user still has an active email address from your organization, they will be able to rejoin unless you block all users from joining.
-
-## Why did 1 million licenses for Microsoft Power BI show up in my tenant?
-
-As a qualifying organization, users in your organization are eligible to use the Microsoft Power BI service and these licenses represent the available capacity for new Power BI users in your tenant. There is no charge for these licenses. If you've chosen to allow users to sign up for Power BI themselves, they will be assigned one of these available free licenses when they complete the sign up process. You can also choose to assign these licenses to users yourself through the admin center.
-
-## Is this free? Will I be charged for these licenses?
-
-These licenses are for the free version of Power BI. If you're interested in additional capabilities, take a look at the Power BI Pro version.
-
-## Why 1 million licenses?
-
-We chose a number that was large enough that the majority of organizations would have ample licenses to provide this benefit without delay to their users.
-
-## What if I need more than 1 million licenses?
-
-Contact your Microsoft account representative for more information if you will need to acquire additional licenses.
admin Self Service Sign Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/self-service-sign-up.md
Following are the currently available self-service programs. This list will be u
|:--|:--|:--|:--| |****Office 365 A1**** <br/> |Any student or teacher can use a school email address to sign up for free Office 365 and get Office apps for the web, 1 TB of OneDrive cloud storage and SharePoint Online for class, team and project sites. <br/> |[Office 365 Education Technical FAQ](/microsoft-365/education/deploy/office-365-education-self-sign-up) <br/> |[Office 365 Education](https://go.microsoft.com/fwlink/p/?linkid=140841) <br/> | |**Office 365 A1 Plus** <br/> |Eligible students and teachers can sign up for Office 365 A1 Plus, which includes everything mentioned above plus Microsoft 365 Apps for enterprise. Microsoft 365 Apps for enterprise is productivity software, including Word, PowerPoint, Excel, Outlook, OneNote, Publisher, Access, and Skype for Business, that is installed on your desktop or laptop computer. <br/> |[Office 365 Education Technical FAQ](/microsoft-365/education/deploy/office-365-education-self-sign-up) <br/> |[Office 365 Education](https://go.microsoft.com/fwlink/p/?linkid=140841) <br/> |
-|**Power BI** <br/> |Power BI enables users to visualize data, share discoveries, and collaborate in intuitive new ways. <br/> If your organization already subscribes you may additionally see licenses for "Power BI Pro Individual User Trial," which offer users limited, free access to advanced capabilities. <br/> |[Power BI in your organization](./power-bi-in-your-organization.md) <br/> |[Microsoft Power BI](https://go.microsoft.com/fwlink/p/?LinkId=536629) <br/> |
+|**Power BI** <br/> |Power BI enables users to visualize data, share discoveries, and collaborate in intuitive new ways. <br/> If your organization already subscribes you may additionally see licenses for "Power BI Pro Individual User Trial," which offer users limited, free access to advanced capabilities. <br/> |[Power BI in your organization](/power-bi/enterprise/service-admin-org-subscription) <br/> |[Microsoft Power BI](https://go.microsoft.com/fwlink/p/?LinkId=536629) <br/> |
|**Rights Management Services (RMS)** <br/> |RMS for individuals is a free self-service subscription for users in an organization who have been sent sensitive files that have been protected by Azure Rights Management (Azure RMS), but their IT department has not implemented Azure Rights Management (Azure RMS), or Active Directory Rights Management Services (AD RMS). <br/> |[RMS for Individuals and Azure Rights Management](/azure/information-protection/rms-for-individuals) <br/> |[Microsoft Rights Management portal](https://portal.azure.com/) so you can check whether you can open a given rights-protected document. <br/> | |**Microsoft Power Apps** <br/> |In Power Apps, you can manage organizational data by running an app that you created or that someone else created and shared with you. Apps run on mobile devices such as phones, or you can run them in a browser by opening Dynamics 365. You can create an infinite variety of apps - all without learning a programming language such as C#. <br/> |[Self-service sign up for Power Apps](/powerapps/maker/signup-for-powerapps) <br/> |[Microsoft Power Apps](https://go.microsoft.com/fwlink/p/?linkid=841462) <br/> | |**Dynamics 365 for Financials** <br/> |Get a complete business and financial management solution for small and medium-sized businesses. Dynamics 365 for Financials makes ordering, selling, invoicing, and reporting easierΓÇöstarting on day one. <br/> |[Microsoft Dynamics 365 for Financials](https://go.microsoft.com/fwlink/p/?linkid=841466) <br/> |[Microsoft Dynamics 365 for Financials](https://go.microsoft.com/fwlink/p/?linkid=841466) <br/> |
admin Set Up Outlook To Read Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/set-up-outlook-to-read-email.md
- Title: "Set up Outlook to read email"-- NOCSH-------- VSBFY23-- Core_O365Admin_Migration-- GSTips-- MiniMaven-- AdminSurgePortfolio-- BCS160-- MET150-- MOE150
-description: "Learn how to set up an email account in Outlook for both Windows and Mac, and about installing Office apps and accessing emails online."
--
-# Set up Outlook to read email
-
-Your Microsoft 365 subscription comes with a web-based Outlook, but if your subscription includes Office client apps, you will also get Outlook you can install on your personal computer or devices.
-
-## Set up an email account in Outlook
-
-The first time you open Outlook, an Auto Account Wizard opens. If not, choose **File** then **Add Account**.
-
-1. On the **E-mail Accounts** page, choose **Next** \> **Add Account**.
-
-2. On the **Auto Account Setup** page, enter your name, email address, and password, and then choose **Next** \> **Finish**.
-
-Read [full article](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b).
-
-## How do I install the Office apps, including Outlook?
-
-1. Go to [admin.microsoft.com/OLS/MySoftware](https://admin.microsoft.com/OLS/MySoftware.aspx).
-
-2. Sign in with your work or school account.
-
-3. On Manage installs, select **Install**.
-
-## Set up an email account in Outlook 2016 for Mac
-
-The first time you open Outlook app, Set up my Inbox wizard opens. In the wizard:
-
-1. On the **Set up my Inbox** page, select **Add Account**.
-
-2. On the **Accounts** page, select **Exchange or Office 365**.
-
-3. On the **Enter your Exchange account information** page, enter your name, email address, and password, and then select **Add Account**.
-
-Read [full article](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6-c84ef146101b#PickTab=Outlook_for_Mac).
-
-## How do I access my mail online?
-
-After you sign in to Microsoft 365, select **Outlook**.
-
-![The Microsoft 365 home page with the Outlook app highlighted.](../../media/3ceee838-9d85-4af3-95a6-fbcee11036f4.png)
-
-Can't find the app you're looking for? From the app launcher, select **All apps** to see an alphabetical list of the Microsoft 365 apps available to you. From there, you can search for a specific app.
-
-## How do I know if my subscription includes Office apps?
-
-Microsoft 365 Business Standard and Microsoft 365 Apps for business include Office apps. For details see [Microsoft 365 for business plans](https://go.microsoft.com/fwlink/p/?LinkId=723731), or [Office 365 Enterprise plans](https://go.microsoft.com/fwlink/p/?LinkId=800029).
-
-## How do I determine what subscription I have?
-
-To determine your subscription, see [What subscription do I have?](../admin-overview/what-subscription-do-i-have.md)
-
-
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
Your Microsoft 365 environment includes protection against malware. You can incr
- Using [pre-set policies for Microsoft Office 365](../../../microsoft-365/security/office-365-security/preset-security-policies.md). - Blocking attachments with certain file types.-- Using antivirus/anti-malware protection on your devices, especially Microsoft Defender for Business. It includes features such as [automated investigative reporting](../../security/office-365-security/air-view-investigation-results.md) (AIR) and the Threat and Vulnerability Management (TVM) Dashboard. When Microsoft Defender for Business is not your primary anti-virus software, you can still run it in passive mode and use [endpoint protection and response (EDR)](../../security/defender-endpoint/overview-endpoint-detection-response.md), especially in [block mode](../../security/defender-endpoint/edr-in-block-mode.md) where it works behind the scenes to remediate malicious artifacts that were detected by EDR's capabilities, and missed by the primary virus detector software.
+- Using antivirus/anti-malware protection on your devices, especially Microsoft Defender for Business. It includes features such as [automated investigative reporting](../../security/office-365-security/air-view-investigation-results.md) (AIR) and the Microsoft Defender Vulnerability Management (MDVM) Dashboard. When Microsoft Defender for Business is not your primary anti-virus software, you can still run it in passive mode and use [endpoint protection and response (EDR)](../../security/defender-endpoint/overview-endpoint-detection-response.md), especially in [block mode](../../security/defender-endpoint/edr-in-block-mode.md) where it works behind the scenes to remediate malicious artifacts that were detected by EDR's capabilities, and missed by the primary virus detector software.
### Block attachments with certain file types
admin Security Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-guide.md
- Title: "Security guide for small businesses"-- NOCSH-------- SMB_SuccessCenter-- seo-marvel-mar-- AdminSurgePortfolio-- MET150-- MOE150
-description: "Learn about security threats your business faces and easy ways you and your employees can protect your data, accounts, and devices."
--
-# Security info graphic for small businesses
-
-**Summary:** Learn the basic terms for the threats your business faces and what you can do to protect your data, accounts, and devices. As an admin for Microsoft 365 for business, take action to make your business more secure, and help every employee learn how to keep your business data and devices safe.
-
-The links for PowerPoint and PDF below can be downloaded and printed in tabloid format (also known as ledger, 11 x 17, or A3).
-
-![Image for secure your small business info graphic.](../media/smbthreatprotectioninfographic-thumbnail.png)
-
-[PDF](downloads/smbthreatprotection-infographic.pdf) | [PowerPoint](downloads/smbthreatprotection-infographic.pptx)
business-premium M365bp Add Autopilot Devices And Profile https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-add-autopilot-devices-and-profile.md
For more information, see [Device list CSV-file](../admin/misc/device-list.md).
## Related content -- [About Autopilot Profile settings](../business-premium/m365bp-Autopilot-profile-settings.md) (article)\-- [Options for protecting your devices and app data](../admin/devices/choose-device-security.md) (article)-- [Best practices for securing Microsoft 365 for business plans](../admin/security-and-compliance/secure-your-business-data.md)
+[About Autopilot Profile settings](../business-premium/m365bp-Autopilot-profile-settings.md) (article)\
+[Options for protecting your devices and app data](../admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md) (article)\
+[Best practices for securing Microsoft 365 for business plans](../admin/security-and-compliance/secure-your-business-data.md)
commerce Back Up Data Before Switching Plans https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/back-up-data-before-switching-plans.md
- Title: "Back up data before changing plans"-- NOCSH--------- M365-subscription-management -- Adm_O365--- commerce_subscriptions-- AdminSurgePortfolio-- BCS160-- MET150-- MOE150-- BEA160
-description: "Backup Outlook, OneDrive, Yammer, and SharePoint content before changing Microsoft 365 plans."
Previously updated : 03/17/2021--
-# Back up data before switching Microsoft 365 for business plans
-
-If a user will be switched to another subscription that has fewer data-related services or a user leaves the organization, a copy of their data that's stored in Microsoft 365 can be downloaded before they are switched to the new subscription.
-
-If you're moving a user to a subscription that has the same or more services, you don't need to back up user data. See [Move users to a different subscription](./move-users-different-subscription.md).
-
-## Save a copy of Outlook information
-
-If users have Outlook, they can [export or backup email, contacts, and calendar to an Outlook .pst file](https://support.microsoft.com/office/14252b52-3075-4e9b-be4e-ff9ef1068f91) before their plan is switched.
-
-After the switch to the new plan is finished, users can [Import email, contacts, and calendar from an Outlook .pst file](https://support.microsoft.com/office/431a8e9a-f99f-4d5f-ae48-ded54b3440ac).
-
-## Save files stored in OneDrive for Business
-
-Before being switched to a different subscription, users can [download files and folders from OneDrive or SharePoint](https://support.microsoft.com/office/5c7397b7-19c7-4893-84fe-d02e8fa5df05) to a different location, such as a folder on their computer's hard drive, or a file share on the organization's network.
-
-## Save Yammer information
-
-Admins can export all messages, notes, files, topics, users, and groups to a .zip file. For more information, see [Export data from Yammer Enterprise](/yammer/manage-security-and-compliance/export-yammer-enterprise-data). Developers can use the [Yammer API](https://go.microsoft.com/fwlink/p/?linkid=842495) to do this, as well.
-
-## How to save SharePoint information
-
-If a user is switched from a subscription that has SharePoint Online to one that doesn't have it, the **SharePoint** tile will no longer appear in their Microsoft 365 menu.
-
-However, as long as the new subscription is within the same organization as the one they are switched from, users will still be able to access the SharePoint team site. They can view and update notebooks, documents, tasks, and calendars by using the direct URL to the team site.
-
-> [!TIP]
-> We recommend that users go to the team site before their subscription is switched and save the URL as a favorite or bookmark in their browser.
-
-By default, the URL of the team website is in this form:
-
-```html
-https://<orgDomain>/_layouts/15/start.aspx#/SitePages/Home.aspx
-```
-
-where _\<orgDomain\>_ is the organization's URL.
-
-For example, if the domain of the organization is contoso.onmicrosoft.com, then the direct URL to the team site would be `https://contoso.onmicrosoft.com/_layouts/15/start.aspx#/SitePages/Home.aspx`.
-
-Of course, users can also download SharePoint Online documents from the SharePoint team site to their local computer or to another location at any time.
commerce Change Plans Manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/change-plans-manually.md
The best way to change all your users from one plan to another is to [use the Up
To continue with a manual change, read [Step 2: Buy a new subscription](#step-2-buy-a-new-subscription) in this topic. > [!IMPORTANT]
-> If you are changing to a plan with fewer data-related services than your current plan (downgrading), you need to manually back up any data you wish to keep. For more information, see [Back up data before changing plans](back-up-data-before-switching-plans.md).
+> If you are changing to a plan with fewer data-related services than your current plan (downgrading), you need to manually back up any data you wish to keep. For more information, see [Back up data before changing plans](move-users-different-subscription.md).
## Step 2: Buy a new subscription
commerce Move Users Different Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/move-users-different-subscription.md
You must be a Global, License, or User admin to assign licenses. For more inform
5. At the bottom, select **Save Changes** \> **Close**.
+## Back up data before switching Microsoft 365 for business plans
+
+If a user will be switched to another subscription that has fewer data-related services or a user leaves the organization, you can download a copy of their data stored in Microsoft 365 before they are switched to the new subscription.
+
+If you're moving a user to a subscription that has the same or more services, you don't need to back up user data.
+
+### Save a copy of Outlook information
+
+If users have Outlook, they can [export or backup email, contacts, and calendar to an Outlook .pst file](https://support.microsoft.com/office/14252b52-3075-4e9b-be4e-ff9ef1068f91) before their plan is switched.
+
+After the switch to the new plan is finished, users can [Import email, contacts, and calendar from an Outlook .pst file](https://support.microsoft.com/office/431a8e9a-f99f-4d5f-ae48-ded54b3440ac).
+
+### Save files stored in OneDrive for Business
+
+Before being switched to a different subscription, users can [download files and folders from OneDrive or SharePoint](https://support.microsoft.com/office/5c7397b7-19c7-4893-84fe-d02e8fa5df05) to a different location, such as a folder on their computer's hard drive, or a file share on the organization's network.
+
+### Save Yammer information
+
+Admins can export all messages, notes, files, topics, users, and groups to a .zip file. For more information, see [Export data from Yammer Enterprise](/yammer/manage-security-and-compliance/export-yammer-enterprise-data). Developers can use the [Yammer API](https://go.microsoft.com/fwlink/p/?linkid=842495) to do this, as well.
+
+### How to save SharePoint information
+
+If a user is switched from a subscription that has SharePoint Online to one that doesn't have it, the **SharePoint** tile no longer appears in their Microsoft 365 menu.
+
+However, as long as the new subscription is within the same organization as the one they are switched from, users can still access the SharePoint team site. They can view and update notebooks, documents, tasks, and calendars by using the direct URL to the team site.
+
+> [!TIP]
+> We recommend that users go to the team site before their subscription is switched and save the URL as a favorite or bookmark in their browser.
+
+By default, the URL of the team website is in this form:
+
+```html
+https://<orgDomain>/_layouts/15/start.aspx#/SitePages/Home.aspx
+```
+
+where _\<orgDomain\>_ is the organization's URL.
+
+For example, if the domain of the organization is contoso.onmicrosoft.com, then the direct URL to the team site would be `https://contoso.onmicrosoft.com/_layouts/15/start.aspx#/SitePages/Home.aspx`.
+
+Of course, users can also download SharePoint Online documents from the SharePoint team site to their local computer or to another location at any time.
+ ## Next steps If youΓÇÖre not going to [reassign the unused licenses to other users](../../managed-desktop/get-started/assign-licenses.md), consider [removing the licenses from your subscription](../../commerce/licenses/buy-licenses.md) so that youΓÇÖre not paying for more licenses than you need.
commerce Upgrade To Different Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-to-different-plan.md
The day your plan upgrade is complete, the billing on your old subscription will
## Related content [Change plans manually](change-plans-manually.md) (article)\
-[Back up data before switching Microsoft 365 for business plans](back-up-data-before-switching-plans.md) (article)
+[Back up data before switching Microsoft 365 for business plans](move-users-different-subscription.md) (article)
commerce What If My Subscription Expires https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires.md
The following table explains what you can expect when a paid Microsoft 365 for b
## What happens if I cancel a subscription?
-If you cancel your subscription before its term end date, the subscription skips the Expired stage and moves directly into the Disabled stage, which is 90 days for most subscriptions, in most countries and regions. We recommend that you [back up your data](back-up-data-before-switching-plans.md) before canceling, but as an admin, you can still access and back up data for your organization while it is in the Disabled stage. Any customer data that you leave behind may be deleted after 90 days, and will be deleted no later than 180 days after cancellation.
+If you cancel your subscription before its term end date, the subscription skips the Expired stage and moves directly into the Disabled stage, which is 90 days for most subscriptions, in most countries and regions. We recommend that you [back up your data](move-users-different-subscription.md) before canceling, but as an admin, you can still access and back up data for your organization while it is in the Disabled stage. Any customer data that you leave behind may be deleted after 90 days, and will be deleted no later than 180 days after cancellation.
Here's what to expect for you and your users if you cancel a subscription.
Here's what you can expect when your subscription is in each state.
In this state, users have normal access to the Microsoft 365 portal, Office applications, and services such as email and SharePoint Online.
-As an admin, you still have access to the admin center. Don't worryΓÇöglobal or billing admins can [reactivate the subscription](reactivate-your-subscription.md) and continue using Microsoft 365. If you don't reactivate, [back up your data](back-up-data-before-switching-plans.md).
+As an admin, you still have access to the admin center. Don't worryΓÇöglobal or billing admins can [reactivate the subscription](reactivate-your-subscription.md) and continue using Microsoft 365. If you don't reactivate, [back up your data](move-users-different-subscription.md).
### State: Disabled
As an admin, you still have access to the admin center. Don't worryΓÇöglobal or
In this state, your access decreases significantly. Your users can't sign in, or access services like email or SharePoint Online. Office applications eventually move into a read-only, reduced functionality mode and display [Unlicensed Product notifications](https://support.microsoft.com/office/0d23d3c0-c19c-4b2f-9845-5344fedc4380). You can still sign in and get to the admin center, but can't assign licenses to users. Your customer data, including all user data, email, and files on team sites, is available only to you and other admins.
-As a global or billing admin, you can [reactivate the subscription](reactivate-your-subscription.md) and continue using Microsoft 365 with all of your customer data intact. If you choose not to reactivate, [back up your data](back-up-data-before-switching-plans.md).
+As a global or billing admin, you can [reactivate the subscription](reactivate-your-subscription.md) and continue using Microsoft 365 with all of your customer data intact. If you choose not to reactivate, [back up your data](move-users-different-subscription.md).
### State: Deleted
compliance Apply Retention Labels Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md
When you create an auto-apply policy, you select a retention label to automatica
- **Solutions** \> **Records management** \> **Label policies** tab \> **Auto-apply a label** - If you are using data lifecycle management:
- - **Solutions** \> **Data lifecycle management** \> **Label policies** tab \> **Auto-apply a label**
+ - **Solutions** \> **Data lifecycle management** \> **Microsoft 365** \> **Label policies** tab \> **Auto-apply a label**
Don't immediately see your solution in the navigation pane? First select **Show all**.
compliance Autoexpanding Archiving https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/autoexpanding-archiving.md
To access messages that are stored in an auto-expanded archive, users have to us
- Outlook 2016 or Outlook 2019 for Windows -- Outlook on the web
+- Outlook on the web when the primary mailbox is in Exchange Online rather than on-premises
- Outlook 2016 or Outlook 2019 for Mac
Here are some things to consider when using Outlook or Outlook on the web to acc
- You can delete items in an auto-expanded storage area. However, you can't use the Recover Deleted Items feature to recover an item after auto-expanding archiving is enabled for a mailbox. -- Search for auto-expanded archiving is available in Outlook for the web (OWA). Similar to Online Archive, you can search for items that were moved to an additional storage area. When archive is selected as the search scope in OWA, all archives (including auto-expanded archives) and their corresponding subfolders will be searched. Note that search is not supported for the auto-expanded archive feature in a cloud-only archive situation (primary mailbox still on-premises).
+- Search for auto-expanded archiving is available in Outlook for the web (OWA). Similar to Online Archive, you can search for items that were moved to an additional storage area. When archive is selected as the search scope in OWA, all archives (including auto-expanded archives) and their corresponding subfolders will be searched.
- Auto-expanded archive search is available in Outlook for Windows in Monthly Enterprise Channel. With this update the Current Mailbox scope is available, thus allowing you to search the auto-expanded archive. Note that search is not supported for the auto-expanded archive feature in a cloud-only archive situation (primary mailbox still on-premises). For more information about this and other Microsoft Search support features, see [How Outlook for Windows connected to Exchange Online utilizes Microsoft Search](https://techcommunity.microsoft.com/t5/outlook-global-customer-service/how-outlook-for-windows-connected-to-exchange-online-utilizes/ba-p/1715045).
compliance Compliance Manager Improvement Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-improvement-actions.md
The **standards and regulations** section provides a searchable and filterable l
## Perform work and store documentation
-You can upload files and notes related to implementation and testing work directly to the **Documents** section. This environment is a secure, centralized repository to help you demonstrate satisfaction of controls to meet compliance standards and regulations. Any user with read-only access can read content in this section. Only users with editing rights can upload and download files.
+You can upload evidence in the form of files and links related to implementation and testing work directly to the **Documents** section. This environment is a secure, centralized repository to help you demonstrate satisfaction of controls to meet compliance standards and regulations. Any user with read-only access can read content in this section. Only users with editing rights can upload and download files.
-#### Uploaded documents
+#### Upload evidence
-- Select **Manage documents** to upload any relevant files.-- When the manage documents flyout pane opens, select **Add document**, then select your file from your system. Accepted file types:
+- From the improvement action's details page, go to the **Documents** tab and select **Add evidence**.
+- On the **Add evidence** flyout pane, choose whether to add a **Document** or **Link**. The accepted file types for **Document** are:
- Documents (.doc, .xls, .ppt, .txt, .pdf) - Images (.jpg, .png) - Video (.mkv) - Compressed files (.zip, .rar)-- Once your file resolves in the pane select **Close**, which automatically saves the file attachment. You'll then see the file listed underneath **Uploaded documents**.-- To download or delete the document, select **Manage documents** from underneath the list of documents. On the flyout pane, select the document row to highlight it, then select **Download** or **Delete**.
+- Browse to select the file you want to upload. If uploading a link, enter a name for the link and its URL. When done, select **Add**. Your item will now display in the **Documents** tab.
+
+To delete evidence files or links, select the action menu (the three dots) to the right of the item's name and select **Delete**. Confirm the deletion when prompted.
## Assign improvement action to assessor for completion
You can set up alerts to notify you immediately when certain changes to improvem
## Export a report
-Select **Export** in the upper-left corner of your screen to download an Excel worksheet containing all your improvement actions and the filter categories shown on the improvement actions page.
+Select **Export** in the upper left corner of your screen to download an Excel worksheet containing all your improvement actions and the filter categories shown on the improvement actions page.
+
+The exported Excel file is also what you use to update multiple improvement actions at once. Get details about how to edit the export file to [update multiple improvement actions](compliance-manager-update-actions.md).
compliance Compliance Manager Update Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-update-actions.md
+
+ Title: "Update improvement actions and bring compliance data into Microsoft Purview Compliance Manager"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+ms.localizationpriority: medium
+
+- M365-security-compliance
+- m365solution-compliancemanager
+- m365initiative-compliance
+search.appverid:
+- MOE150
+- MET150
+description: "Migrate your existing compliance data into Microsoft Purview Compliance Manager using an Excel based upload process."
++
+# Update improvement actions and bring compliance data into Compliance Manager
+
+**In this article:** Learn how to migrate your organization's existing compliance activities into Compliance Manager and update multiple improvement actions at once by uploading a formatted Excel file.
+
+## Overview
+
+Compliance Manager enables organizations to bring their existing compliance activity data and evidence into the Compliance Manager solution. By uploading a specially formatted Excel file, organizations who are new to Compliance Manager can migrate compliance activities completed in other systems into Compliance Manager and quickly start increasing their overall compliance score.
+
+This upload process also gives new and existing Compliance Manager users greater flexibility and ability to update improvement actions on a larger scale. For example, you can:
+
+- [Add test results and evidence](compliance-manager-improvement-actions.md#perform-work-and-store-documentation) to multiple improvement actions that were tested in a system other than Compliance Manager.
+- [Assign improvement actions](compliance-manager-improvement-actions.md#assign-improvement-actions) to various users based on the actions' score potential.
+- Update the [implementation status](compliance-manager-improvement-actions.md#change-implementation-details) or [testing status](compliance-manager-improvement-actions.md#change-test-status) of multiple improvement actions all at one time.
+- Change improvement actions' [testing source](compliance-manager-improvement-actions.md#update-testing-source) from automatic to manual implementation and testing.
+- [Parent the testing source](compliance-manager-improvement-actions.md#parent-testing-source) of multiple actions at one time, so that those actions inherit the implementation and testing status of another action.
+
+## Getting started
+
+To migrate existing data into Compliance Manager or to perform a bulk update of improvement actions, you can start from one of two places in Compliance
+
+- From **Assessments** page: Helps you update specific assessments with information from elsewhere, such as test results or evidence for actions that were tested by a separate system.
+- From **Improvement actions** page: Facilitates updating multiple actions at once, such as assigning them to users, changing implementation or test status, and adding notes and evidence.
+
+To begin the process of migrating data or updating actions, [follow the steps outlined below](#steps-for-updating-actions).
+
+> [!IMPORTANT]
+> - Only the improvement actions managed by your organization, not Microsoft managed actions, can be updated by this process. (Learn more about [types of improvement actions](compliance-score-calculation.md#action-types-and-points).)
+> - Improvement actions must already be associated to an assessment before you can update them through this process. (Learn more about [building and managing assessments](compliance-manager-assessments.md).)
+
+## Migrating your existing work into Compliance Manager
+
+If you're new to Compliance Manager, the steps below illustrate the basic workflow for bringing your existing compliance activities into Compliance
+
+1. **Create an assessment**: Compliance Manager can recommend assessments that may be most relevant to your organization, or you can create one through a guided process. Visit [Create assessments](compliance-manager-assessments.md#create-assessments) for instructions.
+
+2. **Export improvement actions**: You'll export an Excel file containing the action data that you want to update. It may make more sense to start the export from your **Assessments** page, but you can also export from the **Improvement actions** page. See the [steps outlined below](#steps-for-updating-actions).
+
+3. **Update the improvement action Excel file**: Use the instructions on the **How to update actions** tab of the Excel file to add your information.
+
+4. **Upload the Excel file**: Upload your edited Excel file by selecting the **Upload actions** command on the **Assessments** or **Improvement actions** page.
+
+## Updating multiple improvement actions at once
+
+To update the status, evidence, notes, or other data in multiple improvement actions at one time, you'll follow the basic flow outlined below:
+
+1. **Export improvement actions.** Export the improvement actions you want to update, staring either from your **Improvement actions** page or your **Assessments** page. The export is a downloaded Excel file containing improvement action data. See the [steps outlined below](#steps-for-updating-actions).
+
+2. **Update the improvement action Excel file.** Use the instructions on the **How to update actions** tab of the Excel file to add or update the information in the specially formatted Excel file.
+
+3. **Upload the Excel file.** Upload your edited Excel file by selecting the **Upload actions** command on the **Assessments** or **Improvement actions** page.
+
+> [!NOTE]
+> The improvement action update process can't be used to add new improvement actions to Compliance Manager. Adding a new action requires the [creation of a custom assessment template](compliance-manager-templates-create.md), which involves a different type of Excel file with action and control-mapping data. Refer to the [template formatting instructions](compliance-manager-templates-format-excel.md); in particular, the "Actions" tab instructions.
+
+> [!NOTE]
+> If you export the improvement actions from an assessment, the exported Excel file will include control-mapping data for that assessment. However, you won't be able to change the control-mapping data when you edit your Excel file.
+
+## Steps for updating actions
+
+The following steps outline the process for bringing compliance activity data into your assessments and updating improvement actions.
+
+1. In Compliance Manager, begin from either from the **Assessments** page or the **Improvement actions** page.
+
+2. Export the improvement actions that you want to update:
+
+ a. From the **Improvement actions** page: Find the improvement actions you want to update, and select the checkbox to the left of their names. Then select the **Export actions** command above the list of actions.
+
+ b. From the **Assessments** page: Find the assessment or assessments you want to update, and select the checkbox to the left of their names. Then select the **Export actions** command above the list of assessments.
+
+4. An Excel file will download, which contains all the data related to the actions. Open the file and refer to the formatting instructions on the tab labeled **How to update actions.**
+
+5. Edit the information on the **Action Update** tab of the spreadsheet according to the formatting instructions. Then save your updated version of the Excel file to your computer.
+
+6. On your **Assessments** page or **Improvement actions** page, select the **Update actions** command, which will open the improvement actions update wizard.
+
+7. The first page in the wizard lists the main prerequisites: that all improvement actions must be associated to at least one assessment, and that your data needs to be formatted in an Excel file for upload. Check the boxes next to the reminders, then continue the process by selecting **Next**.
+
+8. On the **Import updated improvement actions** page, select **Browse** to locate your updated Excel file from its saved location, then select **Next**. If there are any problems with the format of your file, an error message will give instructions for fixing the problem. Upload your corrected file again, then select **Next**.
+
+9. On the **Review and finish** page, review the summary showing the number of actions that will be updated, their associated assessments, and how they affect your compliance score. From here you can upload a different file, or continue with the upload by selecting **Update actions**.
+
+10. When your file has been successfully uploaded, you'll see a confirmation screen. Select **Finish** to exit the wizard and arrive back at the page where you began the update actions process.
+
+Most of the updates will take effect right away, but it may take up to a day for all the updated information to be fully reflected in Compliance Manager.
+
+> [!NOTE]
+> Control mapping won't be included in the Excel file that's downloaded when you *Export* actions. Control mapping is handled via the process of creating an assessment template using a [differently formatted Excel file for importing template data](compliance-manager-templates-format-excel.md).
compliance Content Search Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/content-search-reference.md
Keep the following things in mind when searching for content in Microsoft Teams
Like other Teams content, where card content is stored is based on where the card was used. Content for cards used in a Teams channel is stored in the Teams group mailbox. Card content for 1:1 and 1xN chats are stored in the mailboxes of the chat participants.
- To search for card content, you can use the `kind:microsoftteams` or `itemclass:IPM.SkypeTeams.Message` search conditions. When reviewing search results, card content generated by bots in a Teams channel have the **Sender/Author** email property as `<appname>@teams.microsoft.com`, where `appname` is the name of the app that generated the card content. If card content was generated by a user, the value of **Sender/Author** identifies the user.
+ To search for card content, you can use the `kind:microsoftteams` or `itemclass:IPM.SkypeTeams.Message` search conditions. When reviewing search results, card content generated by bots in a Teams channel has the **Sender/Author** email property as `<appname>@teams.microsoft.com`, where `appname` is the name of the app that generated the card content. If card content was generated by a user, the value of **Sender/Author** identifies the user.
When viewing card content in Content search results, the content appears as an attachment to the message. The attachment is named `appname.html`, where `appname` is the name of the app that generated the card content. The following screenshots show how card content (for an app named Asana) appears in Teams and in the results of a search.
You can use the **ItemClass** email property or the **Type** search condition to
## Searching inactive mailboxes
-You can search inactive mailboxes in a content search. To get a list of the inactive mailboxes in your organization, run the command `Get-Mailbox -InactiveMailboxOnly` in Exchange Online PowerShell. Alternatively, you can go to **Data lifecycle management** \> **Retention** in the Microsoft Purview compliance portal, and then click **More**![Navigation Bar ellipses.](../media/9723029d-e5cd-4740-b5b1-2806e4f28208.gif) \> **Inactive mailboxes**.
+You can search inactive mailboxes in a content search. To get a list of the inactive mailboxes in your organization, run the command `Get-Mailbox -InactiveMailboxOnly` in Exchange Online PowerShell. Alternatively, you can go to **Data lifecycle management** \> **Microsoft 365** \> **Retention** in the Microsoft Purview compliance portal, and then click **More**![Navigation Bar ellipses.](../media/9723029d-e5cd-4740-b5b1-2806e4f28208.gif) \> **Inactive mailboxes**.
Here are a few things to keep in mind when searching inactive mailboxes.
compliance Create And Manage Inactive Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-and-manage-inactive-mailboxes.md
To view a list of the inactive mailboxes in your organization:
1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> and sign in using the credentials for a Global administrator or a Compliance administrator account in your organization.
-2. In the left navigation pane, select **Show all**, and then select **Data lifecycle management** > **Retention policies**.
+2. In the left navigation pane, select **Data lifecycle management** > **Microsoft 365** > **Retention policies**.
3. Select the **Inactive mailbox** option:
compliance Create Apply Retention Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-apply-retention-labels.md
Decide before you create your retention label policy whether it will be **adapti
- **Solutions** > **Records management** > > **Label policies** tab > **Publish labels** - If you are using data lifecycle management:
- - **Solutions** > **Data lifecycle management** > **Label policies** tab > **Publish labels**
+ - **Solutions** > **Data lifecycle management** > **Microsoft 365** > **Label policies** tab > **Publish labels**
Don't immediately see your solution in the navigation pane? First select **Show all**.
If the labels don't appear after seven days, check the **Status** of the label p
Set-AppRetentionCompliancePolicy -Identity <policy name> -RetryDistribution ```
- - For all other policy locations, such as **Exchange email**, **SharePoint sites**, **Teams channel messages** etc:
+ - For all other policy locations, such as **Exchange email**, **SharePoint sites**, **Teams channel messages** etc.:
```PowerShell Set-RetentionCompliancePolicy -Identity <policy name> -RetryDistribution
Some settings can't be changed after the label or policy is created and saved, w
### Deleting retention labels
-You can delete retention labels that aren't currently included in any retention label policies, that aren't configured for event-based retention, or mark items as regulatory records.
+You can delete retention labels that aren't currently included in any retention label policies, that aren't configured for event-based retention, or that mark items as regulatory records.
For retention labels that you can delete, if they have been applied to items, the deletion fails and you see a link to content explorer to identify the labeled items.
compliance Create Retention Labels Data Lifecycle Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-labels-data-lifecycle-management.md
The global admin for your organization has full permissions to create and edit r
## How to create retention labels for data lifecycle management
-1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), navigate to: **Solutions** > **Data lifecycle management** > **Labels** tab > + **Create a label**
+1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), navigate to: **Solutions** > **Data lifecycle management** > **Microsoft 365** > **Labels** tab > + **Create a label**
Don't immediately see the **Data lifecycle management** solution? First select **Show all**.
compliance Create Retention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md
When you have more than one retention policy, and when you also use retention la
> [!NOTE] > Retention policies support [shared channels](/MicrosoftTeams/shared-channels). When you configure retention settings for the **Teams channel message** location, if a team has any shared channels, they inherit retention settings from their parent team.
-1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Data lifecycle management** > **Retention Policies**.
+1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Data lifecycle management** > **Microsoft 365** > **Retention Policies**.
2. Select **New retention policy** to start the **Create retention policy** configuration, and name your new retention policy.
It's possible that a retention policy that's applied to Microsoft 365 groups, Sh
> > To use this feature, your Yammer network must be [Native Mode](/yammer/configure-your-yammer-network/overview-native-mode), not Hybrid Mode.
-1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Data lifecycle management** > **Retention Policies**.
+1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Data lifecycle management** > **Microsoft 365** > **Retention Policies**.
2. Select **New retention policy** to create a new retention policy.
Use the following instructions for retention policies that apply to any of these
- Microsoft 365 groups - Skype for Business
-1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Data lifecycle management** > **Retention Policies**.
+1. From the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), select **Data lifecycle management** > **Microsoft 365** > **Retention Policies**.
2. Select **New retention policy** to start the **Create retention policy** configuration, and name your new retention policy.
compliance Data Lifecycle Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-lifecycle-management.md
description: Learn how Microsoft Purview Data Lifecycle Management helps you kee
>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
-Microsoft Purview Data Lifecycle Management (formerly Microsoft Information Governance) provides you with tools and capabilities to retain the content that you need to keep, and delete the content that you don't. Retaining and deleting content is often needed for compliance and regulatory requirement, but deleting content that no longer has business value also helps you manage risk and liability. For example, it reduces your attack surface.
+Microsoft Purview Data Lifecycle Management (formerly Microsoft Information Governance) provides you with tools and capabilities to retain the content that you need to keep, and delete the content that you don't.
+
+Retaining and deleting content is often needed for compliance and regulatory requirement, but deleting content that no longer has business value also helps you manage risk and liability. For example, it reduces your attack surface.
+
+## Microsoft 365 features
**Retention policies** are the cornerstone for data lifecycle management. Use these policies for Microsoft 365 workloads that include Exchange, SharePoint, OneDrive, Teams, and Yammer. Configure whether content for these services needs to be retained indefinitely, or for a specific period if users edit or delete it. Or you can configure the policy to automatically permanently delete the content after a specified period if it's not already deleted. You can also combine these two actions for retain and then delete, which is a very typical configuration. For example, retain email for three years and then delete it.
Other data lifecycle management capabilities to help you keep what you need and
- **Import service for PST files** by using network upload or drive shipping. For more information, see [Learn about importing your organization's PST files](importing-pst-files-to-office-365.md).
+## Exchange (legacy) features
+
+**Retention policies and retention tags** from messaging records management (MRM), and **journaling rules** are older compliance features from Exchange that were originally configurable from the Classic Exchange admin center. They haven't been brought forward to the [new Exchange admin center](/exchange/features-in-new-eac).
+
+If you're not already using these features, or have a specific business requirement to use them instead of the Microsoft 365 features for data lifecycle management, we don't recommend you use these older compliance features. Instead, use the newer Microsoft 365 features that retain data in place and support policies across other Microsoft 365 services.
+
+For more information, see [Use retention policies and retention labels instead of older features](retention.md#use-retention-policies-and-retention-labels-instead-of-older-features).
++ ## Deployment guidance For deployment guidance for data lifecycle management that includes a recommended deployment roadmap, licensing information, permissions, a list of supported scenarios, and end-user documentation, see [Get started with data lifecycle management](get-started-with-information-governance.md).
compliance Delete Items In The Recoverable Items Folder Of Mailboxes On Hold https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold.md
Run the following command in [Security & Compliance PowerShell](/powershell/exch
Get-RetentionCompliancePolicy <retention policy GUID without prefix> | FL Name ```
-After you identify the retention policy, go to the **Data lifecycle management** > **Retention** page in the compliance portal, edit the retention policy that you identified in the previous step, and remove the mailbox from the list of recipients that are included in the retention policy.
+After you identify the retention policy, go to the **Data lifecycle management** > **Microsoft 365** > **Retention** page in the compliance portal, edit the retention policy that you identified in the previous step, and remove the mailbox from the list of recipients that are included in the retention policy.
### Organization-wide retention policies
Organization-wide, Exchange-wide, and Teams-wide retention policies are applied
Get-RetentionCompliancePolicy <retention policy GUID without prefix> | FL Name ```
-After you identify the organization-wide retention policies, go to the **Data lifecycle management** > **Retention** page in the compliance portal, edit each organization-wide retention policy that you identified in the previous step, and add the mailbox to the list of excluded recipients. Doing this will remove the user's mailbox from the retention policy.
+After you identify the organization-wide retention policies, go to the **Data lifecycle management** > **Microsoft 365** > **Retention** page in the compliance portal, edit each organization-wide retention policy that you identified in the previous step, and add the mailbox to the list of excluded recipients. Doing this will remove the user's mailbox from the retention policy.
> [!IMPORTANT] > After you exclude a mailbox from an organization-wide retention policy, it may take up to 24 hours to synchronize this change and remove the mailbox from the policy.
Perform the following steps (in the specified sequence) in Exchange Online Power
**Retention policies applied to specific mailboxes**
- Use the compliance portal to add the mailbox back to the retention policy. Go to the **Data lifecycle management** > **Retention** page in the compliance center, edit the retention policy, and add the mailbox back to the list of recipients that the retention policy is applied to.
+ Use the compliance portal to add the mailbox back to the retention policy. Go to the **Data lifecycle management** > **Microsoft 365** > **Retention** page in the compliance center, edit the retention policy, and add the mailbox back to the list of recipients that the retention policy is applied to.
**Organization-wide retention policies**
- If you removed an organization-wide or Exchange-wide retention policy by excluding it from the policy, then use the compliance portal to remove the mailbox from the list of excluded users. Go to the **Data lifecycle management** > **Retention** page in the compliance center, edit the organization-wide retention policy, and remove the mailbox from the list of excluded recipients. Doing this will reapply the retention policy to the user's mailbox.
+ If you removed an organization-wide or Exchange-wide retention policy by excluding it from the policy, then use the compliance portal to remove the mailbox from the list of excluded users. Go to the **Data lifecycle management** > **Microsoft 365** > **Retention** page in the compliance center, edit the organization-wide retention policy, and remove the mailbox from the list of excluded recipients. Doing this will reapply the retention policy to the user's mailbox.
**eDiscovery case holds**
compliance Enable Archive Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-archive-mailboxes.md
If you don't see the **Archive** page in the Microsoft Purview compliance portal
1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> and sign in.
-2. In the left pane of the compliance portal, select **Data lifecycle management** > **Archive**.
+2. In the left pane of the compliance portal, select **Data lifecycle management** > **Microsoft 365** > **Archive**.
On the **Archive** page, the **Archive mailbox** column identifies whether an archive mailbox is enabled or disabled for each user.
compliance Filter Data When Importing Pst Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/filter-data-when-importing-pst-files.md
After you've created a PST import job, follow these steps to filter the data bef
1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft Purview compliance portal</a> and sign in using the credentials for an administrator account in your organization.
-2. In the left pane of the compliance portal, click **Data lifecycle management** \> **Import**.
+2. In the left pane of the compliance portal, click **Data lifecycle management** \> **Microsoft 365** \> **Import**.
The import jobs for your organization are listed on the **Import** tab. The **Analysis completed** value in the **Status** column indicates the import jobs that have been analyzed by Microsoft 365 and are ready for you to import.
compliance Retention Policies Sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-sharepoint.md
Because the retention label is not applied to the original file, the labeled fil
The copy that's stored in the Preservation Hold library is typically created within an hour from the cloud attachment being shared.
+To safeguard against the original file being deleted by users before the copy can be created and labeled, files in locations included in the auto-labeling policy are automatically copied into the Preservation Hold library if they are deleted. These files have a temporary retention period of one day and then follow the standard cleanup process described on this page. When the original file has been deleted, the copy for retaining cloud attachments uses this version of the file. The automatic and temporary retention of deleted files in the Preservation Hold library is unique to auto-labeling policies for cloud attachments.
+ ## How retention works with OneNote content When you apply a retention policy to a location that includes OneNote content, or a retention label to a OneNote folder, behind the scenes, the different OneNote pages and sections are individual files that inherit the retention settings. This means that each section within a page will be individually retained and deleted, according to the retention settings you specify.
compliance Retention Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-settings.md
The property names for sites are based on SharePoint site managed properties. Fo
The attribute names for users and groups are based on [filterable recipient properties](/powershell/exchange/recipientfilter-properties#filterable-recipient-properties) that map to Azure AD attributes. For example: -- **Alias** maps to the LDAP name **mailNickname**, that displays as **Email** in the Azure AD admin center.-- **Email addresses** maps to the LDAP name **proxyAddresses**, that displays as **Proxy address** in the Azure AD admin center.
+- **Alias** maps to the LDAP name **mailNickname** that displays as **Email** in the Azure AD admin center.
+- **Email addresses** maps to the LDAP name **proxyAddresses** that displays as **Proxy address** in the Azure AD admin center.
The attributes and properties listed in the table can be easily specified when you configure an adaptive scope by using the simple query builder. Additional attributes and properties are supported with the advanced query builder, as described in the following section.
Specifically for SharePoint sites, there might be additional SharePoint configur
1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), navigate to one of the following locations: - If you're using the records management solution:
- - **Solutions** > **Records management** > **Adaptive scopes** tab > + **Create scope**
+ - **Solutions** \> **Records management** \> **Adaptive scopes** tab \> + **Create scope**
- If you're using the data lifecycle management solution:
- - **Solutions** > **Data lifecycle management** > **Adaptive scopes** tab > + **Create scope**
+ - **Solutions** \> **Data lifecycle management** \> **Microsoft 365** \> **Adaptive scopes** tab \> + **Create scope**
Don't immediately see your solution in the navigation pane? First select **Show all**.
Specifically for SharePoint sites, there might be additional SharePoint configur
- For **SharePoint sites** scopes, use Keyword Query Language (KQL). You might already be familiar with using KQL to search SharePoint by using indexed site properties. To help you specify these KQL queries, see [Keyword Query Language (KQL) syntax reference](/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference).
- For example, because SharePoint sites scopes automatically include all SharePoint site types, which include Microsoft 365 group-connected and OneDrive sites, you can use the indexed site property **SiteTemplate** to include or exclude specific site types. The templates you can specify:
+ For example, because SharePoint site scopes automatically include all SharePoint site types, which include Microsoft 365 group-connected and OneDrive sites, you can use the indexed site property **SiteTemplate** to include or exclude specific site types. The templates you can specify:
- `SITEPAGEPUBLISHING` for modern communication sites - `GROUP` for Microsoft 365 group-connected sites - `TEAMCHANNEL` for Microsoft Teams private channel sites
When you configure a policy for retention that uses adaptive policy scopes and s
To retain or delete content for a Microsoft 365 group (formerly Office 365 group), use the **Microsoft 365 Groups** location. For retention policies, this location includes the group mailbox and SharePoint teams site. For retention labels, this location includes the SharePoint teams site only.
+For detailed information about which items are included and excluded for Microsoft 365 Groups:
+- For group mailboxes, see [What's included for retention and deletion](retention-policies-exchange.md#whats-included-for-retention-and-deletion) for Exchange retention.
+- For SharePoint teams sites, see [What's included for retention and deletion](retention-policies-sharepoint.md#whats-included-for-retention-and-deletion) for SharePoint retention.
+ Mailboxes that you target with this policy location require at least 10 MB of data before retention settings will apply to them. > [!NOTE]
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
With retention labels, you can:
- **Enable people in your organization to apply a retention label manually** to content in Outlook and Outlook on the web, OneDrive, SharePoint, and Microsoft 365 groups. Users often know best what type of content they're working with, so they can classify it and have the appropriate retention settings applied. -- **Apply retention labels to content automatically** if it matches specific conditions, that include cloud attachments that are shared in email or Teams, or when the content contains:
+- **Apply retention labels to content automatically** if it matches specific conditions, that includes cloud attachments that are shared in email or Teams, or when the content contains:
- Specific types of sensitive information. - Specific keywords that match a query you create. - Pattern matches for a trainable classifier.
If you are using older eDiscovery tools to preserve data, see the following reso
## Use retention policies and retention labels instead of older features
-If you need to proactively retain or delete content in Microsoft 365 for data lifecycle management, we recommend that you use retention policies and retention labels instead of the following older features.
+If you need to proactively retain or delete content in Microsoft 365 for data lifecycle management, we recommend that you use Microsoft 365 retention policies and retention labels instead of the following older features.
If you currently use these older features, they will continue to work side by side with Microsoft 365 retention policies and retention labels. However, we recommend that going forward, you use Microsoft 365 retention policies and retention labels to benefit from a single solution to manage both retention and deletion of content across multiple workloads in Microsoft 365.
If you currently use these older features, they will continue to work side by si
- Retention policies applied by an admin to specific folders within a mailbox. A Microsoft 365 retention policy applies to all folders in the mailbox. However, an admin can configure different retention settings by using retention labels that a user can apply to folders in Outlook as a [default retention label](create-apply-retention-labels.md#applying-a-default-retention-label-to-an-outlook-folder).
+- [Journaling](/exchange/security-and-compliance/journaling/journaling) (retention and archive)
+
+ Might be required to integrate with third-party solutions and copies of email messages and their data communication are stored outside Exchange Online. Because you're moving data outside Microsoft 365, you must take extra precautions to secure it and also resolve any duplications that might result from this solution. It will be your responsibility to monitor and follow up on any non-delivery receipts to the journaling mailbox that can occur because of external and dependent services. You don't have these additional administrative overheads when you use Microsoft 365 retention and other Microsoft Purview compliance solutions that also aren't limited to just email messages.
+ - [Litigation hold](create-a-litigation-hold.md) (retention only) Although Litigation holds are still supported, we recommend you use Microsoft 365 retention or eDiscovery holds, [as appropriate](#when-to-use-retention-policies-and-retention-labels-or-ediscovery-holds).
compliance Set Up An Archive And Deletion Policy For Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes.md
The steps in this article set up an archiving and retention policy for a fictiti
- Create a new retention policy and adding the new custom retention tags to it. Additionally, you'll also add built-in retention tags to the new retention policy. This includes personal tags that users can assign to items in their mailbox. You'll also add a retention tag that moves items from the Recoverable Items folder in the user's primary mailbox to the Recoverable Items folder in their archive mailbox. This action helps free up space in a user's Recoverable Items folder when their mailbox is placed on hold. You can follow some or all of the steps in this article to set up an archive and deletion policy for mailboxes in your own organization. We recommend that you test this process on a few mailboxes before implementing it on all mailboxes in your organization.
-
+
+> [!NOTE]
+> Instructions in this article use the [Microsoft Purview compliance portal](microsoft-365-compliance-center.md) and the [new Exchange admin center](/exchange/features-in-new-eac).
+ ## Before you set up an archive and deletion policy - You must be a global administrator in your organization to perform the steps in this article.
In this step, you'll create the three custom retention tags that were previously
- Alpine House Deleted Items 5 Years Delete and Allow Recovery (custom tag for the Deleted Items folder)
-To create new retention tags, you'll use the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center (EAC)</a> in your Exchange Online organization. Be sure to use the classic version of the EAC.
+To create new retention tags, you'll use the [Microsoft Purview compliance portal](microsoft-365-compliance-center.md).
-1. Go to [https://admin.protection.outlook.com/ecp/](https://admin.protection.outlook.com/ecp/) and sign in using your credentials.
+1. Go to the [Microsoft Purview compliance portal](https://compliance.microsoft.com/) and sign in using your credentials.
-2. In the EAC, go to **Compliance management** > **Retention tags**
-
+2. In the compliance portal, go to **Solutions** \> **Data lifecycle management** \> **Exchange (legacy)** > **Retention tags**
+
A list of the retention tags for your organization is displayed. ### Create a custom archive default policy tag First, you'll create a custom archive default policy tag (DPT) that will move items to the archive mailbox after 3 years.
-1. On the **Retention tags** page, select **New tag**![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif), and then select **applied automatically to entire mailbox (default)**.
-
-2. On the **New tag applied automatically to entire mailbox (default)** page, complete the following fields:
+1. On the **Retention tags** page, select **+ New tag**, and then on the **Define how the tag will be applied** page, select **Automatically to entire mailbox (default)**.
- ![Settings to create a new archive default policy tag.](../media/41c0a43c-9c72-44e0-8947-da0831896432.png)
+2. On the **Define retention settings** page, complete the following fields:
- 1. **Name** Type a name for the new retention tag.
+ 1. **When items reaches the following age (in days)** Enter the duration of the retention period. For this scenario, items will be moved to the archive mailbox after 1095 days (3 years).
- 2. **Retention action** Select **Move to Archive** to move items to the archive mailbox when the retention period expires.
+ 2. For the **Retention Action** Select **Move item to archive** to move items to the archive mailbox when the retention period expires.
- 3. **Retention period** Select **When the item reaches the following age (in days)**, and then enter the duration of the retention period. For this scenario, items will be moved to the archive mailbox after 1095 days (3 years).
-
- 4. **Comment** (Optional) Type a comment that explains the purpose of the custom retention tag.
+3. On the **Name your tag** page, type a name for the new retention tag, and an optional description that explains the purpose of the custom retention tag.
+
+ For our example scenario, we'll name this tag "Alpine House 3 Year Move to Archive".
-3. Select **Save** to create the custom archive DPT.
+4. Select **Next**, and then review and submit to create the custom archive DPT.
- The new archive DPT is displayed in the list of retention tags.
+The new archive DPT is displayed in the list of retention tags.
### Create a custom deletion default policy tag Next, you'll create another custom DPT but this one will be a deletion policy that permanently deletes items after 7 years.
-1. On the **Retention tags** page, select **New tag**![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif), and then select **applied automatically to entire mailbox (default)**.
+1. Back on the **Retention tags** page, select **+ New tag**, and then on the **Define how the tag will be applied** page, select **Automatically to entire mailbox (default)** again.
-2. On the **New tag applied automatically to entire mailbox (default)** page, complete the following fields:
-
- ![Settings to create a new deletion default policy tag.](../media/f1f0ff62-eec9-4824-8e7c-d93dcfb09a79.png)
+2. On the **Define retention settings** page, complete the following fields:
- 1. **Name** Type a name for the new retention tag.
-
- 2. **Retention action** Select **Permanently Delete** to purge items from the mailbox when the retention period expires.
+ 1. **When items reaches the following age (in days)** Enter the duration of the retention period. For this scenario, items will be purged after 2555 days (7 years).
- 3. **Retention period** Select **When the item reaches the following age (in days)**, and then enter the duration of the retention period. For this scenario, items will be purged after 2555 days (7 years).
+ 2. For the **Retention Action** Select **Permanently delete** to purge items from the mailbox when the retention period expires.
- 4. **Comment** (Optional) Type a comment that explains the purpose of the custom retention tag.
+3. On the **Name your tag** page, type a name for the new retention tag, and an optional description that explains the purpose of the custom retention tag.
+
+ For our example scenario, we'll name this tag "Alpine House 7 Year Permanently Delete".
-3. Select **Save** to create the custom deletion DPT.
+4. Select **Next**, and then review and submit to create the custom deletion DPT.
- The new deletion DPT is displayed in the list of retention tags.
+The new deletion DPT is displayed in the list of retention tags.
### Create a custom retention policy tag for the Deleted Items folder The last retention tag to create is a custom retention policy tag (RPT) for the Deleted Items folder. This tag will delete items in the Deleted Items folder after 5 years, and provides a recovery period when users can use the Recover Deleted Items tool to recover an item.
-
-1. On the **Retention tags** page, select **New tag** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif), and then select **applied automatically to a default folder**.
-2. On the **New tag applied automatically to a default folder** page, complete the following fields:
+1. Back on the **Retention tags** page, select **+ New tag**, and then on the **Define how the tag will be applied** page, select **Automatically to entire mailbox (default)** again.
- ![Settings to create a new retention policy tag for the Deleted Items folder.](../media/6f3104bd-5edb-48ac-884d-5fe13d81dd1d.png)
+2. On the **Define retention settings** page, complete the following fields:
- 1. **Name** Type a name for the new retention tag.
-
- 2. **Apply this tag to the following default folder** In the drop-down list, select **Deleted Items**.
+ 1. **When items reaches the following age (in days)** Enter the duration of the retention period. For this scenario, items will be deleted after 1825 days (5 years).
- 3. **Retention action** Select **Delete and Allow Recovery** to delete items when the retention period expires, but allow users to recover a deleted item within the deleted item retention period (which by default is 14 days).
+ 2. For the **Retention Action** Select **Delete and allow recovery** to delete items when the retention period expires, but allow users to recover a deleted item within the deleted item retention period (which by default is 14 days).
- 4. **Retention period** Select **When the item reaches the following age (in days)**, and then enter the duration of the retention period. For this scenario, items will be deleted after 1825 days (5 years).
-
- 5. **Comment** (Optional) Type a comment that explains the purpose of the custom retention tag.
+3. On the **Name your tag** page, type a name for the new retention tag, and an optional description that explains the purpose of the custom retention tag.
+
+ For our example scenario, we'll name this tag "Alpine House Deleted Items 5 Years Delete and Allow Recovery".
-3. Select **Save** to create the custom RPT for the Deleted Items folder.
+4. Select **Next**, and then review and submit to create the custom deletion DPT.
- The new RPT is displayed in the list of retention tags.
+The new RPT is displayed in the list of retention tags.
## Step 3: Create a new retention policy After you create the custom retention tags, the next step is to create a new retention policy and add the retention tags. You'll add the three custom retention tags that you created in Step 2, and the built-in tags that were mentioned in the first section. In Step 4, you'll assign this new retention policy to user mailboxes.
-1. In the EAC, go to **Compliance management** > **Retention policies**.
+1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), go to **Data lifecycle management** \> **Exchange (legacy)** > **Retention policies**.
-2. On the **Retention policies** page, select **New** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif).
+2. On the **Retention policies** page, select **New policy**.
3. In the **Name** box, type a name for the new retention policy; for example, **Alpine House Archive and Deletion Policy**.
-4. Under **Retention tags**, select **Add** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif).
+4. Select **+ Add tag**.
- A list of the retention tags in your organization is displayed. Note the custom tags that you created in Step 2 are displayed.
+ A list of the retention tags in your organization is displayed, which includes the custom tags that you created in Step 2.
-5. Add the 9 retention tags that are highlighted in the following screenshot (these tags are described in more detail in the [More information](#more-information) section). To add a retention tag, select it and then select **Add**.
-
- ![Add retention tags to the new retention policy.](../media/d8e87176-0716-4238-9e6a-7c4af35541dc.png)
-
- > [!TIP]
- > You can select multiple retention tags by holding down the **Ctrl** key and then clicking each tag.
-
-6. After you've added the retention tags, select **OK**.
+5. Add the 9 retention tags that are described in more detail in the [More information](#more-information) section:
+
+ - **Alpine House 3 Year Move to Archive** - the custom archive default policy tag created in step 2 of these instructions
+ - **Alpine House 7 Year Permanently Delete** - the custom deletion tag created in step 2 of these instructions
+ - **Alpine House Deleted Items 5 Years Delete and Allow Recovery** - the custom tag for the Deleted Items folder created in step 2 of these instructions
+ - **Recoverable Items 14 days Move to Archive**
+ - **Junk Email**
+ - **1 Month Delete**
+ - **1 Year Delete**
+ - **Never Delete**
+ - **Personal 1 year move to archive**
+
+ To add these retention tags, select them, and then select **Add**.
-7. On the **New retention policy** page, select **Save** to create the new policy.
+7. Back on the **Configure your policy** page, select **Next** to review and submit the new policy.
- The new retention policy is displayed in the list. Select it to display the retention tags linked to it in the details pane.
+The new retention policy is displayed in the list. Select it to display the retention tags linked to it in the details pane.
- ![The new retention policy and the list of linked retention tags.](../media/63bc45e6-110b-4dc9-a85f-8eb1961a8258.png)
-
## Step 4: Assign the new retention policy to user mailboxes
-When a new mailbox is created, a retention policy named Default MRM policy is assigned to it by default. In this step, you'll replace this retention policy by assigning the new retention policy that you created in Step 3 to the user mailboxes in your organization. Replacement is required because a mailbox can have only one MRM retention policy assigned to it at a time. This step assumes that you'll assign the new policy to all mailboxes in your organization.
-
-1. In the EAC, go to **Recipients** > **Mailboxes**.
+When a new mailbox is created, a retention policy named Default MRM policy is assigned to it by default. In this step, you'll replace this retention policy by assigning the new retention policy that you created in Step 3 to the user mailboxes in your organization.
- A list of all user mailboxes in your organization is displayed.
+Replacement is required because a mailbox can have only one MRM retention policy assigned to it at a time. This step assumes that you'll assign the new policy to all mailboxes in your organization.
-2. Select all the mailboxes by clicking on the first one in the list, holding down the **Shift** key, and then clicking the last one in the list.
+To follow these steps, make sure you use the [new Exchange admin center](/exchange/features-in-new-eac), rather than the classic version.
+
+1. Sign in to the new [Exchange admin center (EAC)](https://admin.exchange.microsoft.com/), and go to **Recipients** > **Mailboxes**.
-3. In the details pane in the EAC, under **Bulk Edit**, select **More options**.
+ A list of all user mailboxes in your organization is displayed.
-4. Under **Retention Policy**, select **Update**.
+2. Select all the mailboxes by selecting the box for **Display name**.
-5. On the **Bulk assign retention policy** page, in the **Select the retention policy** drop-down list, select the retention policy that you created in Step 3; for example, **Alpine House Archive and Retention Policy**.
+3. Select the **Mailbox policies** option.
-6. Select **Save** to save the new retention policy assignment.
+4. In the **Mailbox policies** flyout pane, under **Retention Policy**, select the retention policy that you created in Step 3; for example, **Alpine House Archive and Retention Policy**.
-7. To verify that the new retention policy was assigned to mailboxes:
+5. Select **Save** to save the new retention policy assignment.
- 1. Select a mailbox on the **Mailboxes** page, and then select **Edit** ![Edit.](../media/d7dc7e5f-17a1-4eb9-b42d-487db59e2e21.png).
+6. To verify that the new retention policy was assigned to mailboxes:
- 2. On the mailbox properties page for the selected user, select **Mailbox features**.
+ 1. Select a mailbox on the **Mailboxes** page.
- The name of the new policy assigned to the mailbox is displayed in the **Retention policy** drop-down list.
+ 2. On the mailbox properties page for the selected user, select **Mailbox**.
+
+ The name of the new policy assigned to the mailbox is displayed for the **Retention policy**.
## (Optional) Step 5: Run the Managed Folder Assistant to apply the new settings
You do this by using Exchange Online PowerShell to update your organization's de
> <sup>\*</sup> Users can use the Recover Deleted Items tool in Outlook and Outlook on the web (formerly known as Outlook Web App) to recover a deleted item within the deleted item retention period, which by default is 14 days in Exchange Online. An administrator can use Exchange Online PowerShell to increase the deleted item retention period to a maximum of 30 days. For more information, see: [Recover deleted items in Outlook for Windows](https://support.office.com/article/49e81f3c-c8f4-4426-a0b9-c0fd751d48ce) and [Change the deleted item retention period for a mailbox in Exchange Online](/exchange/recipients-in-exchange-online/manage-user-mailboxes/change-deleted-item-retention). -- Using the **Recoverable Items 14 days Move to Archive** retention tag helps free up storage space in the Recoverable Items folder in the user's primary mailbox. This is useful when a user's mailbox is placed on hold, which means nothing is ever permanently deleted from the user's mailbox. Without moving items to the archive mailbox, it's possible the storage quota for the Recoverable Items folder in the primary mailbox will be reached. For more information about this and how to avoid it, see [Increase the Recoverable Items quota for mailboxes on hold](./increase-the-recoverable-quota-for-mailboxes-on-hold.md).
+- Using the **Recoverable Items 14 days Move to Archive** retention tag helps free up storage space in the Recoverable Items folder in the user's primary mailbox. This is useful when a user's mailbox is placed on hold or has a retention policy applied that retains items. Both configurations prevent emails from being permanently deleted from the user's mailbox. Without moving items to the archive mailbox, it's possible the storage quota for the Recoverable Items folder in the primary mailbox will be reached. For more information about this scenario, see [Increase the Recoverable Items quota for mailboxes on hold](./increase-the-recoverable-quota-for-mailboxes-on-hold.md).
compliance Use Drive Shipping To Import Pst Files To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-drive-shipping-to-import-pst-files-to-office-365.md
description: Admin can learn how to bulk-import PST files to Microsoft 365 mailb
**This article is for administrators. Are you trying to import PST files to your own mailbox? See [Import email, contacts, and calendar from an Outlook .pst file](https://go.microsoft.com/fwlink/p/?LinkID=785075)**
-Use the Office 365 Import service and drive shipping to bulk-import PST files to user mailboxes. Drive shipping means that you copy the PST files to a hard disk drive and then physically ship the drive to Microsoft. When Microsoft receives your hard drive, data center personnel copies the data from the hard drive to a storage area in the Microsoft cloud. Then you have the opportunity to trim the PST data that's imported to the target mailboxes by setting filters that control what data gets imported. After you start the import job, the Import service imports the PST data from the storage area to user mailboxes. Using drive shipping to import PST files to user mailboxes is one way to migrate your organization's email to Office 365.
+Use the Office 365 Import service and drive shipping to bulk-import PST files to user mailboxes. Drive shipping means that you copy the PST files to a hard disk drive and then physically ship the drive to Microsoft. When Microsoft receives your hard drive, data center personnel copy the data from the hard drive to a storage area in the Microsoft cloud. Then you have the opportunity to trim the PST data that's imported to the target mailboxes by setting filters that control what data gets imported. After you start the import job, the Import service imports the PST data from the storage area to user mailboxes. Using drive shipping to import PST files to user mailboxes is one way to migrate your organization's email to Office 365.
Here are the steps required to use drive shipping to import PST files to Microsoft 365 mailboxes:
The first step is to download the tool and that you use in Step 2 to copy PST fi
1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an administrator account in your organization.
-2. In the left navigation pane of the compliance portal, click **Data lifecycle management** \> **Import**.
+2. In the left navigation pane of the compliance portal, click **Data lifecycle management** \> **Microsoft 365** \> **Import**.
> [!NOTE] > As previously stated, you have to be assigned the appropriate permissions to access the **Import** page in the compliance portal.
The next step is to use the WAImportExport.exe tool to copy PST files to the har
| `/t:` <br/> |Specifies the drive letter of the hard drive when it's connected to your local computer. <br/> | `/t:h` <br/> | | `/id:` <br/> |Specifies the name of the copy session. A session is defined as each time you run the WAImportExport.exe tool to copy files to the hard drive. The PST files are copied to a folder named with the session name specified by this parameter. <br/> | `/id:driveship1` <br/> | | `/srcdir:` <br/> |Specifies the source directory in your organization that contains the PST files that will be copied during the session. Be sure to surround the value of this parameter with double-quotation marks (" "). <br/> | `/srcdir:"\\FILESERVER01\PSTs"` <br/> |
- | `/dstdir:` <br/> |Specifies the destination directory in the Azure Storage area in the Microsoft cloud where the PSTs will be uploaded. You must use the value `ingestiondata/`. Be sure to surround the value of this parameter with double-quotation marks (" "). <br/> Optionally, you can also add an extra file path to the value of this parameter. For example, you can use the file path of the source directory on the hard drive (converted to a URL format), which is specified in the `/srcdir:` parameter. For example, `\\FILESERVER01\PSTs` is changed to `FILESERVER01/PSTs`. In this case, you still must include `ingestiondata` in the file path. So in this example, the value for the `/dstdir:` parameter would be `"ingestiondata/FILESERVER01/PSTs"`. <br/> One reason to add the additional file path is if you have PSTs files with the same filename. <br/> > [!NOTE]> If you include the optional pathname, the namespace for a PST file after it's uploaded to the Azure Storage area includes the pathname and the name of the PST file; for example, `FILESERVER01/PSTs/annb.pst`. If you don't include a pathname, the namespace is only the PST filename; for example `annb.pst`. | `/dstdir:"ingestiondata/"` <br/> Or <br/> `/dstdir:"ingestiondata/FILESERVER01/PSTs"` <br/> |
+ | `/dstdir:` <br/> |Specifies the destination directory in the Azure Storage area in the Microsoft cloud where the PSTs will be uploaded. You must use the value `ingestiondata/`. Be sure to surround the value of this parameter with double-quotation marks (" "). <br/> Optionally, you can also add an extra file path to the value of this parameter. For example, you can use the file path of the source directory on the hard drive (converted to a URL format), which is specified in the `/srcdir:` parameter. For example, `\\FILESERVER01\PSTs` is changed to `FILESERVER01/PSTs`. In this case, you still must include `ingestiondata` in the file path. So in this example, the value for the `/dstdir:` parameter would be `"ingestiondata/FILESERVER01/PSTs"`. <br/> One reason to add the additional file path is if you have PST files with the same filename. <br/> > [!NOTE]> If you include the optional pathname, the namespace for a PST file after it's uploaded to the Azure Storage area includes the pathname and the name of the PST file; for example, `FILESERVER01/PSTs/annb.pst`. If you don't include a pathname, the namespace is only the PST filename; for example `annb.pst`. | `/dstdir:"ingestiondata/"` <br/> Or <br/> `/dstdir:"ingestiondata/FILESERVER01/PSTs"` <br/> |
| `/blobtype:` <br/> |Specifies the type of blobs in the Azure Storage area to import the PST files to. For importing PST files, use the value **BlockBlob**. This parameter is required. <br/> | `/blobtype:BlockBlob` <br/> | | `/encrypt` <br/> |This switch turns on BitLocker for the hard drive. This parameter is required the first time you run the WAImportExport.exe tool. <br/> The BitLocker encryption key is copied to the journal file and the log file that is created if you use the `/logfile:` parameter. As previously explained, the journal file is saved to the same folder where the WAImportExport.exe tool is located. <br/> | `/encrypt` <br/> | | `/logdir:` <br/> |This optional parameter specifies a folder to save log files to. If not specified, the log files are saved to the same folder where the WAImportExport.exe tool is located. Be sure to surround the value of this parameter with double-quotation marks (" "). <br/> | `/logdir:"c:\users\admin\desktop\PstImportLogs"` <br/> |
The next step is to create the PST Import job in the Import service in Office 36
1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an administrator account in your organization.
-2. In the left navigation pane of the compliance portal, click **Data lifecycle management** \> **Import**.
+2. In the left navigation pane of the compliance portal, click **Data lifecycle management** \> **Microsoft 365** \> **Import**.
3. On the **Import** tab, click ![Add Icon.](../media/ITPro-EAC-AddIcon.gif) **New import job**.
The next step is to create the PST Import job in the Import service in Office 36
When the import job is successfully created, a status page is displayed that explains the next steps of the drive shipping process.
-16. On the **Import** tab, click ![Refresh icon.](../mediM-Policy-RefreshIcon.gif) **Refresh** to displayed the new drive shipping import job in the list of import jobs. The status is set to **Waiting for tracking number**. You can also click the import job to display the status flyout page, which contains more detailed information about the import job.
+16. On the **Import** tab, click ![Refresh icon.](../mediM-Policy-RefreshIcon.gif) **Refresh** to display the new drive shipping import job in the list of import jobs. The status is set to **Waiting for tracking number**. You can also click the import job to display the status flyout page, which contains more detailed information about the import job.
## Step 5: Ship the hard drive to Microsoft
After PST files are uploaded to Azure, the status is changed to **Analysis in pr
1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an administrator account in your organization.
-2. In the left navigation pane of the compliance portal, click **Data lifecycle management** \> **Import****.
+2. In the left navigation pane of the compliance portal, click **Data lifecycle management** \> **Microsoft 365** \> **Import****.
3. On the **Import** tab, select the import job that you created in Step 4 and click **Import to Office 365**.
compliance Use Network Upload To Import Pst Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-network-upload-to-import-pst-files.md
The first step is to download the AzCopy tool, which is the tool that you run in
1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an administrator account in your organization.
-2. In the left pane of the compliance portal, click **Data lifecycle management** \> **Import**.
+2. In the left pane of the compliance portal, select **Data lifecycle management** \> **Microsoft 365** \> **Microsoft 365** \> **Import**.
> [!NOTE] > You have to be assigned the appropriate permissions to access the **Import** page in the compliance portal. See the **Before you begin** section for more information.
The next step is to create the PST Import job in the Import service in Microsoft
1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an administrator account in your organization.
-2. In the left pane of the compliance portal, click **Data lifecycle management > Import**.
+2. In the left pane of the compliance portal, select **Data lifecycle management** > **Microsoft 365** > Import**.
3. On the **Import** tab, click ![Add Icon.](../media/ITPro-EAC-AddIcon.gif) **New import job**.
enterprise Assign Licenses To User Accounts With Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell.md
To find the unlicensed accounts in your organization, run this command.
Get-MgUser -Filter 'assignedLicenses/$count eq 0' -ConsistencyLevel eventual -CountVariable unlicensedUserCount -All ```
+To find the unlicensed synchronized users in your organization, run this command.
+
+```powershell
+Get-MgUser -Filter 'assignedLicenses/$count eq 0 and OnPremisesSyncEnabled eq true' -ConsistencyLevel eventual -CountVariable unlicensedUserCount -All -Select UserPrincipalName
+```
You can only assign licenses to user accounts that have the **UsageLocation** property set to a valid ISO 3166-1 alpha-2 country code. For example, US for the United States, and FR for France. Some Microsoft 365 services aren't available in certain countries. For more information, see [About license restrictions](https://go.microsoft.com/fwlink/p/?LinkId=691730). To find accounts that don't have a **UsageLocation** value, run this command.
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
This can be done before the migration is complete, but you should not assign a l
| Exchange Online Plan 1 | | Exchange Online POP | | Exchange Online Protection |
+ | Graph Connectors Search with Index |
| Information Barriers | | Information Protection for Office 365 - Premium | | Information Protection for Office 365 - Standard | | Insights by MyAnalytics |
+ | Microsoft Information Governance |
| Microsoft Purview Audit (Premium) | | Microsoft Bookings | | Microsoft Business Center |
- | Microsoft MyAnalytics (Full) |
+ | Microsoft Data Investigations |
+ | Microsoft MyAnalytics (Full)
+ | Microsoft Communications Compliance |
+ | Microsoft Communications DLP |
+ | Microsoft Customer Key |
+ | Microsoft 365 Advanced Auditing |
+ | Microsoft Records Management |
| Office 365 eDiscovery (Premium) |
+ | Office 365 Advanced eDiscovery |
| Microsoft Defender for Office 365 (Plan 1) | | Microsoft Defender for Office 365 (Plan 2) | | Office 365 Privileged Access Management |
enterprise Microsoft 365 Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-overview.md
f1.keywords:
Previously updated : 02/01/2021 Last updated : 08/08/2022 audience: ITPro
For an example of how a fictional but representative multinational organization
## Additional Microsoft 365 products -- [Microsoft 365 Business Premium](../admin/index.yml)
+- [Microsoft 365 Business Premium](/microsoft-365/business/)
Bring together the best-in-class productivity and collaboration capabilities with device management and security solutions to safeguard business data for small and midsize businesses.
enterprise Use Microsoft 365 Cdn With Spo https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo.md
Unless you specify otherwise, Office 365 sets up some default origins for you wh
Default private CDN origins:
-+ \*/userphoto.aspx
+ \*/siteassets Default public CDN origins:
You can also use your browser's developer tools to view the URL for each asset o
> [!NOTE] > If you use a network tool such as Fiddler to test your assets outside of rendering the asset from a SharePoint page, you must manually add the referer header "Referer: `https://yourdomain.sharepoint.com`" to the GET request where the URL is the root URL of your SharePoint Online tenant.
-You cannot test CDN URLs directly in a web browser because you must have a referer coming from SharePoint Online. However, if you add the CDN asset URL to a SharePoint page and then open the page in a browser, you will see the CDN asset rendered on the page.
+You cannot test CDN URLs directly in a web browser because you must have a referrer coming from SharePoint Online. However, if you add the CDN asset URL to a SharePoint page and then open the page in a browser, you will see the CDN asset rendered on the page.
For more information on using the developer tools in the Microsoft Edge browser, see [Microsoft Edge Developer Tools](/microsoft-edge/devtools-guide).
frontline Ehr Admin Cerner https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/ehr-admin-cerner.md
Before you integrate the Teams EHR connector in your healthcare organization, yo
- An active subscription to Microsoft Cloud for Healthcare or a subscription to Microsoft Teams EHR connector standalone offer. - Users have an appropriate Microsoft 365 or Office 365 license that includes Teams meetings. - Teams is adopted and used in your healthcare organization.
+- Identified a person in your organization who is a Microsoft 365 global admin with access to the [Teams admin center](https://admin.teams.microsoft.com).
- Your systems meet all [software and browser requirements](/microsoftteams/hardware-requirements-for-the-teams-app) for Teams. - Cerner version November 2018 or later
frontline Ehr Admin Epic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/ehr-admin-epic.md
Review the [Epic-Microsoft Teams Telehealth Integration Guide](https://galaxy.ep
- Epic version November 2018 or later. - Users have an appropriate Microsoft 365 or Office 365 license that includes Teams meetings. - Teams is adopted and used in your healthcare organization.
+- Identified a person in your organization who is a Microsoft 365 global admin with access to the [Teams admin center](https://admin.teams.microsoft.com).
- Your systems meet all [software and browser requirements](/microsoftteams/hardware-requirements-for-the-teams-app) for Teams. > [!IMPORTANT]
frontline Flw Team Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-team-collaboration.md
Teams includes the following ways to communicate and share information:
|Task |Description |Manage this capability |End-user training | |--||--||
-|Chat, post messages, and communicate |Your frontline workers can seamlessly communicate within and across locations to with individual and channel chat messaging. Teams provides a great out-of-the-box collaboration experience for your organization, and most organizations find that the default settings work for them. |[Manage Chat, teams, channels, and apps](/microsoftteams/deploy-chat-teams-channels-microsoft-teams-landing-page). | [Start chats](https://support.microsoft.com/office/start-and-pin-chats-a864b052-5e4b-4ccf-b046-2e26f40e21b5) and [Work with posts and messages](https://support.microsoft.com/office/create-and-format-a-post-e66777da-636b-49eb-9408-b0d88b212885). |
+|Chat, post messages, and communicate |Your frontline workers can seamlessly communicate within and across locations to with individual and channel chat messaging. Teams provides a great out-of-the-box collaboration experience for your organization, and most organizations find that the default settings work for them. |[Manage Chat, teams, channels, and apps](/microsoftteams/deploy-chat-teams-channels-microsoft-teams-landing-page). | [Start chats](https://support.microsoft.com/office/start-and-pin-chats-a864b052-5e4b-4ccf-b046-2e26f40e21b5) and [Work with posts and messages](https://support.microsoft.com/office/create-and-format-a-post-e66777da-636b-49eb-9408-b0d88b212885). Watch the [Tags in Microsoft Teams video](https://go.microsoft.com/fwlink/?linkid=2202727). |
|Call and meet with team members |Managers can set up individual meetings, or use channel meetings to manage daily meetings, both with the power of Teams audio, video, screen sharing, recording, and transcription features. You'll need to configure settings for meetings and conferencing, and enable a voice solution to use calling. |[Manage calling and meeting in Teams](/microsoftteams/deploy-meetings-microsoft-teams-landing-page) and [Plan your Teams voice solution](/microsoftteams/cloud-voice-landing-page) |[Make calls](https://support.microsoft.com/office/overview-of-teams-calls-425d6970-6e27-47b6-bc61-4c38fff51c4f) and [Join a meeting](https://support.microsoft.com/office/join-a-teams-meeting-078e9868-f1aa-4414-8bb9-ee88e9236ee4) | |Store and share files and documents |Sharing files allows in-store staff to easily access information such as merchandising diagrams without having to leave the sales floor or get help from a manager. Every team automatically comes with a Files tab that you can use to store and share documents. This tab actually represents a folder within the default team site document library in SharePoint that is automatically created when the team is created. |[Overview of Teams and SharePoint integration](/sharepoint/teams-connected-sites) |[Upload and share files](https://support.microsoft.com/office/upload-and-share-files-57b669db-678e-424e-b0a0-15d19215cb12) |
Use Shifts to seamlessly manage and share schedules. Managers can create custom
Share this [Shifts video training](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821) with your users.
+#### Shifts videos
+
+- [Watch the Tags with Shifts video](https://go.microsoft.com/fwlink/?linkid=2202712)
+- [Watch the Clocking in with Shifts video](https://go.microsoft.com/fwlink/?linkid=2202613)
+- [Watch the Create a schedule with Shifts video](https://go.microsoft.com/fwlink/?linkid=2202612)
+- [Watch the Re-use a schedule from Excel with Shifts video](https://go.microsoft.com/fwlink/?linkid=2202611)
+- [Watch the Copy a schedule with Shifts video](https://go.microsoft.com/fwlink/?linkid=2202298)
+- [Watch the Swap Shifts video](https://go.microsoft.com/fwlink/?linkid=2202711)
+ ### Keep in touch with Walkie Talkie The Walkie Talkie app provides instant push-to-talk communication. By using Walkie Talkie, employees and managers can communicate from anywhere in the store. For example, if a customer on one side of the store asks an employee if an item is in stock on the other side of the store, the employee can use Walkie Talkie to contact someone who works near the item. Because Walkie Talkie doesnΓÇÖt have limited range, employees can also easily consult with experts in other stores or corporate offices.
The Walkie Talkie app provides instant push-to-talk communication. By using Walk
Share this [Walkie Talkie video training](https://support.microsoft.com/office/use-walkie-talkie-in-teams-884a008a-761e-4b62-99f8-15671d9a2f69) with your users.
+Watch the [Walkie Talkie featurette video](https://go.microsoft.com/fwlink/?linkid=2202710).
+ ### Boost morale with Praise The Praise app allows management and frontline team members to congratulate each other and share appreciation by sending badges. Praise helps employees feel recognized for achievements such as making sales goals and going above and beyond to help customers.
Use Tasks in Teams to track to-do items for your whole retail team. Store manage
Share this [Tasks video training](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) with your users.
+Watch the [Tasks featurette video](https://go.microsoft.com/fwlink/?linkid=2202616).
+ ### Streamline approvals with Approvals Use Approvals to streamline requests and processes with your team. Create, manage, and share approvals directly from your hub for teamwork. Start an approval flow from the same place you send a chat, in a channel conversation, or from the Approvals app itself. Just select an approval type, add details, attach files, and choose approvers. Once submitted, approvers are notified and can review and act on the request. You can allow the Approvals app for your organization and add it to Teams.
Use Approvals to streamline requests and processes with your team. Create, manag
Share this [Approvals video training](https://support.microsoft.com/office/what-is-approvals-a9a01c95-e0bf-4d20-9ada-f7be3fc283d3?wt.mc_id=otc_microsoft_teams) with your users.
+Watch the [Approvals featurette video](https://go.microsoft.com/fwlink/?linkid=2202800).
+ ### Check in on progress with Updates The Updates in Microsoft Teams app provides a centralized place for members of your organization to create, review, and submit updates. By creating templates, you can use the Updates app to keep track of anything your organization needs. Updates is available for both desktop and mobile.
The Updates in Microsoft Teams app provides a centralized place for members of y
Share this [Updates video training](https://support.microsoft.com/office/get-started-in-updates-c03a079e-e660-42dc-817b-ca4cfd602e5a) with your users.
+Watch the [Updates featurette video](https://go.microsoft.com/fwlink/?linkid=2202831).
+ ## Set up your teams, channels, and apps When you're ready to connect your retail associates in Teams, you can set up teams and channels for your store teams and managers with pre-built or custom templates. The easiest way is to start with a template. The **Organize a store** and **Retail for managers** [templates](/microsoftteams/get-started-with-retail-teams-templates?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json) are pre-made templates that include channels and apps designed for retail. You can also create a template based off of an existing team. Even when you start with a template, you can customize the team and channels, and add more apps to suit your team's needs.
frontline Switch From Enterprise To Frontline https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/switch-from-enterprise-to-frontline.md
Identify and back up or prepare data that users want to keep. Follow the guidanc
- Teams - OneDrive
-For more information, see [Back up data before switching plans](/microsoft-365/commerce/subscriptions/back-up-data-before-switching-plans).
+For more information, see [Back up data before switching plans](/microsoft-365/commerce/subscriptions/move-users-different-subscription).
## Switch users to a Microsoft 365 F plan
lti Teams Classes And Meetings With Schoology https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-and-meetings-with-schoology.md
+
+ Title: Integrate Microsoft Teams meetings with Schoology LMS
++++
+audience: admin
+++
+- M365-modern-desktop
+- m365initiative-edu
+ms.localizationpriority: medium
+description: Create and manage Teams meetings with Microsoft Learning Tools Interoperability (LTI) for Schoology LMS.
++
+# Integrate Microsoft Teams meetings with Schoology LMS
+
+This guide provides the IT admin steps for registering the Teams Meetings LTI app on Schoology.
+
+For an overview of Microsoft LTI, see [Integrating Microsoft products with your Learning Management System (LMS)](index.md).
+
+> [!NOTE]
+> The person who performs this integration should be an administrator of Schoology and an administrator of the Microsoft 365 tenant.
+
+## Register the Teams Meetings LTI app in Schoology
+
+1. Sign into your Schoology instance as an administrator with access to install and configure apps.
+1. Navigate to the **App Center**, or access it directly using this link [https://app.schoology.com/apps](https://app.schoology.com/apps).
+1. Locate the **Microsoft Teams Meetings** app and select it to view the details.
+ 1. Alternatively, you can open the appΓÇÖs profile by visiting this link [Microsoft Teams Meetings on Schoology](https://app.schoology.com/apps/profile/6017478062).
+1. Select the **Install LTI 1.3 App** button to begin the installation process.
+1. Select the **I agree** button.
+1. You'll be asked if this should be installed for your entire organization, or just for you. Select **Add to Organization**, and you'll be redirected to the **Organization Apps** page to complete the configuration.
+1. From the [**Organization Apps list**](https://app.schoology.com/apps/school_apps), locate the **Microsoft Teams Meetings** app and select the **Configure** button.
+ 1. Copy the **Deployment ID** assigned to your deployment of the app.
+ 1. This ID will be used in the **Microsoft LMS Gateway** configuration process.
+1. From the [**Organization Apps list**](https://app.schoology.com/apps/school_apps), locate the **Microsoft Teams Meetings** app and select the **Install/Remove** button.
+ 1. To install the app for all courses, choose the **All Courses** checkbox.
+ 1. Don't check the **Course Admins Only** option to ensure the app is available to all members of the course.
+
+> [!NOTE]
+> If you choose not to install the app for all courses, then *Course Admins* must install the app for themselves by either:
+>
+> 1. Going to the [Organization Apps list](https://app.schoology.com/apps/school_apps), selecting the **Install/Remove** button, and choosing the courses in which to install the app.
+> 1. Or, they can select the **Install Your App(s)** link at the bottom of the course left rail navigation menu, and then select the **Microsoft Teams Meetings** app to install.
+
+## Configure the Teams Meetings LTI app to work with Schoology
+
+1. Visit [Microsoft LMS Gateway](https://lti.microsoft.com/) and select the **Go to registration portal** button.
+1. Sign in with a Microsoft 365 administrator account.
+1. Select the **Admin Consent** button and accept the permissions.
+ 1. If this step isn't performed, the following step will give you an error, and you won't be able to take this step for an hour once you've received the error.
+1. Select the **Create new LTI Tenant** button.
+1. On the LTI Registration page, choose **Schoology** from the LTI Consumer Platform dropdown, and then select the **Next** button.
+1. Paste the **Deployment ID** that you copied while registering the tool in Schoology and select **Next**.
+1. Review and save your changes. A message will be displayed upon successful registration.
+1. Your registration details can also be reviewed by selecting the **View LTI Tenants** button on the home page.
+
+After you complete these steps, your educators will be able to use the Teams Meetings LTI app.
security Compare Mdb M365 Plans https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/compare-mdb-m365-plans.md
Defender for Business brings the enterprise-grade capabilities of Defender for E
||||| |[Centralized management](../defender-endpoint/manage-atp-post-migration.md) |Yes <sup>[[1](#fn1)]</sup>|Yes|Yes| |[Simplified client configuration](mdb-simplified-configuration.md)|Yes|No|No|
-|[Threat & vulnerability management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)|Yes|No|Yes|
+|[Microsoft Defender Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)|Yes|No|Yes|
|[Attack surface reduction capabilities](../defender-endpoint/overview-attack-surface-reduction.md)|Yes|Yes|Yes| |[Next-generation protection](../defender-endpoint/next-generation-protection.md)|Yes|Yes|Yes| |[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md)|Yes <sup>[[2](#fn2)]</sup>|No|Yes|
security Mdb Offboard Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-offboard-devices.md
If you want to offboard a device, use one of the following procedures:
## Next steps -- [Use your Threat & Vulnerability Management dashboard in Microsoft Defender for Business](mdb-view-tvm-dashboard.md)
+- [Use your Microsoft Defender Vulnerability Management dashboard in Microsoft Defender for Business](mdb-view-tvm-dashboard.md)
- [View or edit policies in Microsoft Defender for Business](mdb-view-edit-create-policies.md) - [Manage devices in Microsoft Defender for Business](mdb-manage-devices.md)
security Mdb Setup Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-setup-configuration.md
Defender for Business provides a streamlined setup and configuration experience,
> If you used the [setup wizard](mdb-use-wizard.md), then you've already completed several steps of your basic setup process. In this case, you can: > - [Onboard more devices](mdb-onboard-devices.md) > - [Configure your security policies and settings](mdb-configure-security-settings.md)
-> - [Visit your vulnerability management dashboard](mdb-view-tvm-dashboard.md)
+> - [Visit your Microsoft Defender Vulnerability Management dashboard](mdb-view-tvm-dashboard.md)
## The setup and configuration process
security Mdb Tutorials https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-tutorials.md
The following table describes the recommended tutorials for Defender for Busines
||| | **Document Drops Backdoor** | Simulate an attack that introduces file-based malware on a test device. The tutorial describes how to use the simulation file and what to watch for in the Microsoft 365 Defender portal. This tutorial requires that Microsoft Word is installed on your test device. | | **Live Response** | Learn how to use basic and advanced commands with Live Response. Learn how to locate a suspicious file, remediate the file, and gather information on a device. |
-| **Threat & Vulnerability Management (core scenarios)** | Learn about threat and vulnerability management through three scenarios:<ol><li>Reduce your company's threat and vulnerability exposure.</li><li>Request a remediation.</li><li>Create an exception for security recommendations.</li></ol> <br/> Threat & Vulnerability Management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. |
+| **Microsoft Defender Vulnerability Management(core scenarios)** | Learn about Defender Vulnerability Management through three scenarios:<ol><li>Reduce your company's threat and vulnerability exposure.</li><li>Request a remediation.</li><li>Create an exception for security recommendations.</li></ol> <br/> Defender Vulnerability Management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. |
Each tutorial includes a walkthrough document that explains the scenario, how it works, and what to do.
Each tutorial includes a walkthrough document that explains the scenario, how it
- **Document Drops Backdoor** - **Live Response**
- - **Threat & Vulnerability Management (core scenarios)**
+ - **Microsoft Defender Vulnerability Management (core scenarios)**
## Next steps
security Mdb View Tvm Dashboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-view-tvm-dashboard.md
Title: View your Threat & Vulnerability Management dashboard in Microsoft Defender for Business
-description: Use your Threat & Vulnerability Management dashboard to see important items to address in Defender for Business.
+ Title: View your Microsoft Defender Vulnerability Management dashboard in Microsoft Defender for Business
+description: Use your Microsoft Defender Vulnerability Management dashboard to see important items to address in Defender for Business.
search.appverid: MET150
# Use your vulnerability management dashboard in Microsoft Defender for Business
-Defender for Business includes a vulnerability management dashboard that is designed to save your security team time and effort. In addition to providing an exposure score, that dashboard enables you to view information about exposed devices and see relevant security recommendations. You can use your threat & vulnerability management dashboard to:
+Defender for Business includes a vulnerability management dashboard that is designed to save your security team time and effort. In addition to providing an exposure score, that dashboard enables you to view information about exposed devices and see relevant security recommendations. You can use your Defender Vulnerability Management dashboard to:
- View your exposure score, which is associated with devices in your company. - View your top security recommendations, such as addressing impaired communications with devices, turning on firewall protection, or updating Microsoft Defender Antivirus definitions.
security Trial Playbook Defender Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/trial-playbook-defender-business.md
**Welcome to the Defender for Business trial playbook!**
-This playbook is a simple guide to help you make the most of your 30-day free trial. Use the recommendations in this article from the Microsoft Defender team to learn how Defender for Business can help elevate your security from traditional antivirus protection to next-generation protection, endpoint detection and response, and threat and vulnerability management.
+This playbook is a simple guide to help you make the most of your 30-day free trial. Use the recommendations in this article from the Microsoft Defender team to learn how Defender for Business can help elevate your security from traditional antivirus protection to next-generation protection, endpoint detection and response, and Defender Vulnerability Management.
## What is Defender for Business?
If you used the setup wizard but you need to onboard more devices, such as non-W
In the next 30 days, we recommend you try out your new security capabilities, as described in the following sections: -- [Use your Threat & Vulnerability Management dashboard](#use-the-threat--vulnerability-management-dashboard)
+- [Use your Microsoft Defender Vulnerability Management dashboard](#use-the-defender-vulnerability-management-dashboard)
- [View and respond to detected threats](#view-and-respond-to-detected-threats) - [Review security policies](#review-security-policies) - [Prepare for ongoing security management](#prepare-for-ongoing-security-management)
-### Use the Threat & Vulnerability Management dashboard
+### Use the Defender Vulnerability Management dashboard
-Defender for Business includes a Threat & Vulnerability Management dashboard that's designed to save your security team time and effort. [Use your Threat & Vulnerability Management dashboard](mdb-view-tvm-dashboard.md).
+Defender for Business includes a Defender Vulnerability Management dashboard that's designed to save your security team time and effort. [Use your Defender Vulnerability Management dashboard](mdb-view-tvm-dashboard.md).
- View your exposure score, which is associated with devices in your organization. - View your top security recommendations, such as address impaired communications with devices, turn on firewall protection, or update Microsoft Defender Antivirus definitions.
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
#### [Next-generation protection overview](next-generation-protection.md) ##### [Overview of Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md) ##### [Microsoft Defender Antivirus in Windows](microsoft-defender-antivirus-windows.md)
+##### [Enable and update Microsoft Defender Antivirus on Windows Server](enable-update-mdav-to-latest-ws.md)
##### [Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](why-use-microsoft-defender-antivirus.md) ##### [Better together: Microsoft Defender Antivirus and Office 365](office-365-microsoft-defender-antivirus.md) #### [Evaluate Microsoft Defender Antivirus](evaluate-microsoft-defender-antivirus.md)
security Add Or Remove Machine Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags.md
audience: ITPro
+ms.technology: m365d
security Advanced Hunting Schema Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-hunting-schema-reference.md
Table and column names are also listed within the Microsoft 365 Defender portal,
|**[DeviceTvmSoftwareInventory](advanced-hunting-devicetvmsoftwareinventory-table.md)**|Inventory of software installed on devices, including their version information and end-of-support status| |**[DeviceTvmSoftwareVulnerabilities](advanced-hunting-devicetvmsoftwarevulnerabilities-table.md)**|Software vulnerabilities found on devices and the list of available security updates that address each vulnerability| |**[DeviceTvmSoftwareVulnerabilitiesKB](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)**|Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available|
-|**[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)**|Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices|
-|**[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)**|Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks|
+|**[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)**|Microsoft Defender Vulnerability Management assessment events, indicating the status of various security configurations on devices|
+|**[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)**|Knowledge base of various security configurations used by Defender Vulnerability Management to assess devices; includes mappings to various standards and benchmarks|
| > [!TIP]
security Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/alerts.md
audience: ITPro
+ms.technology: mde
security Api Hello World https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-hello-world.md
audience: ITPro
+ms.technology: mde
security Api Microsoft Flow https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-microsoft-flow.md
audience: ITPro
+ms.technology: mde
security Api Power Bi https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-power-bi.md
audience: ITPro
+ms.technology: mde
security Api Release Notes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-release-notes.md
audience: ITPro
+ms.technology: mde
security Apis Intro https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/apis-intro.md
audience: ITPro
+ms.technology: mde
security Attack Surface Reduction Rules Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference.md
The following table lists the supported operating systems for rules that are cur
| [Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | Y | Y | Y | Y | Y | | [Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | Y | Y | Y | Y | Y | | [Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | Y | Y | Y | Y | Y |
-| [Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) <br> \* _File and folder exclusions not supported._ | Y <br> version 1903 (build 18362) or later <sup>[[3](#fn1)]<sup></sup> | Y | Y <br> version 1903 (build 18362) or later | N | N |
+| [Block persistence through Windows Management Instrumentation (WMI) event subscription](#block-persistence-through-wmi-event-subscription) <br> \* _File and folder exclusions not supported._ | Y <br> version 1903 (build 18362) or later <sup>[[3](#fn1)]<sup></sup> | Y | Y <br> version 1903 (build 18362) or later | N | N |
| [Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | Y <br> version 1803 or later <sup>[[3](#fn1)]<sup></sup> | Y | Y | Y | Y | | [Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | Y | Y | Y | Y | Y | | [Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | Y | Y | Y | N | N |
Advanced hunting action type:
- AsrObfuscatedScriptAudited - AsrObfuscatedScriptBlocked
-Dependencies: Microsoft Defender Antivirus, AMSI
+Dependencies: Microsoft Defender Antivirus, AntiMalware Scan Interface (AMSI)
### Block JavaScript or VBScript from launching downloaded executable content
security Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction.md
For more information about configuring attack surface reduction rules, see [Enab
## Assess rule impact before deployment
-You can assess how an attack surface reduction rule might affect your network by opening the security recommendation for that rule in [threat and vulnerability management](/windows/security/threat-protection/#tvm).
+You can assess how an attack surface reduction rule might affect your network by opening the security recommendation for that rule in [Microsoft Defender Vulnerability Management](/windows/security/threat-protection/).
:::image type="content" source="images/asrrecommendation.png" alt-text="The ASR recommendation" lightbox="images/asrrecommendation.png":::
security Cancel Machine Action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/cancel-machine-action.md
audience: ITPro
+ms.technology: mde
security Collect Investigation Package https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/collect-investigation-package.md
audience: ITPro
+ms.technology: mde
security Common Errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/common-errors.md
audience: ITPro
+ms.technology: mde
security Configure Contextual File Folder Exclusions Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus.md
Title: Contextual file and folder exclusions
-description: Describes the contextual file and folder exclusions capability for Windows Defender Antivirus. This capability allows you to be more specific when you define under which context Windows Defender Antivirus shouldn't scan a file or folder, by applying restrictions
+description: Describes the contextual file and folder exclusions capability for Microsoft Defender Antivirus on Windows. This capability allows you to be more specific when you define under which context Microsoft Defender Antivirus shouldn't scan a file or folder, by applying restrictions
keywords: Microsoft Defender Antivirus, process, exclusion, files, scans ms.prod: m365-security ms.mktglfcycl: deploy
ms.pagetype: security
ms.localizationpriority: medium Last updated : 08/11/2022 audience: ITPro
ms.technology: mde
# Contextual file and folder exclusions
-This article/section describes the contextual file and folder exclusions capability for Windows Defender Antivirus. This capability allows you to be more specific when you define under which context Windows Defender Antivirus shouldn't scan a file or folder, by applying restrictions.
+This article/section describes the contextual file and folder exclusions capability for Microsoft Defender Antivirus on Windows. This capability allows you to be more specific when you define under which context Microsoft Defender Antivirus shouldn't scan a file or folder, by applying restrictions.
## Overview
-Exclusions are primarily intended to mitigate affects on performance. They come at the penalty of reduced protection value. These restrictions allow you to limit this protection reduction by specifying circumstances under which the exclusion should apply. Contextual exclusions aren't suitable for addressing false positives in a reliable way. If you encounter a false positive, you can Submit files for analysis through the [Microsoft 365 Defender](https://security.microsoft.com/) portal (subscription required) or through the [Microsoft Security Intelligence](https://www.microsoft.com/wdsi/filesubmission) website. For a temporary suppression method, consider creating a custom _allow_ indicator.
+Exclusions are primarily intended to mitigate affects on performance. They come at the penalty of reduced protection value. These restrictions allow you to limit this protection reduction by specifying circumstances under which the exclusion should apply. Contextual exclusions aren't suitable for addressing false positives in a reliable way. If you encounter a false positive, you can submit files for analysis through the [Microsoft 365 Defender](https://security.microsoft.com/) portal (subscription required) or through the [Microsoft Security Intelligence](https://www.microsoft.com/wdsi/filesubmission) website. For a temporary suppression method, consider creating a custom _allow_ indicator in [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/indicator-file).
There are four restrictions you can apply to limit the applicability of an exclusion:
You can restrict exclusions to only apply if the target is a file or a folder by
#### File/folder exclusions default behavior
-If you don't specify any other options, the file/folder is excluded from all types of scans _and_ the exclusion applies regardless of whether the target is a file or a folder. For more information about customizing exclusions to only apply to a specific scan type, see [Scan type restriction](#scan-type-restriction).
+If you don't specify any other options, the file/folder is excluded from all types of scans, _and_ the exclusion applies regardless of whether the target is a file or a folder. For more information about customizing exclusions to only apply to a specific scan type, see [Scan type restriction](#scan-type-restriction).
#### Folders
security Configure Vulnerability Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications.md
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-emailconfig-abovefoldlink)
-Configure Microsoft Defender for Endpoint to send email notifications to specified recipients for new vulnerability events. This feature enables you to identify a group of individuals who will immediately be informed and can act on the notifications based on the event. The vulnerability information comes from Defender for Endpoint's [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) capability.
+Configure Microsoft Defender for Endpoint to send email notifications to specified recipients for new vulnerability events. This feature enables you to identify a group of individuals who will immediately be informed and can act on the notifications based on the event. The vulnerability information comes from Defender for Endpoint's [Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md) capability.
If you're using [Defender for Business](../defender-business/mdb-overview.md), you can set up vulnerability notifications for specific users (not roles or groups).
The notification rules allow you to set the vulnerability events that trigger no
If you're using role-based access control (RBAC), recipients will only receive notifications based on the device groups that were configured in the notification rule. Users with the proper permission can only create, edit, or delete notifications that are limited to their device group management scope. Only users assigned to the Global administrator role can manage notification rules that are configured for all device groups.
-The email notification includes basic information about the vulnerability event. There are also links to filtered views in the threat and vulnerability management [Security recommendations](tvm-security-recommendation.md) and [Weaknesses](tvm-weaknesses.md) pages in the portal so you can further investigate. For example, you could get a list of all exposed devices or get additional details about the vulnerability.
+The email notification includes basic information about the vulnerability event. There are also links to filtered views in the Microsoft Defender Vulnerability Management [Security recommendations](tvm-security-recommendation.md) and [Weaknesses](tvm-weaknesses.md) pages in the portal so you can further investigate. For example, you could get a list of all exposed devices or get additional details about the vulnerability.
## Create rules for alert notifications
This section lists various issues that you may encounter when using email notifi
## Related topics -- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
+- [Defender Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md)
- [Security recommendations](tvm-security-recommendation.md) - [Weaknesses](tvm-weaknesses.md) - [Event timeline](threat-and-vuln-mgt-event-timeline.md)
security Create Alert By Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/create-alert-by-reference.md
audience: ITPro
+ms.technology: mde
security Delete Ti Indicator By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/delete-ti-indicator-by-id.md
audience: ITPro
+ms.technology: mde
Empty
## Response
-If Indicator exist and deleted successfully - 204 OK without content.
+If Indicator exists and deleted successfully - 204 OK without content
-If Indicator with the specified id was not found - 404 Not Found.
+If Indicator with the specified id wasn't found - 404 Not Found
## Example ### Request
-Here is an example of the request.
+Here's an example of the request.
```http DELETE https://api.securitycenter.microsoft.com/api/indicators/995
security Device Discovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-discovery.md
Unknown and unmanaged devices introduce significant risks to your network - whet
Watch this video for a quick overview of how to assess and onboard unmanaged devices that Microsoft Defender for Endpoint discovered. > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4RwQz]
-In conjunction with this capability, a security recommendation to onboard devices to Microsoft Defender for Endpoint is available as part of the existing threat and vulnerability management experience.
+In conjunction with this capability, a security recommendation to onboard devices to Microsoft Defender for Endpoint is available as part of the existing Defender Vulnerability Management experience.
## Discovery methods
For more information, see [Device inventory](machines-view-overview.md).
The large number of unmanaged network devices deployed in an organization creates a large surface area of attack, and represents a significant risk to the entire enterprise. Microsoft Defender for Endpoint network discovery capabilities helps you ensure network devices are discovered, accurately classified, and added to the asset inventory.
-Network devices are not managed as standard endpoints, as Defender for Endpoint doesn't have a sensor built into the network devices themselves. These types of devices require an agentless approach where a remote scan will obtain the necessary information from the devices. To do this, a designated Microsoft Defender for Endpoint device will be used on each network segment to perform periodic authenticated scans of preconfigured network devices. Once discovered, Defender for Endpoint's threat and vulnerability management capabilities provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways.
+Network devices are not managed as standard endpoints, as Defender for Endpoint doesn't have a sensor built into the network devices themselves. These types of devices require an agentless approach where a remote scan will obtain the necessary information from the devices. To do this, a designated Microsoft Defender for Endpoint device will be used on each network segment to perform periodic authenticated scans of preconfigured network devices. Once discovered, Defender for Endpoint's Vulnerability Management capabilities provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways.
For more information, see [Network devices](network-devices.md).
To address the challenge of gaining enough visibility to locate, identify, and s
## Vulnerability assessment on discovered devices
-Vulnerabilities and risks on your devices as well as other discovered unmanaged devices in the network are part of the current TVM flows under "Security Recommendations" and represented in entity pages across the portal.
+Vulnerabilities and risks on your devices as well as other discovered unmanaged devices in the network are part of the current Microsoft Defender Vulnerability Management(MDVM) flows under "Security Recommendations" and represented in entity pages across the portal.
Search for "SSH" related security recommendations to find SSH vulnerabilities that are related for unmanaged and managed devices. :::image type="content" source="images/1156c82ffadd356ce329d1cf551e806c.png" alt-text="The security recommendations dashboard" lightbox="images/1156c82ffadd356ce329d1cf551e806c.png":::
security Edr In Block Mode https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/edr-in-block-mode.md
ms.technology: mde
> - Features like **[network protection](network-protection.md)** and **[attack surface reduction rules](attack-surface-reduction.md)** are only available when Microsoft Defender Antivirus is running in active mode. > It is expected that your non-Microsoft antivirus solution includes these capabilities.
-EDR in block mode is integrated with [threat & vulnerability management](next-gen-threat-and-vuln-mgt.md) capabilities. Your organization's security team will get a [security recommendation](tvm-security-recommendation.md) to turn EDR in block mode on if it isn't already enabled. This recommendation is primarily for devices using an active non-Microsoft antivirus solution (with Microsoft Defender Antivirus in passive mode). There is little benefit to enabling EDR in block mode when Microsoft Defender Antivirus is the primary antivirus solution on devices.
+EDR in block mode is integrated with [Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md). Your organization's security team will get a [security recommendation](tvm-security-recommendation.md) to turn EDR in block mode on if it isn't already enabled.
:::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="The recommendation to turn on EDR in block mode" lightbox="images/edrblockmode-TVMrecommendation.png":::
security Export Security Baseline Assessment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/export-security-baseline-assessment.md
Property (ID)|Data type|Description
|isCompliant|Boolean|Indicates whether the device is compliant with configuration. |id|String|Unique identifier for the record, which is a combination of DeviceId, ProfileId, and ConfigurationId. |osVersion|String|Specific version of the operating system running on the device.
-|osPlatform|String|Operating system platform running on the device. Specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See [TVM supported operating systems and platforms](tvm-supported-os.md) for details.
+|osPlatform|String|Operating system platform running on the device. Specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See [MDVM supported operating systems and platforms](tvm-supported-os.md) for details.
|rbacGroupId|Int|The role-based access control (RBAC) group Id. If the device isn't assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None." |rbacGroupName|String|The role-based access control (RBAC) group. If the device isn't assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None." |DataCollectionTimeOffset|DateTime|The time the data was collected from the device. This field may not appear if no data was collected.
security Exposed Apis Create App Nativeapp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-create-app-nativeapp.md
audience: ITPro
+ms.technology: mde
security Exposed Apis Create App Partners https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-create-app-partners.md
audience: ITPro
+ms.technology: mde
security Exposed Apis Create App Webapp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp.md
audience: ITPro
+ms.technology: mde
security Exposed Apis List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-list.md
audience: ITPro
+ms.technology: mde
security Exposed Apis Odata Samples https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples.md
audience: ITPro
+ms.technology: mde
security Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/files.md
audience: ITPro
+ms.technology: mde
security Find Defender Malware Name https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/find-defender-malware-name.md
audience: ITPro
+ms.technology: mde
# Find malware detection names for Microsoft Defender for Endpoint
security Find Machines By Ip https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/find-machines-by-ip.md
audience: ITPro
+ms.technology: mde
security Find Machines By Tag https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/find-machines-by-tag.md
audience: ITPro
+ms.technology: mde
security Get Alert Info By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-info-by-id.md
audience: ITPro
+ms.technology: mde
security Get Alert Related Domain Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-domain-info.md
audience: ITPro
+ms.technology: mde
security Get Alert Related Files Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-files-info.md
audience: ITPro
+ms.technology: mde
security Get Alert Related Ip Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-ip-info.md
audience: ITPro
+ms.technology: mde
security Get Alert Related Machine Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-machine-info.md
audience: ITPro
+ms.technology: mde
security Get Alert Related User Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-user-info.md
audience: ITPro
+ms.technology: mde
security Get Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alerts.md
audience: ITPro
+ms.technology: mde
security Get All Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-all-recommendations.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## See also -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](/microsoft-365/security/defender-endpoint/tvm-security-recommendation)
security Get All Vulnerabilities By Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-all-vulnerabilities-by-machines.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## See also -- [Risk-based threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Vulnerabilities in your organization](/microsoft-365/security/defender-endpoint/tvm-weaknesses)
security Get All Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-all-vulnerabilities.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## See also -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Vulnerabilities in your organization](/microsoft-365/security/defender-endpoint/tvm-weaknesses)
security Get Assessment Methods Properties https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-assessment-methods-properties.md
deviceName|String|Fully qualified domain name (FQDN) of the device.
isApplicable|Bool|Indicates whether the configuration or policy is applicable. isCompliant|Bool|Indicates whether the configuration or policy is properly configured. isExpectedUserImpact|Bool|Indicates whether the user gets affected if the configuration will be applied.
-osPlatform|String|Platform of the operating system running on the device. Specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See [Supported operating systems, platforms and capabilities](../defender-vulnerability-management/tvm-supported-os.md) for details.
+osPlatform|String|Platform of the operating system running on the device. Specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management (MDVM) supported operating systems and platforms for details.
osVersion|String|Specific version of the operating system running on the device. rbacGroupName|String|The role-based access control (RBAC) group. If the device isn't assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None." rbacGroupId|String|The role-based access control (RBAC) group ID.
DiskPaths|Array[string]|Disk evidence that the product is installed on the devic
EndOfSupportDate|String|The date in which support for this software has or will end. EndOfSupportStatus|String|End of support status. Can contain these possible values: None, EOS Version, Upcoming EOS Version, EOS Software, Upcoming EOS Software. NumberOfWeaknesses|Int|Number of weaknesses on this software on this device.
-OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See [Supported operating systems, platforms and capabilities](../defender-vulnerability-management/tvm-supported-os.md) for details.
+OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management (MDVM) supported operating systems and platforms for details.
RbacGroupName|String|The role-based access control (RBAC) group. If this device isn't assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None." rbacGroupId|String|The role-based access control (RBAC) group ID. RegistryPaths|Array[string]|Registry evidence that the product is installed in the device.
ExploitabilityLevel|String|The exploitability level of this vulnerability (NoExp
FirstSeenTimestamp|String|First time the CVE of this product was seen on the device. Id|String|Unique identifier for the record. LastSeenTimestamp|String|Last time the CVE was seen on the device.
-OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See [Supported operating systems, platforms and capabilities](../defender-vulnerability-management/tvm-supported-os.md) for details.
+OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management (MDVM) supported operating systems and platforms for details.
RbacGroupName|String|The role-based access control (RBAC) group. If this device isn't assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None." rbacGroupId|String|The role-based access control (RBAC) group ID. RecommendationReference|String|A reference to the recommendation ID related to this software.
ExploitabilityLevel|String|The exploitability level of the vulnerability (NoExpl
FirstSeenTimestamp|String|First time the CVE of the product was seen on the device. Id|String|Unique identifier for the record. LastSeenTimestamp|String|Last time the CVE was seen on the device.
-OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See [Supported operating systems, platforms and capabilities](../defender-vulnerability-management/tvm-supported-os.md) for details.
+OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management (MDVM) supported operating systems and platforms for details.
RbacGroupName|String|The role-based access control (RBAC) group. If this device isn't assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None." RecommendationReference|String|A reference to the recommendation ID related to this software. RecommendedSecurityUpdate |String|Name or description of the security update provided by the software vendor to address the vulnerability.
GeneratedTime|String|The time that the export was generated.
Other related -- [Risk-based threat & vulnerability management](next-gen-threat-and-vuln-mgt.md)
+- [Risk-based Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Vulnerabilities in your organization](tvm-weaknesses.md)
security Get Assessment Secure Config https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-assessment-secure-config.md
DeviceName|string|Fully qualified domain name (FQDN) of the device.|johnlaptop.e
IsApplicable|bool|Indicates whether the configuration or policy is applicable|true IsCompliant|bool|Indicates whether the configuration or policy is properly configured|false IsExpectedUserImpact|bool|Indicates whether there will be user impact if the configuration will be applied|true
-OSPlatform|string|Platform of the operating system running on the device. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 11. See tvm supported operating systems and platforms for details.|Windows10 and Windows 11
+OSPlatform|string|Platform of the operating system running on the device. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management (MDVM) supported operating systems and platforms for details.|Windows10 and Windows 11
RbacGroupName|string|The role-based access control (RBAC) group. If this device is not assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None."|Servers RecommendationReference|string|A reference to the recommendation ID related to this software.|sca-_-scid-20000 Timestamp|string|Last time the configuration was seen on the device|2020-11-03 10:13:34.8476880
GET https://api.securitycenter.microsoft.com/api/machines/SecureConfigurationsAs
Other related -- [Risk-based threat & vulnerability management](next-gen-threat-and-vuln-mgt.md)
+- [Risk-based Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Vulnerabilities in your organization](tvm-weaknesses.md)
security Get Assessment Software Inventory https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-assessment-software-inventory.md
EndOfSupportDate|string|The date in which support for this software has or will
EndOfSupportStatus|string|End of support status. Can contain these possible values: None, EOS Version, Upcoming EOS Version, EOS Software, Upcoming EOS Software.|Upcoming EOS Id|string|Unique identifier for the record.|123ABG55_573AG&mnp! NumberOfWeaknesses|int|Number of weaknesses on this software on this device|3
-OSPlatform|string|Platform of the operating system running on the device. These are specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See tvm supported operating systems and platforms for details.|Windows10 and Windows 11
+OSPlatform|string|Platform of the operating system running on the device. These are specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management supported operating systems and platforms for details.|Windows10 and Windows 11
RbacGroupName|string|The role-based access control (RBAC) group. If this device is not assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None."|Servers RegistryPaths|Array[string]|Registry evidence that the product is installed in the device.|[ "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Microsoft Silverlight" ] SoftwareFirstSeenTimestamp|string|The first time this software was seen on the device.|2019-04-07 02:06:47
GET https://api.securitycenter.microsoft.com/api/machines/SoftwareInventoryExpor
Other related -- [Risk-based threat & vulnerability management](next-gen-threat-and-vuln-mgt.md)
+- [Risk-based Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Vulnerabilities in your organization](tvm-weaknesses.md)
security Get Assessment Software Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-assessment-software-vulnerabilities.md
ExploitabilityLevel|String|The exploitability level of this vulnerability (NoExp
FirstSeenTimestamp|String|First time the CVE of this product was seen on the device.|2020-11-03 10:13:34.8476880 Id|String|Unique identifier for the record.|123ABG55_573AG&mnp! LastSeenTimestamp|String|Last time the CVE was seen on the device.|2020-11-03 10:13:34.8476880
-OSPlatform|String|Platform of the operating system running on the device. This property indicates specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See tvm supported operating systems and platforms for details.|Windows10 and Windows 11
+OSPlatform|String|Platform of the operating system running on the device. This property indicates specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management supported operating systems and platforms for details.|Windows10 and Windows 11
RbacGroupName|String|The role-based access control (RBAC) group. If this device isn't assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None."|Servers RecommendationReference|String|A reference to the recommendation ID related to this software.|va-_-microsoft-_-silverlight RecommendedSecurityUpdate (optional)|String|Name or description of the security update provided by the software vendor to address the vulnerability.|April 2020 Security Updates
ExploitabilityLevel|String|The exploitability level of this vulnerability (NoExp
FirstSeenTimestamp|String|First time the CVE of this product was seen on the device.|2020-11-03 10:13:34.8476880 Id|String|Unique identifier for the record.|123ABG55_573AG&mnp! LastSeenTimestamp|String|Last time the CVE was seen on the device.|2020-11-03 10:13:34.8476880
-OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See tvm supported operating systems and platforms for details.|Windows10 and Windows 11
+OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management supported operating systems and platforms for details.|Windows10 and Windows 11
RbacGroupName|String|The role-based access control (RBAC) group. If this device isn't assigned to any RBAC group, the value will be "Unassigned." If the organization doesn't contain any RBAC groups, the value will be "None."|Servers RecommendationReference|string|A reference to the recommendation ID related to this software.|va--microsoft--silverlight RecommendedSecurityUpdate |String|Name or description of the security update provided by the software vendor to address the vulnerability.|April 2020 Security Updates
GET https://api.securitycenter.microsoft.com/api/machines/SoftwareVulnerabilityC
Other related -- [Risk-based threat & vulnerability management](next-gen-threat-and-vuln-mgt.md)
+- [Risk-based Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Vulnerabilities in your organization](tvm-weaknesses.md)
security Get Device Secure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-device-secure-score.md
audience: ITPro
+ms.technology: mde
security Get Discovered Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-discovered-vulnerabilities.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## See also -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Vulnerabilities in your organization](/microsoft-365/security/defender-endpoint/tvm-weaknesses)
security Get Domain Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-domain-related-alerts.md
audience: ITPro
+ms.technology: mde
security Get Domain Related Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-domain-related-machines.md
audience: ITPro
+ms.technology: mde
security Get Domain Statistics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-domain-statistics.md
audience: ITPro
+ms.technology: mde
security Get Exposure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-exposure-score.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## See also -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability exposure score](/microsoft-365/security/defender-endpoint/tvm-exposure-score)
security Get File Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-information.md
audience: ITPro
+ms.technology: mde
security Get File Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-related-alerts.md
audience: ITPro
+ms.technology: mde
security Get File Related Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-related-machines.md
audience: ITPro
+ms.technology: mde
security Get File Statistics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-statistics.md
audience: ITPro
+ms.technology: mde
security Get Installed Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-installed-software.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## See also -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](/microsoft-365/security/defender-endpoint/tvm-software-inventory)
security Get Investigation Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-investigation-collection.md
audience: ITPro
+ms.technology: mde
security Get Investigation Object https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-investigation-object.md
audience: ITPro
+ms.technology: mde
security Get Ip Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-ip-related-alerts.md
audience: ITPro
+ms.technology: mde
security Get Ip Statistics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-ip-statistics.md
audience: ITPro
+ms.technology: mde
security Get Live Response Result https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-live-response-result.md
audience: ITPro
+ms.technology: mde
security Get Machine By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-by-id.md
audience: ITPro
+ms.technology: mde
security Get Machine Group Exposure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-group-exposure-score.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability exposure score](/microsoft-365/security/defender-endpoint/tvm-exposure-score)
security Get Machine Log On Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-log-on-users.md
audience: ITPro
+ms.technology: mde
security Get Machine Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-related-alerts.md
audience: ITPro
+ms.technology: mde
security Get Machineaction Object https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machineaction-object.md
audience: ITPro
+ms.technology: mde
security Get Machineactions Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machineactions-collection.md
audience: ITPro
+ms.technology: mde
security Get Machines By Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machines-by-software.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](/microsoft-365/security/defender-endpoint/tvm-software-inventory)
security Get Machines By Vulnerability https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machines-by-vulnerability.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Vulnerabilities in your organization](/microsoft-365/security/defender-endpoint/tvm-weaknesses)
security Get Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machines.md
audience: ITPro
+ms.technology: mde
security Get Missing Kbs Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-missing-kbs-machine.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](/microsoft-365/security/defender-endpoint/tvm-software-inventory)
security Get Missing Kbs Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-missing-kbs-software.md
Title: Get missing KBs by software ID description: Retrieves missing security updates by software ID
-keywords: apis, graph api, supported apis, get, list, file, information, software id, threat & vulnerability management api, Microsoft Defender for Endpoint tvm api
+keywords: apis, graph api, supported apis, get, list, file, information, software id, threat & vulnerability management api, Microsoft Defender for Endpoint tvm api, mdvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](/microsoft-365/security/defender-endpoint/tvm-software-inventory)
security Get Package Sas Uri https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-package-sas-uri.md
audience: ITPro
+ms.technology: mde
Empty
## Response
-If successful, this method returns 200, Ok response code with object that holds the link to the package in the "value" parameter. This link is valid for a very short time and should be used immediately for downloading the package to a local storage. If the machine action for the collection exists but is not complete, this returns 404 Not Found.
+If successful, this method returns 200, Ok response code with object that holds the link to the package in the "value" parameter. This link is valid for a short time and should be used immediately for downloading the package to a local storage. If the machine action for the collection exists but isn't complete, this returns 404 Not Found.
## Example ### Request example
-Here is an example of the request.
+Here's an example of the request.
```http GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525cbca07dacde913b5ac3c85673/GetPackageUri
GET https://api.securitycenter.microsoft.com/api/machineactions/7327b54fd718525c
### Response example
-Here is an example of the response.
+Here's an example of the response.
```json HTTP/1.1 200 Ok
security Get Recommendation By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-recommendation-by-id.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](/microsoft-365/security/defender-endpoint/tvm-security-recommendation)
security Get Recommendation Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-recommendation-machines.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](/microsoft-365/security/defender-endpoint/tvm-security-recommendation)
security Get Recommendation Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-recommendation-vulnerabilities.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](/microsoft-365/security/defender-endpoint/tvm-security-recommendation)
security Get Remediation All Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-all-activities.md
audience: ITPro
+ms.technology: mde
GET https://api-luna.securitycenter.windows.com/api/remediationtasks/
- [Remediation methods and properties](get-remediation-methods-properties.md) - [Get one remediation activity by ID](get-remediation-one-activity.md) - [List exposed devices of one remediation activity](get-remediation-exposed-devices-activities.md)-- [Risk-based threat & vulnerability management](next-gen-threat-and-vuln-mgt.md)
+- [Risk-based Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Vulnerabilities in your organization](tvm-weaknesses.md)
security Get Remediation Exposed Devices Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-exposed-devices-activities.md
audience: ITPro
+ms.technology: mde
GET https://api-luna.securitycenter.windows.com/api/remediationtasks/03942ef5-ae
- [Remediation methods and properties](get-remediation-methods-properties.md) - [Get one remediation activity by Id](get-remediation-one-activity.md) - [List all remediation activities](get-remediation-all-activities.md)-- [Risk-based threat & vulnerability management](next-gen-threat-and-vuln-mgt.md)
+- [Risk-based Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Vulnerabilities in your organization](tvm-weaknesses.md)
security Get Remediation Methods Properties https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-methods-properties.md
Title: Remediation activity methods and properties
-description: The API response contains threat & vulnerability management remediation activities created in your tenant. You can request all the remediation activities, only one remediation activity, or information about exposed devices for a selected remediation task.
+description: The API response contains Microsoft Defender Vulnerability Management remediation activities created in your tenant. You can request all the remediation activities, only one remediation activity, or information about exposed devices for a selected remediation task.
keywords: apis, remediation, remediation api, get, remediation tasks, remediation methods, remediation properties, ms.prod: m365-security ms.mktglfcycl: deploy
audience: ITPro
+ms.technology: mde
[!Include[Improve request performance](../../includes/improve-request-performance.md)]
-The API response contains [Threat & vulnerability management](next-gen-threat-and-vuln-mgt.md) remediation activities that have been created in your tenant.
+The API response contains [Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md) remediation activities that have been created in your tenant.
## Methods
vendorId|String|Related vendor name
- [List exposed devices of one remediation activity](get-remediation-exposed-devices-activities.md) -- [Risk-based threat & vulnerability management](next-gen-threat-and-vuln-mgt.md)
+- [Risk-based Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Vulnerabilities in your organization](tvm-weaknesses.md)
security Get Remediation One Activity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-one-activity.md
audience: ITPro
+ms.technology: mde
GET https://api-luna.securitycenter.windows.com/api/remediationtasks/03942ef5-ae
- [Remediation methods and properties](get-remediation-methods-properties.md) - [List all remediation activities](get-remediation-all-activities.md) - [List exposed devices of one remediation activity](get-remediation-exposed-devices-activities.md)-- [Risk-based threat & vulnerability management](next-gen-threat-and-vuln-mgt.md)
+- [Risk-based Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Vulnerabilities in your organization](tvm-weaknesses.md)
security Get Security Recommendations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-security-recommendations.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](/microsoft-365/security/defender-endpoint/tvm-security-recommendation)
security Get Software By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-software-by-id.md
Title: Get software by ID description: Retrieves a list of software details by ID.
-keywords: apis, graph api, supported apis, get, software, Microsoft Defender for Endpoint tvm api
+keywords: apis, graph api, supported apis, get, software, Microsoft Defender for Endpoint tvm api, mdvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
audience: ITPro
+ms.technology: mde
Here's an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](/microsoft-365/security/defender-endpoint/tvm-software-inventory)
security Get Software Ver Distribution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-software-ver-distribution.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](/microsoft-365/security/defender-endpoint/tvm-software-inventory)
security Get Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-software.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability software inventory](/microsoft-365/security/defender-endpoint/tvm-software-inventory)
security Get User Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-user-related-alerts.md
audience: ITPro
+ms.technology: mde
security Get User Related Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-user-related-machines.md
audience: ITPro
+ms.technology: mde
security Get Vuln By Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-vuln-by-software.md
audience: ITPro
+ms.technology: mde
security Get Vulnerability By Id https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-vulnerability-by-id.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Vulnerabilities in your organization](/microsoft-365/security/defender-endpoint/tvm-weaknesses)
security Gov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/gov.md
These are the features and known gaps for [Mobile Threat Defense (Microsoft Defe
|Conditional Access/Conditional Launch|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)| |Support for MAM|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)| |Privacy Controls|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
-|Threat and Vulnerability Management (TVM)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
+|Microsoft Defender Vulnerability Management (MDVM))|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|![Yes](images/svg/check-yes.svg)|
security Indicator File https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/indicator-file.md
If there are conflicting file IoC policies with the same enforcement type and ta
> [!WARNING] > Policy conflict handling for files and certs differ from policy conflict handling for domains/URLs/IP addresses.
-Threat and vulnerability management's block vulnerable application features uses the file IoCs for enforcement and will follow the above conflict handling order.
+Microsoft Defender Vulnerability Management's block vulnerable application features uses the file IoCs for enforcement and will follow the above conflict handling order.
### Examples
security Indicator Ip Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/indicator-ip-domain.md
It's important to understand the following prerequisites prior to creating indic
> If there are conflicting URL indicator policies, the longer path is applied. For example, the URL indicator policy `https://support.microsoft.com/office` takes precedence over the URL indicator policy `https://support.microsoft.com`. > [!NOTE]
-> For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement:
+> For processes other than Microsoft Edge and Internet Explorer, web protection scenarios leverage Network Protection for inspection and enforcement:
>
-> - IP is supported for all three protocols
-> - Only single IP addresses are supported (no CIDR blocks or IP ranges)
+> - IP is supported for all three protocols (TCP, HTTP, and HTTPS (TLS))
+> - Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators
> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge)
-> - Encrypted URLS (FQDN only) can be blocked outside of first party browsers (Internet Explorer, Edge)
-> - Full URL path blocks can be applied on the domain level and all unencrypted URLs
+> - Encrypted URLs (FQDN only) can be blocked in third party browsers (i.e. other than Internet Explorer, Edge)
+> - Full URL path blocks can be applied for unencrypted URLs
> > There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
security Initiate Autoir Investigation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/initiate-autoir-investigation.md
audience: ITPro
+ms.technology: mde
# Start Investigation API
security Investigate Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/investigate-machines.md
To further inspect the event and related events, you can quickly run an [advance
### Security recommendations
-**Security recommendations** are generated from Microsoft Defender for Endpoint's [Threat & Vulnerability Management](tvm-dashboard-insights.md) capability. Selecting a recommendation will show a panel where you can view relevant details such as description of the recommendation and the potential risks associated with not enacting it. See [Security recommendation](tvm-security-recommendation.md) for details.
+**Security recommendations** are generated from Microsoft Defender for Endpoint's [Vulnerability Management](tvm-dashboard-insights.md) capability. Selecting a recommendation will show a panel where you can view relevant details such as description of the recommendation and the potential risks associated with not enacting it. See [Security recommendation](tvm-security-recommendation.md) for details.
:::image type="content" source="images/security-recommendations-device.png" alt-text="The Security recommendations tab" lightbox="images/security-recommendations-device.png":::
security Investigation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/investigation.md
audience: ITPro
+ms.technology: mde
security Isolate Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/isolate-machine.md
audience: ITPro
+ms.technology: mde
security List Recommendation Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/list-recommendation-software.md
audience: ITPro
+ms.technology: mde
Here is an example of the response.
## Related topics -- [Risk-based Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Risk-based Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Threat & Vulnerability security recommendation](/microsoft-365/security/defender-endpoint/tvm-security-recommendation)
security Mac Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-whatsnew.md
For more information on Microsoft Defender for Endpoint on other operating syste
&ensp;Release version:ΓÇ»**20.121022.12750.0** <br/> **What's new**-- Fix to accommodate for Apple certificate expiration for macOS Catalina and earlier. This fix restores Threat & Vulnerability Management (TVM) functionality.
+- Fix to accommodate for Apple certificate expiration for macOS Catalina and earlier. This fix restores Microsoft Defender Vulnerability Management (MDVM) functionality.
<br/> </details>
security Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine.md
audience: ITPro
+ms.technology: mde
security Manage Mde Post Migration Configuration Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration-configuration-manager.md
If you haven't already done so, configure your Microsoft 365 Defender portal to
## Next steps -- [Get an overview of threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Get an overview of Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Visit the Microsoft 365 Defender portal security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard) - [Manage Microsoft Defender for Endpoint with Intune](manage-mde-post-migration-intune.md)
security Manage Mde Post Migration Group Policy Objects https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration-group-policy-objects.md
If you haven't already done so, configure your Microsoft 365 Defender portal to
## Next steps -- [Get an overview of threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Get an overview of Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Visit the Microsoft 365 Defender portal security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard) - [Manage Microsoft Defender for Endpoint with Intune](manage-mde-post-migration-intune.md)
security Manage Mde Post Migration Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration-intune.md
If you haven't already done so, configure your Microsoft 365 Defender portal to
## Next steps -- [Get an overview of threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Get an overview of Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Visit the Microsoft 365 Defender portal security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard)
security Manage Mde Post Migration Other Tools https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration-other-tools.md
You can also configure whether and what features end users can see in the Micros
## Next steps -- [Get an overview of threat and vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+- [Get an overview of Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
- [Visit the Microsoft Defender Security Center security operations dashboard](/microsoft-365/security/defender-endpoint/security-operations-dashboard) - [Manage Microsoft Defender for Endpoint with Intune](manage-mde-post-migration-intune.md)
security Manage Mde Post Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration.md
The following table lists various tools/methods you can use, with links to learn
|Tool/Method|Description| |||
-|**[Threat and vulnerability management dashboard insights](/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights)** in the [Microsoft 365 Defender](https://security.microsoft.com/) portal|The threat & vulnerability management dashboard provides actionable information that your security operations team can use to reduce exposure and improve your organization's security posture. <br/><br/> See [Threat & vulnerability management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) and [Overview of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/use).|
+|**[Microsoft Defender Vulnerability Management dashboard insights](/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights)** in the [Microsoft 365 Defender](https://security.microsoft.com/) portal|The Defender Vulnerability Management dashboard provides actionable information that your security operations team can use to reduce exposure and improve your organization's security posture. <br/><br/> See [Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt) and [Overview of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/use).|
|**[Microsoft Intune](/mem/intune/fundamentals/what-is-intune)** (recommended)|Microsoft Intune (Intune), a component of [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), focuses on mobile device management (MDM) and mobile application management (MAM). With Intune, you control how your organization's devices are used, including mobile phones, tablets, and laptops. You can also configure specific policies to control applications. <br/><br/> See [Manage Microsoft Defender for Endpoint using Intune](manage-mde-post-migration-intune.md).| |**[Microsoft Endpoint Configuration Manager](/mem/configmgr/core/understand/introduction)**|Microsoft Endpoint Manager (Configuration Manager), formerly known as System Center Configuration Manager, is a component of [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). Configuration Manager is a powerful tool to manage your users, devices, and software. <br/><br/> See [Manage Microsoft Defender for Endpoint with Configuration Manager](manage-mde-post-migration-configuration-manager.md).| |**[Group Policy Objects in Azure Active Directory Domain Services](/azure/active-directory-domain-services/manage-group-policy)**|[Azure Active Directory Domain Services](/azure/active-directory-domain-services/overview) includes built-in Group Policy Objects for users and devices. You can customize the built-in Group Policy Objects as needed for your environment, as well as create custom Group Policy Objects and organizational units (OUs). <br/><br/> See [Manage Microsoft Defender for Endpoint with Group Policy Objects](manage-mde-post-migration-group-policy-objects.md).|
security Management Apis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/management-apis.md
audience: ITPro
+ms.technology: mde
security Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-threat-experts.md
Title: Microsoft Threat Experts description: Microsoft Threat Experts provides an extra layer of expertise to Microsoft Defender for Endpoint.
-keywords: managed threat hunting service, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts, endpoint attack notification, Endpoint Attack Notification
+keywords: managed threat hunting service, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts, endpoint attack notification, Endpoint Attack Notification, Ask Defender Experts
search.product: Windows 10 ms.prod: m365-security ms.mktglfcycl: deploy
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+> [!NOTE]
+> As of August 2022, the Experts on Demand option to **Consult a threat expert** has been rebranded to **Ask Defender Experts**.
+ Microsoft Threat Experts is a managed threat hunting service that provides your Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in your unique environments don't get missed. This managed threat hunting service provides expert-driven insights and data through these two capabilities: endpoint attack notification and access to experts on demand.
Customers can engage our security experts directly from within Microsoft 365 Def
- Gain clarity into suspicious device behavior and next steps if faced with an advanced attacker - Determine risk and protection regarding threat actors, campaigns, or emerging attacker techniques
+> [!NOTE]
+> As of August 2022, the Experts on Demand option to **Consult a threat expert** has been rebranded to **Ask Defender Experts**.
+ The option to **Ask Defender Experts** is available in several places in the portal so you can engage with experts in the context of your investigation: -- ***Help and support menu*** - ***Device page actions menu***+
+![Screenshot of the Ask Defender Experts menu option in the Device page action menu in the Microsoft 365 Defender portal.](../../media/mte/device-page-actions-menu.png)
+ - ***Alerts page actions menu***+
+![Screenshot of the Ask Defender Experts menu option in the Alerts page action menu in the Microsoft 365 Defender portal.](../../media/mte/alerts-page-actions-menu.png)
+ - ***File page actions menu***
+![Screenshot of the Ask Defender Experts menu option in the Incidents page action menu in the Microsoft 365 Defender portal.](../../media/mte/incidents-page-actions-menu.png)
+ > [!NOTE] > If you would like to track the status of your Experts on Demand cases through Microsoft Services Hub, reach out to your Customer Success Account Manager.
security Mtd https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mtd.md
Microsoft Defender for Endpoint on Android and iOS provides the below key capabi
|Web Protection|Anti-phishing, blocking unsafe network connections, and support for custom indicators.| |Malware Protection (Android-only)|Scanning for malicious apps.| |Jailbreak Detection (iOS-only)|Detection of jailbroken devices.|
-|Threat and Vulnerability Management (TVM) |Vulnerability assessment of onboarded mobile devices. Visit this [page](next-gen-threat-and-vuln-mgt.md) to learn more about threat and vulnerability management in Microsoft Defender for Endpoint. *Note that on iOS only OS vulnerabilities are supported in this preview.*|
+|Microsoft Defender Vulnerability Management (MDVM) |Vulnerability assessment of onboarded mobile devices. Visit this [page](next-gen-threat-and-vuln-mgt.md) to learn more about Microsoft Defender Vulnerability Management in Microsoft Defender for Endpoint. *Note that on iOS only OS vulnerabilities are supported in this preview.*|
|Network Protection *(Public Preview)*| Protection against rogue Wi-Fi related threats and rogue certificates; ability to allow list the root CA and private root CA certificates in Intune; establish trust with endpoints.| |Unified alerting|Alerts from all platforms in the unified M365 security console| |Conditional Access, Conditional launch|Blocking risky devices from accessing corporate resources. Defender for Endpoint risk signals can also be added to app protection policies (MAM)|
security Network Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-devices.md
ms.technology: mde
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)-- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
+- [Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-portaloverview-abovefoldlink)
ms.technology: mde
Network discovery capabilities are available in the **Device inventory** section of the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender portal</a> and Microsoft 365 Defender consoles.
-A designated Microsoft Defender for Endpoint device will be used on each network segment to perform periodic authenticated scans of preconfigured network devices. Once discovered, Defender for Endpoint's threat and vulnerability management capabilities provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways.
+A designated Microsoft Defender for Endpoint device will be used on each network segment to perform periodic authenticated scans of preconfigured network devices. Once discovered, Defender for Endpoint's Vulnerability Management capabilities provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways.
Once the network devices are discovered and classified, security administrators will be able to receive the latest security recommendations and review recently discovered vulnerabilities on network devices deployed across their organizations.
If you still don't get results after 5 minutes, restart the service.
Validate that the scanner is running properly. Then go to the scan definition and select "Run test." Check what error messages are returning from the relevant IP addresses.
-### Required threat and vulnerability management user permission
+### Required Defender Vulnerability Management user permission
Registration finished with an error: "It looks like you don't have sufficient permissions for adding a new agent. The required permission is 'Manage security settings in Defender'."
security Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection.md
ms.mktglfcycl: manage
ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium Previously updated : 08/08/2022 Last updated : 08/12/2022 audience: ITPro
Network protection requires Windows 10 or 11 (Pro or Enterprise), Windows Server
| Windows version | Microsoft Defender Antivirus | |:|:|
-| Windows 10 version 1709 or later <br> Windows 11 <br> Windows Server 1803 or later | [Microsoft Defender Antivirus real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md) <br> and [cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) must be enabled (active)|
+| Windows 10 version 1709 or later <br/> Windows 11 <br/> Windows Server 1803 or later | Make sure that [Microsoft Defender Antivirus real-time protection](configure-real-time-protection-microsoft-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-microsoft-defender-antivirus.md) are enabled (active). |
## Why network protection is important
-Network protection is a part of the attack surface reduction group of solutions in Microsoft Defender for Endpoint. Network protection enables layer the network layer of blocking URLs and IP addresses. Network protection can block URLs from being accessed by using certain browsers and standard network connections.
-
-By default, network protection guards your computers from known malicious URLs using the SmartScreen feed, which blocks malicious URLs in a manner similar to SmartScreen in Microsoft Edge browser. The network protection functionality can be extended to:
+Network protection is a part of the attack surface reduction group of solutions in Microsoft Defender for Endpoint. Network protection enables layer the network layer of blocking URLs and IP addresses. Network protection can block URLs from being accessed by using certain browsers and standard network connections. By default, network protection guards your computers from known malicious URLs using the SmartScreen feed, which blocks malicious URLs in a manner similar to SmartScreen in Microsoft Edge browser. The network protection functionality can be extended to:
- Block IP/URL addresses from your own threat intelligence ([indicators](indicator-ip-domain.md)) - Block unsanctioned services from [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps) (formerly known as Microsoft Cloud App Security)
A user visits a website:
- If the url has a bad reputation, a toast notification will present the user with the following options: - **Ok** The toast notification is released (removed), and the attempt to access the site is ended. - **Feedback** The toast notification presents the user with a link to submit a ticket, which the user can use to submit feedback to the administrator in an attempt to justify access to the site.
-
- > [!div class="mx-imgBorder"]
- > ![ Shows a network protection known phishing content blocked notification](images/network-protection-phishing-blocked.png)
+
+ ![ Shows a network protection known phishing content blocked notification](images/network-protection-phishing-blocked.png)
### Network protection: C2 detection and remediation
Support for Command and Control servers (C2) is a key part of this ransomware ev
A new feature in Defender for Endpoint indicators enables administrators to allow end users to bypass warnings that are generated for some URLs and IPs. Depending on why the URL was blocked, when a SmartScreen block is encountered it may offer administrators the ability to unblock the site for up to 24 hours. In such cases, a Windows Security toast notification will appear, permitting the end-user to **Unblock** the URL or IP for the defined period of time.
- > [!div class="mx-imgBorder"]
- > ![ Windows Security notification for network protection](images/network-protection-smart-screen-block-notification.png)
-
-Microsoft Defender for Endpoint Administrators can configure SmartScreen Unblock functionality at [Microsoft 365 Defender](https://security.microsoft.com/), using the following configuration tool. From the Microsoft 365 Defender portal, navigate to the path to the ConfigToolName.
+ ![Windows Security notification for network protection](images/network-protection-smart-screen-block-notification.png)
-<!-- Hide {this intro with no subsequent list items}
-[Line 171: Delete the colon and the right angle-brackets. The resulting sentence will be "From the [MS365 Defender] portal, navigate to path to ConfigToolName." Delete "to" and add "the" before path unless a specific description is available. Would a screenshot help? Normally angle brackets or arrows are used in place of certain text rather than in addition.]
>
+Microsoft Defender for Endpoint administrators can configure SmartScreen Unblock functionality in the [Microsoft 365 Defender portal](https://security.microsoft.com), using the following configuration tool.
- > [!div class="mx-imgBorder"]
- > ![Network protection SmartScreen block configuration ULR and IP form](images/network-protection-smart-screen-block-configuration.png)
+ ![Network protection SmartScreen block configuration ULR and IP form](images/network-protection-smart-screen-block-configuration.png)
## Using network protection Network protection is enabled per device, which is typically done using your management infrastructure. For supported methods, see [Turn on network protection](enable-network-protection.md). > [!NOTE]
-> Microsoft Defender Antivirus must be active to enable Network protection.
+> Microsoft Defender Antivirus must be active to enable network protection.
You can enable network protection in **Audit** mode or **Block** mode. If you want to evaluate the impact of enabling network protection before actually blocking IP addresses or URLs, you can enable network protection in Audit mode for a period of time to gather data on what would be blocked. Audit mode logs when end users have connected to an address or site that would otherwise have been blocked by network protection.
Due to the multi-user nature of Windows 10 Enterprise, keep the following points
### Alternative option for network protection
-For Windows 10 Enterprise Multi-Session 1909 and up, used in Windows Virtual Desktop on Azure, network protection for Microsoft Edge can be enabled using the following method:
+For Windows Server version 1803 or later and Windows 10 Enterprise Multi-Session 1909 and up, used in Windows Virtual Desktop on Azure, network protection for Microsoft Edge can be enabled using the following method:
1. Use [Turn on network protection](enable-network-protection.md) and follow the instructions to apply your policy.
security Offboard Machine Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/offboard-machine-api.md
audience: ITPro
+ms.technology: mde
security Offboard Machines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/offboard-machines.md
Follow the corresponding instructions depending on your preferred deployment met
> > The device's profile (without data) will remain in the [Devices List](machines-view-overview.md) for no longer than 180 days. >
-> In addition, devices that are not active in the last 30 days are not factored in on the data that reflects your organization's threat and vulnerability management [exposure score](tvm-exposure-score.md) and Microsoft Secure Score for Devices.
+> In addition, devices that are not active in the last 30 days are not factored in on the data that reflects your organization's Defender Vulnerability Management [exposure score](tvm-exposure-score.md) and Microsoft Secure Score for Devices.
> > To view only active devices, you can filter by [sensor health state](machines-view-overview.md#use-filters-to-customize-the-device-inventory-views), [device tags](machine-tags.md) or [machine groups](machine-groups.md).
security Onboard Configure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-configure.md
After onboarding the devices, you'll then need to configure the other capabiliti
| Capability | Description | |-|-|
-| [Configure Threat & Vulnerability Management (TVM)](tvm-prerequisites.md) | Threat & Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: <br><br> - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities. <br><br> - Invaluable device vulnerability context during incident investigations. <br><br> - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager. |
+| [Configure Microsoft Defender Vulnerability Management (MDVM)](tvm-prerequisites.md) | Defender Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: <br><br> - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities. <br><br> - Invaluable device vulnerability context during incident investigations. <br><br> - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager. |
| [Configure Next-generation protection (NGP)](configure-microsoft-defender-antivirus-features.md) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes:<br> <br>-Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.<br> <br> - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").<br><br> - Dedicated protection updates based on machine learning, human and automated big-data analysis, and in-depth threat resistance research. | | [Configure attack surface reduction (ASR)](overview-attack-surface-reduction.md) | Attack surface reduction capabilities in Microsoft Defender for Endpoint help protect the devices and applications in the organization from new and emerging threats. | | [Configure Auto Investigation & Remediation (AIR) capabilities](configure-automated-investigations-remediation.md) | Microsoft Defender for Endpoint uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. |
security Onboarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding.md
After onboarding the endpoints, you'll then configure the capabilities. The foll
| Capability | Description | |-|-| | [Endpoint Detection & Response (EDR)](overview-endpoint-detection-response.md) | Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. |
-| [Threat & Vulnerability Management (TVM)](next-gen-threat-and-vuln-mgt.md) | Threat & Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities - Invaluable device vulnerability context during incident investigations - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager. |
+| [Microsoft Defender Vulnerability Management (MDVM)](next-gen-threat-and-vuln-mgt.md) | Defender Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: - Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities - Invaluable device vulnerability context during incident investigations - Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager. |
| [Next-generation protection (NGP)](microsoft-defender-antivirus-windows.md) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes:<br> <br>-Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.<br> <br> - Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").<br><br> - Dedicated protection updates based on machine learning, human and automated big-data analysis, and in-depth threat resistance research. | | [Attack Surface Reduction (ASR)](overview-attack-surface-reduction.md) | Attack surface reduction capabilities in Microsoft Defender for Endpoint help protect the devices and applications in the organization from new and emerging threats. | | [Auto Investigation & Remediation (AIR)](automated-investigations.md) | Microsoft Defender for Endpoint uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. |
security Post Ti Indicator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/post-ti-indicator.md
audience: ITPro
+ms.technology: mde
security Prepare Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prepare-deployment.md
Choose the component of Defender for Endpoint to be used and remove the ones tha
|Component|Description|Adoption Order Rank| |||| |Endpoint Detection & Response (EDR)|Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. <p> [Learn more.](/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response)|1|
-|Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: <ul><li>Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities</li><li>Invaluable device vulnerability context during incident investigations</li><li>Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager</li></ul> <p> [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).|2|
+|Microsoft Defender Vulnerability Management (MDVM)|Defender Vulnerability Management is a component of Microsoft Defender for Endpoint, and provides both security administrators and security operations teams with unique value, including: <ul><li>Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities</li><li>Invaluable device vulnerability context during incident investigations</li><li>Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager</li></ul> <p> [Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).|2|
|Next-generation protection (NGP)|Microsoft Defender Antivirus is a built-in antimalware solution that provides next-generation protection for desktops, portable computers, and servers. Microsoft Defender Antivirus includes: <ul><li>Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Microsoft Defender Antivirus.</li><li>Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").</li><li>Dedicated protection updates based on machine learning, human and automated big-data analysis, and in-depth threat resistance research.</li></ul> <p> [Learn more](/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10).|3| |Attack Surface Reduction (ASR)|Attack surface reduction capabilities in Microsoft Defender for Endpoint help protect the devices and applications in the organization from new and emerging threats. <br> [Learn more.](/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction)|4| |Auto Investigation & Remediation (AIR)|Microsoft Defender for Endpoint uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. <p> [Learn more.](/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection)|Not applicable|
security Prevent Changes To Security Settings With Tamper Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md
Using [endpoint detection and response](overview-endpoint-detection-response.md)
## Review your security recommendations
-Tamper protection integrates with [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) capabilities. [Security recommendations](tvm-security-recommendation.md) include making sure tamper protection is turned on. For example, you can search on *tamper*. In the results, you can select **Turn on Tamper Protection** to learn more and turn it on.
+Tamper protection integrates with [Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md) capabilities. [Security recommendations](tvm-security-recommendation.md) include making sure tamper protection is turned on. For example, you can search on *tamper*. In the results, you can select **Turn on Tamper Protection** to learn more and turn it on.
-To learn more about Threat & Vulnerability Management, see [Dashboard insights - threat and vulnerability management](tvm-dashboard-insights.md#dashboard-insightsthreat-and-vulnerability-management).
+To learn more about Microsoft Defender Vulnerability Management, see [Dashboard insights - Defender Vulnerability Management](tvm-dashboard-insights.md#dashboard-insightsthreat-and-vulnerability-management).
## Frequently asked questions
security Recommendation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/recommendation.md
audience: ITPro
+ms.technology: mde
security Restrict Code Execution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/restrict-code-execution.md
audience: ITPro
+ms.technology: mde
security Run Advanced Query Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-advanced-query-api.md
audience: ITPro
+ms.technology: mde
security Run Advanced Query Sample Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-advanced-query-sample-powershell.md
audience: ITPro
+ms.technology: mde
security Run Advanced Query Sample Python https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-advanced-query-sample-python.md
audience: ITPro
+ms.technology: mde
security Run Av Scan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-av-scan.md
audience: ITPro
+ms.technology: mde
security Run Live Response https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-live-response.md
audience: ITPro
+ms.technology: mde
security Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/score.md
audience: ITPro
+ms.technology: mde
security Security Operations Dashboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/security-operations-dashboard.md
Click the user account to see details about the user account. For more informati
- [Understand the Microsoft Defender for Endpoint portal](use.md) - [Portal overview](portal-overview.md)-- [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md)
+- [View the Microsoft Defender Vulnerability Management dashboard](tvm-dashboard-insights.md)
- [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md)
security Set Device Value https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/set-device-value.md
audience: ITPro
+ms.technology: mde
security Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/software.md
audience: ITPro
+ms.technology: mde
security Stop And Quarantine File https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/stop-and-quarantine-file.md
audience: ITPro
+ms.technology: mde
security Switch To Mde Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-overview.md
In this migration guide, we focus on [next-generation protection](microsoft-defe
|Feature/Capability|Description| |||
-|[Threat & vulnerability management](next-gen-threat-and-vuln-mgt.md)|Threat & vulnerability management capabilities help identify, assess, and remediate weaknesses across your endpoints (such as devices).|
+|[Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md)|Defender Vulnerability Management capabilities help identify, assess, and remediate weaknesses across your endpoints (such as devices).|
|[Attack surface reduction](overview-attack-surface-reduction.md)|Attack surface reduction rules help protect your organization's devices and applications from cyberthreats and attacks.| |[Next-generation protection](microsoft-defender-antivirus-in-windows-10.md)|Next-generation protection includes Microsoft Defender Antivirus to help block threats and malware.| |[Endpoint detection and response](overview-endpoint-detection-response.md)|Endpoint detection and response capabilities detect, investigate, and respond to intrusion attempts and active breaches.|
security Threat Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/threat-analytics.md
The following table outlines the roles and permissions required to access Threat
| **One of the following roles are required for Microsoft 365 Defender** | **One of the following roles are required for Defender for Endpoint** | **One of the following roles are required for Defender for Office 365** | **One of the following roles are required for Defender for Cloud Apps** | |||||
-| Threat Analytics | Alerts and incidents data: <ul><li>View data- security operations</li></ul>TVM mitigations:<ul><li>View data - Threat and vulnerability management</li></ul> | Alerts and incidents data:<ul> <li>View-only manage alerts</li> <li>Manage alerts</li> <li>Organization configuration</li><li>Audit logs</li> <li>View-only audit logs</li><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> </ul> Prevented email attempts: <ul><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> | Not available for Defender for Cloud Apps or MDI users |
+| Threat Analytics | Alerts and incidents data: <ul><li>View data- security operations</li></ul>MDVM mitigations:<ul><li>View data - Microsoft Defender Vulnerability Management</li></ul> | Alerts and incidents data:<ul> <li>View-only manage alerts</li> <li>Manage alerts</li> <li>Organization configuration</li><li>Audit logs</li> <li>View-only audit logs</li><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> </ul> Prevented email attempts: <ul><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> | Not available for Defender for Cloud Apps or MDI users |
## View the threat analytics dashboard
In the **Mitigations** section, review the list of specific actionable recommend
- Potentially unwanted application (PUA) protection - Real-time protection
-Mitigation information in this section incorporates data from [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md), which also provides detailed drill-down information from various links in the report.
+Mitigation information in this section incorporates data from [Microsoft Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md), which also provides detailed drill-down information from various links in the report.
:::image type="content" source="images/ta-mitigations.png" alt-text="The Mitigations section of a threat analytics report" lightbox="images/ta-mitigations.png":::
security Ti Indicator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ti-indicator.md
audience: ITPro
+ms.technology: mde
security Unisolate Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/unisolate-machine.md
audience: ITPro
+ms.technology: mde
security Unrestrict Code Execution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/unrestrict-code-execution.md
audience: ITPro
+ms.technology: mde
security Update Alert https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/update-alert.md
audience: ITPro
+ms.technology: mde
security Update Machine Method https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/update-machine-method.md
audience: ITPro
+ms.technology: mde
security User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/user.md
audience: ITPro
+ms.technology: mde
security Vulnerability https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/vulnerability.md
audience: ITPro
+ms.technology: mde
security Whats New In Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
For more information on Microsoft Defender for Endpoint on other operating syste
- [Delta export software vulnerabilities assessment](get-assessment-methods-properties.md#31-methods) API <br> An addition to the [Export assessments of vulnerabilities and secure configurations](get-assessment-methods-properties.md) API collection. <br> Unlike the full software vulnerabilities assessment (JSON response) - which is used to obtain an entire snapshot of the software vulnerabilities assessment of your organization by device - the delta export API call is used to fetch only the changes that have happened between a selected date and the current date (the "delta" API call). Instead of getting a full export with a large amount of data every time, you'll only get specific information on new, fixed, and updated vulnerabilities. Delta export API call can also be used to calculate different KPIs such as "how many vulnerabilities were fixed" or "how many new vulnerabilities were added to an organization." -- [Export assessments of vulnerabilities and secure configurations](get-assessment-methods-properties.md) API <br> Adds a collection of APIs that pull threat and vulnerability management data on a per-device basis. There are different API calls to get different types of data: secure configuration assessment, software inventory assessment, and software vulnerabilities assessment. Each API call contains the requisite data for devices in your organization.
+- [Export assessments of vulnerabilities and secure configurations](get-assessment-methods-properties.md) API <br> Adds a collection of APIs that pull Defender Vulnerability Management data on a per-device basis. There are different API calls to get different types of data: secure configuration assessment, software inventory assessment, and software vulnerabilities assessment. Each API call contains the requisite data for devices in your organization.
-- [Remediation activity](get-remediation-methods-properties.md) API <br> Adds a collection of APIs with responses that contain threat and vulnerability management remediation activities that have been created in your tenant. Response information types include one remediation activity by ID, all remediation activities, and exposed devices of one remediation activity.
+- [Remediation activity](get-remediation-methods-properties.md) API <br> Adds a collection of APIs with responses that contain Defender Vulnerability Management remediation activities that have been created in your tenant. Response information types include one remediation activity by ID, all remediation activities, and exposed devices of one remediation activity.
- [Device discovery](device-discovery.md) <br> Helps you find unmanaged devices connected to your corporate network without the need for extra appliances or cumbersome process changes. Using onboarded devices, you can find unmanaged devices in your network and assess vulnerabilities and risks. You can then onboard discovered devices to reduce risks associated with having unmanaged endpoints in your network.
security Why Use Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/why-use-microsoft-defender-antivirus.md
Although you can use a non-Microsoft antivirus solution with Microsoft Defender
[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint)
-[Threat & Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
+[Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)
security Threat And Vuln Mgt Event Timeline https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/threat-and-vuln-mgt-event-timeline.md
Title: Event timeline description: Event timeline is a risk news feed that helps you interpret how risk is introduced into the organization, and which mitigations happened to reduce it.
-keywords: event timeline, Microsoft Defender for Endpoint event timeline, Microsoft Defender for Endpoint tvm event timeline, threat and vulnerability management, Microsoft Defender for Endpoint
+keywords: event timeline, Microsoft Defender for Endpoint event timeline, Microsoft Defender for Endpoint tvm event timeline, threat and vulnerability management, Microsoft Defender for Endpoint, mdvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
Event timeline also tells the story of your [exposure score](tvm-exposure-score.
## Navigate to the Event timeline page
-There are also three entry points from the [threat and vulnerability management dashboard](tvm-dashboard-insights.md):
+There are also three entry points from the [Microsoft Defender Vulnerability Management dashboard](tvm-dashboard-insights.md):
- **Organization exposure score card**: Hover over the event dots in the "Exposure Score over time" graph and select "See all events from this day." The events represent software vulnerabilities. - **Microsoft Secure Score for Devices**: Hover over the event dots in the "Your score for devices over time" graph and select "See all events from this day." The events represent new configuration assessments.
There are also three entry points from the [threat and vulnerability management
### Exposure score and Microsoft Secure Score for Devices graphs
-In the threat and vulnerability management dashboard, hover over the Exposure score graph to view top software vulnerability events from that day that impacted your devices. Hover over the Microsoft Secure Score for Devices graph to view new security configuration assessments that affect your score.
+In the Defender Vulnerability Management dashboard, hover over the Exposure score graph to view top software vulnerability events from that day that impacted your devices. Hover over the Microsoft Secure Score for Devices graph to view new security configuration assessments that affect your score.
If there are no events that affect your devices or your score for devices, then none will be shown.
security Trial Playbook Defender Vulnerability Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/trial-playbook-defender-vulnerability-management.md
This playbook is a simple guide to help you make the most of your free trial. Us
Reducing cyber risk requires a comprehensive risk-based vulnerability management program to identify, assess, remediate, and track important vulnerabilities across your most critical assets.
-Microsoft Defender Vulnerability Management is a new service that proactively provides continuous real-time discovery and assessment of vulnerabilities, context-aware threat & business prioritization, and built-in remediation processes. It includes all threat and vulnerability management capabilities in Microsoft Defender for Endpoint and new enhanced capabilities so your teams can further intelligently assess, prioritize, and seamlessly remediate the biggest risks to your organization.
+Microsoft Defender Vulnerability Management is a new service that proactively provides continuous real-time discovery and assessment of vulnerabilities, context-aware threat & business prioritization, and built-in remediation processes. It includes all Defender Vulnerability Management capabilities in Microsoft Defender for Endpoint and new enhanced capabilities so your teams can further intelligently assess, prioritize, and seamlessly remediate the biggest risks to your organization.
:::image type="content" source="../../medivm-asset.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management features and capabilities.":::
Built-in and agentless scanners continuously monitor and detect risk even when d
- Detect potential vulnerabilities due to the use of weak signature algorithm (for example, SHA-1-RSA), short key size (for example, RSA 512 bit), or weak signature hash algorithm (for example, MD5). - Ensure compliance with regulatory guidelines and organizational policy.
-3. [Assign device value](tvm-assign-device-value.md) - defining a device's value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation. Devices assigned as "high value" will receive more weight. Device value options:
+3. [Assign device value](tvm-assign-device-value.md) - defining a device's value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the Defender Vulnerability Management exposure score calculation. Devices assigned as "high value" will receive more weight. Device value options:
- Low - Normal (Default) - High
security Tvm Assign Device Value https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-assign-device-value.md
Title: Assign device value description: Learn how to assign a low, normal, or high value to a device to help you differentiate between asset priorities.
-keywords: Microsoft Defender for Endpoint device value, threat and vulnerability management device value, high value devices, device value exposure score
+keywords: Microsoft Defender for Endpoint device value, threat and vulnerability management device value, high value devices, device value exposure score, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
ms.technology: mde
>[!Note] > Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
-Defining a device's value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the threat and vulnerability management exposure score calculation. Devices assigned as "high value" will receive more weight.
+Defining a device's value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the Defender Vulnerability Management exposure score calculation. Devices assigned as "high value" will receive more weight.
You can also use the [set device value API](../defender-endpoint/set-device-value.md).
security Tvm Browser Extensions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions.md
Title: Browser extensions assessment description: Find out about the browsers extensions installed in your environment
-keywords: Microsoft Defender for Endpoint browser extensions, mdvm, threat & vulnerability management
+keywords: Microsoft Defender for Endpoint browser extensions, mdvm, threat & vulnerability management,Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Dashboard Insights https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-dashboard-insights.md
Title: Dashboard insights
-description: The threat and vulnerability management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience.
-keywords: Microsoft Defender for Endpoint-tvm, Microsoft Defender for Endpoint-tvm dashboard, threat & vulnerability management, threat and vulnerability management, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score
+description: The Microsoft Defender Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience.
+keywords: Microsoft Defender for Endpoint-tvm, Microsoft Defender for Endpoint-tvm dashboard, threat & vulnerability management, threat and vulnerability management, risk-based threat & vulnerability management, security configuration, Microsoft Secure Score for Devices, exposure score, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm End Of Support Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-end-of-support-software.md
Title: Plan for end-of-support software and software versions description: Discover and plan for software and software versions that are no longer supported and won't receive security updates.
-keywords: threat and vulnerability management, Microsoft Defender for Endpoint tvm security recommendation, cybersecurity recommendation, actionable security recommendation
+keywords: threat and vulnerability management, Microsoft Defender for Endpoint tvm security recommendation, cybersecurity recommendation, actionable security recommendation, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
Once you identify which software and software versions are vulnerable due to the
## Related topics -- [Threat and vulnerability management overview](defender-vulnerability-management.md)
+- [Microsoft Defender Vulnerability Management overview](defender-vulnerability-management.md)
- [Security recommendations](tvm-security-recommendation.md) - [Software inventory](tvm-software-inventory.md)
security Tvm Exception https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-exception.md
Title: Create and view exceptions for security recommendations
-description: Create and monitor exceptions for security recommendations in threat and vulnerability management.
-keywords: Microsoft Defender for Endpoint tvm remediation, Microsoft Defender for Endpoint tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
+description: Create and monitor exceptions for security recommendations in Microsoft Defender Vulnerability Management.
+keywords: Microsoft Defender for Endpoint tvm remediation, Microsoft Defender for Endpoint tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm, mdvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Exposure Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-exposure-score.md
Title: Exposure score in Defender Vulnerability Management
-description: The threat and vulnerability management exposure score reflects how vulnerable your organization is to cybersecurity threats.
-keywords: exposure score, Microsoft Defender for Endpoint exposure score, Microsoft Defender for Endpoint tvm exposure score, organization exposure score, tvm organization exposure score, threat and vulnerability management, Microsoft Defender for Endpoint
+description: The Microsoft Defender Vulnerability Management exposure score reflects how vulnerable your organization is to cybersecurity threats.
+keywords: exposure score, Microsoft Defender for Endpoint exposure score, Microsoft Defender for Endpoint tvm exposure score, organization exposure score, tvm organization exposure score, threat and vulnerability management, Microsoft Defender for Endpoint, mdvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Hunt Exposed Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-hunt-exposed-devices.md
Title: Hunt for exposed devices
-description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate.
-keywords: Microsoft Defender for Endpoint-tvm scenarios, Microsoft Defender for Endpoint, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls
+description: Learn how Microsoft Defender Vulnerability Management can be used to help security admins, IT admins, and SecOps collaborate.
+keywords: Microsoft Defender for Endpoint-tvm scenarios, Microsoft Defender for Endpoint, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls,Microsoft Defender Vulnerability Management, mdvm
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Manage Log4shell Guidance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-manage-Log4shell-guidance.md
Title: Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - threat and vulnerability management
+ Title: Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint - Defender Vulnerability Management
description: Learn how to mitigate the Log4Shell vulnerability in Microsoft Defender for Endpoint
-keywords: tvm, lo4j
+keywords: tvm, lo4j, mdvm
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
ms.technology: m365d
**Applies to:** - [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)-- [Threat and vulnerability management](defender-vulnerability-management.md)
+- [Microsoft Defender Vulnerability Management](defender-vulnerability-management.md)
- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) The Log4Shell vulnerability is a remote code execution (RCE) vulnerability found in the Apache Log4j 2 logging library. As Apache Log4j 2 is commonly used by many software applications and online services, it represents a complex and high-risk situation for companies across the globe. Referred to as "Log4Shell" ([CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228), [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046) ) it introduces a new attack vector that attackers can exploit to extract data and deploy ransomware in an organization.
The Log4Shell vulnerability is a remote code execution (RCE) vulnerability found
## Overview of discovery, monitoring and mitigation capabilities
-Threat and vulnerability management provides you with the following capabilities to help you identify, monitor, and mitigate your organizational exposure to the Log4Shell vulnerability:
+Defender Vulnerability Management provides you with the following capabilities to help you identify, monitor, and mitigate your organizational exposure to the Log4Shell vulnerability:
- **Discovery**: Detection of exposed devices, both Microsoft Defender for Endpoint onboarded devices as well as devices that have been discovered but are not yet onboarded, is based on vulnerable software and vulnerable files detected on disk. - **Threat awareness:** A consolidated view to assess your organizational exposure. This view shows your exposure at the device level and software level, and provides access to details on vulnerable files like, the last time it was seen, the last time it was executed and the last time it was executed with open ports. You can use this information to prioritize your remediation actions. It can take up to 24 hours for data related to exposed devices to appear on the dashboard.
Threat and vulnerability management provides you with the following capabilities
## Exposed devices discovery
-Embedded threat and vulnerability management capabilities, along with enabling Log4j detection, in the Microsoft 365 Defender portal, will help you discover devices exposed to the Log4Shell vulnerability.
+Embedded Defender Vulnerability Management capabilities, along with enabling Log4j detection, in the Microsoft 365 Defender portal, will help you discover devices exposed to the Log4Shell vulnerability.
-Onboarded devices, are assessed using existing embedded threat and vulnerability management capabilities that can discover vulnerable software and files.
+Onboarded devices, are assessed using existing embedded Defender Vulnerability Management capabilities that can discover vulnerable software and files.
For detection on discovered but not yet onboarded devices, Log4j detection must be enabled. This will initiate probes in the same way device discovery actively probes your network. This includes probing from multiple onboarded endpoints (Windows 10+ and Windows Server 2019+ devices) and only probing within subnets, to detect devices that are vulnerable and remotely exposed to CVE-2021-44228.
For example, User-Agent: ${jndi:dns://192.168.1.3:5353/MDEDiscoveryUser-Agent} w
## Vulnerable software and files detection
-Threat and vulnerability management provides layers of detection to help you discover:
+Defender Vulnerability Management provides layers of detection to help you discover:
- **Vulnerable software**: Discovery is based on installed application Common Platform Enumerations (CPE) that are known to be vulnerable to Log4j remote code execution. - **Vulnerable files:** Both files in memory and files in the file system are assessed. These files can be Log4j-core jar files with the known vulnerable version or an Uber-JAR that contains either a vulnerable jndi lookup class or a vulnerable log4j-core file. Specifically, it: - determines if a JAR file contains a vulnerable Log4j file by examining JAR files and searching for the following file: \\META-INF\\maven\\org.apache.logging.log4j\\log4j-core\\pom.properties - if this file exists, the Log4j version is read and extracted.
- - searches for the JndiLookup.class file inside the JAR file by looking for paths that contain the string "/log4j/core/lookup/JndiLookup.class" - if the JndiLookup.class file exists, threat and vulnerability management determines if this JAR contains a Log4j file with the version defined in pom.properties.
+ - searches for the JndiLookup.class file inside the JAR file by looking for paths that contain the string "/log4j/core/lookup/JndiLookup.class" - if the JndiLookup.class file exists, Defender Vulnerability Management determines if this JAR contains a Log4j file with the version defined in pom.properties.
- searches for any vulnerable Log4j-core JAR files embedded within a nested-JAR by searching for paths that contain any of these strings: - lib/log4j-core- - WEB-INF/lib/log4j-core-
You can use the following advanced hunting query to identify vulnerabilities in
## Related articles -- [Threat and vulnerability management overview](http://next-gen-threat-and-vuln-mgt.md)
+- [Defender Vulnerability Management overview](http://next-gen-threat-and-vuln-mgt.md)
- [Security recommendations](tvm-security-recommendation.md)
security Tvm Microsoft Secure Score Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-microsoft-secure-score-devices.md
Title: Microsoft Secure Score for Devices description: Your score for devices shows the collective security configuration state of your devices across application, operating system, network, accounts, and security controls.
-keywords: Microsoft Secure Score for Devices, Microsoft Defender for Endpoint Microsoft Secure Score for Devices, secure score, configuration score, threat and vulnerability management, security controls, improvement opportunities, security configuration score over time, security posture, baseline
+keywords: Microsoft Secure Score for Devices, Microsoft Defender for Endpoint Microsoft Secure Score for Devices, secure score, configuration score, threat and vulnerability management, security controls, improvement opportunities, security configuration score over time, security posture, baseline, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Network Share Assessment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-network-share-assessment.md
Title: Network share configuration assessment description: Learn review recommendations related to network shares in your environment through vulnerability management.
-keywords: Microsoft Defender for Endpoint tvm, assessment tvm, threat & vulnerability management, vulnerable CVE
+keywords: Microsoft Defender for Endpoint tvm, assessment tvm, threat & vulnerability management, vulnerable CVE, mdvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Prerequisites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-prerequisites.md
Title: Prerequisites & permissions for Microsoft Defender Vulnerability Management-
-description: Before you begin using threat and vulnerability management, make sure you have the relevant configurations and permissions.
-keywords: threat & vulnerability management permissions prerequisites, threat and vulnerability management permissions prerequisites, Microsoft Defender for Endpoint TVM permissions prerequisites, vulnerability management
+description: Before you begin using Microsoft Defender Vulnerability Management, make sure you have the relevant configurations and permissions.
+keywords: threat & vulnerability management permissions prerequisites, threat and vulnerability management permissions prerequisites, Microsoft Defender for Endpoint TVM permissions prerequisites, vulnerability management, mdvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
Ensure that your devices:
> Windows 10 Version 1809 | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077) > Windows 10 Version 1903 | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) -- Are onboarded to [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](/mem/configmgr/protect/deploy-use/endpoint-protection-configure) to help remediate threats found by threat and vulnerability management. If you're using Configuration Manager, update your console to the latest version.
+- Are onboarded to [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Endpoint Configuration Manager](/mem/configmgr/protect/deploy-use/endpoint-protection-configure) to help remediate threats found by Microsoft Defender Vulnerability Management, formerly known as Threat & Vulnerability Management (TVM). If you're using Configuration Manager, update your console to the latest version.
> [!NOTE] > If you have the Intune connection enabled, you get an option to create an Intune security task when creating a remediation request. This option does not appear if the connection is not set.
For more information, see [Create and manage roles for role-based access control
## Related articles - [Supported operating systems and platforms](tvm-supported-os.md)-- [Threat and vulnerability management dashboard](tvm-dashboard-insights.md)
+- [Microsoft Defender Vulnerability Management dashboard](tvm-dashboard-insights.md)
security Tvm Remediation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-remediation.md
Title: Remediate vulnerabilities description: Remediate security weaknesses discovered through security recommendations, and create exceptions if needed, in defender vulnerability management.
-keywords: Microsoft Defender for Endpoint tvm remediation, Microsoft Defender for Endpoint tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm
+keywords: Microsoft Defender for Endpoint tvm remediation, Microsoft Defender for Endpoint tvm, threat and vulnerability management, threat & vulnerability management, threat & vulnerability management remediation, tvm remediation intune, tvm remediation sccm, Microsoft Defender Vulnerability Management, mdvm
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
ms.technology: mde
>[!Note] > Want to experience Microsoft Defender Vulnerability Management? Learn more about how you can sign up to the [Microsoft Defender Vulnerability Management public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md).
-Watch this short video to learn how threat and vulnerability management discovers vulnerabilities and misconfigurations on your endpoints and provides actionable insights that help you quickly remediate threats and vulnerabilities in your environment.
+Watch this short video to learn how Microsoft Defender Vulnerability Management discovers vulnerabilities and misconfigurations on your endpoints and provides actionable insights that help you quickly remediate threats and vulnerabilities in your environment.
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4qLVs]
security Tvm Security Baselines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-security-baselines.md
Title: Security baselines assessment description: Find out about the security baselines in your environment
-keywords: Microsoft Defender for Endpoint security baselines, mdvm, threat & vulnerability management
+keywords: Microsoft Defender for Endpoint security baselines, mdvm, threat & vulnerability management, Microsoft Defender Vulnerability Management, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Software Inventory https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-software-inventory.md
Title: Software inventory in Defender Vulnerability Management
-description: The software inventory page for Microsoft Defender for Endpoint's threat and vulnerability management shows how many weaknesses and vulnerabilities have been detected in software.
-keywords: threat and vulnerability management, Microsoft Defender for Endpoint, Microsoft Defender for Endpoint software inventory, Microsoft Defender for Endpoint threat & vulnerability management, Microsoft Defender for Endpoint threat & vulnerability management software inventory, Microsoft Defender for Endpoint tvm software inventory, tvm software inventory
+description: The software inventory page for Microsoft Defender for Endpoint's Vulnerability Management shows how many weaknesses and vulnerabilities have been detected in software.
+keywords: threat and vulnerability management, Microsoft Defender for Endpoint, Microsoft Defender for Endpoint software inventory, Microsoft Defender for Endpoint threat & vulnerability management, Microsoft Defender for Endpoint threat & vulnerability management software inventory, Microsoft Defender for Endpoint tvm software inventory, tvm software inventory, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Supported Os https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-supported-os.md
Title: Supported operating systems platforms and capabilities
-description: Ensure that you meet the operating system or platform requisites for threat and vulnerability management, so the activities in your all devices are properly accounted for.
-keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, Microsoft Defender for Endpoint-tvm supported os, Microsoft Defender for Endpoint-tvm, supported operating systems, supported platforms, linux support, mac support
+description: Ensure that you meet the operating system or platform requisites for Microsoft Defender Vulnerability Management, so the activities in your all devices are properly accounted for.
+keywords: threat & vulnerability management, threat and vulnerability management, operating system, platform requirements, prerequisites, Microsoft Defender for Endpoint-tvm supported os, Microsoft Defender for Endpoint-tvm, supported operating systems, supported platforms, linux support, mac support, mdvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Vulnerable Devices Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-vulnerable-devices-report.md
Title: Vulnerable devices report description: A report showing vulnerable device trends and current statistics so you can understand the breath and scope of your device exposure.
-keywords: Microsoft Defender for Endpoint-tvm vulnerable devices, Microsoft Defender for Endpoint, tvm, reduce threat & vulnerability exposure, reduce threat and vulnerability, monitor security configuration
+keywords: Microsoft Defender for Endpoint-tvm vulnerable devices, Microsoft Defender for Endpoint, tvm, reduce threat & vulnerability exposure, reduce threat and vulnerability, monitor security configuration, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Tvm Weaknesses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses.md
Title: Vulnerabilities in my organization description: Lists the common vulnerabilities and exposures (CVE) ID of weaknesses found in the software running in your organization. Discovered by the Microsoft Defender vulnerability management capabilities.
-keywords: Microsoft Defender for Endpoint threat & vulnerability management, threat and vulnerability management, Microsoft Defender for Endpoint tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm
+keywords: Microsoft Defender for Endpoint threat & vulnerability management, threat and vulnerability management, Microsoft Defender for Endpoint tvm weaknesses page, finding weaknesses through tvm, tvm vulnerability list, vulnerability details in tvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
Microsoft Defender Vulnerability Management uses the same signals in Defender fo
The **Weaknesses** page lists the software vulnerabilities your devices are exposed to by listing the Common Vulnerabilities and Exposures (CVE) ID. You can also view the severity, Common Vulnerability Scoring System (CVSS) rating, prevalence in your organization, corresponding breach, threat insights, and more. > [!NOTE]
-> If there is no official CVE-ID assigned to a vulnerability, the vulnerability name is assigned by threat and vulnerability management.
+> If there is no official CVE-ID assigned to a vulnerability, the vulnerability name is assigned by Microsoft Defender Vulnerability Management, formerly known as threat and vulnerability management.
> [!TIP] > To get emails about new vulnerability events, see [Configure vulnerability email notifications in Microsoft Defender for Endpoint](../defender-endpoint/configure-vulnerability-email-notifications.md)
Report a false positive when you see any vague, inaccurate, or incomplete inform
2. Select **Report inaccuracy** and a flyout pane will open. 3. From the flyout pane, choose an issue to report. 4. Fill in the requested details about the inaccuracy. This will vary depending on the issue you're reporting.
-5. Select **Submit**. Your feedback is immediately sent to the threat and vulnerability management experts.
+5. Select **Submit**. Your feedback is immediately sent to the Microsoft Defender Vulnerability Management experts.
:::image type="content" alt-text="Report inaccuracy options." source="../../media/defender-vulnerability-management/report-inaccuracy-software.png" lightbox="../../media/defender-vulnerability-management/report-inaccuracy-software.png":::
security Tvm Zero Day Vulnerabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-zero-day-vulnerabilities.md
Title: Mitigate zero-day vulnerabilities
-description: Learn how to find and mitigate zero-day vulnerabilities in your environment through threat and vulnerability management.
-keywords: Microsoft Defender for Endpoint tvm zero day vulnerabilities, tvm, threat & vulnerability management, zero day, 0-day, mitigate 0 day vulnerabilities, vulnerable CVE
+description: Learn how to find and mitigate zero-day vulnerabilities in your environment through Microsoft Defender Vulnerability Management.
+keywords: Microsoft Defender for Endpoint tvm zero day vulnerabilities, tvm, threat & vulnerability management, zero day, 0-day, mitigate 0 day vulnerabilities, vulnerable CVE, mdvm, Microsoft Defender Vulnerability Management
ms.prod: m365-security ms.mktglfcycl: deploy ms.sitesec: library
security Advanced Hunting Devicetvminfogathering Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvminfogathering-table.md
Title: DeviceTvmInfoGathering table in the advanced hunting schema description: Learn about the assessment events including the status of various configurations and attack surface area states of devices in the DeviceTvmInfoGathering table of the advanced hunting schema.
-keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
+keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities, Microsoft Defender Vulnerability Management
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
security Advanced Hunting Devicetvminfogatheringkb Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvminfogatheringkb-table.md
Title: DeviceTvmInfoGatheringKB table in the advanced hunting schema description: Learn about the metadata for assessment events in the DeviceTvmInfoGathering table of the advanced hunting schema.
-keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities
+keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, OS DeviceTvmSoftwareInventoryVulnerabilities, MDVM
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
security Advanced Hunting Devicetvmsecureconfigurationassessment Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
ms.technology: m365d
- Microsoft 365 Defender - Microsoft Defender for Endpoint -
-Each row in the `DeviceTvmSecureConfigurationAssessment` table contains an assessment event for a specific security configuration from [Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). Use this reference to check the latest assessment results and determine whether devices are compliant.
+Each row in the `DeviceTvmSecureConfigurationAssessment` table contains an assessment event for a specific security configuration from [Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). Use this reference to check the latest assessment results and determine whether devices are compliant.
You can join this table with the [DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md) table using `ConfigurationId` so you can, for example, view the text description of the configuration from the `ConfigurationDescription` column of the `DeviceTvmSecureConfigurationAssessmentKB` table, in the configuration assessment results.
DeviceTvmSecureConfigurationAssessment
- [Hunt across devices, emails, apps, and identities](advanced-hunting-query-emails-devices.md) - [Understand the schema](advanced-hunting-schema-tables.md) - [Apply query best practices](advanced-hunting-best-practices.md)-- [Overview of Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Overview of Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
security Advanced Hunting Devicetvmsecureconfigurationassessmentkb Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
Title: DeviceTvmSecureConfigurationAssessmentKB table in the advanced hunting schema
-description: Learn about the various secure configurations assessed by Threat & Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the advanced hunting schema.
-keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB
+description: Learn about the various secure configurations assessed by Microsoft Defender Vulnerability Management in the DeviceTvmSecureConfigurationAssessmentKB table of the advanced hunting schema.
+keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, security configuration, MITRE ATT&CK framework, knowledge base, KB, DeviceTvmSecureConfigurationAssessmentKB, MDVM, Microsoft Defender Vulnerability Management
search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: m365-security
ms.technology: m365d
- Microsoft 365 Defender - Microsoft Defender for Endpoint -
-The `DeviceTvmSecureConfigurationAssessmentKB` table in the advanced hunting schema contains information about the various secure configurations checked by [Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics.
+The `DeviceTvmSecureConfigurationAssessmentKB` table in the advanced hunting schema contains information about the various secure configurations checked by [Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). It also includes risk information, related industry benchmarks, and applicable MITRE ATT&CK techniques and tactics.
This table doesn't return events or records. We recommend joining this table to the [DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md) table using `ConfigurationId` to view text information about the security configurations in the returned assessments.
DeviceTvmSecureConfigurationAssessment
- [Hunt across devices, emails, apps, and identities](advanced-hunting-query-emails-devices.md) - [Understand the schema](advanced-hunting-schema-tables.md) - [Apply query best practices](advanced-hunting-best-practices.md)-- [Overview of Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Overview of Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
security Advanced Hunting Devicetvmsoftwareevidencebeta Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwareevidencebeta-table.md
ms.technology: m365d
> [!IMPORTANT] > The `DeviceTvmSoftwareEvidenceBeta` table is currently in beta. Once it leaves beta, the final table name will change and column names may also change. The modifications will then likely break queries that are still using previous names. Users are advised to review and adjust their queries when this table is finalized. -
-The `DeviceTvmSoftwareEvidenceBeta` table in the advanced hunting schema contains data from [Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) related to the [software evidence section](/microsoft-365/security/defender-endpoint/tvm-software-inventory#software-evidence). This table allows you to view evidence of where a specific software was detected on a device. You can use this table, for example, to identify the file paths of specific software. Use this reference to construct queries that return information from the table.
+The `DeviceTvmSoftwareEvidenceBeta` table in the advanced hunting schema contains data from [Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) related to the [software evidence section](/microsoft-365/security/defender-endpoint/tvm-software-inventory#software-evidence). This table allows you to view evidence of where a specific software was detected on a device. You can use this table, for example, to identify the file paths of specific software. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-schema-tables.md).
For information on other tables in the advanced hunting schema, see [the advance
| `DiskPaths` | `dynamic` | Disk paths where file-level evidence indicating the existence of the software on a device was detected | | `LastSeenTime` | `string` | Date and time when the device last seen by this service | --- ## Related topics -- [Overview of Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Overview of Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
- [Proactively hunt for threats](advanced-hunting-overview.md) - [Learn the query language](advanced-hunting-query-language.md) - [Use shared queries](advanced-hunting-shared-queries.md)
security Advanced Hunting Devicetvmsoftwareinventory Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwareinventory-table.md
ms.technology: m365d
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-The `DeviceTvmSoftwareInventory` table in the advanced hunting schema contains the [Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) inventory of software currently installed on devices in your network, including end of support information. You can, for instance, hunt for events involving devices that are installed with a currently vulnerable software version. Use this reference to construct queries that return information from the table.
+The `DeviceTvmSoftwareInventory` table in the advanced hunting schema contains the [Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) inventory of software currently installed on devices in your network, including end of support information. You can, for instance, hunt for events involving devices that are installed with a currently vulnerable software version. Use this reference to construct queries that return information from the table.
>[!NOTE] > The `DeviceTvmSoftwareInventory` and `DeviceTvmSoftwareVulnerabilities` tables have replaced the `DeviceTvmSoftwareInventoryVulnerabilities` table. Together, the first two tables include more columns you can use to help inform your vulnerablity management activities or hunt for vulnerable devices.
For information on other tables in the advanced hunting schema, see [the advance
- [Hunt across devices, emails, apps, and identities](advanced-hunting-query-emails-devices.md) - [Understand the schema](advanced-hunting-schema-tables.md) - [Apply query best practices](advanced-hunting-best-practices.md)-- [Overview of Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Overview of Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
security Advanced Hunting Devicetvmsoftwarevulnerabilities Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwarevulnerabilities-table.md
ms.technology: m365d
>[!IMPORTANT] > Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-The `DeviceTvmSoftwareVulnerabilities` table in the advanced hunting schema contains the [Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) list of vulnerabilities in installed software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. You can use this table, for example, to hunt for events involving devices that have severe vulnerabilities in their software. Use this reference to construct queries that return information from the table.
+The `DeviceTvmSoftwareVulnerabilities` table in the advanced hunting schema contains the [Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) list of vulnerabilities in installed software products. This table also includes operating system information, CVE IDs, and vulnerability severity information. You can use this table, for example, to hunt for events involving devices that have severe vulnerabilities in their software. Use this reference to construct queries that return information from the table.
>[!NOTE] > The `DeviceTvmSoftwareInventory` and `DeviceTvmSoftwareVulnerabilities` tables have replaced the `DeviceTvmSoftwareInventoryVulnerabilities` table. Together, the first two tables include more columns you can use to help inform your vulnerability management activities or hunt for vulnerable devices.
For information on other tables in the advanced hunting schema, see [the advance
- [Hunt across devices, emails, apps, and identities](advanced-hunting-query-emails-devices.md) - [Understand the schema](advanced-hunting-schema-tables.md) - [Apply query best practices](advanced-hunting-best-practices.md)-- [Overview of Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Overview of Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
security Advanced Hunting Devicetvmsoftwarevulnerabilitieskb Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
Title: DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema
-description: Learn about the software vulnerabilities tracked by Threat & Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema.
+description: Learn about the software vulnerabilities tracked by Microsoft Defender Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema.
keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema, reference, kusto, table, column, data type, description, threat & vulnerability management, TVM, device management, software, inventory, vulnerabilities, CVE ID, CVSS, DeviceTvmSoftwareVulnerabilitiesKB search.product: eADQiWindows 10XVcnh search.appverid: met150
ms.technology: m365d
-The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) assesses devices for. Use this reference to construct queries that return information from the table.
+The `DeviceTvmSoftwareVulnerabilitiesKB` table in the advanced hunting schema contains the list of vulnerabilities [Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) assesses devices for. Use this reference to construct queries that return information from the table.
For information on other tables in the advanced hunting schema, see [the advanced hunting reference](advanced-hunting-schema-tables.md).
For information on other tables in the advanced hunting schema, see [the advance
- [Hunt across devices, emails, apps, and identities](advanced-hunting-query-emails-devices.md) - [Understand the schema](advanced-hunting-schema-tables.md) - [Apply query best practices](advanced-hunting-best-practices.md)-- [Overview of Threat & Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
+- [Overview of Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt)
security Advanced Hunting Schema Tables https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-schema-tables.md
The following reference lists all the tables in the schema. Each table name link
| **[DeviceNetworkInfo](advanced-hunting-devicenetworkinfo-table.md)** | Network properties of devices, including physical adapters, IP and MAC addresses, as well as connected networks and domains | | **[DeviceProcessEvents](advanced-hunting-deviceprocessevents-table.md)** | Process creation and related events | | **[DeviceRegistryEvents](advanced-hunting-deviceregistryevents-table.md)** | Creation and modification of registry entries |
-| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Threat & Vulnerability Management assessment events, indicating the status of various security configurations on devices |
-| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Threat & Vulnerability Management to assess devices; includes mappings to various standards and benchmarks |
+| **[DeviceTvmSecureConfigurationAssessment](advanced-hunting-devicetvmsecureconfigurationassessment-table.md)** | Microsoft Defender Vulnerability Management assessment events, indicating the status of various security configurations on devices |
+| **[DeviceTvmSecureConfigurationAssessmentKB](advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md)** | Knowledge base of various security configurations used by Microsoft Defender Vulnerability Management to assess devices; includes mappings to various standards and benchmarks |
| **[DeviceTvmSoftwareInventory](advanced-hunting-devicetvmsoftwareinventory-table.md)** | Inventory of software installed on devices, including their version information and end-of-support status | | **[DeviceTvmSoftwareVulnerabilities](advanced-hunting-devicetvmsoftwarevulnerabilities-table.md)** | Software vulnerabilities found on devices and the list of available security updates that address each vulnerability | | **[DeviceTvmSoftwareVulnerabilitiesKB](advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md)** | Knowledge base of publicly disclosed vulnerabilities, including whether exploit code is publicly available |
security Api Get Incident https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/api-get-incident.md
audience: ITPro
+MS.technology: m365d
security Configure Event Hub https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/configure-event-hub.md
audience: ITPro
+MS.technology: m365d
# Configure your Event Hubs
security Configure Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/configure-microsoft-threat-experts.md
ms.localizationpriority: medium
audience: ITPro
+ms.technology: m365d
- M365-security-compliance - m365initiative-m365-defender
security Custom Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/custom-roles.md
The following table outlines the roles and permissions required to access each u
| Managing alerts and incidents | Alerts investigation | <ul><li>Manage alerts</li> <li>Security admin</li> | <ul><li>Global admin</li> <li>Security admin</li> <li>Compliance admin</li> <li>Security operator</li> <li>Security reader</li></ul> | | Action center remediation | Active remediation actions ΓÇô security operations | Search and purge | | | Setting custom detections | Manage security settings |<ul><li>Manage alerts</li> <li>Security admin</li></ul> | <ul><li>Global admin</li> <li>Security admin</li> <li>Compliance admin</li> <li>Security operator</li> <li>Security reader</li> <li>Global reader</li></ul> |
-| Threat Analytics | Alerts and incidents data: <ul><li>View data- security operations</li></ul>TVM mitigations:<ul><li>View data - Threat and vulnerability management</li></ul> | Alerts and incidents data:<ul> <li>View-only Manage alerts</li> <li>Manage alerts</li> <li>Organization configuration</li><li>Audit logs</li> <li>View-only audit logs</li><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> </ul> Prevented email attempts: <ul><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> | Not available for Defender for Cloud Apps or MDI users |
+| Threat Analytics | Alerts and incidents data: <ul><li>View data- security operations</li></ul>MDVM mitigations:<ul><li>View data - Microsoft Defender Vulnerability Management</li></ul> | Alerts and incidents data:<ul> <li>View-only Manage alerts</li> <li>Manage alerts</li> <li>Organization configuration</li><li>Audit logs</li> <li>View-only audit logs</li><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> </ul> Prevented email attempts: <ul><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> | Not available for Defender for Cloud Apps or MDI users |
For example, to view hunting data from Microsoft Defender for Endpoint, View data security operations permissions are required.
security Eval Defender Endpoint Pilot https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-endpoint-pilot.md
Let's start by checking out the dashboards.
### View the device inventory The device inventory is where you'll see the list of endpoints, network devices, and IoT devices in your network. Not only does it provide you with a view of the devices in your network, but it also gives your in-depth information about them such as domain, risk level, OS platform, and other details for easy identification of devices most at risk.
-### View the Threat and vulnerability management dashboard
-Threat and vulnerability management helps you focus on the weaknesses that pose the most urgent and the highest risk to the organization. From the dashboard, get a high-level view of the organization exposure score, Microsoft Secure Score for Devices, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
+### View the Microsoft Defender Vulnerability Management dashboard
+Defender Vulnerability Management management helps you focus on the weaknesses that pose the most urgent and the highest risk to the organization. From the dashboard, get a high-level view of the organization exposure score, Microsoft Secure Score for Devices, device exposure distribution, top security recommendations, top vulnerable software, top remediation activities, and top exposed device data.
### Run a simulation Microsoft Defender for Endpoint comes with ["Do It Yourself" attack scenarios](https://securitycenter.windows.com/tutorials) that you can run on your pilot devices. Each document includes OS and application requirements as well as detailed instructions that are specific to an attack scenario. These scripts are safe, documented, and easy to use. These scenarios will reflect Defender for Endpoint capabilities and walk you through investigation experience.
security First Incident Prepare https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/first-incident-prepare.md
Microsoft 365 Defender can help address several aspects of incident prevention:
- Implementing a [Zero Trust](/security/zero-trust/) framework - Determining your security posture by assigning a score with [Microsoft Secure Score](microsoft-secure-score.md)-- Preventing threats through vulnerability assessments in [Threat and Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)
+- Preventing threats through vulnerability assessments in [Defender Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)
- Understanding the latest security threats so you can prepare for them with [threat analytics](threat-analytics.md) ## Step 1. Implement Zero Trust
Microsoft 365 Defender can help address several aspects of incident prevention:
Components of Microsoft 365 Defender can display violations of rules that have been implemented to establish Conditional Access policies for Zero Trust by integrating data from Microsoft Defender for Endpoint or other mobile security vendors as an information source for device compliance policies and implementation of device-based Conditional Access policies.
-Device risk directly influences what resources will be accessible by the user of that device. The denial of access to resources based on certain criteria is the main theme of Zero Trust and Microsoft 365 Defender provides information needed to determine the trust level criteria. For example, Microsoft 365 Defender can provide the software version level of a device through the Threat and Vulnerability Management page while Conditional Access policies restrict devices that have outdated or vulnerable versions.
+Device risk directly influences what resources will be accessible by the user of that device. The denial of access to resources based on certain criteria is the main theme of Zero Trust and Microsoft 365 Defender provides information needed to determine the trust level criteria. For example, Microsoft 365 Defender can provide the software version level of a device through the Microsoft Defender Vulnerability Management, formerly known as Threat & Vulnerability Management page while Conditional Access policies restrict devices that have outdated or vulnerable versions.
Automation is a crucial part of implementing and maintaining a Zero Trust environment while also reducing the number of alerts that would potentially lead to incident response (IR) events. Components of Microsoft 365 Defender can be automated such as [remediation actions](m365d-autoir.md) (known as investigations for an incident in the Microsoft 365 Defender portal), notification actions, and even the creation of support tickets such as in [ServiceNow](https://microsoft.service-now.com/sp/).
Next, organizations can use the [Microsoft Secure Score](microsoft-secure-score.
Preventing incidents can help streamline security operations efforts to focus on on-going critical and important security incidents. Software vulnerabilities are often a preventable entry point for attacks that can lead to data theft, data loss, or disruption of business operations. If no attacks are on-going, security operations must strive to achieve and maintain an acceptable level of [vulnerability exposure](../defender-endpoint/tvm-exposure-score.md) in their organization.
-To check your software patching progress, visit the [Threat and Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md) page in Defender for Endpoint, which you can access from Microsoft 365 Defender through the **More resources** tab.
+To check your software patching progress, visit the [Microsoft Defender Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md) page in Defender for Endpoint, which you can access from Microsoft 365 Defender through the **More resources** tab.
:::image type="content" source="../../media/first-incident-prepare/first-incident-vulnerability.png" alt-text="The Threat and Vulnerability page in the Microsoft 365 Defender portal portal" lightbox="../../media/first-incident-prepare/first-incident-vulnerability.png":::
security Incidents Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incidents-overview.md
Daily tasks can include:
Monthly tasks can include: - Reviewing [AIR settings](m365d-configure-auto-investigation-response.md)-- Reviewing [Secure Score](microsoft-secure-score-improvement-actions.md) and [Threat & Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)
+- Reviewing [Secure Score](microsoft-secure-score-improvement-actions.md) and [Microsoft Defender Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)
- Reporting to your IT security management chain Quarterly tasks can include a report and briefing of security results to the Chief Information Security Officer (CISO).
security Integrate Microsoft 365 Defender Secops Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-plan.md
The SOC is the frontline of defense to security events and incidents. When an ev
## Centralize monitoring and logging of your organization's security sources
-Usually, the SOC team's core function is to make sure all security devices such as firewalls, intrusion prevention systems, data loss prevention systems, threat and vulnerability management systems, and identity systems are functioning correctly and being monitored. The SOC teams will work with the broader network operations such as identity, DevOps, cloud, application, data science, and other business teams to ensure the analysis of security information is centralized and secured. Additionally, the SOC team is responsible for maintaining logs of the data in useable and readable formats, which could include parsing and normalizing disparate formats.
+Usually, the SOC team's core function is to make sure all security devices such as firewalls, intrusion prevention systems, data loss prevention systems, Defender Vulnerability Management systems, and identity systems are functioning correctly and being monitored. The SOC teams will work with the broader network operations such as identity, DevOps, cloud, application, data science, and other business teams to ensure the analysis of security information is centralized and secured. Additionally, the SOC team is responsible for maintaining logs of the data in useable and readable formats, which could include parsing and normalizing disparate formats.
## Establish Red, Blue, and Purple team operational readiness
security Integrate Microsoft 365 Defender Secops Tasks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-tasks.md
Here are the periodic or as-needed tasks to maintain your SOC for Microsoft 365
|Deploy automation scripts and services where appropriate|Download and test automation scripts and configuration files from approved Microsoft sites to improve Microsoft 365 Defender operations.|Weekly and as needed|Engineering and SecOps| |Portal or license management|Check announcements and the Microsoft Messaging Center for Microsoft 365 Defender portal or licensing needs based on Microsoft updates and new features.|Weekly|SOC Oversight| |Update SOC escalation tickets|All SOC teams update escalation tickets (such as Sentinel, ServiceNow tickets) assigned to them.|Daily|All SOC teams|
-|Track Microsoft 365 Defender Threat & Vulnerability remediation activity|Generate TvM Secure Score remediation activity and report to asset owners through an intranet portal.|Daily|Monitoring|
+|Track Microsoft Defender Vulnerability Management (MDVM) activity|Generate MDVM Secure Score remediation activity and report to asset owners through an intranet portal.|Daily|Monitoring|
|Generate Secure Score report|Monitoring team tracks and reports Secure Score improvements.|Weekly SOC|Monitoring| |Run IR tabletop exercise|Test SOC team playbooks in tabletop exercise.|As needed|All SOC teams|
security Integrate Microsoft 365 Defender Secops Use Cases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases.md
Once the story board has been approved, the next step is to invoke the use case
Another scenario where a use case could be used is for threat and vulnerability scanning. In this example, the SOC requires that threats and vulnerabilities be remediated against assets via approved processes that include scanning of assets.
-Here is an example high-level storyboard for the threat and vulnerability management of assets.
+Here is an example high-level storyboard for the Microsoft Defender Vulnerability Management of assets.
:::image type="content" source="../../media/integrate-microsoft-365-defender-secops/example-use-case-workflow-storyboard-tvm.png" alt-text="A use-case workflow for threat and vulnerability management" lightbox="../../media/integrate-microsoft-365-defender-secops/example-use-case-workflow-storyboard-tvm.png":::
For example, in the anti-phishing scenario example, the SOC teams could have mad
|Monitoring team|Data sources are properly feeding the monitoring dashboards|Tier 1,2 SOC AnalystΓÇôMonitoring & Alerts|Workflow for reporting Security & Compliance Center Secure Score|[Alerts in Security & Compliance Center](/microsoft-365/security/office-365-security/alerts) <p> Secure Score monitoring|No mechanism for SOC analysts to report successful new phishing variant detection to improve Secure Score <p> [View email security reports in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/view-email-security-reports)|Add a process for tracking Secure Score improvement to Reporting workflows|N| |Engineering and SecOps Team|Change control updates are made in the SOC team runbooks|Tier 2 SOC Engineer|Change Control notification procedure for SOC team runbooks|Approved changes to security devices|Changes to Microsoft 365 Defender connectivity to SOC security technology requires approval|Add Microsoft Defender for Cloud Apps, Defender for Identity, Defender for Endpoint, Security & Compliance Center to SOC runbooks|Y|
-Additionally, the SOC teams could have made the discoveries outlined in the table below in regard to the threat and vulnerability management scenario outlined above:
+Additionally, the SOC teams could have made the discoveries outlined in the table below in regard to the Defender Vulnerability Management scenario outlined above:
|SOC team|Requirement|People to meet requirement|Process to meet requirement|Relevant technology|Gap identified|Use case change log|Exempt (Y/N)| ||||||||| |SOC Oversight|All assets connected to approved networks are identified and categorized|SOC Oversight, BU owners, application owners, IT asset owners, etc.|Centralized asset management system to discover and list asset category and attributes based on risk.|ServiceNow or other assets. <br><br>[Microsoft 365 Device Inventory](/microsoft-365/security/defender-endpoint/device-discovery)|Only 70% of assets have been discovered. Microsoft 365 Defender remediation tracking only effective for known assets|Mature asset lifecycle management services to ensure Microsoft 365 Defender has 100% coverage|N|
-|Engineering & SecOps Teams|High impact and critical vulnerabilities in assets are remediated according to policy|SecOps engineers, SOC analysts: Vulnerability & Compliance, Security Engineering|Defined process for categorizing High Risk and Critical Vulnerabilities|[Threat and Vulnerability Management Dashboards](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)|Defender for Endpoint has identified high impact, high alert devices with no remediation plan or implementation of Microsoft recommended activity|Add a workflow for notifying asset owners when remediation activity is required within 30 days per policy; Implement a ticketing system to notify asset owners of remediation steps.|N|
+|Engineering & SecOps Teams|High impact and critical vulnerabilities in assets are remediated according to policy|SecOps engineers, SOC analysts: Vulnerability & Compliance, Security Engineering|Defined process for categorizing High Risk and Critical Vulnerabilities|[Microsoft Defender Vulnerability Management Dashboards](/microsoft-365/security/defender-endpoint/next-gen-threat-and-vuln-mgt)|Defender for Endpoint has identified high impact, high alert devices with no remediation plan or implementation of Microsoft recommended activity|Add a workflow for notifying asset owners when remediation activity is required within 30 days per policy; Implement a ticketing system to notify asset owners of remediation steps.|N|
|Monitoring Teams|Threat and vulnerability status is reported via company intranet portal|Tier 2 SOC analyst|Auto-generated reports from Microsoft 365 Defender showing remediation progress of assets|[Alerts in Security & Compliance Center](/microsoft-365/security/office-365-security/alerts) <p> Secure Score monitoring|No views or dashboard reports being communicated to asset owners regarding threat and vulnerability status of assets.|Create automation script to populate status of high risk and critical asset vulnerability remediation to the organization.|N| In these example use cases, the testing revealed several gaps in the SOC team's requirements that were established as baselines for the responsibilities of each team. The use case checklist can be as comprehensive as needed to ensure that the SOC team is prepared for the Microsoft 365 Defender integration with new or existing SOC requirements. Since this will be an iterative process, the use case development process and the use case output content will naturally serve to update and mature the SOC's runbooks with lessons learned.
security Investigate Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/investigate-alerts.md
To create a suppression rule for alerts:
3. You can edit and/or delete properties of this 'evidence' as per your requirement (using wildcards, when supported).
- 4. Other than files and processes, AMSI script, WMI event, and scheduled tasks are some of the newly added evidence types that you can select from the evidence types drop-down list.
+ 4. Other than files and processes, AntiMalware Scan Interface (AMSI) script, Windows Management Instrumentation (WMI) event, and scheduled tasks are some of the newly added evidence types that you can select from the evidence types drop-down list.
:::image type="content" source="../../media/investigate-alerts/other-evidence-types.png" alt-text="Screenshot of other types of evidence." lightbox="../../media/investigate-alerts/other-evidence-types.png"::: 5. To add another IOC, click **Add filter**.
security M365d Action Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/m365d-action-center.md
- M365-security-compliance - m365initiative-m365-defender
+ms.technology: m365d
- autoir - admindeeplinkDEFENDER
security Microsoft 365 Defender Portal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-defender-portal.md
You can search across the following entities in Defender for Endpoint and Defend
>[!NOTE] >IP and URL searches are exact match and don't appear in the search results page ΓÇô they lead directly to the entity page. -- **TVM** - same capabilities as in Defender for Endpoint (vulnerabilities, software, and recommendations).
+- **MDVM** - same capabilities as in Defender for Endpoint (vulnerabilities, software, and recommendations).
## Threat analytics
security Microsoft 365 Security Center Mde https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-security-center-mde.md
The image and the table below lists the changes in navigation between the Micros
| Advanced hunting | Hunting | | Reports | Reports | | Partners & APIs | Partners & APIs |
-| Threat & Vulnerability Management | Vulnerability management |
+| Microsoft Defender Vulnerability Management | Vulnerability management |
| Evaluation and tutorials | Evaluation & tutorials | | Configuration management | Configuration management | | Settings | Settings |
This table is a quick reference of the changes between the Microsoft Defender Se
| Area | Description of change | |||
-|Search | The search bar is located at the top of the page. Suggestions are provided as you type. You can search across the following entities in Defender for Endpoint and Defender for Identity: <br><br> - **Devices** - supported for both Defender for Endpoint and Defender for Identity. You can even use search operators, for example, you can use "contains" to search for part of a host name. <br><br> - **Users** - supported for both Defender for Endpoint and Defender for Identity. <br><br> - **Files, IPs, and URLs** - same capabilities as in Defender for Endpoint. <br> NOTE: *IP and URL searches are exact match and don't appear in the search results page ΓÇô they lead directly to the entity page. <br><br> - **TVM** - same capabilities as in Defender for Endpoint (vulnerabilities, software, and recommendations). <br><br> The enhanced search results page centralizes the results from all entities. |
+|Search | The search bar is located at the top of the page. Suggestions are provided as you type. You can search across the following entities in Defender for Endpoint and Defender for Identity: <br><br> - **Devices** - supported for both Defender for Endpoint and Defender for Identity. You can even use search operators, for example, you can use "contains" to search for part of a host name. <br><br> - **Users** - supported for both Defender for Endpoint and Defender for Identity. <br><br> - **Files, IPs, and URLs** - same capabilities as in Defender for Endpoint. <br> NOTE: *IP and URL searches are exact match and don't appear in the search results page ΓÇô they lead directly to the entity page. <br><br> - **MDVM** - same capabilities as in Defender for Endpoint (vulnerabilities, software, and recommendations). <br><br> The enhanced search results page centralizes the results from all entities. |
|[Dashboard](/windows/security/threat-protection/microsoft-defender-atp/security-operations-dashboard) | This is your security operations dashboard. See an overview of how many active alerts were triggered, which devices are at risk, which users are at risk, and severity level for alerts, devices, and users. You can also see if any devices have sensor issues, your overall service health, and how any unresolved alerts were detected. | |Device inventory | No changes. |
-|[Vulnerability management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Name was shortened to fit in the navigation pane. It's the same as the threat and vulnerability management section, with all the pages underneath. |
+|[Vulnerability management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt) | Name was shortened to fit in the navigation pane. It's the same as the Microsoft Defender Vulnerability Management section, with all the pages underneath. |
| Partners and APIs | No changes. | | Evaluations & tutorials | New testing and learning capabilities. | | Configuration management | No changes. |
security Microsoft Secure Score Improvement Actions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-improvement-actions.md
Choose any statuses and record notes specific to the improvement action.
- **Risk accepted** - Security should always be balanced with usability, and not every recommendation will work for your environment. When that is the case, you can choose to accept the risk, or the remaining risk, and not enact the improvement action. You won't be given any points, but the action will no longer be visible in the list of improvement actions. You can view this action in history or undo it at any time. - **Resolved through third party** and **Resolved through alternate mitigation** - The improvement action has already been addressed by a third-party application or software, or an internal tool. You'll gain the points that the action is worth, so your score better reflects your overall security posture. If a third party or internal tool no longer covers the control, you can choose another status. Keep in mind, Microsoft will have no visibility into the completeness of implementation if the improvement action is marked as either of these statuses.
-#### Threat & vulnerability management improvement actions
+#### Microsoft Defender Vulnerability Management improvement actions
-For improvement actions in the "Device" category, you can't choose statuses. Instead, you'll be directed to the associated [threat and vulnerability management security recommendation](/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) in the Microsoft 365 Defender to take action. The exception you choose and justification you write will be specific to that portal. It won't be present in the Microsoft Secure Score portal.
+For improvement actions in the "Device" category, you can't choose statuses. Instead, you'll be directed to the associated [Microsoft Defender Vulnerability Management security recommendation](/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) in the Microsoft 365 Defender to take action. The exception you choose and justification you write will be specific to that portal. It won't be present in the Microsoft Secure Score portal.
#### Completed improvement actions
security Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-threat-experts.md
ms.localizationpriority: medium
audience: ITPro
+ms.technology: m365d
- M365-security-compliance - m365initiative-m365-defender
[!INCLUDE [Prerelease](../includes/prerelease.md)]
+> [!NOTE]
+> As of August 2022, the Experts on Demand option to **Consult a threat expert** has been rebranded to **Ask Defender Experts**.
+ Endpoint Attack Notifications (previously referred to as Microsoft Threat Experts - Targeted Attack Notification) is a managed threat hunting service. Once you apply and are accepted, you'll receive endpoint attack notifications from Microsoft threat experts, so you won't miss critical threats to your environment. These notifications will help you protect your organization's endpoints, email, and identities. Microsoft Threat Experts ΓÇô Experts on Demand lets you get expert advice about threats your organization is facing. You can reach out for help on threats your organization is facing. It's available as a subscription service.
Select **Ask Defender Experts** directly inside the Microsoft 365 security porta
- Gain clarity into suspicious devices, alerts, or incidents and get next steps if faced with an advanced attacker - Determine risks and available protections related to threat actors, campaigns, or emerging attacker techniques
+> [!NOTE]
+> As of August 2022, the Experts on Demand option to **Consult a threat expert** has been rebranded to **Ask Defender Experts**.
+ The option to **Ask Defender Experts** is available in several places throughout the portal: -- <i>**Device page actions menu**</i><BR>-- <i>**Device inventory page flyout menu**</i><BR>-- <i>**Alerts page flyout menu**</i><BR>-- <i>**Incidents page actions menu**</i><BR>-- <i>**Incidents inventory page**</i><BR>
+- ***Device page actions menu***
+
+![Screenshot of the Ask Defender Experts menu option in the Device page action menu in the Microsoft 365 Defender portal.](../../media/mte/device-page-actions-menu.png)
+
+- ***Alerts page actions menu***
+
+![Screenshot of the Ask Defender Experts menu option in the Alerts page action menu in the Microsoft 365 Defender portal.](../../media/mte/alerts-page-actions-menu.png)
+
+- ***File page actions menu***
+
+![Screenshot of the Ask Defender Experts menu option in the Incidents page action menu in the Microsoft 365 Defender portal.](../../media/mte/incidents-page-actions-menu.png)
> [!NOTE] > If you have Premier Support subscription mapped to your Microsoft Defender for Office 365 license, you can track the status of your Experts on Demand cases through Microsoft Services Hub.
security Onboarding Defender Experts For Hunting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/onboarding-defender-experts-for-hunting.md
The Defender Experts Notifications service includes:
Refer to the following screenshot to see a sample Defender Experts Notification:
-![Secreenshot of a Defender Experts Notification in Microsoft 365 Defender. A Defender Expert Notification includes a title that describes the threat or activity observed, an executive summary, and list of recommendations.](../../media/mte/defenderexperts/receive-defender-experts-notification.png)
+![Screenshot of a Defender Experts Notification in Microsoft 365 Defender. A Defender Expert Notification includes a title that describes the threat or activity observed, an executive summary, and list of recommendations.](../../media/mte/defenderexperts/receive-defender-experts-notification.png)
### Where you'll find Defender Experts Notifications
security Playbook Detecting Ransomware M365 Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender.md
Last updated 05/30/2022
ms.prod: m365-security ms.localizationpriority: medium
+ms.technology: m365d
f1.keywords: NOCSH
security Playbook Responding Ransomware M365 Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/playbook-responding-ransomware-m365-defender.md
Last updated 05/30/2022
ms.prod: m365-security ms.localizationpriority: medium
+ms.technology: m365d
f1.keywords: NOCSH # Responding to ransomware attacks
security Threat Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/threat-analytics.md
In the **Exposure & mitigations** section, review the list of specific actionabl
- Potentially unwanted application (PUA) protection - Real-time protection
-Mitigation information in this section incorporates data from [threat and vulnerability management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt), which also provides detailed drill-down information from various links in the report.
+Mitigation information in this section incorporates data from [Microsoft Defender Vulnerability Management](/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt), which also provides detailed drill-down information from various links in the report.
:::image type="content" source="../../media/threat-analytics/ta_mitigations_mtp.png" alt-text="The mitigations section of a threat analytics report showing secure configuration details" lightbox="../../media/threat-analytics/ta_mitigations_mtp.png":::
To access threat analytics reports, you need certain roles and permissions. See
- To view alerts, incidents, or impacted assets data, you need to have permissions to Microsoft Defender for Office or Microsoft Defender for Endpoint alerts data, or both. - To view prevented email attempts, you need to have permissions to Microsoft Defender for Office hunting data.-- To view mitigations, you need to have permissions to threat and vulnerability management data in Microsoft Defender for Endpoint.
+- To view mitigations, you need to have permissions to Defender Vulnerability Management data in Microsoft Defender for Endpoint.
When looking at the threat analytics data, remember the following factors:
security Cybersecurity Industry Partners https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/cybersecurity-industry-partners.md
Go to the [VIA program page](virus-information-alliance-criteria.md) for more in
MVI is open to organizations who build and own a Real Time Protection (RTP) anti-malware product of their own design, or one developed using a third-party Antivirus SDK.
-Members get access to Microsoft client APIs for the Microsoft Defender Security Center, IOAV, AMSI, and Cloud Files, along with health data and other telemetry to help their customers stay protected. Anti-malware products are submitted to Microsoft for performance testing regularly.
+Members get access to the [Microsoft 365 Defender APIs](../defender/api-overview.md) for the Microsoft 365 Defender portal, IOfficeAntivirus (IOAV), AntiMalware Scan Interface (AMSI), and Cloud Files, along with health data and other telemetry to help customers stay protected. Anti-malware products are submitted to Microsoft for performance testing regularly.
Go to the [MVI program page](virus-initiative-criteria.md) for more information.
security Allow Block Email Spoof https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/allow-block-email-spoof.md
Last updated audience: ITPro Previously updated : 08/11/2022 ms.localizationpriority: medium search.appverid: - MET150
security Mcas Saas Access Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/mcas-saas-access-policies.md
- M365-identity-device-management - M365-security-compliance - zerotrust-solution
+ms.technology: mdo
ms.prod: m365-security
security Office 365 Ti https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/office-365-ti.md
Microsoft Defender for Office 365 uses role-based access control. Permissions ar
|Activity|Roles and permissions| |||
-|Use the Threat & Vulnerability Management dashboard (or the new [Security dashboard](security-dashboard.md) <p> View information about recent or current threats|One of the following: <ul><li>**Global Administrator**</li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <p> These roles can be assigned in either Azure Active Directory (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
+|Use the Microsoft Defender Vulnerability Management dashboard (or the new [Security dashboard](security-dashboard.md) <p> View information about recent or current threats|One of the following: <ul><li>**Global Administrator**</li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <p> These roles can be assigned in either Azure Active Directory (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
|Use [Explorer (and real-time detections)](threat-explorer.md) to analyze threats|One of the following: <ul><li>**Global Administrator**</li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <p> These roles can be assigned in either Azure Active Directory (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).| |View Incidents (also referred to as Investigations) <p> Add email messages to an incident|One of the following: <ul><li>**Global Administrator**</li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <p> These roles can be assigned in either Azure Active Directory (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).| |Trigger email actions in an incident <p> Find and delete suspicious email messages|One of the following: <ul><li>**Global Administrator**</li><li>**Security Administrator** plus the **Search and Purge** role</li></ul> <p> The **Global Administrator** and **Security Administrator** roles can be assigned in either Azure Active Directory (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>). <p> The **Search and Purge** role must be assigned in the **Email & collaboration roles** in the Microsoft 36 Defender portal (<https://security.microsoft.com>).|
security Trial Playbook Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/trial-playbook-defender-for-office-365.md
search.appverid:
- MOE150 - MET150 description: "Microsoft Defender for Office 365 solutions trial playbook."
+ms.technology: mdo
solutions Ransomware Protection Microsoft 365 Security Baselines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/ransomware-protection-microsoft-365-security-baselines.md
Apply [security baselines](https://techcommunity.microsoft.com/t5/microsoft-secu
## Impact on users and change management
-As a best practice for an attack surface reduction rule, assess how a rule might impact your network by opening the security recommendation for that rule in threat and vulnerability management. The recommendation details pane describes the user impact, which you can use to determine what percentage of your devices can accept a new policy enabling the rule in blocking mode without adverse impact to user productivity.
+As a best practice for an attack surface reduction rule, assess how a rule might impact your network by opening the security recommendation for that rule in Defender Vulnerability Management. The recommendation details pane describes the user impact, which you can use to determine what percentage of your devices can accept a new policy enabling the rule in blocking mode without adverse impact to user productivity.
Additionally, Exchange email baseline settings can block incoming email and prevent the sending of email or the clicking of links within email. Educate your workers on this behavior and the reason these precautions are being taken.
whiteboard Configure Privacy Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/configure-privacy-settings.md
If you are the Microsoft Whiteboard administrator for your organization, you can
- Whether optional connected experiences in Whiteboard are available to your users.
+In order to configure privacy settings, you must first ensure that Whiteboard is enabled for your organization. For more information, see [Manage access to Whiteboard](manage-whiteboard-access-organizations.md).
++ To configure the level of diagnostic data, sign in to the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview) with your administrator account. From the admin center home page, go to **Show all > Settings > Org settings > Whiteboard**. To configure the availability of optional connected experiences, use the [Office cloud policy service](/deployoffice/admincenter/overview-office-cloud-policy-service) in the [Microsoft 365 Apps admin center](https://config.office.com). Sign in with your administrator account and go to **Customization > Policy Management**. The policy you want to configure is named: **Allow the use of additional optional connected experiences in Office**.
whiteboard Manage Data Organizations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-data-organizations.md
description: Learn about data retention for Microsoft Whiteboard in Azure and On
# Manage data for Microsoft Whiteboard
+In order to manage data, you must first ensure that Whiteboard is enabled for your organization. For more information, see [Manage access to Whiteboard](manage-whiteboard-access-organizations.md).
+ Whiteboard content is stored in both Azure and OneDrive for Business. New whiteboards will be stored in OneDrive for Business; the only exception is whiteboards started from a Surface Hub will be stored in Azure (which will be moved to OneDrive for Business in the future). For more information, see [Manage sharing in Whiteboard](manage-sharing-organizations.md). ## Azure storage overview
Content in Azure doesn't support Data Loss Prevention (DLP), eDiscovery, retenti
### If a user account is deleted in Azure
-We're changing how whiteboards are stored when a user's account is deleted in Azure. Prior to the change, when a user's account was deleted, whiteboards that the user owned was also deleted, but whiteboards that were shared with others weren't deleted.
+We're changing how whiteboards are stored when a user's account is deleted in Azure. Prior to the change, any whiteboards that were owned by a deleted user's account were also deleted. However, whiteboards that were shared with others weren't deleted.
>[!NOTE] > Whiteboards stored in OneDrive for Business will be handled like any other content in OneDrive for Business. For more information, see [Set the OneDrive retention for deleted users](/onedrive/set-retention).
Ensure that any deletion process or script handles this change. If you're fine w
## OneDrive for Business storage overview
-Whiteboards will be created in the OneDrive for Business folder of the person who starts the whiteboard (SharePoint isn't yet supported). This process applies to all whiteboards created in the standalone Whiteboard applications, and in Microsoft Teams meetings, chats, and channels. The only exception is whiteboards started from a Surface Hub will be stored in Azure (which will be moved to OneDrive for Business in the future).
+Whiteboards will be created in the OneDrive for Business folder of the person who starts the whiteboard. SharePoint isn't yet supported. This process applies to all whiteboards created in the standalone Whiteboard applications, and in Microsoft Teams meetings, chats, and channels. The only exception is whiteboards started from a Surface Hub will be stored in Azure, though they'll be moved to OneDrive for Business in the future.
-Any users who do not have OneDrive for Business provisioned will no longer be able to create new whiteboards when this change is implemented. However, they can still edit their previously created boards. They can also collaborate on any whiteboards that are shared with them by others who have OneDrive for Business.
+Any users who don't have OneDrive for Business provisioned will no longer be able to create new whiteboards when this change is implemented. However, they can still edit their previously created boards. They can also collaborate on any whiteboards that are shared with them by others who have OneDrive for Business.
An average whiteboard might be anywhere from 50 KB to 1 MB in size and located wherever your OneDrive for Business content resides. To check where data for your tenant is stored, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations). Then look at the location for OneDrive for Business.
Data controls supported today:
- Quota - Legal hold - DLP-- Basic eDiscovery ΓÇô The .whiteboard files are stored as files in the creator's OneDrive for Business. They're indexed for keyword and file type search, but aren't available to preview or review. Upon export, an admin needs to upload the file back to OneDrive for Business to view the content. Additional support is planned for the future.
+- Basic eDiscovery ΓÇô The .whiteboard files are stored as files in the creator's OneDrive for Business. They're indexed for keyword and file type search, but aren't available to preview or review. Upon export, an admin needs to upload the file back to OneDrive for Business to view the content. More support is planned for the future.
Data controls planned for future releases: - Sensitivity labels - Analytics-- Additional eDiscovery support
+- More eDiscovery support
## See also