Updates from: 08/14/2021 03:25:32
Category Microsoft Docs article Related commit history on GitHub Change details
admin About Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-admin-roles.md
description: "Admin roles such as the Service admin map to business functions an
# About admin roles
-Microsoft 365 or Office 365 subscription comes with a set of admin roles that you can assign to users in your organization using the Microsoft 365 admin center. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers.
+Microsoft 365 or Office 365 subscription comes with a set of admin roles that you can assign to users in your organization using the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers.
-The Microsoft 365 admin center lets you manage Azure AD roles and Microsoft Intune roles. However, these roles are a subset of the roles available in the Azure AD portal and the Intune admin center.
+The <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> lets you manage Azure AD roles and Microsoft Intune roles. However, these roles are a subset of the roles available in the Azure AD portal and the Intune admin center.
## Before you begin
-Looking for the full list of detailed Azure AD role descriptions you can manage in the Microsoft 365 admin center? Check out Administrator role permissions in Azure Active Directory. [Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles).
+Looking for the full list of detailed Azure AD role descriptions you can manage in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>? Check out Administrator role permissions in Azure Active Directory. [Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles).
-Looking for the full list of detailed Intune role descriptions you can manage in the Microsoft 365 admin center? Check out [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
+Looking for the full list of detailed Intune role descriptions you can manage in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>? Check out [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
-For more information on assigning roles in the Microsoft 365 admin center, see [Assign admin roles](assign-admin-roles.md).
+For more information on assigning roles in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, see [Assign admin roles](assign-admin-roles.md).
## Watch: What is an admin?
If you get a message in the admin center telling you that you don't have permiss
## Commonly used Microsoft 365 admin center roles
-In the Microsoft 365 admin center, you can go to **Roles**, and then select any role to open its detail pane. Select the **Permissions** tab to view the detailed list of what admins assigned that role have permissions to do. Select the **Assigned** or **Assigned admins** tab to add users to roles.
+In the Microsoft 365 admin center, you can go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2097861" target="_blank">**Role assignments**</a>, and then select any role to open its detail pane. Select the **Permissions** tab to view the detailed list of what admins assigned that role have permissions to do. Select the **Assigned** or **Assigned admins** tab to add users to roles.
You'll probably only need to assign the following roles in your organization. By default, we first show roles that most organizations use. If you can't find a role, go to the bottom of the list and select **Show all by Category**. (For detailed information, including the cmdlets associated with a role, see [Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles).)
admin About Guest Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-guest-users.md
description: "Learn how the Guest users list is populated in the Microsoft 365 a
# Guest users in Microsoft 365 admin center
-Any guests you add to your Microsoft Teams, SharePoint, or Azure Active Directory are also added to the **Guest users** list in the Microsoft admin center. Guests can attend meetings, view documents and chat in Teams they're invited to.
+Any guests you add to your Microsoft Teams, SharePoint, or Azure Active Directory are also added to the **Guest users** list in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2074830" target="_blank">Microsoft 365 admin center</a>. Guests can attend meetings, view documents and chat in Teams they're invited to.
Once a user shows up in the **Guest users** list, you can remove their access there.
-To view guest users, in the Microsoft 365 admin center, in the left nav, expand **Users**, and then choose **Guest users**.
+To view guest users, in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2074830" target="_blank">Microsoft 365 admin center</a>, in the left nav, expand **Users**, and then choose **Guest users**.
## Before you begin
You must be a global administrator to perform this task.
To add guests in the Azure Active Directory, see [add guest users](/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal).
-After you add a user you can also assign them to a group, or give them access to an app in your organization. Once you have added a user in the Azure AD portal, that user will also be listed on the **Guest users** page in the Microsoft 365 admin center.
-After a user is added to the **Guest users** list, they can be [added to Groups](../create-groups/manage-guest-access-in-groups.md#add-guests-to-a-microsoft-365-group-from-the-admin-center) in the Microsoft 365 admin center.
+After you add a user you can also assign them to a group, or give them access to an app in your organization. Once you have added a user in the Azure AD portal, that user will also be listed on the **Guest users** page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2074830" target="_blank">Microsoft 365 admin center</a>.
+After a user is added to the **Guest users** list, they can be [added to Groups](../create-groups/manage-guest-access-in-groups.md#add-guests-to-a-microsoft-365-group-from-the-admin-center) in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2074830" target="_blank">Microsoft 365 admin center</a>.
See [add guests in bulk](/azure/active-directory/b2b/tutorial-bulk-invite) to invite multiple guests to collaborate with your organization.
See [add guests in bulk](/azure/active-directory/b2b/tutorial-bulk-invite) to in
Once you're done collaborating with a guest user, you can remove them and they'll no longer have access to your organization.
-1. In the Microsoft 365 admin center, expand **Users** and then choose **Guest users**.
+1. In the Microsoft 365 admin center, expand **Users** and then choose <a href="https://go.microsoft.com/fwlink/p/?linkid=2074830" target="_blank">**Guest users**</a>.
1. On the **Guest users** page, choose the user you want to remove and then choose **Delete a user**. To remove users in the Azure AD portal, see [remove a guest user and resources](/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal#clean-up-resources).
admin Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-users.md
Last updated 07/01/2020
# Add users and assign licenses at the same time
-The people on your team each need a user account before they can sign in and access [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business). The easiest way to add user accounts is to add them one at a time in the Microsoft 365 admin center. After you do this step, your users have Microsoft 365 licenses, sign in credentials, and Microsoft 365 mailboxes.
+The people on your team each need a user account before they can sign in and access [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business). The easiest way to add user accounts is to add them one at a time in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. After you do this step, your users have Microsoft 365 licenses, sign in credentials, and Microsoft 365 mailboxes.
## Before you begin
admin Assign Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/assign-admin-roles.md
You can assign users to a role in 2 different ways:
### Assign admin roles to users using Roles
-1. In the admin center, go to **Roles**. Choose the **Azure AD** or **Intune** tabs to view the admin roles available for your organization.
+1. In the admin center, go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2097861" target="_blank">**Role assignments**</a>. Choose the **Azure AD** or **Intune** tabs to view the admin roles available for your organization.
2. Select the admin role that you want to assign the user to. 3. Select **Assigned admins** > **Add**. 4. Type the user's **display name** or **username**, and then select the user from the list of suggestions.
admin Intune Admin Roles In The Mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/intune-admin-roles-in-the-mac.md
description: "Admin roles map to business functions and give permissions to do s
# Intune admin roles in the Microsoft 365 admin center
-Your Microsoft 365 or Office 365 subscription comes with a set of admin roles that you can assign to users in your organization using the Microsoft 365 admin center. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers.
+Your Microsoft 365 or Office 365 subscription comes with a set of admin roles that you can assign to users in your organization using the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. Each admin role maps to common business functions and gives people in your organization permissions to do specific tasks in the admin centers.
The Microsoft 365 admin center lets you manage some Microsoft Intune roles. However, these roles are a subset of the roles available in the Intune admin center. Looking for the detailed role descriptions for Microsoft Intune? Check out [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
-For more information on assigning roles in the Microsoft 365 admin center, see [Assign admin roles](assign-admin-roles.md).
+For more information on assigning roles in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2097861" target="_blank">Microsoft 365 admin center</a>, see [Assign admin roles](assign-admin-roles.md).
In the Microsoft 365 admin center, you can go to **Roles**, and then select any role to open its detail pane. Select the **Permissions** tab to view the detailed list of what admins assigned that role have permissions to do. Select the **Assigned** or **Assigned admins** tab to add users to roles.
admin About The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/about-the-admin-center.md
description: "Sign in with admin permissions to the Microsoft 365 admin center t
**If you are a user or have a Microsoft 365 Family plan, you do not have an admin center.** To set up Microsoft 365, go to [Download and install or reinstall Microsoft 365 or Office 2019 on a PC or Mac](https://support.microsoft.com/office/4414eaaf-0478-48be-9c42-23adc4716658).
-You use the admin center to set up your organization in the cloud, manage users, manage subscriptions, and much more. In this article, learn how to get to the admin center and learn about available features and settings.
+You use the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> to set up your organization in the cloud, manage users, manage subscriptions, and much more. In this article, learn how to get to the admin center and learn about available features and settings.
Watch a short video about the admin center. <br><br>
admin What Is Help https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-is-help.md
description: "Learn about all the ways you can get help using the Microsoft 365
# How to get help in the Microsoft 365 admin center
-If you're an admin, [admin.microsoft.com](https://admin.microsoft.com) is your go-to place to manage and make the most of your Microsoft 365 subscription. Sometimes you might not find the right task, need more context before embarking on a task flow, or simply might not be sure of the scope and impact of your actions as an admin. To cover those situations, we provide modern help and intelligent assistance throughout the Microsoft 365 admin center in these ways:
+If you're an admin, <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">https://admin.microsoft.com</a> is your go-to place to manage and make the most of your Microsoft 365 subscription. Sometimes you might not find the right task, need more context before embarking on a task flow, or simply might not be sure of the scope and impact of your actions as an admin. To cover those situations, we provide modern help and intelligent assistance throughout the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">Microsoft 365 admin center</a> in these ways:
* **Integrated help** - help in the admin center
If you're an admin, [admin.microsoft.com](https://admin.microsoft.com) is your g
## Integrated help
-Help is integrated throughout the admin center, so it's right there when you need it. At the top of many pages, you'll find inline help text that provides an informational overview of the task at hand, as well as links to articles that let you quickly find official documentation for more in-depth learning.
+Help is integrated throughout the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">admin center</a>, so it's right there when you need it. At the top of many pages, you'll find inline help text that provides an informational overview of the task at hand, as well as links to articles that let you quickly find official documentation for more in-depth learning.
![Groups page showing inline help and links to articles](../../media/integrated-help.png) ## Modern self-help powered by AI
-To open our modern self-help experience thatΓÇÖs powered by artificial intelligence, select the **Need Help** button in the Microsoft 365 admin center. For example, if you search for "verify my domain", you'll get the steps plus a few articles that we think will help you. We use machine learning to surface the closest solution that has helped other admins who have entered similar queries.
+To open our modern self-help experience thatΓÇÖs powered by artificial intelligence, select the **Need Help** button in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">Microsoft 365 admin center</a>. For example, if you search for "verify my domain", you'll get the steps plus a few articles that we think will help you. We use machine learning to surface the closest solution that has helped other admins who have entered similar queries.
Or, for those times when you don't quite know how to get something done in your specific situation, use the Support Assistant. Currently, this experience is available only in English. To turn on Support Assistant, just use the toggle at the top of the **Need Help** pane. The Support Assistant provides a conversational interface to help you. After you enter your query, the chatbot asks clarifying questions to get you to the right answer for your specific situation. Think of it as your virtual helper to discover solutions and complete tasks.
admin Capabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/capabilities.md
- AdminTemplateSet search.appverid: - MET150
-description: "Basic Mobility and Security can help you secure and manage mobile devices."
+description: "Basic Mobility and Security can help you secure and manage your mobile devices."
# Capabilities of Basic Mobility and Security
admin Enroll Your Mobile Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/enroll-your-mobile-device.md
Using your phone, tablet, and other mobile devices for work is a great way to st
Organizations choose Basic Mobility and Security so that employees can use their mobile devices to securely access work email, calendars, and documents while the business secures important data and meets their compliance requirements. To learn more, see [Overview of Basic Mobility and Security for Microsoft 365](overview.md). For more info, see [What information can my organization see when I enroll my device?](/intune-user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune). > [!IMPORTANT]
-> When you enroll your device in Basic Mobility and Security for Microsoft 365, you might be required to set up a password, together with allowing the option for your work organization to wipe the device. A device wipe can be performed from the Microsoft 365 admin center, for example, to remove all data from the device if the password is entered incorrectly too many times or if usage terms are broken.
+> When you enroll your device in Basic Mobility and Security for Microsoft 365, you might be required to set up a password, together with allowing the option for your work organization to wipe the device. A device wipe can be performed from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, for example, to remove all data from the device if the password is entered incorrectly too many times or if usage terms are broken.
## Supported devices
admin Manage Enrolled Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices.md
- AdminSurgePortfolio search.appverid: - MET150
-description: "Basic Mobility and Security can help you secure and manage mobile devices."
+description: "Basic Mobility and Security can help you secure and manage your organizations mobile devices."
# Manage devices enrolled in Mobile Device Management in Microsoft 365
After you've got Basic Mobility and Security set up, here are some ways you can
|Block unsupported devices from accessing Exchange email using Exchange ActiveSync |In the Device Management panel, selectΓÇ» **Block**. | |Set up device policies like password requirements and security settings |In the Device Management panel, select **Device security policies**ΓÇ»>ΓÇ»**Add +**. For more info, seeΓÇ»[Create device security policies in Basic Mobility and Security](create-device-security-policies.md).| |View list of blocked devices |In the Device Management panel, underΓÇ» **Select a view**ΓÇ» selectΓÇ» **Blocked**. |
-|Unblock noncompliant or unsupported device for a user or group of users |Pick one of the following to unblock devices:<br/>- Remove the user or users from the security group the policy has been applied to. Go to Microsoft 365 admin center > **Groups**, and then select group name. Select **Edit members and admins**.<br/>- Remove the security group the users are a member of from the device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name, and then select **Edit** > **Deployment**.<br/>- Unblock all noncompliant devices for a device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name and then select **Edit** > **Access requirements**. Select  **Allow access and report violation**.<br/>- To unblock a noncompliant or unsupported device for a user or a group of users, go to Security & Compliance Center > **Security policies** > **Device management** > **Manage device access settings**. Add a security group with the members you want to exclude from being blocked access to Microsoft 365. For more info, see [Create, edit, or delete a security group in the Microsoft 365 admin center](../../admin/email/create-edit-or-delete-a-security-group.md).|
+|Unblock noncompliant or unsupported device for a user or group of users |Pick one of the following to unblock devices:<br/>- Remove the user or users from the security group the policy has been applied to. Go to Microsoft 365 admin center > <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>, and then select group name. Select **Edit members and admins**.<br/>- Remove the security group the users are a member of from the device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name, and then select **Edit** > **Deployment**.<br/>- Unblock all noncompliant devices for a device policy. Go to Security & Compliance Center > **Security policies** > **Device security policies**. Select device policy name and then select **Edit** > **Access requirements**. Select  **Allow access and report violation**.<br/>- To unblock a noncompliant or unsupported device for a user or a group of users, go to Security & Compliance Center > **Security policies** > **Device management** > **Manage device access settings**. Add a security group with the members you want to exclude from being blocked access to Microsoft 365. For more info, see [Create, edit, or delete a security group in the Microsoft 365 admin center](../../admin/email/create-edit-or-delete-a-security-group.md).|
|Remove users so their devices are no longer managed by Basic Mobility and Security |To remove the user, edit the security group that has device management policies for Basic Mobility and Security. For more info, seeΓÇ» [Create, edit, or delete a security group in the Microsoft 365 admin center](../../admin/email/create-edit-or-delete-a-security-group.md).<br/>To remove Basic Mobility and Security from all your Microsoft 365 users, see [Turn off Basic Mobility and Security](turn-off.md).| Live (v14)
admin Compare Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/compare-groups.md
description: "Microsoft 365 group members get a group email and shared workspace
# Compare groups
-In the **Groups** section of the Microsoft 365 admin center, you can create and manage these types of groups:
+In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a> section of the Microsoft 365 admin center, you can create and manage these types of groups:
- **Microsoft 365 groups** are used for collaboration between users, both inside and outside your company. They include collaboration services such as SharePoint and Planner. - **Distribution groups** are used for sending email notifications to a group of people.
admin Create Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/create-groups.md
description: "Learn to create and delete Microsoft 365 groups, add and remove gr
# Create a group in the Microsoft 365 admin center
-While users can create a Microsoft 365 group from Outlook or other apps, as an admin, you may need to create or delete groups, add or remove members, and customize how they work. The Microsoft 365 admin center is the place to do this.
+While users can create a Microsoft 365 group from Outlook or other apps, as an admin, you may need to create or delete groups, add or remove members, and customize how they work. The <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">Microsoft 365 admin center</a> is the place to do this.
> [!TIP] > Microsoft 365 connected Yammer groups must be created in Yammer, but can be managed in the Microsoft 365 admin center like other Microsoft 365 groups. To learn more, see [Yammer and Microsoft 365 groups](/yammer/manage-yammer-groups/yammer-and-office-365-groups). ## Create a Microsoft 365 group
-1. In the admin center, expand **Groups**, and then click **Groups**.
+1. In the admin center, expand **Groups**, and then click <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
2. Select **Add a group**.
admin Manage Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-groups.md
Go to the Microsoft 365 admin center at [https://admin.microsoft.com](https://ad
## Edit the group name or description
-1. In the admin center, expand **Groups**, and then click **Groups**.
+1. In the admin center, expand **Groups**, and then click <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
2. Select the group that you want to edit, and then click **Edit name and description**.
Go to the Microsoft 365 admin center at [https://admin.microsoft.com](https://ad
## Manage group owners and members
-1. In the admin center, expand **Groups**, and then click **Groups**.
+1. In the admin center, expand **Groups**, and then click <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
2. Click the name of the group you want to manage to open the settings pane.
When you turn this setting on, group members will get a copy of group emails and
Group members can opt out of receiving these emails by choosing to stop following the group in Outlook.
-1. In the admin center, expand **Groups**, and then click **Groups**.
+1. In the admin center, expand **Groups**, and then click <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
2. Click the name of the group you want to manage to open the settings pane.
Group members can opt out of receiving these emails by choosing to stop followin
This option is great if you want to have a company email address such as info@contoso.com.
-1. In the admin center, expand **Groups**, and then click **Groups**.
+1. In the admin center, expand **Groups**, and then click <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
2. Click the name of the group you want to manage to open the settings pane.
admin Manage Guest Access In Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md
Guest access in groups is often used as part of a broader scenario that includes
## Manage groups guest access
-If you want to enable or disable guest access in groups, you can do so in the Microsoft 365 admin center.
+If you want to enable or disable guest access in groups, you can do so in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
-1. In the admin center, go to **Show all** \> **Settings** \> **Org settings** and on the **Services** tab, select **Microsoft 365 groups**.
+1. In the admin center, go to **Show all** \> **Settings** \> **Org settings** and on the **Services** tab, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Microsoft 365 Groups**</a>.
2. On the **Microsoft 365 Groups** page, choose whether you want to let people outside your organization access group resources or let group owners add people outside your organization to groups. ## Add guests to a Microsoft 365 group from the admin center
-If the guest already exists in your directory, you can add them to your groups from the Microsoft 365 admin center. (Groups with dynamic membership must be [managed in Azure Active Directory](/azure/active-directory/enterprise-users/groups-create-rule).)
+If the guest already exists in your directory, you can add them to your groups from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">Microsoft 365 admin center</a>. (Groups with dynamic membership must be [managed in Azure Active Directory](/azure/active-directory/enterprise-users/groups-create-rule).)
-1. In the admin center, go to the **Groups** > **Groups** page.
+1. In the admin center, go to the **Groups** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
2. Click the group you want to add the guest to, and select **View all and manage members** on the **Members** tab.
admin Office 365 Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md
Groups have the following roles:
- **Members** - Members can access everything in the group, but can't change group settings. By default group members can invite guests to join your group, though you can [control that setting](manage-guest-access-in-groups.md). - **Guests** - Group guests are members who are from outside your organization.
-Only global admins, user admins, and groups admins can create and manage groups in the Microsoft 365 admin center. You can't be a delegated admin (for example, a consultant who is an admin on behalf of).
+Only global admins, user admins, and groups admins can create and manage groups in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">Microsoft 365 admin center</a>. You can't be a delegated admin (for example, a consultant who is an admin on behalf of).
As an administrator, you can:
admin Create Dns Records At Any Dns Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md
If you don't add a domain, people in your organization will use the onmicrosoft.
First, you need to prove you own the domain you want to add to Microsoft 365.
-1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com/) and select **Show all** > **Settings** > **Domains**.
+1. Sign in to the Microsoft 365 admin center and select **Show all** > **Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>.
2. In a new browser tab or window, sign in to your DNS hosting provider, and then find where you manage your DNS settings (e.g., Zone File Settings, Manage Domains, Domain Manager, DNS Manager). 3. Go to your provider's DNS Manager page, and add the TXT record indicated in the admin center to your domain.
When Microsoft finds the correct TXT record, your domain is verified.
If your registrar doesn't support adding TXT records, you can verify by adding an MX record.
-1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com/) and select **Show all** > **Settings** > **Domains**.
+1. Sign in to the Microsoft 365 admin center and select **Show all** > **Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>.
2. In a new browser tab or window, sign in to your DNS hosting provider, and then find where you manage your DNS settings (e.g., Zone File Settings, Manage Domains, Domain Manager, DNS Manager). 3. Go to your provider's DNS Manager page, and add the MX record indicated in the admin center to your domain.
admin Language Translation For Message Center Posts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/language-translation-for-message-center-posts.md
Message center posts are written in English-only due to the timeliness of the in
## Set your preferred language
-1. From the Microsoft 365 admin center or home page, select the settings icon in the upper-right corner of the window.
+1. From the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> or home page, select the settings icon in the upper-right corner of the window.
2. Under **Language and time zone**, select **View all** to show the available options. Select your desired language from the drop-down menu, and then select **Save**. Microsoft 365 will try to refresh and display the new language. If that doesn't happen immediately or if it seems that it's taking too long, you can either refresh your browser or sign out and then sign back in.
admin Manage Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-deployment-of-add-ins.md
description: "Learn to deploy add-ins to users and groups in your organization b
# Deploy add-ins in the admin center
-Office add-ins help you personalize your documents and streamline the way you access information on the web (see [Start using your Office Add-in](https://support.microsoft.com/office/82e665c4-6700-4b56-a3f3-ef5441996862)). As an admin, you can deploy Office add-ins for the users in your organization by using the Centralized Deployment feature in the Microsoft 365 admin center. Centralized Deployment is the recommended and most feature-rich way for most admins to deploy add-ins to users and groups within an organization.
+Office add-ins help you personalize your documents and streamline the way you access information on the web (see [Start using your Office Add-in](https://support.microsoft.com/office/82e665c4-6700-4b56-a3f3-ef5441996862)). As an admin, you can deploy Office add-ins for the users in your organization by using the Centralized Deployment feature in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. Centralized Deployment is the recommended and most feature-rich way for most admins to deploy add-ins to users and groups within an organization.
For more information on how to determine if your organization can support Centralized Deployment, see [Determine if Centralized Deployment of add-ins works for your organization](centralized-deployment-of-add-ins.md).
admin Release Options In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/release-options-in-office-365.md
You can change how your organization receives Microsoft 365 updates by following
> [!IMPORTANT] > It can take up to 24 hours for the below changes to take effect in Microsoft 365. If you opt out of targeted release after enabling it, your users may lose access to features that haven't reached the scheduled release yet.
-1. In the admin center, go to the **Settings** > **Org Setting**, and under the **Organization profile** tab, choose **Release preferences**.
+1. In the admin center, go to the **Settings** > **Org Setting**, and under the <a href="https://go.microsoft.com/fwlink/p/?linkid=2067339" target="_blank">**Organization profile** tab</a>, choose **Release preferences**.
5. To disable targeted release, select **Standard release**, then select **Save changes**.
admin Room And Equipment Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/room-and-equipment-mailboxes.md
To use room or equipment mailboxes, open Outlook from your computer or sign in t
## Set up room and equipment mailboxes
-To set up a room or equipment mailbox, go to the Microsoft 365 admin center. (You'll need to have admin permission to do this.) Create the mailbox and let everyone know they can start reserving it for meetings and events.
+To set up a room or equipment mailbox, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. (You'll need to have admin permission to do this.) Create the mailbox and let everyone know they can start reserving it for meetings and events.
1. In the admin center, go to the **Resources** \> [Rooms &amp; equipment](https://go.microsoft.com/fwlink/p/?linkid=2067334) page.
admin Set Password Expiration Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
If you're a user, you don't have the permissions to set your password to never e
Follow the steps below if you want to set user passwords to expire after a specific amount of time.
-1. In the admin center, go to the **Settings** \> **Org Settings**.
-
-2. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">Security & privacy</a> page.
- If you aren't a global admin, you won't see the Security and privacy option.
+1. In the Microsoft 365 admin center, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & privacy** tab</a>.
+
+ If you aren't a global admin, you won't see the Security and privacy option.
-3. Select **Password expiration policy**.
+1. Select **Password expiration policy**.
-4. If you don't want users to have to change passwords, uncheck the box next to **Set user passwords to expire after a number of days**.
+1. If you don't want users to have to change passwords, uncheck the box next to **Set user passwords to expire after a number of days**.
-5. Type how often passwords should expire. Choose a number of days from 14 to 730.
+1. Type how often passwords should expire. Choose a number of days from 14 to 730.
6. In the second box type when users are notified that their password will expire, and then select **Save**. Choose a number of days from 1 to 30.
admin Share Calendars With External Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/share-calendars-with-external-users.md
You can enable calendar sharing for all users in your organization in the Micros
## Enable calendar sharing using the Microsoft 365 admin center
-1. In the admin center, go to **Settings** \> **Org Settings**.
-
-2. On the **Services** tab, select **Calendar**.
+1. In the admin center, go to **Settings** \> **Org settings**, and on the <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Services** tab</a>, select **Calendar**.
3. On the **Calendar** page, choose whether you want to let users share their calendars with people outside of your organization who have Microsoft 365 or Exchange. Choose whether you want to allow anonymous users (users without credentials) to access calendars via an email invitation.
admin Show Hide New Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/show-hide-new-features.md
You can control which of these feature messages your users are shown by using th
## Show or hide new features
-1. In the Microsoft 365 admin center, under **Settings**, choose **Org settings**.
-2. On the **Services** tab, choose **What's new in Office**.
-3. When you click on the feature name, a fly-out panel appears with the following information:
+1. In the Microsoft 365 admin center, under **Settings**, choose **Org settings**, select the <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Services** tab</a>, and then select **What's new in Office**.
+1. When you click on the feature name, a fly-out panel appears with the following information:
- A short description of the feature. - A link to an article to learn more about the feature. - The Office applications that the feature appears in. - The first version (release) that the feature is available in for that channel.
-4. Choose **Hide from users**. Or, if you previously hid the feature, choose **Show to users**.
+1. Choose **Hide from users**. Or, if you previously hid the feature, choose **Show to users**.
You can also select multiple features on the **Manage which Office features appear in What's New** page, and then choose either **Hide** or **Show**.
admin Test And Deploy Microsoft 365 Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps.md
You can manage testing and deployment of purchased and licensed Microsoft 365 Ap
You can find, test, and fully deploy published apps that don't already appear in the list on the Integrated apps page. By purchasing and licensing the apps from the admin center, you can add Microsoft and Microsoft partner apps to your list from a single location.
-1. In the admin center, in the left nav, choose **Settings**, and then choose **Integrated apps**.
+1. In the admin center, in the left nav, choose **Settings**, and then choose <a href="https://go.microsoft.com/fwlink/p/?linkid=2125823" target="_blank">**Integrated apps**</a>.
2. Select **Get apps** to get a view of the apps.
admin Update Phone Number And Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/update-phone-number-and-email-address.md
For more information about changing user contact information or removing former
Use the **Security Info** page to change your mobile phone number and alternate email address. The alternate email address is used for important notifications, such as resetting your admin password (not your computer admin password).
-1. Browse to the Microsoft 365 admin center.
+1. Browse to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
2. In the header, select your profile icon \> **My account** \> **Security Info**.
admin Cortana Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md
Here are the two ways to think of how Cortana works in your enterprise:
Turn off Cortana access to your organization's Microsoft hosted data
-1. In the Microsoft 365 admin center, select **Settings** > **Org Settings** and select **Cortana**.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, select **Settings** > **Org Settings** and select **Cortana**.
2. Unselect the checkbox for **Allow Cortana in Windows 10 (version 1909 and earlier), and the Cortana app on iOS and Android, to access Microsoft-hosted data on behalf of people in your organization** to disable Cortana connected experiences.
admin Pilot Microsoft 365 From My Custom Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/pilot-microsoft-365-from-my-custom-domain.md
Microsoft 365 uses Exchange Online Protection (EOP) for spam protection. EOP mig
### Step 5: Create user accounts and set the primary reply-to address
-1. In the Microsoft 365 admin center left navigation, select **Users** > **Active Users**.
+1. In the Microsoft 365 admin center left navigation, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
2. Create two test accounts by adding two existing users.
admin Transition To Global Exchange Online https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/transition-to-global-exchange-online.md
description: "Learn how to transition from Microsoft Cloud Germany Exchange Onli
# Update your MX records to transition to the global Exchange Online service
-1. Sign in to [Microsoft 365 admin center](https://admin.microsoft.com), and go to **Settings** > **Domains**
+1. Sign in to Microsoft 365 admin center, and go to **Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>
2. Status will be shown on the right side for each domain. If your organizationΓÇÖs domains point to Microsoft Cloud Germany Exchange Online, you'll need to update your MX record.
admin Manage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/multi-tenant/manage.md
Multi-tenant management offers a unified form of management that allows Microsof
## Move between tenants
-1. In the Microsoft 365 admin center, select the org name.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, select the org name.
:::image type="content" source="../../media/macorgswitcher.png" alt-text="Multi-tenant switcher.":::
Multi-tenant management offers a unified form of management that allows Microsof
## View All tenants page
-1. In the Microsoft 365 admin center, in the left nav, select **All tenants**.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, in the left nav, select **All tenants**.
- On the **All tenants** page, you can - Assess service health - Review license usage
If you've marked a tenant as a favorite, it's automatically expanded so you can
The service health view shows you if any incidents or advisories are affecting the tenants. It will even tell you how many of your managed tenants are affected.
-1. In the Microsoft 365 admin center, in the multi-tenant view, select **Service Health**.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, in the multi-tenant view, select **Service Health**.
2. On the **Service health** page aggregated view, you can also see the total number of incidents, the total number of advisories affecting any of the managed tenants, and the number of services with active incidents. You can also see how many of your tenants are affected by incidents and advisories. - You can use the filter option to view issues by issue type or by service
admin New Subscription Names https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/new-subscription-names.md
description: "Learn about the new Microsoft 365 subscription names."
# Office 365 is now Microsoft 365
-We've changed some of our Office 365 and Microsoft 365 subscription names. You don't need to do a thing. Your services, apps and features are staying the same, along with the price of your subscription. Your subscription name will automatically update in the Microsoft 365 admin center and your billing statements will update on or after April 21, 2020.
+We've changed some of our Office 365 and Microsoft 365 subscription names. You don't need to do a thing. Your services, apps and features are staying the same, along with the price of your subscription. Your subscription name will automatically update in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">Microsoft 365 admin center</a> and your billing statements will update on or after April 21, 2020.
- **Office 365 Business Essentials** is now **Microsoft 365 Business Basic** - **Office 365 Business Premium** is now **Microsoft 365 Business Standard**
admin Multi Factor Authentication Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365.md
For more information, see this [overview of Azure AD Identity Protection](/azure
You should be using either security defaults or Conditional Access policies to require MFA for your user account sign-ins. However, if either of these cannot be used, Microsoft strongly recommends MFA for user accounts that have administrator roles, especially the global administrator role, for any size subscription.
-You enable MFA for individual user accounts from the **Active user** pane of the Microsoft 365 admin center.
+You enable MFA for individual user accounts from the <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a> pane of the Microsoft 365 admin center.
![Picture of Multi factor authentication option on Active users page](../../media/multi-factor-authentication-microsoft-365/per-user-mfa.png)
In the Azure portal, you can:
- Enable and disable security defaults - Configure Conditional Access policies
-In the Microsoft 365 admin center, you can configure per-user and service MFA settings.
+In the Microsoft 365 admin center, you can configure per-user and service <a href="https://go.microsoft.com/fwlink/p/?linkid=2169174" target="_blank">MFA settings</a>.
## Next steps
admin Set Up Multi Factor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication.md
For more information about the Azure AD P1 and P2, see [Azure Active Directory p
For most subscriptions modern authentication is automatically turned on, but if you purchased your subscription before August 2017, it is likely that you will need to turn on Modern Authentication in order to get features like Multifactor Authentication to work in Windows clients like Outlook.
-1. In the Microsoft 365 admin center, in the left nav choose **Settings** \> **Org settings**.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, in the left nav choose **Settings** \> **Org settings**.
2. Under the **Services** tab, choose **Modern authentication**, and in the **Modern authentication** pane, make sure **Enable Modern authentication** is selected. Choose **Save changes**. ### Turn off legacy per-user MFA If you have previously turned on per-user MFA, you must turn it off before enabling Security defaults.
-1. In the Microsoft 365 admin center, in the left nav choose **Users** \> **Active users**.
+1. In the Microsoft 365 admin center, in the left nav choose **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
1. On the **Active users** page, choose **Multi-factor authentication**. 1. On the multi-factor authentication page, select each user and set their Multi-Factor auth status to **Disabled**.
admin Get Started Windows 365 Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/get-started-windows-365-business.md
audience: Admin
localization_priority: Normal
+monikerRange: 'o365-worldwide'
- M365-subscription-management - Adm_O365
admin Troubleshoot Windows 365 Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/troubleshoot-windows-365-business.md
+
+ Title: "Troubleshoot Windows 365 Business Cloud PC setup issues"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+monikerRange: 'o365-worldwide'
+
+- M365-subscription-management
+- Adm_O365
+- Adm_TOC
+- Adm_O365_Setup
+
+- AdminSurgePortfolio
+- okr_smb
+search.appverid:
+- MET150
+- MOE150
+description: Learn how to troubleshoot setup issues for Windows 365 Business Cloud PCs.
Last updated : 08/13/2021++
+# Troubleshoot Windows 365 Business Cloud PC setup issues
+
+If your users get the ΓÇ£Setup failedΓÇ¥ error, or if setup takes longer than 90 minutes after you assign them a license, use the steps in this article to resolve the issue.
+
+> [!IMPORTANT]
+> You must be a Global admin to do most of the tasks described in this article. If other admin roles can be used for a specific procedure, they are noted before the procedure. If you donΓÇÖt have permission to log in to or access parts of the Azure portal, contact your IT admin. For more information about Azure rules, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). To learn more about the Azure portal, see [Azure portal overview](/azure/azure-portal/azure-portal-overview).
+
+## Step 1. Verify Azure AD device settings
+
+Make sure **Users may join devices to Azure AD** is set to **All**.
+
+1. Sign in to the Microsoft Azure portal at [https://portal.azure.com/](https://go.microsoft.com/fwlink/p/?linkid=516942).
+2. Under **Manage Azure Active Directory**, select **View**.
+3. In the left nav, under **Manage**, select **Devices**, then select **Device settings**.
+4. If **Users may join devices to Azure AD** isn't set to **All**, select **All**, then select **Save**.
+5. Go to [Step 2. Verify that the CloudPCBRT system account is active](#step-2-verify-that-the-cloudpcbrt-system-account-is-active).
+
+## Step 2. Verify that the CloudPCBRT system account is active
+
+The first time a Windows 365 license is assigned in your organization, a system account called "CloudPCBPRT" is automatically created in Azure AD. Do not delete this account. If the system account is deleted, the setup will fail. This system account ensures a smooth setup process and doesn't have any write capabilities or access to your organization beyond the scoped service capabilities of Windows 365 Business. If you delete this system account, you must open a new support request to have it restored.
+
+To make sure the CloudPCBRT system account is active in Azure AD, use the following steps.
+
+1. In the Azure portal, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=516942" target="_blank">Azure Active Directory Overview</a> page.
+2. In the left nav, under **Manage**, select **Users**.
+3. In the search box, type **CloudPCBRT**, then press **Enter**.
+4. If the CloudPCBRT system account is present, go to [Step 3. Verify that device-based MFA is turned off](#step-3-verify-that-device-based-mfa-is-turned-off).
+5. If the CloudPCBRT system account is missing, in the left nav, select **New support request** to open a support ticket. After the support ticket is closed, go directly to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs).
+
+## Step 3. Verify that device-based MFA is turned off
+
+ItΓÇÖs possible that your organization is configured so that Multi-Factor Authentication (MFA) is required to join devices with Azure AD. If so, you must turn off this setting. To make sure that **Require Multi-Factor Authentication to register or join devices with Azure AD** is set to **No**, use the following steps.
+
+1. In the Azure portal, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=516942" target="_blank">Azure Active Directory Overview</a> page.
+2. In the left nav, under **Manage**, select **Devices**, then select **Device settings**.
+3. If **Require Multi-factor Authentication to register or join devices with Azure AD** is set to **Yes**, select **No**, then select **Save**.
+4. Go to [Step 4. Make sure that MFA doesn't block setup](#step-4-make-sure-that-mfa-doesnt-block-setup).
+
+## Step 4. Make sure that MFA doesn't block setup
+
+If you donΓÇÖt have an Azure AD Premium P1 license that includes conditional access, go to [Step 5. Make sure MDM authority configuration is set up correctly](#step-5-make-sure-mdm-authority-configuration-is-set-up-correctly). If you donΓÇÖt know whether your subscription includes Azure AD Premium P1, see [What subscription do I have?](../admin-overview/what-subscription-do-i-have.md)
+
+If you have an Azure AD Premium P1 license that includes conditional access, select one user to be the first user to sign in to the Windows 365 home page at [https://windows365.microsoft.com](https://windows365.microsoft.com) after you complete the remaining steps in this article. Make sure there are no MFA conditional access policies for that first user. MFA must remain turned off during any setup attempts. After all Cloud PCs are successfully set up across your organization, you may turn on MFA for this user. To learn more about conditional access policies, see [What is Conditional Access in Azure Active Directory?](/azure/active-directory/conditional-access/overview).
+
+To check for conditional access policies, use the following steps.
+
+1. In the Azure portal, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2169290" target="_blank">Conditional Access Policies</a> page.
+2. If there arenΓÇÖt any policies listed, continue to [Step 5. Make sure MDM authority configuration is set up correctly](#step-5-make-sure-mdm-authority-configuration-is-set-up-correctly).
+3. If any policies are listed on the page, select a policy name.
+4. In the **Access controls** section, under **Grant**, if it says "0 controls selected", return to the policies list and select the next policy. Otherwise, continue to step 5.
+5. In the **Access controls** section, under **Grant**, if it says more than one control is selected, select the ***n* controls selected** link.
+6. In the right pane, if **Require multi-factor authentication** is selected, clear the check box, then select the **Select** button.
+ > [!TIP]
+ > Alternatively, you can exclude the first user from the policy. To learn how to do this, see [Manage users excluded from Conditional Access policies](/azure/active-directory/governance/conditional-access-exclusion).
+7. Repeat steps 3 through 6 until you have removed MFA for all conditional access policies.
+8. Go to [Step 5. Make sure MDM authority configuration is set up correctly](#step-5-make-sure-mdm-authority-configuration-is-set-up-correctly).
+
+## Step 5. Make sure MDM authority configuration is set up correctly
+
+If you made changes based on Steps 1-4 earlier in this article, itΓÇÖs possible that the root cause is now resolved. To verify that the issue is fixed, go to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs).
+
+If you didnΓÇÖt make any changes for Steps 1-4, itΓÇÖs possible that the setup failure is caused by the MDM authority configuration in your environment. If so, you have two paths to follow, depending on whether you plan to use Microsoft Intune to manage the Cloud PCs.
+
+- If you use or plan to use Microsoft Intune for your Cloud PCs, follow the steps in [Path A: Make sure the Mobility (MDM and MAM) settings are correctly configured](#path-a-use-microsoft-intune-to-manage-your-cloud-pcs).
+- If you donΓÇÖt plan to use Microsoft Intune to manage your Cloud PCs, follow steps in [Path B: Turn off automatic MDM enrollment](#path-b-turn-off-automatic-mdm-enrollment).
+
+### Path A. Use Microsoft Intune to manage your Cloud PCs
+
+If you already use Microsoft Intune, or plan to use it to manage your Windows 365 Cloud PCs, make sure that your **Mobility (MDM and MAM)** settings in Azure AD are correctly configured.
+
+1. In the Azure portal, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=516942" target="_blank">Azure Active Directory Overview</a> page.
+2. In the left nav, under **Manage**, select **Mobility (MDM and MAM)**, then select **Microsoft Intune**.
+3. On the **Configure** page, next to **MDM user scope**, select **Some** or **All**, then select **Save**.
+4. In the left nav, under **Manage**, select **Mobility (MDM and MAM)**, select **Microsoft Intune Enrollment**, then repeat step 3.
+
+You also must assign an Intune license to the CloudPCBPRT system account and to any other users who are assigned a Cloud PC.
+
+> [!IMPORTANT]
+> To assign licenses, you must be a Global or Licensing admin, or have a role with licensing permissions.
+
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/p/?linkid=2169290), select **Users** > **All Users**.
+2. In the **All users** list, select a user.
+3. On the user **Profile** page, select **Licenses**.
+4. On the **Licenses** page, select **Assignments**.
+5. Find **Intune**, select the checkbox, then select **Save**. The user account now has the permissions needed to use the service and enroll devices.
+6. Go to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs).
+
+### Path B. Turn off automatic MDM enrollment
+
+If you donΓÇÖt plan to use Microsoft Intune for your Cloud PC management, you must turn off automatic MDM enrollment.
+
+> [!IMPORTANT]
+> If youΓÇÖre not the MDM administrator, donΓÇÖt use either of the following procedures without first consulting with your IT admin. Only follow these procedures if Cloud PCs arenΓÇÖt being set up. Any configuration changes could impact your management environment. If you need help, [contact Intune support](/mem/get-support).
+
+#### Option 1. Use the Azure AD portal to turn off automatic Intune enrollment
+
+1. In the Azure portal, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=516942" target="_blank">Azure Active Directory Overview</a> page.
+2. In the left nav, under **Manage**, select **Mobility (MDM and MAM)**, then select **Microsoft Intune**.
+3. On the **Configure** page, next to MDM user scope, select **None**, then select **Save**.
+4. In the left nav, under **Manage**, select **Mobility (MDM and MAM)**, select **Microsoft Intune Enrollment**, then repeat step 3.
+5. Go to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs).
+
+#### Option 2: Use Microsoft Graph to turn off automatic Intune enrollment
+
+If you canΓÇÖt use the Microsoft Azure admin portal to configure **Mobility (MDM and MAM)** as instructed in [Option 1. Use the Azure AD portal to turn off automatic Intune enrollment](#option-1-use-the-azure-ad-portal-to-turn-off-automatic-intune-enrollment), you see a warning that says, "Automatic MDM enrollment is available only for Azure AD Premium subscribers." In this case, you must use Microsoft Graph to turn off MDM policies in your environment.
+
+1. Go to Graph Explorer at <a href="https://go.microsoft.com/fwlink/p/?linkid=2170005">https://developer.microsoft.com/graph/graph-explorer</a>.
+2. Under **Graph Explorer**, select **Sign in to Graph Explorer**, and sign in with your Global admin account.
+3. If you see the **Permissions requested** dialog box, select **Accept**.
+4. Next to your account name, select the **More actions** button (the three dots), then select **Select permissions**.
+5. In the **Permissions** pane, expand **Policy**, select **Policy.Read.All** and **Policy.ReadWrite.MobilityManagement**, then select **Consent**.
+6. If you see the **Permissions requested** dialog box, select the **Consent on behalf of your organization** check box, then select **Accept**.
+7. Expand **Policy** again, verify that the **Status** column for **Policy.Read.All** and **Policy.ReadWrite.MobilityManagement** says **Consented**, then close the **Permissions** pane.
+8. From the first drop-down list, select **GET**.
+9. In the text box, enter the following string, then select **Run query**:
+ `https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies`
+ This query retrieves the list of device management policies in your organization.
+ The results in the **Response preview** pane should look similar to the following code snippet:
+
+ ```
+ {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#mobilityManagementPolicies",
+ "value": [
+ {
+ "id": "0000000a-0000-0000-c000-000000000000",
+ "appliesTo": "all",
+ "complianceUrl": null,
+ "description": "Device Management Policy for Microsoft Intune",
+ "discoveryUrl": null,
+ "displayName": "Microsoft Intune",
+ "isValid": true,
+ "termsOfUseUrl": null
+ },
+ {
+ "id": "d4ebce55-015a-49b5-a083-c84d1797ae8c",
+ "appliesTo": "none",
+ "complianceUrl": "https://portal.manage.microsoft.com/?portalAction",
+ "description": "Device Management Policy for Microsoft Intune Enrollment",
+ "discoveryUrl": "https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc",
+ "displayName": "Microsoft Intune Enrollment",
+ "isValid": true,
+ "termsOfUseUrl": "https://portal.manage.microsoft.com/TermsofUse.aspx"
+ }
+ ]
+ }
+ ```
+10. If the `"appliesTo"` value is **none** for all listed policies, go to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs). Otherwise, continue to step 11.
+11. In the first drop-down list, select **PATCH**.
+12. In the text box, enter the following string:
+ `https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/0000000a-0000-0000-c000-000000000000`
+13. In the **Request body** section, enter the following code snippet, then select **Run query**:
+ ```
+ {
+ "appliesTo": "none"
+ }
+ ```
+14. In text box, enter the following string:
+ `https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/d4ebce55-015a-49b5-a083-c84d1797ae8c`
+15. In the **Request body** section, leave the code snippet you entered in step 13, then select **Run query**.
+16. In the first drop-down list, select **GET**.
+17. Clear any text in the **Request body** section.
+18. In the text box, enter the following string, then select **Run query**:
+ `https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies`
+
+ The results in the **Response view** pane should look similar to the following code snippet.
+ ```
+ {
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#mobilityManagementPolicies",
+ "value": [
+ {
+ "id": "0000000a-0000-0000-c000-000000000000",
+ "appliesTo": "none",
+ "complianceUrl": "https://portal.manage.microsoft.com/?portalAction=Compliance",
+ "description": "Device Management Policy for Microsoft Intune",
+ "discoveryUrl": "https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svcΓÇ¥,
+ "displayName": "Microsoft Intune",
+ "isValid": true,
+ "termsOfUseUrl": "https://portal.manage.microsoft.com/TermsofUse.aspx"
+ },
+ {
+ "id": "d4ebce55-015a-49b5-a083-c84d1797ae8c",
+ "appliesTo": "none",
+ "complianceUrl": "https://portal.manage.microsoft.com/?portalAction",
+ "description": "Device Management Policy for Microsoft Intune Enrollment",
+ "discoveryUrl": "https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc",
+ "displayName": "Microsoft Intune Enrollment",
+ "isValid": true,
+ "termsOfUseUrl": "https://portal.manage.microsoft.com/TermsofUse.aspx"
+ }
+ ]
+ }
+ ```
+
+ The `"appliesTo"` values for all policies are now set to **none**. This query verifies that the scope has successfully changed for device management policies in your organization.
+19. Go to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs).
+
+## Step 6. Reset your Cloud PCs
+
+After you complete the troubleshooting steps in this article, your users must restart their Cloud PC setup.
+
+If you just completed [Step 3. Verify that device-based MFA is turned off](#step-3-verify-that-device-based-mfa-is-turned-off), wait at least ten minutes for the changes to take effect before you continue. Make sure that the user you excluded from MFA is the first users to sign in to the [Windows 365 home page](https://windows365.microsoft.com).
+
+Tell all Cloud PC users who saw the ΓÇ£Setup failedΓÇ¥ error to use the following steps to reset their Cloud PCs.
+
+1. On the [Windows 365 home page](https://windows365.microsoft.com), select the gear icon for any Cloud PC that has the ΓÇ£Setup failedΓÇ¥ status, then select **Reset**. This action restarts the setup process.
+2. After the reset, if the ΓÇ£Setup failedΓÇ¥ error still displays, and you skipped [Step 5. Make sure MDM authority configuration is set up correctly](#step-5-make-sure-mdm-authority-configuration-is-set-up-correctly), complete that step, then reset the CloudPC again. Otherwise, in the left nav, select **New support request** to open a support ticket.
admin Windows 365 Business Sizing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/windows-365-business-sizing.md
audience: Admin
localization_priority: Normal
+monikerRange: 'o365-worldwide'
- M365-subscription-management - Adm_O365
admin Enable Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/enable-usage-analytics.md
Microsoft 365 usage analytics is not yet available for Microsoft 365 US Governme
## Before you begin
-To get started with Microsoft 365 usage analytics you must first make the data available in the Microsoft 365 admin center, then initiate the template app in Power BI.
+To get started with Microsoft 365 usage analytics you must first make the data available in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, then initiate the template app in Power BI.
## Get Power BI
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
And if you'd like to know what's new with other Microsoft cloud
### Microsoft 365 admin center search
-You can now search for incident IDs in the Microsoft 365 admin center. You may learn about current incidents through social media, industry publications or from other admins. You can now go to the admin center to look up more details about the incident and to understand the impact to your organization. Just search for the incident ID in the admin center.
+You can now search for incident IDs in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">Microsoft 365 admin center</a>. You may learn about current incidents through social media, industry publications or from other admins. You can now go to the admin center to look up more details about the incident and to understand the impact to your organization. Just search for the incident ID in the admin center.
:::image type="content" source="../media/incident-id.png" alt-text="Screenshot: Searching for incident ID in the admin center":::
We've also added 2 new fields, **Severity** and **Closed Date** in the **View Se
:::image type="content" source="../media/SuppInsight-date-sev.PNG" alt-text="Screenshot: Table that shows support ticket sorting by severity and date.":::
-To check out these updates in Microsoft 365 admin center, go to **Support** > **View Service requests** in left navigation pane.
+To check out these updates in <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">Microsoft 365 admin center</a>, go to **Support** > **View Service requests** in left navigation pane.
## June 2021
We've developed a set of features for multi-tenant admins like you to get your j
### Monitor your most important accounts
-You can monitor and track failed or delayed email messages sent to your users who have a high business impact, like your CEO. You track priority accounts by adding users to your priority accounts list in the Microsoft 365 admin center. Add executives, leaders, managers, or other users who have access to sensitive or high priority information.
+You can monitor and track failed or delayed email messages sent to your users who have a high business impact, like your CEO. You track priority accounts by adding users to your priority accounts list in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. Add executives, leaders, managers, or other users who have access to sensitive or high priority information.
Priority accounts are only available to organizations that meet both of the following requirements:
We're continuously looking at and updating the content and tools to keep up with
- Fix DKIM setup issues - Diagnose Intune user enrollment errors
-And we are rolling out the new and improved support experience you already see in the Microsoft 365 admin center to some of the other admin centers. Teams Admin Center and Security and Compliance Admin Centers already have this new experience. And soon, **Exchange admin center**, **SharePoint admin center**, and **Office.com** will be updated along with this new help experience for admins.
+And we are rolling out the new and improved support experience you already see in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">Microsoft 365 admin center</a> to some of the other admin centers. Teams admin center and Security and Compliance admin centers already have this new experience. And soon, **Exchange admin center**, **SharePoint admin center**, and **Office.com** will be updated along with this new help experience for admins.
### Manage changes with Microsoft Planner
A few months ago, we added a setting that lets you manage the What's New message
On May 12, we announced the availability of a new update channel for Office: Monthly Enterprise Channel. This update channel provides your users with new Office features once a month, on the second Tuesday of the month.
-If you allow your users to self-install Office from the portal, you can select Monthly Enterprise Channel for them. To do this, sign in to the Microsoft 365 admin center and go to **Show all** >**Settings** > **Org settings** > **Services** > **Office software download settings**. If you select **Once a month (Monthly Enterprise Channel)**, then any new self-installs of Office will be configured to use Monthly Enterprise Channel.
+If you allow your users to self-install Office from the portal, you can select Monthly Enterprise Channel for them. To do this, sign in to the Microsoft 365 admin center and go to **Show all** >**Settings** > **Org settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Services**</a> > **Office software download settings**. If you select **Once a month (Monthly Enterprise Channel)**, then any new self-installs of Office are configured to use Monthly Enterprise Channel.
In conjunction with the release of Monthly Enterprise Channel, weΓÇÖre also revising the names of the existing update channels. For example, Monthly Channel is being renamed to Current Channel. The new names take effect on June 9, 2020.
For more information, see [Changes to update channels for Microsoft 365 Apps](/D
### New admin roles
-We've added some new Azure Active Directory admin roles to the Microsoft 365 admin center.
+We've added some new Azure Active Directory admin roles to the <<a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
- Hybrid identity admin role gives users permission to manage cloud provisioning and authentication services. - Network admin role lets users manage network locations and review network insights for Microsoft 365 Software as a Service apps.
Just this month, we released a new site on docs.microsoft.com called the [Micros
[April 2020](#april-2020)
-Well, we did it! We've taken the second step towards a unified roles experience and you can now manage Intune roles in the Microsoft 365 admin center. You can also leverage features such as the ability to search for roles and view role permissions. This means you donΓÇÖt need two separate tools to manage roles for Microsoft 365 and Intune. When you sign into the Microsoft 365 admin center, youΓÇÖll see that there are two pivots on the Roles page, one for Azure AD and one for Intune.
+Well, we did it! We've taken the second step towards a unified roles experience and you can now manage Intune roles in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. You can also leverage features such as the ability to search for roles and view role permissions. This means you donΓÇÖt need two separate tools to manage roles for Microsoft 365 and Intune. When you sign into the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, youΓÇÖll see that there are two pivots on the Roles page, one for Azure AD and one for Intune.
![Roles page with the Intune pivot selected](../media/MAC-WN-IntuneRoles.png)
Starting in May, admins who are in Targeted release will start seeing the "Plann
### "Need help?" launched in Teams admin center & Security and Compliance centers
-The Teams admin center, Security center, and Compliance center are now using the same "Need help?" feature that the Microsoft 365 admin center uses for finding help and contacting support. We've received a lot of feedback from admins that you wanted the same level of help and support and we're happy to bring that to you. Try it out and give us your feedback!
+The Teams admin center, Security center, and Compliance center are now using the same "Need help?" feature that the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">Microsoft 365 admin center</a> uses for finding help and contacting support. We've received a lot of feedback from admins that you wanted the same level of help and support and we're happy to bring that to you. Try it out and give us your feedback!
#### Need chat?
-Our support agents have been working from home while still taking customer cases and limitations on internet bandwidth while working from home can impact customer call quality. In order to continue supporting you, we have launched live chat support option for commercial customers in the Microsoft 365 admin center.
+Our support agents have been working from home while still taking customer cases and limitations on internet bandwidth while working from home can impact customer call quality. In order to continue supporting you, we have launched live chat support option for commercial customers in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">Microsoft 365 admin center</a>.
While creating a service request, you'll now see chat as an option, in addition to phone and email. Select chat as a preferred channel of communication and create the request. Once you've created the request, you can start the chat when you are ready to chat with Microsoft agents.
With the uptick in Teams usage, some orgs will get a pinned dashboard card that
### Customize your organization's SharePoint mobile app theme
-Using the Microsoft 365 admin center, you can now customize your organization's theme in SharePoint mobile app for iOS and SharePoint mobile app for Android. This feature conveniently provides a mobile intranet app experience that can match your SharePoint Online for employees on the go. Theme customization includes your logo image, navigation bar color, text and icon colors, and accent colors, making for easy recognition.
+Using the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, you can now customize your organization's theme in SharePoint mobile app for iOS and SharePoint mobile app for Android. This feature conveniently provides a mobile intranet app experience that can match your SharePoint Online for employees on the go. Theme customization includes your logo image, navigation bar color, text and icon colors, and accent colors, making for easy recognition.
![Diagram mapping the admin center settings to the mobile app.](../media/MAC-WN-CustThemeSP.png)
We received a lot of feedback from partners and admins about the challenges of m
> [!TIP] > You don't have to do anything to make the organization switcher appear as long as you are the Partner of record for at least one organization.
-1. In the Microsoft 365 admin center, select the org name.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, select the org name.
![Screen capture: top of the Home page showing organization profile name with the switcher icon.](../media/MAC-Organization-switcher.png) 2. In the organization switcher, select the org you want to manage.
campaigns M365 Campaigns Multifactor Authenication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-multifactor-authenication.md
search.appverid:
description: "Set up multifactor authentication."
-# Set up multifactor authentication
+# Set up multifactor authentication on your mobile device
Multi-factor authentication provides more security for your business. After your admin has required you to use MFA, you can set up the Microsoft Authenticator app to let you log into key apps securely with your phone.
compliance Compliance Manager Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md
Note that US Government Community (GCC) Moderate, GCC High, and Department of De
## Template availability and licensing
-The templates available for use are based on your organizationΓÇÖs licensing agreement ([view licensing details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager)). There are two categories of templates: included and premium.
+There are two categories of templates in Compliance
-#### Included and premium templates
+1. **Included templates** are granted by your Compliance Manager license and cover key regulations and requirements. To learn more about what templates are available under your licensing agreement, see [licensing details](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager).
+2. **Premium templates** to cover additional needs and scenarios can be obtained by purchasing template licenses.
-1. **Included templates** are granted by your license and cover key regulations and requirements.
-2. **Premium templates** can be purchased to expand your library and cover specific needs. Once purchased, you may create as many assessments from a template as needed. [Learn how you can purchase premium templates](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#compliance-manager).
+When you begin creating assessments, Compliance Manager will track how many templates are active so you can monitor your usage. To learn more, see [Active and inactive templates](compliance-manager-templates.md#active-and-inactive-templates).
-View the [full list of templates](compliance-manager-templates-list.md).
+View the [full list of templates](compliance-manager-templates-list.md) available in Compliance Manager.
+
+### Purchase premium template licenses
+
+Template licenses can be purchased in the admin center ([learn more about subscriptions, licenses, and billing](/microsoft-365/commerce/)). Select the quantity of licenses you wish to purchase and your payment plan. You may also acquire licenses through your participation in the [Cloud Solution Provider program](https://partner.microsoft.com/membership/cloud-solution-provider) or [volume licensing](https://www.microsoft.com/licensing/licensing-programs/licensing-programs).
+
+Once your purchase has been finalized, the templates should become available in your tenant within 48 hours.
+
+### Try out premium templates
+
+To try out premium templates before you make a purchase, you may also acquire trial versions of the licenses. Trial licenses are good for up to 25 templates for 90 days. Once you obtain your trial license, the templates should become available in your tenant within 48 hours.
#### Active and inactive templates
compliance Customer Key Availability Key Understand https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-availability-key-understand.md
Microsoft employs a defense-in-depth strategy to prevent malicious actors from i
Microsoft 365 is built to prevent misuse of the availability key. The application layer is the only method through which keys, including the availability key, can be used to encrypt and decrypt data. Only Microsoft 365 service code has the ability to interpret and traverse the key hierarchy for encryption and decryption activities. Logical isolation exists between the storage locations of Customer Keys, availability keys, other hierarchical keys, and customer data. This isolation mitigates the risk of data exposure in the event one or more locations are compromised. Each layer in the hierarchy has built in 24x7 intrusion detection capabilities to protect data and secrets stored.
-Access controls are implemented to prevent unauthorized access to internal systems, including availability key secret stores. Microsoft engineers don't have direct access to the availability key secret stores. For additional detail on access controls, review [Administrative Access Controls in Microsoft 365](/compliance/office-365-administrative-access-controls-overview).
+Access controls are implemented to prevent unauthorized access to internal systems, including availability key secret stores. Microsoft engineers don't have direct access to the availability key secret stores. For additional detail on access controls, review [Administrative Access Controls in Microsoft 365](/compliance/assurance/assurance-administrative-access-controls-overview).
Technical controls prevent Microsoft personnel from logging into highly-privileged service accounts, which might otherwise be used by attackers to impersonate Microsoft services. For example, these controls prevent interactive logon.
compliance Customer Lockbox Requests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-lockbox-requests.md
description: "Learn about Customer Lockbox requests that allow you to control ho
# Customer Lockbox in Office 365
-This article provides deployment and configuration guidance for Customer Lockbox. Customer Lockbox supports requests to access data in Exchange Online, SharePoint Online, and OneDrive for Business. To recommend support for other services, please submit a request at [Office 365 UserVoice](https://office365.uservoice.com/).
-To see the options for licensing your users to benefit from Microsoft 365 compliance offerings, including this one, as of April 1, 2020, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
-Customer Lockbox ensures that Microsoft cannot access your content to perform a service operation without your explicit approval. Customer Lockbox brings you into the approval workflow for requests to access your content.
+This article provides deployment and configuration guidance for Customer Lockbox. Customer Lockbox supports requests to access data in Exchange Online, SharePoint Online, and OneDrive for Business. To recommend support for other services, submit a request at [Office 365 UserVoice](https://office365.uservoice.com/).
-Occasionally, Microsoft engineers help troubleshoot and fix customer reported issues in the support process. Usually, issues are fixed through extensive telemetry and debugging tools Microsoft has in place for its services. However, some cases require a Microsoft engineer to access customer content to determine the root cause and fix the issue. Customer Lockbox requires the engineer to request access from the customer as a final step in the approval workflow. This gives organizations the option to approve or deny these requests, and provide direct-access control to the customer.
+To see the options for licensing your users to benefit from Microsoft 365 compliance offerings, see the [Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).
+
+Customer Lockbox ensures that Microsoft can't access your content to do service operations without your explicit approval. Customer Lockbox brings you into the approval workflow process that Microsoft uses to ensure only authorized requests allow access to your content. To learn more about MicrosoftΓÇÖs workflow process, see [Privileged access management in Microsoft 365](privileged-access-management-solution-overview.md).
+
+Occasionally, Microsoft engineers help troubleshoot and fix issues that arise with the service. Usually, engineers fix issues using extensive telemetry and debugging tools Microsoft has in place for its services. However, some cases require a Microsoft engineer to access your content to determine the root cause and fix the issue. Customer Lockbox requires the engineer to request access from you as a final step in the approval workflow. This gives you the option to approve or deny the request for your organization, and provide direct-access control to your content.
### Customer Lockbox overview video
Occasionally, Microsoft engineers help troubleshoot and fix customer reported is
## Customer Lockbox workflow
-The following steps outline the typical workflow when a Microsoft engineer initiates a Customer Lockbox request:
+These steps outline the typical workflow when a Microsoft engineer starts a Customer Lockbox request:
1. Someone at an organization experiences an issue with their Microsoft 365 mailbox.
You can turn on Customer Lockbox controls in the Microsoft 365 admin center. Whe
3. Select a Customer Lockbox request, and then choose **Approve** or **Deny**.
- ![Approve or deny Customer Lockbox requests](../media/CustomerLockbox7.png)
+ ![Approve Customer Lockbox requests](../media/CustomerLockbox7.png)
A confirmation message about the approval of the Customer Lockbox request displays.
- ![Approve or deny Customer Lockbox requests](../media/CustomerLockbox8.png)
+ ![Deny Customer Lockbox requests](../media/CustomerLockbox8.png)
> [!NOTE] > Use the Set-AccessToCustomerDataRequest cmdlet to approve, deny, or cancel Microsoft 365 customer lockbox requests that control access to your data by Microsoft support engineers. For more information, see [Set-AccessToCustomerDataRequest](/powershell/module/exchange/set-accesstocustomerdatarequest). - ## Auditing Customer Lockbox requests Audit records that correspond to the Customer Lockbox requests are logged in the audit log. You can access these logs by using the [audit log search tool](search-the-audit-log-in-security-and-compliance.md) in the Security & Compliance Center. Actions related to accepting or denying a Customer Lockbox request and actions performed by Microsoft engineers (when access requests are approved) are also logged in the audit log. You can search for and review these audit records.
compliance Privacy Management Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privacy-management-setup.md
For detailed licensing guidance, see [Microsoft 365 licensing guidance for secur
## Set up privacy management
-To get started with privacy management, first get your trial license and sign in. Then you can assign permissions for your users and review settings.
+To get started with privacy management, first get your trial license. Then you can sign in to privacy management, assign permissions for your users, and review settings.
### Get trial license To get started with the public preview, your global admin can obtain the free privacy management trial license from the [admin center](https://aka.ms/purchasem365privacy). Select ΓÇ£Start trialΓÇ¥ to begin. Your license lasts for one month and you can renew it at no cost as needed during the public preview.
-After obtaining your subscription, allow up to 30 minutes for it to activate. Then return to privacy management to get started. You will be asked to confirm that you agree to the terms and the personal data evaluation process ([learn more](privacy-management.md#how-we-evaluate-your-data)). You can review the provided links in full before proceeding. Once you agree, it may take up to 24 hours before privacy management starts providing insights about your organizationΓÇÖs data.
+After obtaining your subscription, allow up to 30 minutes for it to activate. Then return to privacy management in the compliance center to get started.
+
+### Accept privacy management terms
+
+When you first open privacy management, you will be asked to confirm that you agree to the terms and the personal data evaluation process ([learn more](privacy-management.md#how-we-evaluate-your-data)). You can review the provided links in full before proceeding. Once you agree, it may take up to 24 hours before privacy management starts providing insights about your organizationΓÇÖs data.
If you donΓÇÖt hold the required role to obtain the subscription or consent to the terms of using privacy management, youΓÇÖll be prompted to contact your global admin for assistance.
For further insights into your data over time, your **Data profile** page will p
To learn more about these pages, see [Find and visualize your data](privacy-management-data-profile.md).
-## Get started with default policies
+## Get started with default policies
Privacy management will help kickstart your data evaluation process by creating three policies with default settings, using the templates for data minimization, data overexposure, and data transfers. These policies will be on by default, but will not automatically trigger notification mails or remediation prompts. After your initial setup, you can proceed to create and customize your own policies. To learn more, see [Create and manage policies](privacy-management-policies.md).
compliance Retention Flowchart https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-flowchart.md
+
+ Title: "Flowchart to determine when an item will be retained or permanently deleted"
+f1.keywords:
+- NOCSH
+++ Last updated :
+audience: Admin
++
+localization_priority: Priority
+
+- M365-security-compliance
+- SPO_Content
+search.appverid:
+- MOE150
+- MET150
+description: "Use a flowchart to determine the outcome when an item has multiple retention policies or a retention label and retention policies"
++
+# Flowchart to determine when an item will be retained or permanently deleted
+
+>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
+
+Use the following flowchart to apply the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence) to an item to determine if the system will retain it or permanently delete it as a result of a retention label or retention policy.
+
+This logic flow is used for an item when either of the following conditions apply:
+
+- There is more than one retention policy applied
+- There is a retention label and one or more retention policies
+
+If any of the terms used in this flowchart are unfamiliar to you, see [Learn about retention policies and retention labels](retention.md).
++
+ ![Flowchart to determine when an item will be retained or permanently deleted](../media/retention-flowchart.svg)
+
+> [!NOTE]
+> It's important to distinguish between the longest retention period for the item vs. the longest specified period in a retention policy or label. And similarly, between the shortest expiry date for the item vs. the shortest specified period in a retention policy.
+>
+> For more information, see the explanation after the graphic in the [principles of retention](retention.md#the-principles-of-retention-or-what-takes-precedence) section.
compliance Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention.md
There are a few more factors that determine when an item will be permanently del
Use the following flow to understand the retention and deletion outcomes for a single item, where each level acts as a tie-breaker for conflicts, from top to bottom. If the outcome is determined by the first level because there are no further conflicts, there's no need to progress to the next level, and so on. > [!IMPORTANT]
-> If you are using retention labels: Before using this flow to determine the outcome of multiple retention settings on the same item, make sure you know [which retention label is applied](#only-one-retention-label-at-a-time).
+> If you are using retention labels: Before applying the principles to determine the outcome of multiple retention settings on the same item, make sure you know [which retention label is applied](#only-one-retention-label-at-a-time).
![Diagram of the principles of retention](../media/principles-of-retention.png) Before explaining each principle in more detail, it's important to understand the difference between the retention period for the item vs. the specified retention period in the retention policy or retention label. That's because although the default configuration is to start the retention period when an item is created, so that the end of the retention period is fixed for the item, files also support the configuration to start the retention period from when the file is last modified. With this alternative configuration, every time the file is modified, the start of the retention period is reset, which extends the end of the retention period for the item. Retention labels also support starting the retention period when labeled and at the start of an event.
+To apply the principles in action with a series of Yes and No questions, you can also use the [retention flowchart](retention-flowchart.md).
+ Explanation for the four different principles: 1. **Retention wins over deletion.** Content won't be permanently deleted when it also has retention settings to retain it. While this principle ensures that content is preserved for compliance reasons, the delete process is still initiated and can remove the content from user view and searches. For SharePoint, for example, a document moves from the original folder to the Preservation Holds folder. However, permanent deletion is suspended. For more information about how and where content is retained, use the following links for each workload:
compliance Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
Example showing available sensitivity labels in Excel, from the **Home** tab on
To apply sensitivity labels, users must be signed in with their Microsoft 365 work or school account. > [!NOTE]
-> For US Government tenants, sensitivity labels are now supported for all platforms:
-> - For GCC and GCC High environments: Release notes for [Office for Windows](/officeupdates/current-channel#version-2101-january-26) and [Office for Mac](/officeupdates/release-notes-office-for-mac#feature-updates-2)
-> - For DoD environments: Release notes for [Office for Windows](/officeupdates/current-channel#version-2103-march-30)
+> For US Government tenants, sensitivity labels are now supported for all platforms.
>
-> If you use the Azure Information Protection unified labeling client and scanner for these environments, see the [Azure Information Protection Premium Government Service Description](/enterprise-mobility-security/solutions/ems-aip-premium-govt-service-description).
+> If you use the Azure Information Protection unified labeling client and scanner, see the [Azure Information Protection Premium Government Service Description](/enterprise-mobility-security/solutions/ems-aip-premium-govt-service-description).
You can use sensitivity labels to:
When you configure a label policy, you can:
- **Choose which users and groups see the labels.** Labels can be published to any specific user or email-enabled security group, distribution group, or Microsoft 365 group (which can have [dynamic membership](/azure/active-directory/users-groups-roles/groups-create-rule)) in Azure AD. -- **Specify a default label** for new documents, unlabeled emails, and new containers (when you've [enabled sensitivity labels for Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md)). You can specify the same label for all three types of items, or different labels. When you specify a default label for documents, the Azure Information Protection unified labeling client also applies this label to existing documents that are unlabeled. Users can always change the default label if it's not the right label for their document or email.
+- **Specify a default label** for new documents, unlabeled emails, new containers (when you've [enabled sensitivity labels for Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md)), and now [a default label for Power BI content](/power-bi/admin/service-security-sensitivity-label-default-label-policy). You can specify the same label for all four types of items, or different labels. When you specify a default label for documents, the Azure Information Protection unified labeling client also applies this label to existing documents that are unlabeled. Users can change the applied default sensitivity label if they decide it's not the right one.
> [!IMPORTANT] > When you have [sublabels](#sublabels-grouping-labels), be careful not to configure the parent label as a default label.
enterprise Ms Cloud Germany Migration Opt In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-migration-opt-in.md
Title: "How to opt-in for migration from Microsoft Cloud Germany (Microsoft Clou
Previously updated : 12/01/2020 audience: ITPro
description: "Summary: "
# How to opt-in for new migration from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter regions > [!NOTE]
-> This article only applies to Microsoft Cloud Germany (Microsoft Cloud Deutschland) customers.
+> The migration opt-in period is closed as of June 1, 2021. All eligible Microsoft Cloud Germany (Microsoft Cloud Deutschland) customers have now been migrated. No further customers will be migrated through the automated process. Any remaining Microsoft Cloud Germany subscriptions and tenants will be deactivated and deprovisioned in September 2021 as part of service closure activities.
> ## How to request migration
-If you are an eligible customer with your service provisioned in Microsoft Cloud Germany (Microsoft Cloud Deutschland) and you have signed in as a tenant (global) administrator, a page in the Microsoft 365 admin center allows you to opt-in for migration.
+If you were an eligible customer with your service provisioned in Microsoft Cloud Germany (Microsoft Cloud Deutschland) and you had signed in as a tenant (global) administrator, a page in the Microsoft 365 admin center allowed you to opt-in for migration. The Opt-In page in the Microsoft 365 admin center no longer allows for enrollment, however the process is outlined below for reference purposes.
To access the page, expand **Settings** in the navigation pane on the left, and then click **Organization Profile**.
enterprise Ms Cloud Germany Transition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition.md
Title: "Migration from Microsoft Cloud Deutschland to Office 365 services in the
Previously updated : 05/12/2021 audience: ITPro
Review the following Frequently Asked Questions section.
### Is migration required?
-Microsoft offers Office 365 tenant migration from Microsoft Cloud Deutschland to Office 365 services in the new German datacenter regions at no additional charge. While we do strongly recommend that you opt-in to migrate to the new German datacenter regions, we will continue to provide the necessary security updates to the Microsoft Cloud Deutschland region.
+Microsoft offered Office 365 tenant migration from Microsoft Cloud Deutschland to Office 365 services in the new German datacenter regions at no additional charge. All eligible Microsoft Cloud Germany (Microsoft Cloud Deutschland) customers have now been migrated. No further customers will be migrated through the automated process. Any remaining Microsoft Cloud Germany subscriptions and tenants will be deactivated and deprovisioned in September 2021 as part of service closure activities.
+
+We will continue to provide the necessary security updates to the Microsoft Cloud Deutschland region until service closure.
Office 365 services in the new German datacenter regions:
If you are an Azure customer only, you can begin [migrating](/azure/germany/germ
If you have Azure with Office 365, Dynamics 365, or Power BI, you must follow the migration process for Office 365 services first to ensure the successful migration of Azure AD before you could begin the self-directed Azure migration. You must complete the Azure migration before finalizing your tenant migration to maintain your Azure workloads with your Azure AD and Office 365 organization. Refer to [Migration phases actions and impacts for the migration from Microsoft Cloud Deutschland](ms-cloud-germany-transition-phases.md) for additional details.
-**Office 365**
-
-[Opt-in](./ms-cloud-germany-migration-opt-in.md) to the Microsoft-driven migration today. When we are ready to start your migration, we will inform you through the Message center in the Microsoft 365 admin center.
-
-**Dynamics 365 and Power BI**
+**Office 365, Dynamics 365, and Power BI**
-Opt-in to the Microsoft-driven migration for [Dynamics 365 Customer Engagement](/dynamics365/get-started/migrate-data-german-region) and [Power BI](/power-bi/admin/service-admin-migrate-data-germany) today. When we are ready to start your migration, we will inform you through the Message center in the Microsoft 365 admin center.
+All eligible Microsoft Cloud Germany (Microsoft Cloud Deutschland) customers have now been migrated. No further customers will be migrated through the automated process. Any remaining Microsoft Cloud Germany subscriptions and tenants will be deactivated and deprovisioned in September 2021 as part of service closure activities.
### Will the price change for the Office 365 services that I use?
managed-desktop Device Status Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/working-with-managed-desktop/device-status-report.md
+
+ Title: Device status report
+description: Explains device status
+keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
++
+ms.localizationpriority: normal
++++++
+# Device status report
+
+This report aggregates the status of all your registered devices to show your use of the Microsoft Managed Desktop service. We categorize devices based on their activity over the last 28 days and on our ability to keep the device updated. To be updated by Windows Update as soon as possible, a device must be connected to the internet and not hibernating or paused for a minimum of six hours, two of which must be continuous. Although it's possible that a device that doesn't meet these requirements will be updated, devices that meet them have the highest likelihood of being updated.
++
+We report device status using these labels:
+
+- **Ready for user**: Devices that have been successfully registered with our service and are ready to be given to a user
+- **Active**: Devices that are being used and have met the activity criteria (six hours, two continuous) for the most recent security update release and have checked in with Microsoft Intune at least once in the past five days.
+- **Synced**: Devices that are being used and have checked in with Intune within the last 28 days
+- **Out of sync**: Devices that are being used but have not checked in with Intune in the last 28 days
+- **Other**: The category aggregates several error states that can occur, typically during device registration. For more details, see [Troubleshooting device registration](../get-started/register-devices-self.md#troubleshooting-device-registration).
managed-desktop Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/working-with-managed-desktop/reports.md
Microsoft Managed Desktop provides several reports and dashboards that IT admins
On the **Summary** tab, you'll find quick metrics about device updates. Selecting **View details** of any metric will allow you to download additional information for offline analysis, including the underlying dataset for the metric. When you select the **Reports** tab, you will see descriptions for the available detailed reports. These reports are more comprehensive and support visualization and filtering of the data in the portal as well as exporting the underlying data for offline analysis or distribution. The following reports are available today:-- The **Device status** *(preview)* shows your use of the Microsoft Managed Desktop service based on device activity and usage. -- You can use **Device status trend** *(preview)* to monitor trends in device status over the last 60 days for your Microsoft Managed Desktop devices. Trends can help you associate device status with other changes over time, for example, new deployments. -- The **Windows security updates** *(preview)* report shows how Windows security updates are released across your Microsoft Managed Desktop devices.
+- The [**Device status** report](device-status-report.md) (*in preview*) shows your use of the Microsoft Managed Desktop service based on device activity and usage.
+- You can use **Device status trend** (*in preview*) to monitor trends in device status over the last 60 days for your Microsoft Managed Desktop devices. Trends can help you associate device status with other changes over time, for example, new deployments.
+- The [**Windows security updates** report](security-updates-report.md) (*in preview*) shows how Windows security updates are released across your Microsoft Managed Desktop devices.
-> [!NOTE]
-> Reports in *(preview)* can change with limited notice as we make improvements based on feedback we receive during the public preview.
## Endpoint analytics Microsoft Managed Desktop is now integrated with [Endpoint analytics](/mem/analytics/overview). These reports give you insights for measuring how your organization is working and the quality of the experience delivered to your users. Endpoint analytics is in the **Reports** menu of [Microsoft Endpoint Manager](https://endpoint.microsoft.com/). To pivot a score to only include devices being managed by Microsoft Managed Desktop go to any report, select the **Filter** drop down, and then select **Microsoft Managed Desktop devices**.
Microsoft Managed Desktop is now integrated with [Endpoint analytics](/mem/analy
If Endpoint analytics wasn't automatically configured for your Azure AD organization ("tenant") during enrollment, you can do that yourself. For more information, see [Onboard in the Endpoint analytics portal](/mem/analytics/enroll-intune#bkmk_onboard). You can enroll all of your devices or, if you want to include only Microsoft Managed Desktop devices, select the **modern workplace device** groups for Test, First, Fast, and Broad. These reports might require different permissions. For more information, see [Permissions](/mem/analytics/overview#permissions) to ensure you have roles appropriately assigned. > [!NOTE]
-> To better respect privacy user privacy, there must be more than 10 Microsoft Managed Desktop devices enrolled with Endpoint analytics to use this filter.
+> To better respect user privacy, there must be more than 10 Microsoft Managed Desktop devices enrolled with Endpoint analytics to use this filter.
## Intune reports Microsoft Intune is one of the services we use to manage devices on your behalf. In some cases, it can be helpful to use Intune reports to specifically monitor administration of your Microsoft Managed Desktop devices. Or you might want to exclude the devices we manage from a report you use to manage other devices. The following reports let you filter capability to include or exclude Microsoft Managed Desktop devices.
managed-desktop Security Updates Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/working-with-managed-desktop/security-updates-report.md
+
+ Title: Windows security updates report
+description: Explains the info presented in this report
+keywords: Microsoft Managed Desktop, Microsoft 365, service, documentation
++
+ms.localizationpriority: normal
++++++
+# Windows security updates report
+
+This report provides an overview of the deployment progress of a given Windows security update for your Microsoft Managed Desktop devices. At the beginning of each security update release cycle, Microsoft Managed Desktop takes a snapshot of all the devices with an **Active** device status and sets its deployment target at 95% of that population. The graph shows your deployment progress for a selected release date compared to the Microsoft Managed Desktop average. While we focus on the Active population you can also pivot this report to show your **Active + Synced** and **Out of sync** device populations. You can view the deployment progress for previous releases by changing the available filters, but device level details are only available for the current release. Device information viewable in the table following the graph is also exportable for offline analysis.
++
+Typically, Microsoft releases security updates every second Tuesday of the month, though they can be released at other times when needed. Each release adds important updates for known security vulnerabilities. Microsoft Managed Desktop ensures that 95% of its active devices are updated with the latest available security update every month. When security updates are released at other times to urgently address new threats, Microsoft Managed Desktop deploys these updates similarly. We categorize the status of security update versions with these terms:
+
+- **Current**: Devices that are running the update released in the current month
+- **Previous**: Devices running the update that was released in the previous month
+- **Older**: Devices running any security update released prior to the previous month
+
+There should only be a few devices in the **Older** category. A large or growing **Older** population probably indicates a systemic problem that you should report to Microsoft Managed Desktop so we can investigate.
security Collect Investigation Package https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/collect-investigation-package.md
Comment|String|Comment to associate with the action. **Required**.
## Response
-If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
+If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body. If a collection is already running, this returns 400 Bad Request.
## Example
security Configure Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts.md
Watch this video for a quick overview of the Microsoft Services Hub.
- I received a targeted attack notification from Microsoft Threat Experts. What data can you provide to us that we can pass on to our incident response team? > [!NOTE]
- > Microsoft Threat Experts is a managed cybersecurity hunting service and not an incident response service. However, the experts can seamlessly transition the investigation to Microsoft Cybersecurity Solutions Group (CSG)'s Detection and Response Team (DART) services, when necessary. You can also opt to engage with your own incident response team to address issues that requires an incident response.
+ > Microsoft Threat Experts is a managed cybersecurity hunting service and not an incident response service. However, you can engage with your own incident response team to address issues that require an incident response. If you donΓÇÖt have your own incident response team and would like MicrosoftΓÇÖs help, you can engage with the CSS Cybersecurity Incident Response Team (CIRT). They can open a ticket to help address your inquiry.
## Scenario
security Device Control Removable Storage Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-protection.md
ms.prod: m365-security
ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security--++ localization_priority: Normal audience: ITPro
Microsoft Defender for Endpoint Device Control Removable Storage Protection prev
**Windows 10 support details**: - Applied at machine level: the same policy applies for any logged on user.-- Supports MEM and GPO.
+- Supports Microsoft Endpoint Manager and Group Policy Objects.
- Supported '[Device Properties](#device-properties)' as listed. - For more information on Windows, see [How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md).
Microsoft Defender for Endpoint Device Control Removable Storage Protection prev
- Applied at machine level: the same policy applies for any logged on user - For macOS specific information, see [Device control for macOS](mac-device-control-overview.md).
-**Supported platform** - macOS Catalina 10.15.4+ (with system extensions enabled)
+**Supported platform** - macOS Catalina 10.15.4+ (with system extensions enabled) or later
### Removable storage Access Control
Microsoft Defender for Endpoint Device Control Removable Storage Protection prev
**Supported platform** - macOS Catalina 10.15.4+ (with system extensions enabled)
-### Windows Portable Device Access Control
-
-**Capabilities** - Deny Read or Write access to any [Windows Portable Device](/windows-hardware/drivers/portable/), for example: Tablet, iPhone.
-
-**Description**:
--- Applied at either machine or user or both.-- Support MEM OMA-URI and GPO.-
-**Supported Platform** - Windows 10
- ### Endpoint DLP Removable storage **Capabilities** - Audit or Warn or Prevent a user from copying an item or information to removable media or USB device.
Microsoft Defender for Endpoint Device Control Removable Storage Protection allo
|Device Class|[How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md)|Windows|For information about Device ID formats, see [device setup class](/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors). **Note**: Device Installation can be applied to any devices, not only Removable storage.| |Primary ID|Removable storage Access Control|Windows|The Primary ID includes removable storage and CD/DVD.| |Device ID|[How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md); Removable storage Access Control|Windows|For information about Device ID formats, see [Standard USB Identifiers](/windows-hardware/drivers/install/standard-usb-identifiers), for example, USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07|
-|Hardware ID|[How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md); Removable storage Access Control|Windows|A string identified the device in the system, for example, USBSTOR\DiskGeneric_Flash_Disk______8.07; **Note**: Hardware ID is not unique; different devices may share same value.|
+|Hardware ID|[How to control USB devices and other removable media using Microsoft Defender for Endpoint](control-usb-devices-using-intune.md); Removable storage Access Control|Windows|A string identified the device in the system, for example, USBSTOR\DiskGeneric_Flash_Disk___8.07; **Note**: Hardware ID is not unique; different devices might share the same value.|
|Instance ID|Device Installation; Removable storage Access Control|Windows|A string uniquely identifies the device in the system, for example, USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\8735B611&0| |Friendly Name|Removable storage Access Control|Windows|A string attached to the device, for example, Generic Flash Disk USB Device|
-|Vendor ID / Product ID|Removable storage Access Control|Windows Mac|Vendor ID is the four-digit vendor code that the USB committee assigns to the vendor. Product ID is the four-digit product code that the vendor assigns to the device; Support wildcard.|
-|Serial NumberId|Removable storage Access Control|Windows Mac|For example, <SerialNumberId>002324B534BCB431B000058A</SerialNumberId>|
-|
+|Vendor ID / Product ID|Removable storage Access Control|Windows <br/> macOS |Vendor ID is the four-digit vendor code that the USB committee assigns to the vendor. Product ID is the four-digit product code that the vendor assigns to the device; Support wildcard.|
+|Serial NumberId|Removable storage Access Control|Windows <br/> macOS |For example, <SerialNumberId>002324B534BCB431B000058A</SerialNumberId>|
-## Related topic
+## See also
- [Microsoft Defender for Endpoint Device Control Removable Storage Access Control](device-control-removable-storage-access-control.md)
security Device Control Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-report.md
ms.technology: mde
# Protect your organization's data with device control
-**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
Microsoft Defender for Endpoint device control protects against data loss, by monitoring and controlling media use by devices in your organization, such as the use of removable storage devices and USB drives.
security Get Machineactions Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machineactions-collection.md
Retrieves a collection of [Machine Actions](machineaction.md).
Supports [OData V4 queries](https://www.odata.org/documentation/).
-The OData's `$filter` query is supported on: `status`, `machineId`, `type`, `requestor` and `creationDateTimeUtc` properties.
+The OData's `$filter` query is supported on: `id`, `status`, `machineId`, `type`, `requestor`, and `creationDateTimeUtc` properties.
+<br>```$stop``` with max value of 10,000
+<br>```$skip```
See examples at [OData queries with Microsoft Defender for Endpoint](exposed-apis-odata-samples.md)
security Get Package Sas Uri https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-package-sas-uri.md
Get a URI that allows downloading of an [Investigation package](collect-investig
> [!IMPORTANT] > > - These actions are only available for devices on Windows 10, version 1703 or later.+
+## Limitations
+
+Rate limitations for this API are 2 calls per minute and 120 calls per hour.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Access the Microsoft Defender for Endpoint APIs](apis-intro.md)
Empty
## Response
-If successful, this method returns 200, Ok response code with object that holds the link to the package in the "value" parameter. This link is valid for a very short time and should be used immediately for downloading the package to a local storage.
+If successful, this method returns 200, Ok response code with object that holds the link to the package in the "value" parameter. This link is valid for a very short time and should be used immediately for downloading the package to a local storage. If the machine action for the collection exists but is not complete, this returns 404 Not Found.
## Example
security Get Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-software.md
[!include[Improve request performance](../../includes/improve-request-performance.md)]
+## API description
+ Retrieves the organization software inventory.
+<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
+<br>OData supported operators:
+<br>```$filter``` on: ```id```, ```name```, and ```vendor``` properties.
+<br>```$top``` with max value of 10,000.
+<br>```$skip```.
+<br>See examples at [OData queries with Microsoft Defender for Endpoint](exposed-apis-odata-samples.md).
## Permissions
security Get Ti Indicators Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-ti-indicators-collection.md
Retrieves a collection of all active [Indicators](ti-indicator.md).
Supports [OData V4 queries](https://www.odata.org/documentation/).
-The OData's `$filter` query is supported on: `indicatorValue`, `indicatorType`, `creationTimeDateTimeUtc`, `createdBy`, `action` and `severity` properties.
+The OData's `$filter` query is supported on: `application`, `createdByDisplayName`, `expirationTime`, `generateAlert`, `title`, `rbacGroupNames`, `rbacGroupIds`, `indicatorValue`, `indicatorType`, `creationTimeDateTimeUtc`, `createdBy`, `action`, and `severity` properties.
+<br>```$stop``` with max value of 10,000.
+<br>```$skip```.
See examples at [OData queries with Microsoft Defender for Endpoint](exposed-apis-odata-samples.md)
security Get User Related Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-user-related-alerts.md
Empty
## Response
-If successful and user exists - 200 OK. If the user does not exist - 404 Not Found.
+If successful and user exists - 200 OK. If the user does not exist - 200 OK with an empty set.
## Example
security Restrict Code Execution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/restrict-code-execution.md
Comment|String|Comment to associate with the action. **Required**.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
+If you send multiple API calls to restrict app execution for the same device, it returns "pending machine action" or HTTP 400 with the message "Action is already in progress".
+ ## Example ### Request
security Run Av Scan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-av-scan.md
ScanType|String|Defines the type of the Scan. **Required**.
If successful, this method returns 201, Created response code and _MachineAction_ object in the response body.
+If you send multiple API calls to run an antivirus scan for the same device, it returns "pending machine action" or HTTP 400 with the message "Action is already in progress".
+ ## Example ### Request
security Score https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/score.md
Property|Type|Description
Score|Double|The current score. Time|DateTime|The date and time in which the call for this API was made. RbacGroupName|String|The device group name.
+RbacGroupId|String|The device group ID.
security Unisolate Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/unisolate-machine.md
Comment|String|Comment to associate with the action. **Required**.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
+If you send multiple API calls to remove isolation for the same device, it returns "pending machine action" or HTTP 400 with the message "Action is already in progress".
+ ## Example ### Request
security Unrestrict Code Execution https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/unrestrict-code-execution.md
Comment|String|Comment to associate with the action. **Required**.
If successful, this method returns 201 - Created response code and [Machine Action](machineaction.md) in the response body.
+If you send multiple API calls to remove app restrictions for the same device, it returns "pending machine action" or HTTP 400 with the message "Action is already in progress".
+ ## Example ### Request
security Incidents Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incidents-overview.md
The additional tabs for an incident are:
All the supported events and suspicious entities in the alerts in the incident. -- Graph (in preview)-
- A figure showing the connection of alerts to the impacted assets in your organization.
- Here's the relationship between an incident and its data and the tabs of an incident in the Microsoft 365 Defender portal. :::image type="content" source="../../media/incidents-overview/incidents-security-center.png" alt-text="The relationship of an incident and its data to the tabs of an incident in the Microsoft 365 Defender portal":::
Annual tasks can include conducting a major incident or breach exercise to test
Daily, monthly, quarterly, and annual tasks can be used to update or refine processes, policies, and security configurations.
+See [ Integrating Microsoft 365 Defender into your security operations](integrate-microsoft-365-defender-secops.md) for more details.
+ ### SecOps resources across Microsoft products For more information about SecOps across Microsoft's products, see these resources:
security Configure Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/mtp/configure-microsoft-threat-experts.md
Watch this video for a quick overview of the Microsoft Services Hub.
- We received a targeted attack notification from Microsoft Threat Experts. What data can you provide to us that we can pass on to our incident response team? > [!NOTE]
-> Microsoft Threat Experts is a managed threat hunting service and not an incident response service. However, the experts can seamlessly transition the investigation to Microsoft Cybersecurity Solutions Group (CSG)'s Detection and Response Team (DART) services, when necessary. You can also opt to engage with your own incident response team to address issues that requires an incident response.
+> Microsoft Threat Experts is a managed threat hunting service and not an incident response service. However, you can engage with your own incident response team to address issues that require an incident response. If you donΓÇÖt have your own incident response team and would like MicrosoftΓÇÖs help, you can engage with the CSS Cybersecurity Incident Response Team (CIRT). They can open a ticket to help address your inquiry.
## Scenario
security Admin Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md
For other ways to submit email messages, URLs, and attachments to Microsoft, see
Note that membership in this role group is required to [View user submissions to the custom mailbox](#view-user-submissions-to-microsoft) as described later in this article.
+- Admins can submit messages as old as 30 days if it is still available in the mailbox and not purged by the user or another admin.
+ - For more information about how users can submit messages and files to Microsoft, see [Report messages and files to Microsoft](report-junk-email-messages-to-microsoft.md). ## Report suspicious content to Microsoft
For other ways to submit email messages, URLs, and attachments to Microsoft, see
- **Add the email network message ID**: This is a GUID value that's available in the **X-MS-Exchange-Organization-Network-Message-Id** header in the message or in the **X-MS-Office365-Filtering-Correlation-Id** header in quarantined messages. - **Upload the email file (.msg or .eml)**: Click **Browse files**. In the dialog that opens, find and select the .eml or .msg file, and then click **Open**.
- > [!NOTE]
- > The ability to submit messages as old as 30 days has been temporarily suspended for Defender for Office 365 customers. Admins will only be able to go back 7 days.
- 3. In the **Choose a recipient who had an issue** box, specify the recipient that you would like to run a policy check against. The policy check will determine if the email bypassed scanning due to user or organization policies. 4. In the **Select a reason for submitting to Microsoft** section, select one of the following options:
If you've deployed the [Report Message add-in](enable-the-report-message-add-in.
Once a user submits a suspicious email to the custom mailbox, the user and admin don't have an option to undo the submission. If the user would like to recover the email, it will be available for recovery in the Deleted Items or Junk Email folders.
-### Submit messages to Microsoft from the custom mailbox
+### Converting user reported messages from the custom mailbox into an admin submission
-If you've configured the custom mailbox to intercept user-reported messages without sending the messages to Microsoft, you can find and send specific messages to Microsoft for analysis. This effectively moves a user submission to an admin submission.
+If you've configured the custom mailbox to intercept user-reported messages without sending the messages to Microsoft, you can find and send specific messages to Microsoft for analysis.
On the **User reported messages** tab, select a message in the list, click **Submit to Microsoft for analysis**, and then select one of the following values from the drop down list:
security Find And Release Quarantined Messages As A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/find-and-release-quarantined-messages-as-a-user.md
Title: Find and release quarantined messages as a user
+f1.keywords:
- NOCSH Previously updated : Last updated : audience: Consumer/IW localization_priority: Priority
+search.appverid:
- MET150 - MEW150 ms.assetid: efff08ec-68ff-4099-89b7-266e3c4817be-+ - M365-security-compliance-+ - seo-marvel-apr2020 description: Users can learn how to view and manage quarantined messages in Exchange Online Protection (EOP) that should have been delivered to them. ms.technology: mdo
ms.prod: m365-security
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, quarantine holds potentially dangerous or unwanted messages. For more information, see [Quarantine in EOP](quarantine-email-messages.md).
-As a recipient of a quarantined message, what you can do to the message as a non-admin user is described in the following table:
+As a recipient of a quarantined message, what you can do to the message as an ordinary use (not an admin) is described in the following table:
<br>
You view and manage your quarantined messages in the Microsoft 365 Defender port
## What do you need to know before you begin? -- To open the Microsoft 365 Defender portal, go to <https://security.microsoft.com>. To open the Quarantine page directly, go to <https://security.microsoft.com/quarantine>.
+- To open the Microsoft 365 Defender portal, go to <https://security.microsoft.com>. To open the **Quarantine** page directly, use <https://security.microsoft.com/quarantine>.
- Admins can configure how long messages are kept in quarantine before they're permanently deleted in anti-spam policies. Messages that have expired from quarantine are unrecoverable. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md). -- Admins can also [enable end-user spam notifications](configure-your-spam-filter-policies.md#configure-end-user-spam-notifications) in anti-spam policies. Users can release quarantined spam messages directly from these notifications. Users can review quarantined phishing messages (not high confidence phishing messages) directly from these notifications. For more information, see [End-user spam notifications in EOP](use-spam-notifications-to-release-and-report-quarantined-messages.md).
+- Admins can also [enable end-user spam notifications](configure-your-spam-filter-policies.md#configure-end-user-spam-notifications) in anti-spam policies. Original message recipients can *release* quarantined spam messages directly from these notifications. Original message recipients can *review* quarantined phishing messages (not high confidence phishing messages) directly from these notifications. For more information, see [End-user spam notifications in EOP](use-spam-notifications-to-release-and-report-quarantined-messages.md).
- Messages that were quarantined for high confidence phishing, malware, or by mail flow rules (also known as transport rules) are only available to admins, and aren't visible to users. For more information, see [Manage quarantined messages and files as an admin in EOP](manage-quarantined-messages-and-files.md).
You view and manage your quarantined messages in the Microsoft 365 Defender port
## View your quarantined messages 1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Review** \> **Quarantine**.
+2. On the **Quarantine** page, you can sort the results by clicking on an available column header. Click **Customize columns** to change the columns that are shown. The default values are marked with an asterisk (<sup>\*</sup>):
-2. You can sort the results by clicking on an available column header. Click **Modify columns** to show a maximum of seven columns. The default values are marked with an asterisk (<sup>\*</sup>):
-
- - **Received**<sup>\*</sup>
- - **Sender**<sup>\*</sup>
+ - **Time received**<sup>\*</sup>
- **Subject**<sup>\*</sup>
+ - **Sender**<sup>\*</sup>
- **Quarantine reason**<sup>\*</sup>
- - **Released?**<sup>\*</sup>
+ - **Release status**<sup>\*</sup>
- **Policy type**<sup>\*</sup> - **Expires**<sup>\*</sup> - **Recipient** - **Message ID** - **Policy name**
- - **Size**
- - **Direction**
+ - **Message size**
+ - **Mail direction**
- When you're finished, click **Save**, or click **Set to default**.
+ When you're finished, click **Apply**.
3. To filter the results, click **Filter**. The available filters are:
+ - Message
+ - **Expires time**: Filter messages by when they will expire from quarantine: - **Today** - **Next 2 days**
You view and manage your quarantined messages in the Microsoft 365 Defender port
- **Anti-malware policy** - **Safe Attachments policy** (Defender for Office 365) - **Anti-phish policy**
- - **Hosted content filter policy** (anti-spam policy)
- - **Transport rule**
-
- <sup>\*</sup>
+ - **Anti-spam policy**
+ - **Transport rule** (mail flow rule)
To clear the filter, click **Clear**. To hide the filter flyout, click **Filter** again.
-4. Use **Sort results by** (the **Message ID** button by default) and a corresponding value to find specific messages. Wildcards aren't supported. You can search by the following values:
-
- - **Message ID**: The globally unique identifier of the message. If you select a message in the list, the **Message ID** value appears in the **Details** flyout pane that appears. Admins can use [message trace](message-trace-scc.md) to find messages and their corresponding Message ID values.
- - **Sender email address**: A single sender's email address.
- - **Policy name**: Use the entire policy name of the message. The search is not case-sensitive.
- - **Recipient email address**: A single recipient's email address.
- - **Subject**: Use the entire subject of the message. The search is not case-sensitive.
+4. To filter the results, click **Filter**. The following filters are available in the **Filters** flyout that appears:
+ - **Message ID**: The globally unique identifier of the message.
+ - **Sender address**
+ - **Recipient address**
+ - **Subject**
+ - **Time received**: Enter a **Start time** and **End time** (date).
+ - **Expires**: Filter messages by when they will expire from quarantine:
+ - **Today**
+ - **Next 2 days**
+ - **Next 7 days**
+ - **Custom**: Enter a **Start date** and **End date**.
+ - **Quarantine reason**:
+ - **Bulk**
+ - **Spam**
+ - **Phishing**: The spam filter verdict was **Phishing** or anti-phishing protection quarantined the message ([spoof settings](set-up-anti-phishing-policies.md#spoof-settings) or [impersonation protection](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)).
+ - **High confidence phishing**
+ - **Release status**: Any of the following values:
+ - **Needs review**
+ - **Approved**
+ - **Denied**
+ - **Release requested**
+ - **Released**
+ - **Policy Type**: Filter messages by policy type:
+ - **Anti-malware policy**
+ - **Safe Attachments policy**
+ - **Anti-phishing policy**
+ - **Anti-spam policy**
+ - **Transport rule** (mail flow rule)
- After you've entered the search criteria, click ![Refresh button](../../media/scc-quarantine-refresh.png) **Refresh** to filter the results.
+ When you're finished, click **Apply**. To clear the filters, click ![Clear filters icon](../../media/m365-cc-sc-clear-filters-icon.png) **Clear filters**.
-After you find a specific quarantined message, select the message to view details about it, and to take action on it (for example, view, release, download, or delete the message).
+5. Use **Search** box and a corresponding value to find specific messages. Wildcards aren't supported. You can search by the following values:
+ - Message ID
+ - Sender email address
+ - Recipient email address
+ - Subject. Use the entire subject of the message. The search is not case-sensitive.
+ - Policy name. Use the entire policy name. The search is not case-sensitive.
-### Export message results
+ After you've entered the search criteria, press ENTER to filter the results.
-1. Select the messages you're interested in, and click **Export results**.
+After you find a specific quarantined message, select the message to view details about it, and to take action on it (for example, view, release, download, or delete the message).
-2. Click **Yes** in the confirmation message that warns you to keep the browser window open.
+### View quarantined message details
-3. When your export is ready, you can name and choose the download location for the .csv file.
+When you select quarantined message from the list, the following information is available in the details flyout that appears.
-### View quarantined message details
+![The details flyout of a quarantined message](../../media/quarantine-user-message-details.png)
When you select an email message in the list, the following message details appear in the **Details** flyout pane:
When you select an email message in the list, the following message details appe
- **Received**: The date/time when the message was received. - **Subject** - **Quarantine reason**: Shows if a message has been identified as **Spam**, **Bulk** or **Phish**.
+- **Policy type**: The type of policy. For example, **Anti-spam policy**.
+- **Recipient count**
- **Recipients**: If the message contains multiple recipients, you need to click **Preview message** or **View message header** to see the complete list of recipients. - **Expires**: The date/time when the message will be automatically and permanently deleted from quarantine.-- **Released to**: All email addresses (if any) to which the message has been released.-- **Not yet released to**: All email addresses (if any) to which the message has not yet been released.+
+To take action on the message, see the next section.
+
+> [!NOTE]
+> To remain in the details flyout, but change the quarantined message that you're looking at, use the up and down arrows at the top of the flyout.
+>
+> ![The up and down arrows in the details flyout of a quarantined message](../../media/quarantine-message-details-flyout-up-down-arrows.png)
### Take action on quarantined email
-After you select a message, you have options for what to do with the messages in the **Details** flyout pane:
+After you select a quarantined message from the list, the following actions are available in the details flyout:
+
+![Available actions in the details flyout of a quarantined message](../../media/quarantine-user-message-details-flyout-actions.png)
+
+- ![Release email icon](../../media/m365-cc-sc-check-mark-icon.png) **Release email**<sup>\*</sup>: Delivers the message to your Inbox.
-- **Release message**: In the flyout pane that appears, choose whether to **Report messages to Microsoft for analysis**. This is selected by default, and reports the erroneously quarantined message to Microsoft as a false positive.
+- ![View message headers icon](../../media/m365-cc-sc-eye-icon.png) **View message headers**: Choose this link to see the message header text. The **Message header** flyout appears with the following links:
+- **Copy message header**: Click this link to copy the message header (all header fields) to your clipboard.
+- **Microsoft Message Header Analyzer**: To analyze the header fields and values in depth, click this link to go to the Message Header Analyzer. Paste the message header into the **Insert the message header you would like to analyze** section (CTRL+V or right-click and choose **Paste**), and then click **Analyze headers**.
- When you're finished, click **Release messages**.
+The following actions are available after you click ![More actions icon](../../media/m365-cc-sc-more-actions-icon.png) **More actions**:
-- **View message header**: Choose this link to see the message header text. To analyze the header fields and values in depth, copy the message header text to your clipboard, and then choose **Microsoft Message Header Analyzer** to go to the Remote Connectivity Analyzer (right-click and choose **Open in a new tab** if you don't want to leave Microsoft 365 to complete this task). Paste the message header onto the page in the Message Header Analyzer section, and choose **Analyze headers**:
+- ![Preview message icon](../../media/m365-cc-sc-eye-icon.png) **Preview message**: In the flyout that appears, choose one of the following tabs:
+ - **Source**: Shows the HTML version of the message body with all links disabled.
+ - **Plain text**: Shows the message body in plain text.
-- **Preview message**: In the flyout pane that appears, choose one of the following options:
- - **Source view**: Shows the HTML version of the message body with all links disabled.
- - **Text view**: Shows the message body in plain text.
+- ![Remove from quarantine icon](../../media/m365-cc-sc-delete-icon.png) **Remove from quarantine**: After you click **Yes** in the warning that appears, the message is immediately deleted without being sent to the original recipients.
-- **Remove from quarantine**: After you click **Yes** in the warning that appears, the message is immediately deleted.
+- ![Download email icon](../../media/m365-cc-sc-download-icon.png) **Download email**: In the flyout that appears, select **I understand the risks from downloading this message**, and then click **Download** to save a local copy of the message in .eml format.
-- **Block Sender**: Add the sender to the Blocked Senders list on your mailbox. For more information, see [Block a mail sender](https://support.microsoft.com/office/b29fd867-cac9-40d8-aed1-659e06a706e4).
+- ![Block sender icon](../../media/m365-cc-sc-block-sender-icon.png) **Block sender**: Add the sender to the Blocked Senders list in **your** mailbox. For more information, see [Block a mail sender](https://support.microsoft.com/office/b29fd867-cac9-40d8-aed1-659e06a706e4).
-Add the sender to the Blocked Senders list on your mailbox. For more information, see [Block a mail sender](https://support.microsoft.com/office/b29fd867-cac9-40d8-aed1-659e06a706e4).
+<sup>\*</sup> This option is not available for messages that have already been released (the **Released status** value is **Released**).
-When you're finished, click **Close**.
+If you don't release or remove the message, it will be deleted after the default quarantine retention period expires (as shown in the **Expires** column).
-If you don't release or remove the message, it will be deleted after the default quarantine retention period expires.
+> [!NOTE]
+> On a mobile device, the description text isn't available on the action icons.
+>
+> ![Details of a quarantined message with available actions highlighted](../../media/quarantine-user-message-details-flyout-mobile-actions.png)
+>
+> The icons in order and their corresponding descriptions are summarized in the following table:
+>
+> |Icon|Description|
+> |:||
+> |![Release email icon](../../media/m365-cc-sc-check-mark-icon.png)|**Release email**|
+> |![View message headers icon](../../media/m365-cc-sc-eye-icon.png)|**View message headers**|
+> |![Preview message icon](../../media/m365-cc-sc-eye-icon.png)|**Preview message**|
+> |![Remove from quarantine icon](../../media/m365-cc-sc-delete-icon.png)|**Remove from quarantine**|
+> |![Block sender icon](../../media/m365-cc-sc-block-sender-icon.png)|**Block sender**|
#### Take action on multiple quarantined email messages
-When you select multiple quarantined messages in the list (up to 100), the **Bulk actions** flyout pane appears where you can take the following actions:
+When you select multiple quarantined messages in the list (up to 100) by clicking in the blank area to the left of the first column, the **Bulk actions** drop down list appears where you can take the following actions:
-- **Release messages**: The options are the same as when you release a single message, except you can't select **Release messages to specific recipients**; you can only select **Release message to all recipients** or **Release messages to other people**.-- **Delete messages**: After you click **Yes** in the warning that appears, the message are immediately deleted without being sent to the original recipients.
+![Bulk actions drop down list for messages in quarantine](../../media/quarantine-user-message-bulk-actions.png)
-When you're finished, click **Close**.
+- ![Release email icon](../../media/m365-cc-sc-check-mark-icon.png) **Release messages**: Delivers the messages to your Inbox.
+- ![Remove from quarantine icon](../../media/m365-cc-sc-delete-icon.png) **Delete messages**: After you click **Yes** in the warning that appears, the messages are immediately removed from quarantine without being sent to the original recipients.
security Manage Quarantined Messages And Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files.md
Title: Manage quarantined messages and files as an admin
Previously updated : Last updated : audience: Admin localization_priority: Normal
+search.appverid:
- MOE150 - MED150 - MET150 ms.assetid: 065cc2cf-2f3a-47fd-a434-2a20b8f51d0c-+ - M365-security-compliance-+ - seo-marvel-apr2020 description: Admins can learn how to view and manage quarantined messages for all users in Exchange Online Protection (EOP). Admins in organizations with Microsoft Defender for Office 365 can also manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams. ms.technology: mdo
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
Admins can view, release, and delete all types of quarantined messages for all users. Only admins can manage messages that were quarantined as malware, high confidence phishing, or as a result of mail flow rules (also known as transport rules). Admins can also report false positives to Microsoft.
-Admins in organizations with Microsoft Defender for Office 365 can also view, download, and delete quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams.
+Admins in organizations with Microsoft Defender for Office 365 can also manage files that were quarantined by quarantined by [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](mdo-for-spo-odb-and-teams.md).
You view and manage quarantined messages in the Microsoft 365 Defender portal or in PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes). ## What do you need to know before you begin? -- To open the Microsoft 365 Defender portal, go to <https://security.microsoft.com>. To open the Quarantine page directly, go to <https://security.microsoft.com/quarantine>.
+- To open the Microsoft 365 Defender portal, go to <https://security.microsoft.com>. To open the **Quarantine** page directly, use <https://security.microsoft.com/quarantine>.
- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).
You view and manage quarantined messages in the Microsoft 365 Defender portal or
### View quarantined email 1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Review** \> **Quarantine**.
+2. On the **Quarantine** page, verify that the **Email** tab is selected.
-2. On the **Quarantine** page, verify that **View quarantined** is set to the default value **email**.
-
-3. You can sort the results by clicking on an available column header. Click **Modify columns** to show a maximum of seven columns. The default values are marked with an asterisk (<sup>\*</sup>):
+3. You can sort the results by clicking on an available column header. Click **Customize columns** to change the columns that are shown. The default values are marked with an asterisk (<sup>\*</sup>):
+ - **Time received**<sup>\*</sup>
- **Subject**<sup>\*</sup>
- - **Time Received**<sup>\*</sup>
- **Sender**<sup>\*</sup> - **Quarantine reason**<sup>\*</sup>
- - **Released?**<sup>\*</sup>
+ - **Release status**<sup>\*</sup>
- **Policy type**<sup>\*</sup> - **Expires**<sup>\*</sup> - **Recipient**
You view and manage quarantined messages in the Microsoft 365 Defender portal or
- **Policy name** - **Message size** - **Mail direction**
+ - **Recipient tag**
When you're finished, click **Apply**.
-4. To filter the results, click **Filter**. The available filters are:
- - **Expires time**: Filter messages by when they will expire from quarantine:
+4. To filter the results, click **Filter**. The following filters are available in the **Filters** flyout that appears:
+ - **Message ID**: The globally unique identifier of the message.
+
+ For example, you used [message trace](message-trace-scc.md) to look for a message that was sent to a user in your organization, and you determine that the message was quarantined instead of delivered. Be sure to include the full message ID value, which might include angle brackets (\<\>). For example: `<79239079-d95a-483a-aacf-e954f592a0f6@XYZPR00BM0200.contoso.com>`.
+
+ - **Sender address**
+ - **Recipient address**
+ - **Subject**
+ - **Time received**: Enter a **Start time** and **End time** (date).
+ - **Expires**: Filter messages by when they will expire from quarantine:
- **Today** - **Next 2 days** - **Next 7 days** - **Custom**: Enter a **Start date** and **End date**.
- - **Received time**: Enter a **Start date** and **End date**.
+ - **Recipient tag**
- **Quarantine reason**:
- - **Policy**: The message matched the conditions of a mail flow rule (also known as a transport rule).
+ - **Transport rule** (mail flow rule)
- **Bulk**
- - **Phish**: The spam filter verdict was **Phishing** or anti-phishing protection quarantined the message ([spoof settings](set-up-anti-phishing-policies.md#spoof-settings) or [impersonation protection](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)).
- - **Malware**
- **Spam**
- - **High Confidence Phish**
+ - **Malware**
+ - **Phishing**: The spam filter verdict was **Phishing** or anti-phishing protection quarantined the message ([spoof settings](set-up-anti-phishing-policies.md#spoof-settings) or [impersonation protection](set-up-anti-phishing-policies.
+ - **High confidence phishing**
+ - **Recipient**: **All users** or **Only me**. End users can only manage quarantined messages sent to them.
+ - **Release status**: Any of the following values:
+ - **Needs review**
+ - **Approved**
+ - **Denied**
+ - **Release requested**
+ - **Released**
- **Policy Type**: Filter messages by policy type: - **Anti-malware policy** - **Safe Attachments policy**
- - **Anti-phish policy**
- - **Hosted content filter policy** (anti-spam policy)
- - **Transport rule**
- - **Email recipient**: All users or only messages sent to you. End users can only manage quarantined messages sent to them.
+ - **Anti-phishing policy**
+ - **Anti-spam policy**
+ - **Transport rule** (mail flow rule)
- To clear the filter, click **Clear**. To hide the filter flyout, click **Filter** again.
+ When you're finished, click **Apply**. To clear the filters, click ![Clear filters icon](../../media/m365-cc-sc-clear-filters-icon.png) **Clear filters**.
-5. Use **Sort results by** (the **Message ID** button by default) and a corresponding value to find specific messages. Wildcards aren't supported. You can search by the following values:
- - **Message ID**: The globally unique identifier of the message.
-
- For example, you used [message trace](message-trace-scc.md) to look for a message that was sent to a user in your organization, and you determine that the message was quarantined instead of delivered. Be sure to include the full message ID value, which might include angle brackets (\<\>). For example: `<79239079-d95a-483a-aacf-e954f592a0f6@XYZPR00BM0200.contoso.com>`.
+5. Use **Search** box and a corresponding value to find specific messages. Wildcards aren't supported. You can search by the following values:
+ - Message ID
+ - Sender email address
+ - Recipient email address
+ - Subject. Use the entire subject of the message. The search is not case-sensitive.
+ - Policy name. Use the entire policy name. The search is not case-sensitive.
- - **Sender email address**: A single sender's email address.
- - **Policy name**: Use the entire policy name of the message. The search is not case-sensitive.
- - **Recipient email address**: A single recipient's email address.
- - **Subject**: Use the entire subject of the message. The search is not case-sensitive.
- - **Policy name**: The name of the policy that was responsible for quarantining the message.
-
- After you've entered the search criteria, click !**Refresh** to filter the results.
+ After you've entered the search criteria, press ENTER to filter the results.
After you find a specific quarantined message, select the message to view details about it, and to take action on it (for example, view, release, download, or delete the message). #### View quarantined message details
-When you select an email message in the list, the following message details are available in the details flyout that appears:
+When you select quarantined message from the list, the following information is available in the details flyout that appears.
+
+![The details flyout of a quarantined message](../../media/quarantine-message-details-flyout.png)
-- **Message ID**: The globally unique identifier for the message.
+- **Message ID**: The globally unique identifier for the message. Available in the **Message-ID** header field in the message header.
- **Sender address** - **Received**: The date/time when the message was received. - **Subject** - **Quarantine reason**: Shows if a message has been identified as **Spam**, **Bulk**, **Phish**, matched a mail flow rule (**Transport rule**), or was identified as containing **Malware**.
+- **Policy type**
+- **Policy name**
- **Recipient count** - **Recipients**: If the message contains multiple recipients, you need to click **Preview message** or **View message header** to see the complete list of recipients.
+- **Recipient tag**: For more information, see [User tags in Microsoft Defender for Office 365](user-tags.md).
- **Expires**: The date/time when the message will be automatically and permanently deleted from quarantine. - **Released to**: All email addresses (if any) to which the message has been released. - **Not yet released to**: All email addresses (if any) to which the message has not yet been released.
+To take action on the message, see the next section.
+
+> [!NOTE]
+> To remain in the details flyout, but change the quarantined message that you're looking at, use the up and down arrows at the top of the flyout.
+>
+> ![The up and down arrows in the details flyout of a quarantined message](../../media/quarantine-message-details-flyout-up-down-arrows.png)
+ ### Take action on quarantined email
-After you select a message, you have several options for what to do with the messages in the details flyout:
+After you select a quarantined message from the list, the following actions are available in the details flyout:
+
+![Available actions in the details flyout of a quarantined message](../../media/quarantine-message-details-flyout-actions.png)
-- **Release message**: In the flyout that appears, choose the following options:
- - **Report messages to Microsoft for analysis**: This is selected by default, and reports the erroneously quarantined message to Microsoft as a false positive. If the message was quarantined as spam, bulk, phishing, or containing malware, the message is also reported to the Microsoft Spam Analysis Team. Depending on their analysis, the service-wide spam filter rules might be adjusted to allow the message through.
+- ![Release email icon](../../media/m365-cc-sc-check-mark-icon.png) **Release email**<sup>\*</sup>: In the flyout pane that appears, configure the following options:
+ - **Add sender to your organization's allow list**: Select this option to prevent messages from the sender from being quarantined.
- Choose one of the following options: - **Release to all recipients**
- - **Release to specific recipients**
- - **Report messages to Microsoft to improve detection**: This is selected by default, and reports the erroneously quarantined message to Microsoft as a false positive. If the message was quarantined as spam, bulk, phishing, or containing malware, the message is also reported to the Microsoft Spam Analysis Team. Depending on their analysis, the service-wide spam filter rules might be adjusted to allow the message through.
+ - **Release to specific recipients**: Select the recipients in the **Recipients** box that appears
+ - **Send a copy of this message to other recipients**: Select this option an enter the recipient email addresses in the **Recipients** box that appears.
+
+ > [!NOTE]
+ > To send a copy of the message to other recipients, you must also release the message at least one of the original recipients (select **Release to all recipients** or **Release to specific recipients**).
+
+ - **Submit the message to Microsoft to improve detection (false positive)**: This option is selected by default, and reports the erroneously quarantined message to Microsoft as a false positive. If the message was quarantined as spam, bulk, phishing, or containing malware, the message is also reported to the Microsoft Spam Analysis Team. Depending on the results of their analysis, the service-wide spam filter rules might be adjusted to allow the message through.
+
+ - **Allow messages like this**: This option is turned off by default (![Toggle off](../../media/scc-toggle-off.png)). Turn it on (![Toggle on](../../media/scc-toggle-on.png)) to temporarily prevent messages with similar URLs, attachments, and other properties from being quarantined. When you turn this option on, the following options are available:
+ - **Remove after**: Select how long you want to allow messages like this. Select **1 day** to **30 days**. The default is 30.
+ - **Optional note**: Enter a useful description for the allow.
When you're finished, click **Release message**.
After you select a message, you have several options for what to do with the mes
- You can't release a message to the same recipient more than once. - Only recipients who haven't received the message will appear in the list of potential recipients. -- **View message header**: Choose this link to see the message header text. To analyze the header fields and values in depth, copy the message header text to your clipboard, and then choose **Microsoft Message Header Analyzer** to go to the Remote Connectivity Analyzer (right-click and choose **Open in a new tab** if you don't want to leave Microsoft 365 to complete this task). Paste the message header onto the page in the Message Header Analyzer section, and choose **Analyze headers**:-- **Preview message**: In the flyout that appears, choose one of the following options:
- - **Source view**: Shows the HTML version of the message body with all links disabled.
- - **Text view**: Shows the message body in plain text.
-- **Remove from quarantine**: After you click **Yes** in the warning that appears, the message is immediately deleted without being sent to the original recipients.-- **Download message**: In the flyout that appears, select **I understand the risks from downloading this message** to save a local copy of the message in .eml format.-- **Block Sender**: Add the sender to the Blocked Senders list on your mailbox. For more information, see [Block a mail sender](https://support.microsoft.com/office/b29fd867-cac9-40d8-aed1-659e06a706e4).-- **Submit message**: In the flyout that appears, choose the following options:
- - **Object type**: **Email** (default), **URL**, or **Attachment**.
- - **Submission format**: **Network Message ID** (default, with the corresponding value in the **Network Message ID** box) or **File** (browse to a local .eml or .msg file). Note that if you select **File** and then select **Network Message ID**, the initial value is gone.
- - **Recipients**: Type at lease one original recipient of the message, or click **Select All** to identify all recipients. You can also click **Select All** and then selectively remove individual recipients.
- - **Reason for submission**: **Should not have been blocked** (default) or **Should have been blocked**.
+- ![View message headers icon](../../media/m365-cc-sc-eye-icon.png) **View message headers**: Choose this link to see the message header text. The **Message header** flyout appears with the following links:
+- **Copy message header**: Click this link to copy the message header (all header fields) to your clipboard.
+- **Microsoft Message Header Analyzer**: To analyze the header fields and values in depth, click this link to go to the Message Header Analyzer. Paste the message header into the **Insert the message header you would like to analyze** section (CTRL+V or right-click and choose **Paste**), and then click **Analyze headers**.
+
+The following actions are available after you click ![More actions icon](../../media/m365-cc-sc-more-actions-icon.png) **More actions**:
+
+- ![Preview message icon](../../media/m365-cc-sc-eye-icon.png) **Preview message**: In the flyout that appears, choose one of the following tabs:
+ - **Source**: Shows the HTML version of the message body with all links disabled.
+ - **Plain text**: Shows the message body in plain text.
+
+- ![Remove from quarantine icon](../../media/m365-cc-sc-delete-icon.png) **Remove from quarantine**: After you click **Yes** in the warning that appears, the message is immediately deleted without being sent to the original recipients.
+
+- ![Download email icon](../../media/m365-cc-sc-download-icon.png) **Download email**: In the flyout that appears, select **I understand the risks from downloading this message**, and then click **Download** to save a local copy of the message in .eml format.
+
+- ![Block sender icon](../../media/m365-cc-sc-block-sender-icon.png) **Block sender**: Add the sender to the Blocked Senders list in **your** mailbox. For more information, see [Block a mail sender](https://support.microsoft.com/office/b29fd867-cac9-40d8-aed1-659e06a706e4).
+
+- ![Submit only icon](../../media/m365-cc-sc-create-icon.png) **Submit only**: Reports the message to Microsoft for analysis. In the flyout that appears, choose the following options:
+ - **Select the submission type**: **Email** (default), **URL**, or **File**.
+ - **Add the network message ID or upload the email file**: Select one of the following options:
+ - **Add the email network message ID** (default, with the corresponding value in the box)
+ - **Upload the email file (.msg or eml)**: Click **Browse files** to find and select the .msg or .eml message file to submit.
+ - **Choose a recipient who had an issue**: Select one (preferred) or more original recipients of the message to analyze the policies that were applied to them.
+ - **Select a reason for submitting to Microsoft**: Choose one of the following options:
+ - **Should not have been blocked (false positive)** (default): The following options are available:
+ - **Allow messages like this**: This option is turned off by default (![Toggle off](../../media/scc-toggle-off.png)). Turn it on (![Toggle on](../../media/scc-toggle-on.png)) to temporarily prevent messages with similar URLs, attachments, and other properties from being quarantined. When you turn this option on, the following options are available:
+ - **Remove after**: Select how long you want to allow messages like this. Select **1 day** to **30 days**. The default is 30.
+ - **Optional note**: Enter a useful description for the allow.
+ - **Should have been blocked (false negative)**.
When you're finished, click **Submit**.
-If you don't release or remove the message, it will be deleted after the default quarantine retention period expires.
+<sup>\*</sup> This option is not available for messages that have already been released (the **Released status** value is **Released**).
+
+If you don't release or remove the message, it will be deleted after the default quarantine retention period expires (as shown in the **Expires** column).
+
+> [!NOTE]
+> On a mobile device, the description text isn't available on the action icons.
+>
+> ![Details of a quarantined message with available actions highlighted](../../media/quarantine-message-details-flyout-mobile-actions.png)
+>
+> The icons in order and their corresponding descriptions are summarized in the following table:
+>
+> |Icon|Description|
+> |:||
+> |![Release email icon](../../media/m365-cc-sc-check-mark-icon.png)|**Release email**|
+> |![View message headers icon](../../media/m365-cc-sc-eye-icon.png)|**View message headers**|
+> |![Preview message icon](../../media/m365-cc-sc-eye-icon.png)|**Preview message**|
+> |![Remove from quarantine icon](../../media/m365-cc-sc-delete-icon.png)|**Remove from quarantine**|
+> |![Download email icon](../../media/m365-cc-sc-download-icon.png)|**Download email**|
+> |![Block sender icon](../../media/m365-cc-sc-block-sender-icon.png)|**Block sender**|
+> |![Submit only icon](../../media/m365-cc-sc-create-icon.png)|**Submit only**|
#### Take action on multiple quarantined email messages
-When you select multiple quarantined messages in the list (up to 100), the **Bulk actions** flyout appears where you can take the following actions:
+When you select multiple quarantined messages in the list (up to 100) by clicking in the blank area to the left of the first column, the **Bulk actions** drop down list appears where you can take the following actions:
-- **Release messages**: The options are the same as when you release a single message, except you can't select **Release messages to specific recipients**; you can only select **Release message to all recipients** or **Release messages to other people**.
+![Bulk actions drop down list for messages in quarantine](../../media/quarantine-message-bulk-actions.png)
+
+- ![Release email icon](../../media/m365-cc-sc-check-mark-icon.png) **Release messages**: Releases messages to all recipients. In the flyout that appears, you can choose the following options, which are the same as when you release a single message:
+ - **Add sender to your organization's allow list**
+ - **Send a copy of this message to other recipients**
+ - **Submit the message to Microsoft to improve detection (false positive)**
+ - **Allow messages like this**:
+ - **Remove after**: **1 day** to **30 days**
+ - **Optional note**
+
+ When you're finished, click **Release message**.
> [!NOTE] > Consider the following scenario: john@gmail.com sends a message to faith@contoso.com and john@subsidiary.contoso.com. Gmail bifurcates this message into two copies that are both routed to quarantine as phishing in Microsoft. An admin releases both of these messages to admin@contoso.com. The first released message that reaches the admin mailbox is delivered. The second released message is identified as duplicate delivery and is skipped. Message are identified as duplicates if they have the same message ID and received time. -- **Delete messages**: After you click **Yes** in the warning that appears, the messages are immediately deleted without being sent to the original recipients.--- **Download messages**
+- ![Remove from quarantine icon](../../media/m365-cc-sc-delete-icon.png) **Delete messages**: After you click **Yes** in the warning that appears, the messages are immediately removed from quarantine without being sent to the original recipients.
+- ![Download email icon](../../media/m365-cc-sc-download-icon.png) **Download messages**
+- ![Submit only icon](../../media/m365-cc-sc-create-icon.png) **Submit only**
## Use the Microsoft 365 Defender portal to manage quarantined files in Defender for Office 365 > [!NOTE]
-> The procedures for quarantined files in this section are available only to Microsoft Defender for Office 365 Plan 1 and Plan 2 subscribers.
+> The procedures for quarantined files in this section are available only to Microsoft Defender for Office 365 Plan 1 or Plan 2 subscribers.
-In organizations with Defender for Office 365, admins can manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams. To enable protection for these files, see [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](turn-on-mdo-for-spo-odb-and-teams.md).
+In organizations with Defender for Office 365, admins can manage files that were quarantined by Safe Attachments in SharePoint Online, OneDrive for Business, and Microsoft Teams. To enable protection for these files, see [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](turn-on-mdo-for-spo-odb-and-teams.md).
### View quarantined files 1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Review** \> **Quarantine**.
+2. On the **Quarantine** page, select the **Files** tab (**Email** is the default tab).
-2. On the **Quarantine** page, change **View quarantined** to the value **files**. You can sort on a field by clicking on an available column header.
-
-3. You can sort the results by clicking on an available column header. Click **Modify columns** to show a maximum of seven columns. The default columns are marked with an asterisk (<sup>\*</sup>):
+3. You can sort the results by clicking on an available column header. Click **Customize columns** to change the columns that are shown. The default columns are marked with an asterisk (<sup>\*</sup>):
- **User**<sup>\*</sup> - **Location**<sup>\*</sup> - **Attachment filename**<sup>\*</sup> - **File URL**<sup>\*</sup>
- - **File Size**<sup>\*</sup>
- - **Released?**<sup>\*</sup>
+ - **File Size**
+ - **Release status**<sup>\*</sup>
- **Expires**<sup>\*</sup> - **Detected by** - **Modified by time** When you're finished, click **Apply** or **Cancel**.
-4. To filter the results, click **Filter**. The available filters are:
- - **Expires time**: Filter messages by when they will expire from quarantine:
- - **Today**
- - **Next 2 days**
- - **Next 7 days**
- - A custom date/time range.
- - **Received time**
+4. To filter the results, click **Filter**. The following filters are available in the **Filters** flyout that appears:
+ - **Time received**: **Start time** and **End time** (date).
+ - **Expires**: **Start time** and **End time** (date).
- **Quarantine reason**: The only available value is **Malware**. - **Policy type** When you're finished, click **Apply** or **Cancel**.
-After you find a specific quarantined file, select the file to view details about it, and to take action on it (for example, view, release, download, or delete the message).
+After you find a specific quarantined file, select the file to view details about it, and to take action on it (for example, view, release, download, or delete the file).
#### View quarantined file details
-When you select a file in the list, the following file details are available in the details flyout that opens:
+When you select a quarantined file from the list, the following information is available in the details flyout that opens:
+
+![The details flyout of a quarantined file](../../media/quarantine-file-details-flyout.png)
- **File Name** - **File URL**: URL that defines the location of the file (for example, in SharePoint Online). - **Malicious content detected on** The date/time the file was quarantined. - **Expires**: The date when the file will be deleted from quarantine.-- **Detected By**: Defender for Office 365 or Microsoft's anti-malware engine.
+- **Detected by**
- **Released?** - **Malware Name** - **Document ID**: A unique identifier for the document.
When you select a file in the list, the following file details are available in
- **Modified By**: The user who last modified the file. - **Secure Hash Algorithm 256-bit (SHA-256) value**: You can use this hash value to identify the file in other reputation stores or in other locations in your environment.
+To take action on the file, see the next section.
+
+> [!NOTE]
+> To remain in the details flyout, but change the quarantined file that you're looking at, use the up and down arrows at the top of the flyout.
+>
+> ![The up and down arrows in the details flyout of a quarantined file](../../media/quarantine-file-details-flyout-up-down-arrows.png)
+ ### Take action on quarantined files
-When you select a file in the list, you can take the following actions on the file in the details flyout:
+After you select a quarantined file from the list, the following actions are available in the details flyout:
+
+![Available actions in the details flyout of a quarantined file](../../media/quarantine-file-details-flyout-actions.png)
+
+- ![Release file icon](../../media/m365-cc-sc-check-mark-icon.png) **Release file**<sup>\*</sup>: In the flyout pane that appears, turn on or turn off **Report files to Microsoft for analysis**, and then click **Release**.
+- ![Download file icon](../../media/m365-cc-sc-download-icon.png) **Download file**: In the flyout that appears, select **I understand the risks from downloading this file**, and then click **Download** to save a local copy of the file.
+- ![Remove from quarantine icon](../../media/m365-cc-sc-delete-icon.png) **Remove from quarantine**: After you click **Yes** in the warning that appears, the file is immediately deleted.
+- ![Block sender icon](../../media/m365-cc-sc-block-sender-icon.png) **Block sender**: Add the sender to the Blocked Senders list in **your** mailbox. For more information, see [Block a mail sender](https://support.microsoft.com/office/b29fd867-cac9-40d8-aed1-659e06a706e4).
+
+<sup>\*</sup> This option is not available for files that have already been released (the **Released status** value is **Released**).
-- **Release files**: Select (default) or unselect **Report files to Microsoft for analysis**, and then click **Release files**.-- **Download file**-- **Remove file from quarantine**
+If you don't release or remove the file, it will be deleted after the default quarantine retention period expires (as shown in the **Expires** column).
-If you don't release or remove the files, they will be deleted after the default quarantine retention period expires.
+#### Take action on multiple quarantined files
-#### Actions on multiple quarantined files
+When you select multiple quarantined files in the list (up to 100) by clicking in the blank area to the left of the **Subject** column, the **Bulk actions** drop down list appears where you can take the following actions:
-When you select multiple quarantined files in the list (up to 100), the **Bulk actions** flyout appears where you can take the following actions:
+![Bulk actions drop down list for files in quarantine](../../media/quarantine-file-bulk-actions.png)
-- **Release files**-- **Delete files**: After you click **Yes** in the warning that appears, the files are immediately deleted.
+- ![Release file icon](../../media/m365-cc-sc-check-mark-icon.png) **Release file**: In the flyout pane that appears, turn on or turn off **Report files to Microsoft for analysis**, and then click **Release**.
+- ![Remove from quarantine icon](../../media/m365-cc-sc-delete-icon.png) **Remove from quarantine**: After you click **Yes** in the warning that appears, the file is immediately deleted.
+- ![Download file icon](../../media/m365-cc-sc-download-icon.png) **Download file**: In the flyout that appears, select **I understand the risks from downloading this file**, and then click **Download** to save a local copy of the file.
## Use Exchange Online PowerShell or standalone EOP PowerShell to view and manage quarantined messages and files
-The cmdlets you use to view and manages messages and files in quarantine are:
+The cmdlets that you use to view and manage messages and files in quarantine are described in the following list:
- [Delete-QuarantineMessage](/powershell/module/exchange/delete-quarantinemessage)- - [Export-QuarantineMessage](/powershell/module/exchange/export-quarantinemessage)- - [Get-QuarantineMessage](/powershell/module/exchange/get-quarantinemessage)- - [Preview-QuarantineMessage](/powershell/module/exchange/preview-quarantinemessage): Note that this cmdlet is only for messages, not quarantined files from Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.- - [Release-QuarantineMessage](/powershell/module/exchange/release-quarantinemessage)+
+## For more information
+
+[Quarantined messages FAQ](quarantine-faq.yml)
security Manage Tenant Blocks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/manage-tenant-blocks.md
ms.prod: m365-security
## Use the Microsoft 365 Defender portal
+### Create block sender entries in the Tenant Allow/Block List
+
+1. In the Microsoft 365 Defender portal, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**.
+
+2. On the **Tenant Allow/Block List** page, verify that the **Senders** tab is selected, and then click ![Block icon](../../media/m365-cc-sc-create-icon.png) **Block**.
+
+3. In the **Block senders** flyout that appears, configure the following settings:
+ - **Sender email addresses or domains**: Enter one sender (email address or domain) per line, up to a maximum of 20.
+ - **Never expire**: Do one of the following steps:
+ - Verify the setting is turned off (![Toggle off](../../media/scc-toggle-off.png)) and use the **Remove on** box to specify the expiration date for the entries.
+
+ or
+
+ - Move the toggle to the right to configure the entries to never expire: ![Toggle on](../../media/scc-toggle-on.png).
+ - **Optional note**: Enter descriptive text for the entries.
+
+4. When you're finished, click **Add**.
+ ### Create block URL entries in the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**.
ms.prod: m365-security
## Use PowerShell
-### Add block file or URL entries to the Tenant Allow/Block List
+### Add block sender, file, or URL entries to the Tenant Allow/Block List
+
+To add block sender, file, or URL entries in the Tenant Allow/Block List, use the following syntax:
+
+```powershell
+New-TenantAllowBlockListItems -ListType <Sender | FileHash | Url> -Block -Entries "Value1","Value2",..."ValueN" <-ExpirationDate Date | -NoExpiration> [-Notes <String>]
+```
-To add block file or URL entries in the Tenant Allow/Block List, use the following syntax:
+This example adds a block sender entry for the specified sender that expires on a specific date.
```powershell
-New-TenantAllowBlockListItems -ListType <FileHash | Url> -Block -Entries "Value1","Value2",..."ValueN" <-ExpirationDate Date | -NoExpiration> [-Notes <String>]
+New-TenantAllowBlockListItems -ListType Sender -Block -Entries "test@badattackerdomain.com", "test2@anotherattackerdomain.com" -ExpirationDate 8/20/2021
``` This example adds a block file entry for the specified files that never expires.
To add spoofed sender entries in the Tenant Allow/Block List, use the following
New-TenantAllowBlockListSpoofItems -SpoofedUser <Domain | EmailAddress | *> -SendingInfrastructure <Domain | IPAddress/24> -SpoofType <External | Internal> -Action <Allow | Block> ```
-For detailed syntax and parameter information, see [New-TenantAllowBlockListSpoofItems](/powershell/module/exchange/new-tenantallowblocklistspoofitems).
+For detailed syntax and parameter information, see [New-TenantAllowBlockListSpoofItems](/powershell/module/exchange/new-tenantallowblocklistspoofitems).
security Modify Remove Entries Tenant Allow Block https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/modify-remove-entries-tenant-allow-block.md
You can use the Microsoft 365 Defender portal or PowerShell to modify and remove
1. In the Microsoft 365 Defender portal, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. 2. Select the tab that contains the type of entry that you want to modify:
+ - **Senders)
- **URLs** - **Files** - **Spoofing** 3. Select the entry that you want to modify, and then click ![Edit icon](../../media/m365-cc-sc-edit-icon.png) **Edit**. The values that you are able to modify in the flyout that appears depend on the tab you selected in the previous step:
+ - **Senders**
+ - **Never expire** and/or expiration date.
+ - **Optional note**
- **URLs** - **Never expire** and/or expiration date. - **Optional note**
You can use the Microsoft 365 Defender portal or PowerShell to modify and remove
- **Action**: You can change the value to **Allow** or **Block**. 4. When you're finished, click **Save**.
+> [!NOTE]
+> You can only extend allows for a maximum of 30 days after the creation date. Blocks can be extended for up to 90 days, but unlike allows, they can also be set to Never expire.
+ ### Remove entries from the Tenant Allow/Block List 1. In the Microsoft 365 Defender portal, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. 2. Select the tab that contains the type of entry that you want to remove:
+ - **Senders**
- **URLs** - **Files** - **Spoofing**
You can use the Microsoft 365 Defender portal or PowerShell to modify and remove
### Modify block file and URL entries in the Tenant Allow/Block List
-To modify block file and URL entries in the Tenant Allow/Block List, use the following syntax:
+To modify block sender, file, and URL entries in the Tenant Allow/Block List, use the following syntax:
```powershell
-Set-TenantAllowBlockListItems -ListType <FileHash | Url> -Ids <"Id1","Id2",..."IdN"> [<-ExpirationDate Date | -NoExpiration>] [-Notes <String>]
+Set-TenantAllowBlockListItems -ListType <Sender | FileHash | Url> -Ids <"Id1","Id2",..."IdN"> [<-ExpirationDate Date | -NoExpiration>] [-Notes <String>]
``` This example changes the expiration date of the specified block URL entry.
For detailed syntax and parameter information, see [Set-TenantAllowBlockListItem
### Remove URL or file entries from the Tenant Allow/Block List
-To remove file and URL entries from the Tenant Allow/Block List, use the following syntax:
+To remove sender, file, and URL entries from the Tenant Allow/Block List, use the following syntax:
```powershell
-Remove-TenantAllowBlockListItems -ListType <FileHash | Url> -Ids <"Id1","Id2",..."IdN">
+Remove-TenantAllowBlockListItems -ListType <Sender | FileHash | Url> -Ids <"Id1","Id2",..."IdN">
``` This example removes the specified block URL entry from the Tenant Allow/Block List.
To remove allow or block spoof sender entries from the Tenant Allow/Block List,
Remove-TenantAllowBlockListSpoofItems -Ids <"Id1","Id2",..."IdN"> ```
-For detailed syntax and parameter information, see [Remove-TenantAllowBlockListSpoofItems](/powershell/module/exchange/remove-tenantallowblocklistspoofitems).
+For detailed syntax and parameter information, see [Remove-TenantAllowBlockListSpoofItems](/powershell/module/exchange/remove-tenantallowblocklistspoofitems).
security Quarantine Email Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-email-messages.md
Title: Quarantined email messages
+f1.keywords:
- NOCSH Previously updated : Last updated : audience: Admin localization_priority: Normal
+search.appverid:
- MOE150 - MED150 - MET150 ms.assetid: 4c234874-015e-4768-8495-98fcccfc639b-+ - M365-security-compliance - m365initiative-defender-office365-+ - seo-marvel-apr2020 description: Admins can learn about quarantine in Exchange Online Protection (EOP) that holds potentially dangerous or unwanted messages. ms.technology: mdo
Both users and admins can work with quarantined messages:
- Admins can work with all types of quarantined messages for all users. Only admins can work with messages that were quarantined as malware, high confidence phishing, or as a result of mail flow rules (also known as transport rules). For more information, see [Manage quarantined messages and files as an admin in EOP](manage-quarantined-messages-and-files.md). -- Users can work with quarantined messages where they are a recipient if the message was quarantined as spam, bulk email, or (as of April 2020) phishing. For more information, see [Find and release quarantined messages as a user in EOP](find-and-release-quarantined-messages-as-a-user.md).
+- Users can work with quarantined messages where they are a recipient and the message was quarantined as spam, bulk email, or (as of April 2020) phishing. For more information, see [Find and release quarantined messages as a user in EOP](find-and-release-quarantined-messages-as-a-user.md).
To prevent users from managing their own quarantined phishing messages, admins can configure a different action for the **Phishing email** filtering verdict in anti-spam policies. For more information, see [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
security Quarantine Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-policies.md
ms.prod: m365-security
> [!NOTE] > The features that are described in this article are currently in Preview, aren't available to everyone, and are subject to change.
-Quarantine policies (formerly known as quarantine tags) in Exchange Online Protection (EOP) allow admins to control what users are able to do to their quarantined messages based on how the message arrived in quarantine.
+Quarantine policies (formerly known as _quarantine tags_) in Exchange Online Protection (EOP) allow admins to control what users are able to do to their quarantined messages based on how the message arrived in quarantine.
EOP has traditionally allowed or prevented certain levels of interactivity for messages in [quarantine](find-and-release-quarantined-messages-as-a-user.md) and in [end-user spam notifications](use-spam-notifications-to-release-and-report-quarantined-messages.md). For example, users can view and release messages that were quarantined by anti-spam filtering as spam or bulk, but they can't view or release messages that were quarantined as high confidence phishing (only admins can do that).
In _supported_ protection features that quarantine messages or files (automatica
|Feature|Quarantine policies supported?|Default quarantine policies used| ||::|| |[Anti-spam policies](configure-your-spam-filter-policies.md): <ul><li>**Spam** (_SpamAction_)</li><li>**High confidence spam** (_HighConfidenceSpamAction_)</li><li>**Phishing** (_PhishSpamAction_)</li><li>**High confidence phishing** (_HighConfidencePhishAction_)</li><li>**Bulk** (_BulkSpamAction_)</li></ul>|Yes|<ul><li>DefaultFullAccessPolicy (Full access)</li><li>DefaultFullAccessPolicy (Full access)</li><li>DefaultFullAccessPolicy (Full access)</li><li>AdminOnlyAccessPolicy (No access)</li><li>DefaultFullAccessPolicy (Full access)</li></ul>|
-|Anti-phishing policies: <ul><li>[Spoof intelligence protection](set-up-anti-phishing-policies.md#spoof-settings) (_AuthenticationFailAction_)</li><li>[Impersonation protection](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365):<sup>\*</sup> <ul><li>**If message is detected as an impersonated user** (_TargetedUserProtectionAction_)</li><li>**If message is detected as an impersonated domain** (_TargetedDomainProtectionAction_)</li><li>**If mailbox intelligence detects and impersonated user** (_MailboxIntelligenceProtectionAction_)</li></ul></li></ul></ul>|Yes|<ul><li>DefaultFullAccessPolicy (Full access)</li><li>DefaultFullAccessPolicy (Full access)</li></ul>|
+|Anti-phishing policies: <ul><li>[Spoof intelligence protection](set-up-anti-phishing-policies.md#spoof-settings) (_AuthenticationFailAction_)</li><li>[Impersonation protection](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365) (Defender for Office 365): <ul><li>**If message is detected as an impersonated user** (_TargetedUserProtectionAction_)</li><li>**If message is detected as an impersonated domain** (_TargetedDomainProtectionAction_)</li><li>**If mailbox intelligence detects and impersonated user** (_MailboxIntelligenceProtectionAction_)</li></ul></li></ul></ul>|Yes|<ul><li>DefaultFullAccessPolicy (Full access)</li><li>DefaultFullAccessPolicy (Full access)</li></ul>|
|[Anti-malware policies](configure-anti-malware-policies.md): All detected messages are always quarantined.|Yes|AdminOnlyAccessPolicy (Admin only access)|
-|[Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](mdo-for-spo-odb-and-teams.md)|Yes|AdminOnlyAccessPolicy (Admin only access)|
+|[Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](mdo-for-spo-odb-and-teams.md) (Defender for Office 365)|Yes|AdminOnlyAccessPolicy (Admin only access)|
|[Mail flow rules](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules) (also known as transport rules) with the action: **Deliver the message to the hosted quarantine** (_Quarantine_).|No|n/a| |
-<sup>\*</sup> Impersonation protection settings are available only in anti-phishing policies in Microsoft Defender for Office 365.
-
-If you're happy with the end-user permissions that are provided by the default quarantine policies, you don't need to do anything. If you want to customize the end-user capabilities (available buttons) in end-user spam notifications or in quarantined message details, you can assign a custom quarantine policy.
+If you're happy with the default end-user permissions that are provided by the default quarantine policies, you don't need to do anything. If you want to add or remove end-user capabilities (available buttons) in end-user spam notifications or in quarantined message details, you can assign a custom quarantine policy.
### Assign quarantine policies in anti-spam policies in the Microsoft 365 Defender portal Full instructions for creating and modifying anti-spam policies are described in [Configure anti-spam policies in EOP](configure-your-spam-filter-policies.md).
-1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Policies & rules** \> **Policies** section \> **Anti-spam**. Or, open <https://security.microsoft.com/antispam>.
+1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Anti-spam** in the **Rules** section.
+
+ Or, to go directly to the **Ant-spam policies** page, use <https://security.microsoft.com/antispam>.
2. On the **Anti-spam policies** page, do one of the following steps: - Find and select an existing **inbound** anti-spam policy.
Full instructions for creating and modifying anti-spam policies are described in
3. Do one of the following steps: - **Edit existing anti-spam policy**: In the policy details flyout, go to the **Actions** section and then click **Edit actions**.
- - **Create new anti-spam policy**: In the new policy wizard, go to the **Actions** page.
+ - **Create new anti-spam policy**: In the new policy wizard, get to the **Actions** page.
-4. On the **Actions** page. every verdict that has the **Quarantine message** action will also have the **Select quarantine policy** box for you to select a corresponding quarantine policy.
+4. On the **Actions** page, every verdict that has the **Quarantine message** action will also have the **Select quarantine policy** box for you to select a corresponding quarantine policy.
**Note**: When you create a new policy, a blank **Select quarantine policy** value indicates the default quarantine policy for that verdict is used. When you later edit the policy, the blank values are replaced by the actual default quarantine policy names as described in the previous table.
If you'd rather use PowerShell to assign quarantine policies in anti-spam polici
- A spam filtering verdict without a corresponding quarantine policy parameter means the [default quarantine policy](#step-2-assign-a-quarantine-policy-to-supported-features) for that verdict is used.
- You only need to replace a default quarantine policy with a custom quarantine policy if you want to change the default end-user capabilities on quarantined messages.
+ You only need to replace a default quarantine policy with a custom quarantine policy if you want to change the default end-user capabilities on quarantined messages for that particular verdict.
- A new anti-spam policy in PowerShell requires a spam filter policy (settings) using the **New-HostedContentFilterPolicy** cmdlet and a new spam filter rule (recipient filters) using the **New-HostedContentFilterRule** cmdlet. For instructions, see [Use PowerShell to create anti-spam policies](configure-your-spam-filter-policies.md#use-powershell-to-create-anti-spam-policies).
security Tenant Allow Block List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list.md
ms.prod: m365-security
> [!NOTE] >
-> The features described in this article are in Preview, are subject to change, and are not available in all organizations. If your organization does not have the spoof features as described in this article, see the older spoof management experience at [Manage spoofed senders using the spoof intelligence policy and spoof intelligence insight in EOP](walkthrough-spoof-intelligence-insight.md).
-
+> Some of the features described in this article are in Preview, are subject to change, and are not available in all organizations.
+>
+> If your organization does not have the spoof features as described in this article, see the older spoof management experience at [Manage spoofed senders using the spoof intelligence policy and spoof intelligence insight in EOP](walkthrough-spoof-intelligence-insight.md).
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you might disagree with the EOP filtering verdict. For example, a good message might be marked as bad (a false positive), or a bad message might be allowed through (a false negative).
The Tenant Allow/Block List in the Microsoft 365 Defender portal gives you a way
- URLs to block. - Files to block.
+- Sender emails or domains to block.
- Spoofed senders to allow or block. If you override the allow or block verdict in the [spoof intelligence insight](learn-about-spoof-intelligence.md), the spoofed sender becomes a manual allow or block entry that only appears on the **Spoof** tab in the Tenant Allow/Block List. You can also manually create allow or block entries for spoofed senders here before they're detected by spoof intelligence. - URLs to allow.-- Files to allow.
+- Files to allow.
+- Sender emails or domains to allow.
This article describes how to configure entries in the Tenant Allow/Block List in the Microsoft 365 Defender portal or in PowerShell (Exchange Online PowerShell for Microsoft 365 organizations with mailboxes in Exchange Online; standalone EOP PowerShell for organizations without Exchange Online mailboxes).
This article describes how to configure entries in the Tenant Allow/Block List i
- The available URL values are described in the [URL syntax for the Tenant Allow/Block List](#url-syntax-for-the-tenant-allowblock-list) section later in this article. -- The Tenant Allow/Block List allows a maximum of 500 entries for URLs, and 500 entries for file hashes.
+- The Tenant Allow/Block List allows a maximum of 500 entries for senders, 500 entries for URLs, and 500 entries for file hashes.
- The maximum number of characters for each entry is: - File hashes = 64
This article describes how to configure entries in the Tenant Allow/Block List i
- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell). - You need to be assigned permissions in Exchange Online before you can do the procedures in this article:
- - **URLs and files**:
- - To add and remove values from the Tenant Allow/Block List, you need to be a member of the **Organization Management** or **Security Administrator** role groups.
+ - **Senders, URLs and files**:
+ - To add and remove values from the Tenant Allow/Block List, you need to be a member of the **Organization Management**, **Security Administrator**, or **Security Operator** role groups or you are assigned the **Tenant AllowBlockList Manager** role.
- For read-only access to the Tenant Allow/Block List, you need to be a member of the **Global Reader** or **Security Reader** role groups. - **Spoofing**: One of the following combinations: - **Organization Management**
To manage all allows and blocks, see [Add blocks in the Tenant Allow/Block List]
2. Select the tab you want. The columns that are available depend on the tab you selected:
+ - **Senders**:
+ - **Value**: The sender domain or email address.
+ - **Action**: The value **Allow** or **Block**.
+ - **Last updated**
+ - **Remove on**
+ - **Notes**
- **URLs**: - **Value**: The URL.
- - **Action**: The value **Block**.
+ - **Action**: The value **Allow** or **Block**.
- **Last updated** - **Remove on** - **Notes** - **Files** - **Value**: The file hash.
- - **Action**: The value **Block**.
+ - **Action**: The value **Allow** or **Block**.
- **Last updated** - **Remove on** - **Notes**
To manage all allows and blocks, see [Add blocks in the Tenant Allow/Block List]
You can click **Group** to group the results. The values that are available depend on the tab you selected:
+ - **Senders**: You can group the results by **Action**.
- **URLs**: You can group the results by **Action**. - **Files**: You can group the results by **Action**. - **Spoofing**: You can group the results by **Action** or **Spoof type**.
To manage all allows and blocks, see [Add blocks in the Tenant Allow/Block List]
Click **Filter** to filter the results. The values that are available in **Filter** flyout that appears depend on the tab you selected:
+ - **Senders**
+ - **Action**
+ - **Never expire**
+ - **Last updated date**
+ - **Remove on**
- **URLs** - **Action** - **Never expire**
To manage all allows and blocks, see [Add blocks in the Tenant Allow/Block List]
4. When you're finished, click **Add**.
-## View block file or URL entries in the Tenant Allow/Block List
+## View sender, file or URL entries in the Tenant Allow/Block List
-To view block file or URL entries in the Tenant Allow/Block List, use the following syntax:
+To view block sender, file or URL entries in the Tenant Allow/Block List, use the following syntax:
```powershell
-Get-TenantAllowBlockListItems -ListType <FileHash | URL> [-Entry <FileHashValue | URLValue>] [<-ExpirationDate Date | -NoExpiration>]
+Get-TenantAllowBlockListItems -ListType <Sender | FileHash | URL> [-Entry <SenderValue | FileHashValue | URLValue>] [<-ExpirationDate Date | -NoExpiration>]
``` This example returns information for the specified file hash value.
security Whats New In Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365.md
Learn more by watching [this video](https://www.youtube.com/watch?v=Tdz6KfruDGo&
> [!TIP] > Don't have Microsoft Defender for Office 365 yet? [Contact sales to start a trial](https://info.microsoft.com/ww-landing-M365SMB-web-contact.html).
+## August 2021
+
+- [Admin review for reported messages](admin-review-reported-message.md): Admins can now send templated messages back to end users after they review reported messages. The templates can be customized for your organization and based on your admin's verdict as well.
+- [Add allows in the Tenant Allow/Block List](manage-tenant-allows.md): Allows cannot be added directly to the Tenant Allow/Block List but now can be if the blocked message is submitted as part of the admin submission process. Depending on the block that happened, an URL, file, and/or sender allow will be added to the Tenant Allow/Block List. In most cases, the allows are added to give the system some time and allow it naturally if warranted. In some cases, Microsoft manages the allow for you.
+ ## July 2021 - [Email analysis improvements in automated investigations](email-analysis-investigations.md)