Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
admin | Microsoft Teams User Activity Preview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-user-activity-preview.md | To ensure data quality, we perform daily data validation checks for the past thr |Replies <br/> |Reply Messages|The number of replied messages in all channels during the specified time period. <br/> | |Urgent messages <br/> |Urgent Messages|The number of urgent messages during the specified time period. <br/> | |Chat messages <br/> |Private Chat Message Count|The number of unique messages that the user posted in a private chat during the specified time period. <br/> |-|Total meetings <br/> |Meeting Count|The number of online meetings that the user participated in during the specified time period. <br/> | +|Total meetings <br/> |Meeting Count|Refer to the 'Total participated meetings' metric as defined below, as the current metric and ΓÇÿTotal participated meetingsΓÇÖ share the same definition. We intend to gradually phase out the current metric with 'Total participated meetings.' <br/> | |1:1 calls <br/> |Call Count|The number of 1:1 calls that the user participated in during the specified time period. <br/> | |Last activity date (UTC) <br/> |Last Activity Date|The last date that the user participated in a Microsoft Teams activity.<br/> | |Meetings participated ad hoc <br/> |Ad Hoc Meetings Attended Count|The number of ad hoc meetings a user participated in during the specified time period. <br/> | |
enterprise | Connect An On Premises Network To A Microsoft Azure Virtual Network | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network.md | Use the following settings: - On the **Networking** tab, select the name of your virtual network and the subnet for hosting virtual machines (not the GatewaySubnet). Leave all other settings at their default values. -Verify that your virtual machine is using DNS correctly by checking your internal DNS to ensure that Address (A) records were added for you new virtual machine. To access the Internet, your Azure virtual machines must be configured to use your on-premises network's proxy server. Contact your network administrator for additional configuration steps to perform on the server. +Verify that your virtual machine is using DNS correctly by checking your internal DNS to ensure that Address (A) records were added for your new virtual machine. To access the Internet, your Azure virtual machines must be configured to use your on-premises network's proxy server. Contact your network administrator for additional configuration steps to perform on the server. Here is your resulting configuration. |
enterprise | Microsoft 365 Teams Monitoring | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-teams-monitoring.md | Microsoft Teams monitoring supports the following organizational scenarios with - **Join Meeting**. The number of times users joined Teams meetings without errors. Data is sampled and retrieved every 30 minutes. -- **Quality of Experience**. The percentage of audio streams for which Quality of Experience (QoE) telemetry was received by the Teams service. Data can be received up to 3 days after call completion. If the rate drops, investigate your network configuration to ensure that the Microsoft Teams telemetry URLs are not being blocked.+- **Quality of Experience**. The percentage of audio streams for which Quality of Experience (QoE) telemetry was received by the Teams service. Data can be received up to 3 days after call completion. If the rate drops, investigate your network configuration to ensure that the Microsoft Teams telemetry URLs are not being blocked. The telemetry URLs can be found here: [Office 365 URLs and IP address ranges - Microsoft 365 Common and Office Online](urls-and-ip-address-ranges.md?view=o365-worldwide#microsoft-365-common-and-office-online) -- **UDP Stream Establishment**. The percentage of audio streams established over UDP (User Datagram Protocol). Real-time media established over UDP is more efficient and provides better call quality. If the rate drops, investigate your network configuration to ensure that the ports and protocols required by Microsoft Teams are not being blocked.+- **UDP Stream Establishment**. The percentage of audio streams established over UDP (User Datagram Protocol). Real-time media established over UDP is more efficient and provides better call quality. If the rate drops, investigate your network configuration to ensure that the ports and protocols required by Microsoft Teams are not being blocked. The required IP addresses, hostnames, ports, and protocols can be found here: [Office 365 URLs and IP address ranges - Skype for Business Online and Microsoft Teams](urls-and-ip-address-ranges.md?view=o365-worldwide#skype-for-business-online-and-microsoft-teams) Admins can use the information to correlate any Microsoft-reported issues with the usage data to confirm any actual impact to their organization. Also, admins can view any usage from the last two weeks of usage data to identify any anomalies. |
includes | Microsoft 365 Content Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md | +## Week of August 07, 2023 +++| Published On |Topic title | Change | +|||--| +| 8/7/2023 | [Microsoft Bookings Frequently Asked Questions](/microsoft-365/bookings/bookings-faq?view=o365-worldwide) | modified | +| 8/7/2023 | [Manage Loop workspaces in Syntex repository services](/microsoft-365/loop/loop-workspaces-configuration?view=o365-worldwide) | modified | +| 8/7/2023 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) | modified | +| 8/7/2023 | [Activate Microsoft 365 Defender Unified role-based access control (RBAC)](/microsoft-365/security/defender/activate-defender-rbac?view=o365-worldwide) | modified | +| 8/7/2023 | [Map Microsoft 365 Defender Unified role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) | modified | +| 8/7/2023 | [Create custom roles with Microsoft 365 Defender Unified role-based access control (RBAC)](/microsoft-365/security/defender/create-custom-rbac-roles?view=o365-worldwide) | modified | +| 8/7/2023 | [Details of custom permissions in Microsoft 365 Defender Unified role-based access control (RBAC)](/microsoft-365/security/defender/custom-permissions-details?view=o365-worldwide) | modified | +| 8/7/2023 | [Edit or delete roles Microsoft 365 Defender Unified role-based access control (RBAC)](/microsoft-365/security/defender/edit-delete-rbac-roles?view=o365-worldwide) | modified | +| 8/7/2023 | [Import roles to Microsoft 365 Defender Unified role-based access control (RBAC)](/microsoft-365/security/defender/import-rbac-roles?view=o365-worldwide) | modified | +| 8/7/2023 | [Microsoft 365 Defender Unified role-based access control (RBAC)](/microsoft-365/security/defender/manage-rbac?view=o365-worldwide) | modified | +| 8/7/2023 | [What's new in Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-worldwide) | modified | +| 8/7/2023 | [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) | modified | +| 8/7/2023 | [What's new in Microsoft 365 Defender Unified role-based access control (RBAC)](/microsoft-365/security/defender/whats-new-in-microsoft-defender-urbac?view=o365-worldwide) | modified | +| 8/8/2023 | [Set up and manage structured and freeform document processing in Microsoft Syntex](/microsoft-365/syntex/structured-freeform-setup) | added | +| 8/8/2023 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) | modified | +| 8/8/2023 | [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) | modified | +| 8/8/2023 | [Office 365 Security including Microsoft Defender for Office 365 and Exchange Online Protection](/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview?view=o365-worldwide) | modified | +| 8/8/2023 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) | modified | +| 8/8/2023 | [Create, review, and sign signature requests using Microsoft Syntex eSignature (Preview)](/microsoft-365/syntex/esignature-send-requests) | added | +| 8/8/2023 | [Set up Microsoft Syntex eSignature (Preview)](/microsoft-365/syntex/esignature-setup) | added | +| 8/8/2023 | [Understand your invoice for your Microsoft MCA billing account](/microsoft-365/commerce/billing-and-payments/understand-your-invoice?view=o365-worldwide) | modified | +| 8/8/2023 | [Understand your invoice for your Microsoft MOSA billing account](/microsoft-365/commerce/billing-and-payments/understand-your-invoice2?view=o365-worldwide) | modified | +| 8/8/2023 | [View your invoice in the Microsoft 365 admin center](/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice?view=o365-worldwide) | modified | +| 8/9/2023 | [Create Package from App Gallery](/microsoft-365/test-base/createpackagefromappgallery?view=o365-worldwide) | added | +| 8/9/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | modified | +| 8/9/2023 | [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) | modified | +| 8/9/2023 | [Create and manage roles for role-based access control](/microsoft-365/security/defender-endpoint/user-roles?view=o365-worldwide) | modified | +| 8/9/2023 | [Prerequisites & permissions for Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-prerequisites?view=o365-worldwide) | modified | +| 8/9/2023 | [Map Microsoft 365 Defender Unified role-based access control (RBAC) permissions](/microsoft-365/security/defender/compare-rbac-roles?view=o365-worldwide) | modified | +| 8/9/2023 | [Details of custom permissions in Microsoft 365 Defender Unified role-based access control (RBAC)](/microsoft-365/security/defender/custom-permissions-details?view=o365-worldwide) | modified | +| 8/9/2023 | [What's new in Microsoft 365 Defender Unified role-based access control (RBAC)](/microsoft-365/security/defender/whats-new-in-microsoft-defender-urbac?view=o365-worldwide) | modified | +| 8/9/2023 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-worldwide) | modified | +| 8/9/2023 | [Microsoft Defender for Office 365 Plan 2 support for Microsoft Teams](/microsoft-365/security/office-365-security/mdo-support-teams-about?view=o365-worldwide) | modified | +| 8/9/2023 | [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide) | modified | +| 8/9/2023 | [Configure Microsoft Syntex for pay-as-you-go billing](/microsoft-365/syntex/syntex-azure-billing) | modified | +| 8/9/2023 | [Add staff to Bookings](/microsoft-365/bookings/add-staff?view=o365-worldwide) | modified | +| 8/10/2023 | [Step 5 - Give another employee access to OneDrive and Outlook data](/microsoft-365/admin/add-users/remove-former-employee-step-5?view=o365-worldwide) | modified | +| 8/10/2023 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) | modified | +| 8/10/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | modified | +| 8/10/2023 | [List of fixed customer reported inaccuracies](/microsoft-365/security/defender-vulnerability-management/fixed-reported-inaccuracies?view=o365-worldwide) | modified | +| 8/10/2023 | [Change the billing addresses for your Microsoft business subscription](/microsoft-365/commerce/billing-and-payments/change-your-billing-addresses?view=o365-worldwide) | modified | +| 8/10/2023 | [Tax information for Microsoft 365 for business products and services](/microsoft-365/commerce/billing-and-payments/tax-information?view=o365-worldwide) | modified | +| 8/10/2023 | [Cross-tenant OneDrive migration overview](/microsoft-365/enterprise/cross-tenant-onedrive-migration?view=o365-worldwide) | modified | +| 8/11/2023 | [Alert classification for malicious exchange connectors](/microsoft-365/security/defender/alert-classification-malicious-exchange-connectors?view=o365-worldwide) | renamed | +| 8/11/2023 | [What's new in Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-whatsnew?view=o365-worldwide) | modified | ++ ## Week of July 31, 2023 | 3/7/2022 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | | 3/7/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) | modified | | 7/14/2023 | [Learn about and configure insider risk management browser signal detection](/microsoft-365/compliance/insider-risk-management-browser-support?view=o365-worldwide) | modified |---## Week of July 03, 2023 ---| Published On |Topic title | Change | -|||--| -| 7/3/2023 | [Tamper resiliency with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/tamper-resiliency?view=o365-worldwide) | modified | -| 7/3/2023 | [Protect against threats in Microsoft Defender for Office 365, Anti-malware, Anti-Phishing, Anti-spam, Safe links, Safe attachments, Zero-hour auto purge (ZAP), MDO security configuration](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-worldwide) | modified | -| 7/3/2023 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) | modified | -| 7/3/2023 | [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/quarantine-end-user?view=o365-worldwide) | modified | -| 7/3/2023 | [Publish and apply retention labels](/microsoft-365/compliance/create-apply-retention-labels?view=o365-worldwide) | modified | -| 7/4/2023 | [Microsoft 365 Copilot Early Access Program](/microsoft-365/admin/copilot/m365-early-access-program?view=o365-worldwide) | modified | -| 7/4/2023 | [Learn about archive mailboxes for Microsoft Purview](/microsoft-365/compliance/archive-mailboxes?view=o365-worldwide) | modified | -| 7/5/2023 | [Add your brand to encrypted messages](/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages?view=o365-worldwide) | modified | -| 7/5/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | -| 7/5/2023 | [Overview of the Alerts page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-alerts-overview?view=o365-worldwide) | added | -| 7/5/2023 | [Create and manage alert rules in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-create-manage-alert-rules?view=o365-worldwide) | added | -| 7/5/2023 | [Overview of the Multifactor authentication page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-mfa-overview?view=o365-worldwide) | added | -| 7/5/2023 | [Manage multifactor authentication in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-mfa?view=o365-worldwide) | modified | -| 7/5/2023 | [Configure scanning options for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/configure-advanced-scan-types-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/5/2023 | [Overview of next-generation protection in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/next-generation-protection?view=o365-worldwide) | modified | -| 7/6/2023 | [Commit a collection estimate to a review set](/microsoft-365/compliance/ediscovery-commit-draft-collection?view=o365-worldwide) | modified | -| 7/6/2023 | [Data loss prevention policy tip reference for SharePoint Online and OneDrive for Business web client](/microsoft-365/compliance/dlp-spo-odbweb-policy-tips?view=o365-worldwide) | added | -| 7/6/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | -| 7/6/2023 | [Microsoft Defender for Identity in Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-center-mdi?view=o365-worldwide) | modified | -| 7/6/2023 | Redirecting accounts from Microsoft Defender for Identity to Microsoft 365 Defender | removed | -| 7/7/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | modified | -| 7/7/2023 | [Minimum versions for sensitivity labels in Microsoft 365 Apps](/microsoft-365/compliance/sensitivity-labels-versions?view=o365-worldwide) | modified | -| 7/7/2023 | [Microsoft 365 monitoring](/microsoft-365/enterprise/microsoft-365-monitoring?view=o365-worldwide) | modified | -| 7/7/2023 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) | modified | -| 7/7/2023 | [Understanding detection technology within the email entity page in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/understand-detection-technology-in-email-entity?view=o365-worldwide) | added | -| 7/7/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | |
lti | Browser Cookies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/browser-cookies.md | Here are the steps to allow the cookies in your browser. # [Microsoft Edge](#tab/edge) -## Allow cookies for LMS URLS in Microsoft Edge +## Allow cookies for LMS URLs in Microsoft Edge 1. In the Edge **Settings** window, select **Cookies and site permissions** > **Cookies and data stored** > **Manage and delete cookies and site data**.-2. Turn on **Allow sites to save and read cookie data (recommended)**, and make sure that **Block third-party cookies** is turned off. +1. Turn on **Allow sites to save and read cookie data (recommended)**. +1. Make sure **Block third-party cookies** is turned off. If you must keep third-party cookies blocked: 1. In the Edge **Settings** window, select **Cookies and site permissions** > **Cookies and data stored** > **Manage and delete cookies and site data**.-2. Under **Allow**, select **Add** to add the domain URL of the LMS platform. +1. Under **Allow**, select **Add** to add the domain URL of the LMS platform. 1. For example, if the LMS platform is hosted at `https://contoso.com`, then that URL must be added under **Allow**. ![Screenshot of Microsoft Edge cookie settings page](media/edge-cookies.png) # [Google Chrome](#tab/chrome) -## Allow cookies for LMS URLS in Google Chrome +## Allow cookies for LMS URLs in Google Chrome -1. In the Chrome **Settings** window, on the **Privacy and security** tab, select **Cookies and other site data**. +1. In the Chrome **Settings** window, select the **Privacy and security** tab and then **Third-party cookies**. +1. Select the option for **Allow third-party cookies**. -2. Under **Sites that can always use cookies**, select **Add**, and then select the **Including third-party cookies on this site** checkbox. +If you must keep third-party cookies blocked: -3. Add the domain URL of the LMS platform. +1. Under **Customized behaviors**, select **Add**. +1. Add the domain URL of the LMS platform. 1. For instance, if the LMS platform is hosted at `https://contoso.com`, then that URL must be used. ![Screenshot of Google Chrome cookie settings page](media/chrome-cookies.png) # [Mozilla Firefox](#tab/firefox) -## Allow cookies for LMS URLS in Mozilla Firefox +## Allow cookies for LMS URLs in Mozilla Firefox 1. In the Firefox **Settings** window, select the **Privacy & Security** tab.--2. Under **Cookies and Site Data**, select **Manage Exceptions**. --3. In the **Address of website** text box, enter the URL of the LMS platform. +1. Under **Cookies and Site Data**, select **Manage Exceptions**. +1. In the **Address of website** text box, enter the URL of the LMS platform. 1. For instance, if the LMS platform is hosted at `https://contoso.com`, then that URL must be used.--4. Select **Allow** to allow cookies for the entered website. --5. Select **Save Changes**. +1. Select **Allow** to allow cookies for the website. +1. Select **Save Changes**. ![Screenshot of Mozilla Firefox cookie settings page](media/firefox-cookies.png) # [Safari](#tab/safari) -## Allow cookies for LMS URLS in Safari +## Allow cookies for LMS URLs in Safari 1. Select **Preferences** > **Privacy**.--2. Clear the **Prevent cross-site tracking** checkbox. +1. Clear the **Prevent cross-site tracking** checkbox. > [!NOTE]-> In you can't change the settings yourself (your browser is managed by your organization), reach out to your IT department. +> In you can't change the settings yourself because your browser is managed by your organization, reach out to your IT department. |
security | Get Scan History By Definition | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/Get-scan-history-by-definition.md | Title: Get scan history by definition description: Learn how to use the get scan history by definition api -keywords: apis, graph api, supported apis, scan history, definition -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium Last updated 12/15/2022 Retrieves a list of the scan history by definitions. +- Supports OData operations. +- OData supported operators: + - $top with max value of 4096. Returns the number of sessions specified in the request. + - $skip with a default value of 0. Skips the number of sessions specified in the request. + +For an example of OData operation usage, see [example $top request](#example-top-request). + ## Limitations 1. Rate limitations for this API are 100 calls per minute and 1500 calls per hour. Retrieves a list of the scan history by definitions. One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md). -Permission type|Permission|Permission display name -:|:|: -Application|Machine.Read.All| Read all scan information. -Delegated (work or school account)|Machine.Read.All|Read all scan information. +|Permission type|Permission|Permission display name| +|:|:|:| +|Application|Machine.Read.All| Read all scan information.| +|Delegated (work or school account)|Machine.Read.All|Read all scan information.| > [!NOTE] > When obtaining a token using user credentials:-> > - To view data the user needs to have at least the following role permission: 'ViewData' or 'TvmViewData' (See [Create and manage roles](user-roles.md) for more information)+> ## HTTP request If successful, this method returns 200 - OK response code with a list of the sca ## Example request -Here is an example of the request. +Here's an example of the request. ```http POST https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinitions/GetScanHistoryByScanDefinitionId POST https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinit } ```+## Example $top request ++Here's an example of a request that returns only 1 session. ++```http +POST https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinitions/GetScanHistoryByScanDefinitionId?$top=1 +``` ++## $top Response example ++```json +{ +"@odata.context": "https://api.securitycenter.microsoft.com/api/DeviceAuthenticatedScanDefinitions/GetScanHistoryByScanDefinitionId", + "value": [ + { + "ScanDefinitionIds": "4ad8d463-6b3a-4894-b42a-a2de9ea0a8ae", + "LastScanned": "2022-12-20T11:14:24.5561791Z", + "ScanStatus": "Partial Success", + "ScannerId": "625431694b7d2ca9d07e77ca1b029ef216bebb6d" + }, + ] +} ++``` |
security | Attack Surface Reduction Rules Deployment Test | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test.md | Title: Test attack surface reduction (ASR) rules description: Provides guidance to test your attack surface reduction (ASR) rules deployment. Microsoft Defender for Endpoint (MDE) ASR test includes, audit defender ASR rules, configure ASR rules using Intune, Microsoft ASR rules reporting, ASR rules exclusions, ASR rules event viewer. -keywords: Microsoft Defender for Endpoint (MDE) Attack surface reduction (ASR) rules deployment, Attack surface reduction guide, ASR deployment, test asr rules, ASR rules exclusions, Microsoft ASR, configure ASR rules, attack surface reduction rules best practice, attack surface reduction intune, ASR rules event viewer, attack surface reduction defender, asr rules powershell, attack surface reduction best practice, disable ASR rules, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules -search.product: eADQiWindows 10XVcnh -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium ASR rules now provide the capability to configure rule-specific exclusions, know To configure per-rule exclusions: 1. Open the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), and navigate to **Home** > **Endpoint security** > **Attack surface reduction**.-1. If it is not already configured, set the rule for which you want to configure exclusions to **Block*. +1. If it is not already configured, set the rule for which you want to configure exclusions to **Audit** or **Block**. 1. In **ASR Only Per Rule Exclusion**, click the toggle to change from **Not configured** to **Configured.** 1. Enter the names of the files or application that you want to exclude. 1. At the bottom of the **Create profile** wizard, click **Next** and follow the wizard instructions. |
security | Dlp Investigate Alerts Defender | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/dlp-investigate-alerts-defender.md | To investigate Microsoft Purview Data Loss Prevention incidents in the Microsoft [Turn on alerts for all your DLP policies](/microsoft-365/compliance/dlp-configure-view-alerts-policies#alert-configuration-experience) in the <a href="https://purview.microsoft.com" target="_blank">Microsoft Purview compliance portal</a>. +> [!NOTE] +> [Administrative units](/microsoft-365/compliance/microsoft-365-compliance-center-permissions#administrative-units) restrictions flow from data loss prevention (DLP) into the Defender portal. If you are an administrative unit restricted admin, you'll only see the DLP alerts for your administrative unit. + ## Investigate DLP alerts in the Microsoft 365 Defender portal 1. Go to the Microsoft 365 Defender portal, and select **Incidents** in the left hand navigation menu to open the incidents page. For Devices DLP alerts, select the device card on the top of the alert page to v Go to the incident summary page and select **Manage Incident** to add incident tags, assign, or resolve an incident. -> [!IMPORTANT] -> DLP supports associating DLP policies and alert management with administrative units in the Microsoft Purview compliance portal. DLP alerts are only available to unrestricted DLP administrators in the Microsoft 365 Defender portal. Administrative unit restricted DLP administrator will not see DLP alerts. See [Administrative units](/microsoft-365/compliance/microsoft-365-compliance-center-permissions#administrative-units) for implementation details. See [Policy scoping](/microsoft-365/compliance/dlp-policy-reference#policy-scoping) for details on administrative unit scoping. + ## Related articles |
security | Anti Phishing Policies About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/anti-phishing-policies-about.md | description: Admins can learn about the anti-phishing policies that are availabl search.appverid: met150 Previously updated : 8/9/2023 Last updated : 8/14/2023 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> In anti-phishing policies, you can control whether `p=quarantine` or `p=reject` - **Quarantine the message** - **Reject the message** + If you select **Quarantine the message** as an action, the quarantine policy that's selected for spoof intelligence protection is used. + :::image type="content" source="../../media/anti-phishing-policies-honor-dmarc-settings.png" alt-text="DMARC settings in an anti-phishing policy." lightbox="../../media/anti-phishing-policies-honor-dmarc-settings.png"::: The relationship between spoof intelligence and whether sender DMARC policies are honored is described in the following table: |
security | Detect And Remediate Illicit Consent Grants | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants.md | You can do this for your users with either the Azure Active Directory Portal, or You can look up the applications to which any individual user has granted permissions by using the Azure Active Directory Portal at <https://portal.azure.com>. 1. Sign in to the Azure portal with administrative rights.-2. Select the Azure Active Directory blade. +2. Select the **Azure Active Directory** blade. 3. Select **Users**. 4. Select the user that you want to review. 5. Select **Applications**. |
security | How Policies And Protections Are Combined | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined.md | description: Admins can learn how the order of protection settings and the prior search.appverid: met150 Previously updated : 8/8/2023 Last updated : 8/14/2023 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/eop-about" target="_blank">Exchange Online Protection</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> There are two major factors that determine which policy is applied to a message: |5|Spoofing|CAT:SPOOF|[Spoof intelligence insight in EOP](anti-spoofing-spoof-intelligence.md)| |6<sup>\*</sup>|User impersonation (protected users)|UIMP|[Configure anti-phishing policies in Microsoft Defender for Office 365](anti-phishing-policies-mdo-configure.md)| |7<sup>\*</sup>|Domain impersonation (protected domains)|DIMP|[Configure anti-phishing policies in Microsoft Defender for Office 365](anti-phishing-policies-mdo-configure.md)|- |8|Spam|CAT:SPM|[Configure anti-spam policies in EOP](anti-spam-policies-configure.md)| - |9|Bulk|CAT:BULK|[Configure anti-spam policies in EOP](anti-spam-policies-configure.md)| + |8<sup>\*</sup>|Mailbox intelligence (contact graph)|GIMP|[Configure anti-phishing policies in Microsoft Defender for Office 365](anti-phishing-policies-mdo-configure.md)| + |9|Spam|CAT:SPM|[Configure anti-spam policies in EOP](anti-spam-policies-configure.md)| + |10|Bulk|CAT:BULK|[Configure anti-spam policies in EOP](anti-spam-policies-configure.md)| - <sup>\*</sup> These features are only available in anti-phishing policies in Microsoft Defender for Office 365. + <sup>\*</sup> These features are available only in anti-phishing policies in Microsoft Defender for Office 365. - **The priority order of policies**: The policy priority order is shown in the following list: |
security | Skip Filtering Phishing Simulations Sec Ops Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes.md | If your MX record doesn't point to Microsoft 365, the IP address in the `Authent 3. In the **Add third party phishing simulations** flyout that opens, configure the following settings: - - **Domain**: Expand this setting and enter at least one email address domain by clicking in the box, entering a value (for example, contoso.com), and then pressing the ENTER key or selecting the value that's displayed below the box. Repeat this step as many times as necessary. You can add up to 20 entries. + - **Domain**: Expand this setting and enter at least one email address domain by clicking in the box, entering a value (for example, contoso.com), and then pressing the ENTER key or selecting the value that's displayed below the box. Repeat this step as many times as necessary. You can add up to 50 entries. > [!NOTE] > Use the domain in the `5321.MailFrom` address (also known as the **MAIL FROM** address, P1 sender, or envelope sender) that's used in the SMTP transmission of the message **or** a DKIM domain as specified by the phishing simulation vendor. |
security | Why Do I Need Microsoft Defender For Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/why-do-i-need-microsoft-defender-for-office-365.md | -description: Is Microsoft Defender for Office 365 worth it? Let's find out. This article had info on the fastest and most recommended setup of Microsoft Defender for Office 365 including Safe Attachments, Safe Links, advanced anti-phishing tools, reporting tools, and threat intelligence capabilities. +description: Is Microsoft Defender for Office 365 worth it? Let's find out. Previously updated : 6/20/2023 Last updated : 8/14/2023 appliesto: - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a> appliesto: > [!IMPORTANT] > **If you are being blocked by Safe Links pages**, go here for info: [Advanced Outlook.com security for Microsoft 365 subscribers](https://support.microsoft.com/office/advanced-outlook-com-security-for-microsoft-365-subscribers-882d2243-eab9-4545-a58a-b36fee4a46e2?storagetype=live). -**Microsoft Defender for Office 365 is a seamless integration into your Office 365 subscription** that provides protection against threats that arrive in email, links (URLS), attachments, or collaboration tools like SharePoint, Teams, and Outlook. With real-time views of threats and tools like Threat Explorer, you can threat hunt and stay ahead of potential threats. +**Microsoft Defender for Office 365 is a seamless integration into your Office 365 subscription** that protects against threats in email, links (URLS), attachments, or collaboration tools. For email threats that you may discover after the fact, Zero-hour autopurge (ZAP) can remove those mails. Automated Investigation and Response (AIR) allows you to automate monitoring and remediation, making it more efficient for security operations (sec ops) teams. The deep integration with Office 365 and robust reporting ensures that you are always on top of security operations. |
solutions | Limit Guest Sharing To Specific Organization | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/limit-guest-sharing-to-specific-organization.md | - Title: "Limit guest sharing to specific organizations"--- Previously updated : 12/08/2021----- highpri-- Tier1-- SPO_Content-- M365-collaboration-- m365solution-securecollab-- m365solution-scenario-- m365initiative-externalcollab -recommendations: false -description: Learn how to limit guest sharing to specific Azure AD or Microsoft 365 organizations. ---# Limit guest sharing to specific organizations --By default, users can invite people outside the organization as guests. This includes adding them to teams in Microsoft Team, SharePoint sites, and sharing individual files and folders with them. --If you only want to allow guests from specific organizations, you can specify these organizations in the Azure Active Directory external collaboration settings and cross-tenant access settings for [B2B collaboration](/azure/active-directory/external-identities/what-is-b2b). --> [!NOTE] -> This article assumes that you have [SharePoint and OneDrive integration with Azure AD B2B](/sharepoint/sharepoint-azureb2b-integration) turned on. --## Configure external collaboration settings --With Azure AD external collaboration settings, you can specify the domains that you want to allow for external collaboration. Guest invitations to all other domains - including non-Azure AD domains - will be blocked. (Guests from blocked domains that are already in your directory will remain.) --To allow guest invitations to a specific organization -1. In [Azure Active Directory](https://aad.portal.azure.com), select **External Identities**, and then select **External collaboration settings**. -1. Under **Collaboration restrictions**, choose **Allow invitations only to the specified domains**. -1. Type the domains that you want to allow, and then select **Save**. --## Cross-tenant access settings --If your allowed domains are other Azure AD organizations, cross-tenant access settings also affect how guests access your organization. By default, all domains are allowed for B2B collaboration with guest accounts. If you've changed your default settings, check to make sure the domains that you want to collaborate with are allowed. For more information, see [Overview: Cross-tenant access with Azure AD External Identities](/azure/active-directory/external-identities/cross-tenant-access-overview). --You can use cross-tenant access settings to limit which of your users can be invited to another Azure AD organization. See [Limit who can be invited by an organization](limit-invitations-from-specific-organization.md) for more information. --You can also limit which organizations where your users can have a guest account. See [Limit organizations where users can have guest accounts](limit-organizations-where-users-have-guest-accounts.md) for more information. --> [!NOTE] -> Changes to cross-tenant access settings may take two hours to take effect. --## Related topics --[B2B direct connect overview](/azure/active-directory/external-identities/b2b-direct-connect-overview) --[Configure cross-tenant access settings for B2B direct connect](/azure/active-directory/external-identities/cross-tenant-access-settings-b2b-direct-connect) --[Limit who can be invited by an organization](limit-invitations-from-specific-organization.md) --[Limit organizations where users can have guest accounts](limit-organizations-where-users-have-guest-accounts.md) |
solutions | Trusted Vendor Onboarding | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/trusted-vendor-onboarding.md | + + Title: Onboard trusted vendors to collaborate in Microsoft 365 +++ Last updated : 08/14/2023+audience: ITPro ++++- highpri +- Tier1 +- SPO_Content +- M365-collaboration +- m365solution-3tiersprotection +- m365solution-securecollab +- m365initiative-externalcollab ++localization_priority: medium +f1.keywords: NOCSH +recommendations: false +description: Learn how to onboard trusted vendors to collaborate in Microsoft 365. +++# Onboard trusted vendors to collaborate in Microsoft 365 ++If your organization has an approval process for external vendors or other organizations, you can use features in Azure Active Directory and Teams to block access from people in unapproved organizations and add new organizations as they're approved. ++By using domain allowlists, you can block the domains of organizations that haven't been approved through your internal processes. This can help ensure that users in your organization to only collaborate with approved vendors. ++This article describes the features you can use as part of your approval process for onboarding new vendors. ++If you haven't configured guest sharing for your organization, see [Collaborate with guests in a site](collaborate-in-site.md) or [Collaborate with guests in a team (IT Admins)](collaborate-as-team.md). ++#### SharePoint and OneDrive integration with Azure AD B2B ++The procedures in this article assume that you've enabled [SharePoint and OneDrive integration with Azure AD B2B](/sharepoint/sharepoint-azureb2b-integration). If you haven't enabled Azure AD B2B integration for SharePoint and OneDrive, Azure AD B2B domain allowlists and blocklists don't affect file and folder sharing. In this case, use [Restrict sharing of SharePoint and OneDrive content by domain](/sharepoint/restricted-domains-sharing). ++## Allow the vendor's domain in Azure AD external collaboration settings ++With Azure AD external collaboration settings, you can allow or block invites to certain domains. By creating an allowlist, you allow guest invitations only to those domains and all others are blocked. You can use this to allow guest invitations to vendors that you've approved while blocking those to vendors you haven't. ++To allow sharing invitations only from specified domains +1. In Azure Active Directory, under **Identity**, expand **External identities**, and then choose **External collaboration settings**. +1. Under **Collaboration restrictions**, select **Allow invitations only to the specified domains**, and then type the domains that you want to allow. +1. Select **Save**. ++ ![Screenshot of collaboration restrictions settings in Azure Active Directory.](../media/azure-ad-allow-only-specified-domains.png) ++For more information about using allowlists or blocklists in Azure AD, see [Allow or block invitations to B2B users from specific organizations](/azure/active-dir.ectory/external-identities/allow-deny-list) ++## Allow domains for other Microsoft 365 organizations ++If your approved vendor also uses Microsoft 365, there are additional settings in Azure AD and Teams that you can configure to manage these domains and create a more integrated experience for your users. ++By adding the vendor organization to Azure AD cross-tenant access settings, you can specify: ++- Which users in the vendor organization can be invited to your organization +- Which users in the vendor organization can participate in shared channels in Microsoft Teams +- Which applications those users have access to in your organization +- Whether your conditional access policies will accept claims from other Azure AD organizations when users from the other organization access your resources. ++By adding the vendor organization to the allowlist for Teams external access: ++- Users in your organization and the vendor organization can chat and meet without the vendor having to log in as a guest. ++#### Allow the vendor's domain in Azure AD cross-tenant access settings ++To specify settings such as who can be invited from the vendor organization and what applications they can use, first add the organization in Azure AD cross-tenant access settings. ++To add an organization +1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/) as a Global administrator. +1. Expand **Identity**, and then expand **External Identities**. +1. Select **Cross-tenant access settings**. +1. Select **Organizational settings**. +1. Select **Add organization**. +1. On the **Add organization** pane, type the full domain name (or tenant ID) for the organization. +1. Select the organization in the search results, and then select **Add**. ++ ![Screenshot of cross-tenant access settings in Azure AD with two external organizations configured.](../media/cross-tenant-access-settings.png) ++To specify who your users can invite as guests from the vendor organization: +1. On the **Organizational settings** tab, select the **Inbound access** link for the organization you want to configure. +1. On the **B2B collaboration** tab, select **Customize settings** +1. On the **External users and groups** tab, choose **Select \<organization\> users and groups**, and then select **Add external users and groups**. +1. Add the IDs of the users and groups that you want to include, and then select **Submit**. +1. Select **Save**. ++ ![Screenshot of an allowed group in the inbound cross-tenant access settings for an external organization.](../media/cross-tenant-inbound-allow-group.png) ++To specify which applications guests from the vendor organization can use: +1. On the **Organizational settings** tab, select the **Inbound access** link for the organization you want to configure. +1. On the **B2B collaboration** tab, select **Customize settings** +1. On the **Applications** tab, choose **Select applications**, and then select **Add Microsoft applications** or **Add other applications**. +1. Select the applications that you want to allow, and then choose **Select**. +1. Select **Save**. ++ ![Screenshot of an allowed application in the inbound cross-tenant access settings for an external organization.](../media/cross-tenant-inbound-allow-application.png) ++For more information about the options available in cross-tenant access settings, including accepting conditional access claims from other organizations, see [Configure cross-tenant access settings for B2B collaboration](/azure/active-directory/external-identities/cross-tenant-access-settings-b2b-collaboration). ++If you plan to use Teams shared channels with the vendor organization, both organizations must set up cross-tenant access settings for Azure AD B2B direct connect. For details, see [Collaborate with external participants in a shared channel](/microsoft-365/solutions/collaborate-teams-direct-connect). ++#### Allow the vendor's domain in Teams external access ++To allow users in your organization and the vendor organization to chat and meet without the vendor having to log in as a guest, allow the domain in Teams external access. ++To allow an organization in Teams external access +1. In the Teams admin center, expand **Users**, and then select **External access**. +1. Under **Choose which domains your users have access to**, choose **Allow only specific external domains**. +1. Select **Allow domains**. +1. In the **Domain** box, type the domain that you want to allow and then select **Done**. +1. If you want to allow another domain, select **Add a domain**. +1. Select **Save**. ++ ![Screenshot of Teams external access settings for Teams and Skype for Business users in external organizations with one allowed domain.](../media/teams-external-access-allowed-domain.png) ++The external access settings page in the Teams admin center includes settings for Teams accounts not managed by an organization and Skype users. You can turn these off if these accounts don't meet your organization's requirements for approved vendors. ++For more information about Teams external access options, see [Manage external meetings and chat with people and organizations using Microsoft identities](/microsoftteams/trusted-organizations-external-meetings-chat). ++## Limit who can invite guests ++You can restrict which users in your organization can invite guests from your trusted vendors. This can be useful if guest invites require approval or if you want your users to do a training course before being allowed to invite guests. For information on how to do this, see [Limit who can invite guests](limit-who-can-invite-guests.md). ++## Prevent unauthenticated access ++There are two features that allow someone from outside your organization to access resources in your organization without signing in: ++- Anonymous meeting join +- Unauthenticated file and folder sharing ++If your requirements for trusted vendors require everyone to sign in before accessing your organization's resources, you can turn these options off. ++To prevent people from joining meetings as anonymous participants, you can turn off **Anonymous users can join a meeting** in Teams meeting policies. For more information, see [Manage anonymous participant access to Teams meetings (IT admins)](/microsoftteams/anonymous-users-in-meetings). ++To prevent unauthenticated file and folder sharing, you must prevent the use of *Anyone* sharing links. You can do this for your entire organization or for specific SharePoint sites. For more information, see [Manage sharing settings for SharePoint and OneDrive in Microsoft 365](/sharepoint/turn-external-sharing-on-or-off) and [Change the sharing settings for a site](/sharepoint/change-external-sharing-site). ++## Related topics ++[Microsoft Entra External ID documentation](/azure/active-directory/external-identities/) ++[Use guest access and external access to collaborate with people outside your organization](/microsoftteams/communicate-with-users-from-other-organizations) ++[Azure Active Directory terms of use](/azure/active-directory/conditional-access/terms-of-use) ++[Allow only members in specific security groups to share SharePoint and OneDrive files and folders externally](/sharepoint/manage-security-groups) |