-If you don't have a partner and want to get Microsoft 365 Business Premium, you can [buy it here](https://www.microsoft.com/en-US/microsoft-365/business).

-You can also head over to a [Microsoft Store](https://www.microsoft.com/en-us/store/locations/find-a-store?icid=en_US_Store_UH_FAS) to buy Microsoft 365 Business Premium and get setup help.

-description: "As of September 14, 2019, banks in the 31 countries of the European Economic Area are required to verify the identity of the person making an online purchase before the payment can be processed."

-# Payment Services Directive 2 and Strong Customer Authentication for commercial customers

-As of September 14, 2019, banks in the 31 countries of the European Economic Area are required to verify the identity of the person making an online purchase before the payment can be processed. This verification requires multi-factor authentication to help ensure your online purchases are secure and protected. The date for this verification requirement will be delayed for some countries.

-For more information, see [Microsoft FAQ about Payment Services Directive 2 and Strong Customer Authentication](https://support.microsoft.com/help/4517854/microsoft-account-open-banking-customer-authentication).

-## When is multi-factor authentication required?

-Currently, verification requirements for this directive using multi-factor authentication only apply to customers using credit cards from banks in the 31 countries of the European Economic Area. Sometimes customers will be prompted because of an action that they took, and sometimes they are prompted because of events with their existing subscriptions or services.

-### Customer Actions

-Your bank may require verification through multi-factor authentication. Some examples include:

-### Subscription lifecycle events

-Charges for recurring payments might fail. If they do, youΓÇÖll receive an email with instructions to follow. YouΓÇÖll be prompted to respond to the verification request and make your current payment.

-## Need more help?

-Your financial institution is the best contact for these scenarios:

-Selecting the **Updated template** link will download an Excel file containing control data for the version of the template with the pending updates. Selecting the **Current template** link downloads a file of the existing template without the changes.

-| **Manage assessments, and template and tenant data**| Compliance Manager Administration | Compliance Administrator, Compliance Data Administrator, Security Administrator |

-| **Assign users**| Global Administrator | Global Administrator |

-A score value is assigned at three levels:

-1. **Improvement action score**: each action has a different impact on your score depending on the potential risk involved

-2. **Control score**: this score is the sum of points earned by completing improvement actions within the control. This sum is applied in its entirety to your overall compliance score when the control meets both of the following conditions:

- - **Implementation Status** equals **Implemented** or **Alternative Implementation**, and

- - **Test Result** equals **Passed**.

-3. **Assessment score**: this score is the sum of your control scores. It is calculated using action scores. Each Microsoft action and each improvement action managed by your organization is counted once, regardless of how often it is referenced in a control.

-1. **Your improvement actions**: actions that your organization manages.

-2. **Microsoft actions**: actions that Microsoft manages.

-|[Onboard and offboard macOS devices into Microsoft Purview solutions using Intune](device-onboarding-offboarding-macos-intune.md)|For macOS devices that are managed through Intune

-|[Onboard and offboard macOS devices into Compliance solutions using Intune for Microsoft Defender for Endpoint customers](device-onboarding-offboarding-macos-intune-mde.md) |For macOS devices that are managed through Intune and that have Microsoft Defender for Endpoint (MDE) deployed to them

-|[Onboard and offboard macOS devices into Microsoft Purview solutions using JAMF Pro](device-onboarding-offboarding-macos-jamfpro.md) | For macOS devices that are managed through JAMF Pro

-|[Onboard and offboard macOS devices into Compliance solutions using JAMF Pro for Microsoft Defender for Endpoint customers](device-onboarding-offboarding-macos-jamfpro-mde.md)|For macOS devices that are managed through JAMF Pro and that have Microsoft Defender for Endpoint (MDE) deployed to them

-Topic | Description

-:|:

-[Onboard Windows 10 or 11 devices using Group Policy](device-onboarding-gp.md) | Use Group Policy to deploy the configuration package on devices.

-[Onboard Windows 10 or 11 devices using Microsoft Endpoint Configuration Manager](device-onboarding-sccm.md) | You can use either use Microsoft Endpoint Configuration Manager (current branch) version 1606 or Microsoft Endpoint Configuration Manager (current branch) version 1602 or earlier to deploy the configuration package on devices.

-[Onboard Windows 10 or 11 devices using Mobile Device Management tools](device-onboarding-mdm.md) | Use Mobile Device Management tools or Microsoft Intune to deploy the configuration package on device.

-[Onboard Windows 10 or 11 devices using a local script](device-onboarding-script.md) | Learn how to use the local script to deploy the configuration package on endpoints.

-[Onboard non-persistent virtual desktop infrastructure (VDI) devices](device-onboarding-vdi.md) | Learn how to use the configuration package to configure VDI devices.

-|[Onboard and offboard macOS devices into Microsoft Purview solutions using Intune](device-onboarding-offboarding-macos-intune.md)|For macOS devices that are managed through Intune

-|[Onboard and offboard macOS devices into Compliance solutions using Intune for Microsoft Defender for Endpoint customers](device-onboarding-offboarding-macos-intune-mde.md) |For macOS devices that are managed through Intune and that have Microsoft Defender for Endpoint (MDE) deployed to them

-|[Onboard and offboard macOS devices into Microsoft Purview solutions using JAMF Pro)](device-onboarding-offboarding-macos-jamfpro.md) | For macOS devices that are managed through JAMF Pro

-|[Onboard and offboard macOS devices into Compliance solutions using JAMF Pro for Microsoft Defender for Endpoint customers)](device-onboarding-offboarding-macos-jamfpro-mde.md)|For macOS devices that are managed through JAMF Pro and that have Microsoft Defender for Endpoint (MDE) deployed to them

-|Total amount of data loaded into all review sets in the organization per day.<br/>|2 TB|2 TB|

-|Maximum concurrent jobs in your organization to add content to a review set. These jobs are named **Adding data to a review set** and are displayed on the **Jobs** tab in a case.|10²|10²|

-|Maximum concurrent jobs to add content to a review set per user. These jobs are named **Adding data to a review set** and are displayed on the **Jobs** tab in a case.|3|3|

-|Maximum number of searches that a single user can start at the same time.|10|

-|Maximum concurrent exports per review set.|1|

-|The maximum number of searches that can run at the same time in your organization.|30|

-|The maximum number of organization-wide searches that can be run at the same time.|3|

-|The maximum number of searches that a single user can start at the same time. This limit is most likely hit when the user tries to start multiple searches by using the **Get-ComplianceSearch \|Start-ComplianceSearch** command in Security & Compliance PowerShell.|10|

-|The maximum number of items per user mailbox that are displayed on the preview page when previewing Content Search results.|100|

-The following table lists the limits when exporting the results of a content search. These limits also apply when you export content from a eDiscovery (Standard) case.

-|Maximum concurrent exports that can be ran at same time within your organization <p> **Note:** Running a **Report Only** export counts against total concurrent exports for your organization. If three users are performing 3 exports each, then only one other export can be performed. Whether it is exporting a report or search results, no other exports can be performed until one has completed.|10|

-|Maximum exports a single user can run at any one time|3|

-Wiht Azure AD entitlement management, you can manage the identity and access lifecycle at scale by automating access request workflows, access assignments, reviews, and expiration.

-For more information, see the [overview of Azure AD entitlement management](/azure/active-directory/governance/entitlement-management-overview).

-## Week of July 04, 2022

-| Published On |Topic title | Change |

-|||--|

-| 7/4/2022 | [Identify the available PowerShell cmdlets for retention](/microsoft-365/compliance/retention-cmdlets?view=o365-21vianet) | modified |

-| 7/4/2022 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |

-| 7/5/2022 | [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-21vianet) | added |

-| 7/5/2022 | [Enable Microsoft Defender for IoT integration in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration?view=o365-21vianet) | modified |

-| 7/5/2022 | [Security recommendations](/microsoft-365/security/defender-vulnerability-management/tvm-security-recommendation?view=o365-21vianet) | modified |

-| 7/5/2022 | [What is Microsoft 365 Defender?](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |

-| 7/5/2022 | [Onboard Microsoft Defender for IoT with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration?view=o365-21vianet) | modified |

-| 7/5/2022 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-21vianet) | modified |

-| 7/5/2022 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-21vianet) | modified |

-| 7/5/2022 | Infographic: Help protect your campaign | removed |

-| 7/5/2022 | Bump up security protection for your campaign or business | removed |

-| 7/5/2022 | [Setup overview for Microsoft 365 for Campaigns](/microsoft-365/business-premium/m365-campaigns-setup?view=o365-21vianet) | modified |

-| 7/5/2022 | Sign in to Microsoft 365 | removed |

-| 7/5/2022 | Sign up for Microsoft 365 for Campaigns | removed |

-| 7/5/2022 | How these security recommendations affect your users | removed |

-| 7/5/2022 | Customize sign-in page with a privacy and consent notice | removed |

-| 7/5/2022 | [How Microsoft 365 Business Premium helps your business](/microsoft-365/business-premium/m365bp-secure-users?view=o365-21vianet) | modified |

-| 7/5/2022 | [Configure privacy settings in Microsoft Whiteboard](/microsoft-365/whiteboard/configure-privacy-settings?view=o365-21vianet) | added |

-| 7/5/2022 | [Manage GDPR data subject requests in Microsoft Whiteboard](/microsoft-365/whiteboard/gdpr-requests?view=o365-21vianet) | added |

-| 7/5/2022 | [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-21vianet) | modified |

-| 7/5/2022 | [Collaborate and share securely in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-collaborate-share-securely?view=o365-21vianet) | modified |

-| 7/5/2022 | [Set Up unmanaged devices overview](/microsoft-365/business-premium/m365bp-devices-overview?view=o365-21vianet) | modified |

-| 7/5/2022 | [About Intune admin roles in the Microsoft 365 admin center](/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac?view=o365-21vianet) | modified |

-| 7/5/2022 | [Maintain environment](/microsoft-365/business-premium/m365bp-maintain-environment?view=o365-21vianet) | modified |

-| 7/5/2022 | [Protect your administrator accounts in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-admin-accounts?view=o365-21vianet) | modified |

-| 7/5/2022 | [Set up and secure managed devices](/microsoft-365/business-premium/m365bp-protect-devices?view=o365-21vianet) | modified |

-| 7/5/2022 | [Protect email Overview](/microsoft-365/business-premium/m365bp-protect-email-overview?view=o365-21vianet) | modified |

-| 7/5/2022 | [Protect unmanaged Windows PCs and Macs in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-pcs-macs?view=o365-21vianet) | modified |

-| 7/5/2022 | [Security incident management](/microsoft-365/business-premium/m365bp-security-incident-management?view=o365-21vianet) | modified |

-| 7/5/2022 | [A security operations guide for Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-incident-quick-start?view=o365-21vianet) | modified |

-| 7/5/2022 | [Increase security in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-21vianet) | modified |

-| 7/5/2022 | [Welcome to Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-setup-overview?view=o365-21vianet) | modified |

-| 7/5/2022 | [Deploy Microsoft Defender for Endpoint on Linux manually](/microsoft-365/security/defender-endpoint/linux-install-manually?view=o365-21vianet) | modified |

-| 7/5/2022 | [Submit malware and non-malware to Microsoft for analysis](/microsoft-365/security/office-365-security/submitting-malware-and-non-malware-to-microsoft-for-analysis?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 feature descriptions](/microsoft-365/admin/m365-feature-descriptions?view=o365-21vianet) | added |

-| 7/6/2022 | [Assess the Microsoft 365 Active Users report](/microsoft-365/admin/activity-reports/active-users-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 admin center email activity reports](/microsoft-365/admin/activity-reports/email-activity-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 admin center email apps usage reports](/microsoft-365/admin/activity-reports/email-apps-usage-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 admin center forms activity reports](/microsoft-365/admin/activity-reports/forms-activity-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft Dynamics 365 customer voice activity reports](/microsoft-365/admin/activity-reports/forms-pro-activity-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 admin center mailbox usage reports](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 admin center apps usage reports](/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 OneDrive for Business usage reports](/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 admin center Yammer activity reports](/microsoft-365/admin/activity-reports/yammer-activity-report-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 admin center Yammer device usage reports](/microsoft-365/admin/activity-reports/yammer-device-usage-report-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 admin center Yammer groups activity reports](/microsoft-365/admin/activity-reports/yammer-groups-activity-report-ww?view=o365-21vianet) | modified |

-| 7/6/2022 | [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-21vianet) | modified |

-| 7/6/2022 | [Apply encryption using sensitivity labels](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-21vianet) | modified |

-| 7/6/2022 | [Learn about the default labels and policies to protect your data](/microsoft-365/compliance/mip-easy-trials?view=o365-21vianet) | modified |

-| 7/6/2022 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-21vianet) | modified |

-| 7/6/2022 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-21vianet) | modified |

-| 7/7/2022 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-21vianet) | modified |

-| 7/7/2022 | [Plan for communication compliance](/microsoft-365/compliance/communication-compliance-plan?view=o365-21vianet) | modified |

-| 7/7/2022 | [Communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-21vianet) | modified |

-| 7/7/2022 | [Communication compliance](/microsoft-365/compliance/communication-compliance-solution-overview?view=o365-21vianet) | modified |

-| 7/7/2022 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-21vianet) | modified |

-| 7/7/2022 | [Start retention when an event occurs](/microsoft-365/compliance/event-driven-retention?view=o365-21vianet) | modified |

-| 7/7/2022 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-21vianet) | modified |

-| 7/7/2022 | [Manage multifactor authentication in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-mfa?view=o365-21vianet) | modified |

-| 7/7/2022 | [Case study - Contoso configures an inappropriate text policy](/microsoft-365/compliance/communication-compliance-case-study?view=o365-21vianet) | modified |

-| 7/7/2022 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-21vianet) | modified |

-| 7/7/2022 | [Microsoft Defender for Office 365 trial playbook](/microsoft-365/security/office-365-security/trial-playbook-defender-for-office-365?view=o365-21vianet) | modified |

-| 7/7/2022 | [Manage GDPR data subject requests in Microsoft Whiteboard](/microsoft-365/whiteboard/gdpr-requests?view=o365-21vianet) | modified |

-| 7/8/2022 | [Delete a model in Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/delete-a-model) | added |

-| 7/8/2022 | [Migrating servers from Microsoft Monitoring Agent to the unified solution](/microsoft-365/security/defender-endpoint/application-deployment-via-mecm?view=o365-21vianet) | added |

-| 7/8/2022 | [Cancel your business subscription](/microsoft-365/commerce/subscriptions/cancel-your-subscription?view=o365-21vianet) | modified |

-| 7/8/2022 | [Microsoft Purview solutions trial playbook](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-21vianet) | modified |

-| 7/8/2022 | [Office TLS certificate changes](/microsoft-365/compliance/encryption-office-365-tls-certificates-changes?view=o365-21vianet) | modified |

-| 7/8/2022 | [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-21vianet) | modified |

-| Antivirus, antimalware, and ransomware protection capabilities for devices include: <ul><li>[Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) (antivirus/antimalware protection on devices together with cloud protection)</li><li>[Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) (network protection, firewall, and attack surface reduction rules) ^[[a](#fna)]</li><li>[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) (behavior-based detection and manual response actions)</li><li>[Automated investigation and response](../defender/m365d-autoir.md) (with self-healing for detected threats)</li><li>[Threat and vulnerability management](mdb-view-tvm-dashboard.md) (view exposed devices and recommendations)</li><li>[Cross-platform support for devices](mdb-onboard-devices.md) (Windows, Mac, iOS, and Android) ^[[b](#fnb)]</li><li>[Centralized management and reporting](mdb-get-started.md) (Microsoft 365 Defender portal)</li><li>[APIs for integration](../defender-endpoint/management-apis.md) (for Microsoft partners or your custom tools and apps)</li><li>[Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (Endpoint security)</li></ul><br/><br/><br/><br/><br/><br/> | Productivity and security capabilities include:<ul><li>[Microsoft 365 Business Standard](../../admin/admin-overview/what-is-microsoft-365-for-business.md) (Office apps and services, and Microsoft Teams)</li><li>[Shared computer activation](/deployoffice/overview-shared-computer-activation) (for deploying Microsoft 365 Apps)</li><li>[Windows 10/11 Business](../../business-premium/m365bp-upgrade-windows-10-pro.md) (upgrade from previous versions of Windows Pro)</li><li>[Windows Autopilot](/mem/autopilot/windows-autopilot) (for setting up and configuring Windows devices)</li><li>[Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md) (antiphishing, antispam, antimalware, and spoof intelligence for email)</li><li>[Defender for Business](mdb-overview.md) (everything listed in the "Defender for Business (standalone)" column) </li><li>[Microsoft Defender for Office 365 Plan 1](../office-365-security/overview.md) (advanced antiphishing, real-time detections, Safe Attachments, Safe Links)</li><li>[Auto-expanding archiving](../../compliance/autoexpanding-archiving.md) (for email)</li><li>[Azure Active Directory Premium Plan 1](/azure/active-directory/fundamentals/active-directory-whatis) (identity management)</li><li>[Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (Endpoint security)</li><li>[Azure Information Protection Premium Plan 1](/azure/information-protection/what-is-information-protection) (protection for sensitive information)</li><li>[Azure Virtual Desktop](/azure/virtual-desktop/overview) (centrally managed, secure virtual machines in the cloud)</li></ul> |

-(<a id="fna">a</a>) Use Microsoft Intune to modify or customize attack surface reduction rules.

-(<a id="fnb">b</a>) Use Intune to onboard iOS, iPadOS, and Android devices. See [Onboard devices to Microsoft Defender for Business](mdb-onboard-devices.md).

-(<a id="fn1">1</a>) Onboard and manage devices in the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) or by using Intune, managed in the Microsoft Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)).

-| **Use the Microsoft 365 Defender portal** | The Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)) can be your one-stop shop for managing your company's devices, security policies, and security settings. You can access your security policies and settings, use the [Threat & Vulnerability Management dashboard](mdb-view-tvm-dashboard.md), and [view and manage incidents](mdb-view-manage-incidents.md) all in one place. <br/><br/>If you're using Intune, devices that you onboard to Defender for Business and your security policies are visible in the Endpoint Manager admin center. To learn more, see the following articles:<ul><li>[Defender for Business default settings and Microsoft Intune](mdb-next-gen-configuration-settings.md#defender-for-business-default-settings-and-microsoft-intune)</li><li>[Firewall in Defender for Business](mdb-firewall.md)</li></ul> |

-| **Use the Microsoft Endpoint Manager admin center** | If your company is already using Intune to manage security policies, you can continue using the Endpoint Manager admin center to manage your devices and security policies. To learn more, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy). <br/><br/>If you decide to switch to the [simplified configuration process in Defender for Business](mdb-simplified-configuration.md), you'll be prompted to delete any existing security policies in Intune to avoid [policy conflicts](mdb-troubleshooting.yml) later. |

-> If you're managing security policies in the Microsoft 365 Defender portal, you can *view* those policies in the Endpoint Manager admin center ([https://endpoint.microsoft.com](https://endpoint.microsoft.com)), where they're listed as **Antivirus** or **Firewall** policies. When you view your firewall policies in the Endpoint Manager admin center, you'll see two policies listed: one policy for firewall protection and another for custom rules.

-3. Select the categories to block. Use the expand icon to fully expand each parent category, and then select specific web content categories. To set up an audit-only policy that doesn't block any websites, don't select any categories. Don't select **Uncategorized**.

-| **Automated Investigation** <br/>(turned on by default) | As alerts are generated, automated investigations can occur. Each automated investigation determines whether a detected threat requires action and then takes or recommends remediation actions, such as sending a file to quarantine, stopping a process, isolating a device, or blocking a URL. While an investigation is running, any related alerts that arise are added to the investigation until it's completed. If an affected entity is seen elsewhere, the automated investigation expands its scope to include that entity, and the investigation process repeats.<br/><br/>You can view investigations on the **Incidents** page. Select an incident, and then select the **Investigations** tab.<br/><br/>By default, automated investigation and response capabilities are turned on, tenant wide. **We recommend keeping automated investigation turned on**. If you turn it off, real-time protection in Microsoft Defender Antivirus will be affected, and your overall level of protection will be reduced. <br/><br/>[Learn more about automated investigations](../defender-endpoint/automated-investigations.md). |

-| **Live Response** | Defender for Business includes the following types of manual response actions: <ul><li>Run antivirus scan</li><li>Isolate device</li><li>Stop and quarantine a file</li><li>Add an indicator to block or allow a file</li></ul><br/>[Learn more about response actions](../defender-endpoint/respond-machine-alerts.md). |

-| **Enable EDR in block mode**<br/>(turned on by default) | Provides added protection from malicious artifacts when Microsoft Defender Antivirus isn't the primary antivirus product and is running in passive mode on a device. Endpoint detection and response (EDR) in block mode works behind the scenes to remediate malicious artifacts detected by EDR capabilities. Such artifacts might have been missed by the primary, non-Microsoft antivirus product. [Learn more about EDR in block mode](../defender-endpoint/edr-in-block-mode.md). |

-| **Allow or block a file** <br/>(turned on by default) | Enables you to allow or block a file by using [indicators](../defender-endpoint/indicator-file.md). This capability requires Microsoft Defender Antivirus to be in active mode and [cloud protection](../defender-endpoint/cloud-protection-microsoft-defender-antivirus.md) turned on.<br/><br/>Blocking a file prevents it from being read, written, or executed on devices in your organization. <br/><br/>[Learn more about indicators for files](../defender-endpoint/indicator-file.md). |

-| **Custom network indicators**<br/>(turned on by default) | Enables you to allow or block an IP address, URL, or domain by using [network indicators](../defender-endpoint/indicator-ip-domain.md). This capability requires Microsoft Defender Antivirus to be in active mode and [network protection](../defender-endpoint/enable-network-protection.md) turned on.<br/><br/>You can allow or block IPs, URLs, or domains based on your threat intelligence. You can also prompt users if they open a risky app, but the prompt won't stop them from using the app.<br/><br/>[Learn more about network protection](../defender-endpoint/network-protection.md). |

-| **Tamper protection**<br/>(we recommend you turn on this setting) | Tamper protection prevents malicious apps from doing actions such as:<ul><li>Disable virus and threat protection</li><li>Disable real-time protection</li><li>Turn off behavior monitoring</li><li>Disable cloud protection</li><li>Remove security intelligence updates</li><li>Disable automatic actions on detected threats</li></ul><br/>Tamper protection essentially locks Microsoft Defender Antivirus to its secure, default values and prevents your security settings from being changed by apps and unauthorized methods. [Learn more about tamper protection](../defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md). |

-| **Show user details**<br/>(turned on by default) | Enables people in your organization to see details, such as employees' pictures, names, titles, and departments. These details are stored in Azure Active Directory (Azure AD). [Learn more about user profiles in Azure AD](/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal). |

-| **Skype for Business integration**<br/>(turned on by default) | Skype for Business was retired in July 2021. If you haven't already moved to Microsoft Teams, see [Set up Microsoft Teams in your small business](/microsoftteams/deploy-small-business). Integration with Microsoft Teams (or the former Skype for Business) enables one-click communication between people in your business. |

-| **Microsoft Intune connection**<br/>(we recommend you turn on this setting if you have Intune) | If your organization's subscription includes Microsoft Intune, this setting enables Defender for Business to share information about devices with Intune. |

-| **Device discovery**<br/>(turned on by default) | Enables your security team to find unmanaged devices that are connected to your company network. Unknown and unmanaged devices introduce significant risks to your network, whether it's an unpatched printer, a network device with a weak security configuration, or a server with no security controls.<br/><br/>Device discovery uses onboarded devices to discover unmanaged devices, so your security team can onboard the unmanaged devices and reduce your vulnerability. [Learn more about device discovery](../defender-endpoint/device-discovery.md). |

-| **Preview features** | Microsoft is continually updating services such as Defender for Business to include new feature enhancements and capabilities. If you opt in to receive preview features, you'll be among the first to try upcoming features in the preview experience. [Learn more about preview features](../defender-endpoint/preview.md). |

-| **Home** | Takes you to your home page in the Microsoft 365 Defender portal. The home page highlights any active threats that are detected, along with recommendations to help secure your company's data and devices. Recommendations are included in Defender for Business to save your security team time and effort. The recommendations are based on industry best practices. To learn more, see [Security recommendations - threat and vulnerability management](../defender-endpoint/tvm-security-recommendation.md). |

-| **Actions & submissions** > **Action center** | Takes you to your list of response actions, including completed and pending actions.<ul><li>Select the **History** tab to see the actions that were taken. Some actions are taken automatically; others are taken manually or complete after they're approved.</li><li>Select the **Pending** tab to view actions that require approval to proceed.</li></ul><br/>To learn more, see [Review remediation actions in the Action center](mdb-review-remediation-actions.md). |

-| **Trials** | Try additional security and compliance capabilities by adding on a trial subscription. |

-| **Endpoints** > **Device inventory** | Enables you to search for one or more devices that were onboarded to Defender for Business. |

-| **Endpoints** > **Vulnerability management** | Provides a dashboard, recommendations, remediation activities, a software inventory, and a list of potential weaknesses within your company. |

-| **Health** | Enables you to view your service health status and plan for upcoming changes. <ul><li>Select **Service health** to view the health status of the Microsoft 365 services that are included in your company's subscription.</li><li>Select **Message center** to learn about planned changes and what to expect.</li></ul> |

-| **Document Drops Backdoor** | Simulate an attack that introduces file-based malware on a test device. The tutorial describes how to use the simulation file and what to watch for in the Microsoft 365 Defender portal. This tutorial requires that Microsoft Word is installed on your test device. |

-| **Microsoft Defender Vulnerability Management(core scenarios)** | Learn about Defender Vulnerability Management through three scenarios:<ol><li>Reduce your company's threat and vulnerability exposure.</li><li>Request a remediation.</li><li>Create an exception for security recommendations.</li></ol> <br/> Defender Vulnerability Management uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations. |

-This playbook is a simple guide to help you make the most of your 30-day free trial. Use the recommendations in this article from the Microsoft Defender team to learn how Defender for Business can help elevate your security from traditional antivirus protection to next-generation protection, endpoint detection and response, and Defender Vulnerability Management.

- | [Windows clients](mdb-onboard-devices.md) | Choose one of the following options to onboard Windows client devices to Defender for Business:<ul><li>Local script (for onboarding devices manually in the Microsoft 365 Defender portal)</li><li>Group Policy (if you're already using Group Policy and prefer this method)</li><li>Microsoft Intune (if you're already using Intune and prefer to continue using it)</li></ul> |

- | [Mac](mdb-onboard-devices.md) | Choose one of the following options to onboard Mac:<ul><li>Local script for Mac (*recommended*)</li><li>Microsoft Intune for Mac </li></ul><br/>We recommend you use a local script to onboard Mac. Although you can [set up enrollment for Mac devices in Intune](/mem/intune/enrollment/macos-enroll), the local script is the simplest method for onboarding Mac to Defender for Business. |

- | [Mobile devices](mdb-onboard-devices.md) | Use Microsoft Intune to onboard mobile devices, such as Android and iOS/iPadOS devices. See the following resources to get help enrolling these devices into Intune:<ul><li>[Enroll Android devices](/mem/intune/enrollment/android-enroll)</li><li>[Enroll iOS or iPadOS devices](/mem/intune/enrollment/ios-enroll)</li></ul> |

-## Threat and Vulnerability Management

-On January 25, 2022, we announced the general availability of Threat and Vulnerability management on Android and iOS. For more details, see [the techcommunity post here](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-general-availability-of-vulnerability-management/ba-p/3071663).

-Configure Microsoft Defender for Endpoint to send email notifications to specified recipients for new vulnerability events. This feature enables you to identify a group of individuals who will immediately be informed and can act on the notifications based on the event. The vulnerability information comes from Defender for Endpoint's [Defender Vulnerability Management](next-gen-threat-and-vuln-mgt.md) capability.

-The email notification includes basic information about the vulnerability event. There are also links to filtered views in the Microsoft Defender Vulnerability Management [Security recommendations](tvm-security-recommendation.md) and [Weaknesses](tvm-weaknesses.md) pages in the portal so you can further investigate. For example, you could get a list of all exposed devices or get additional details about the vulnerability.

-| [Defender for Business](../defender-business/mdb-overview.md) ^[[3](#fn3)] | [Services optimized for small and medium-sized businesses](../defender-business/compare-mdb-m365-plans.md) include: <ul><li>Next-generation protection (including antimalware and ransomware protection)</li><li>Attack surface reduction</li><li>Endpoint detection and response</li><li>Automated investigation and response </li><li>Threat & vulnerability management</li><li>Centralized reporting</li><li>APIs (for integration with custom apps or reporting solutions)</li><li>[Integration with Microsoft 365 Lighthouse](../defender-business/mdb-lighthouse-integration.md)</li></ul> |

-In conjunction with this capability, a security recommendation to onboard devices to Microsoft Defender for Endpoint is available as part of the existing Defender Vulnerability Management experience.

-Network devices are not managed as standard endpoints, as Defender for Endpoint doesn't have a sensor built into the network devices themselves. These types of devices require an agentless approach where a remote scan will obtain the necessary information from the devices. To do this, a designated Microsoft Defender for Endpoint device will be used on each network segment to perform periodic authenticated scans of preconfigured network devices. Once discovered, Defender for Endpoint's Vulnerability Management capabilities provide integrated workflows to secure discovered switches, routers, WLAN controllers, firewalls, and VPN gateways.

-Vulnerabilities and risks on your devices as well as other discovered unmanaged devices in the network are part of the current Microsoft Defender Vulnerability Management(MDVM) flows under "Security Recommendations" and represented in entity pages across the portal.

-| Application | Machine.ReadWrite.All | ΓÇÿRead and write all machine informationΓÇÖ |

-| Delegated (work or school account) | Machine.ReadWrite | ΓÇÿRead and write machine informationΓÇÖ |

-| Application | Machine.ReadWrite.All | ' Read and write all machine informationΓÇÖ |

-| Delegated (work or school account) | Machine.Read | ' Read machine information ' |

- - m365-security-compliance

- - m365initiative-defender-endpoint

-[Endpoint detection and response](overview-endpoint-detection-response.md) (EDR) in block mode provides added protection from malicious artifacts when Microsoft Defender Antivirus(MDAV) is not the primary antivirus product and is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that were detected by EDR capabilities. Such artifacts might have been missed by the primary, non-Microsoft antivirus product. EDR in block mode allows Microsoft Defender Antivirus to take actions on post-breach, behavioral EDR detections. See the section, [Do I need to turn on EDR in block mode if I have Microsoft Defender Antivirus?](#do-i-need-to-turn-edr-in-block-mode-on-if-i-have-microsoft-defender-antivirus-running-on-devices) in the **Frequently asked questions** section.

-> EDR in block mode does not provide all the protection that is available when Microsoft Defender Antivirus real-time protection is enabled. Some capabilities depend on Microsoft Defender Antivirus to be the active antivirus solution, such as the following examples:

-> It is expected that your non-Microsoft antivirus solution includes these capabilities.

-When EDR in block mode is turned on, and a malicious artifact is detected, Defender for Endpoint remediates that artifact. Your security operations team will see detection status as **Blocked** or **Prevented** in the [Action center](respond-machine-alerts.md#check-activity-details-in-action-center), listed as completed actions. The following image shows an instance of unwanted software that was detected and remediated through EDR in block mode:

-For more information on the Defender CSP used for EDR in bloc

-|Operating system|Devices must be running one of the following versions of Windows: <ul><li>Windows 11</li><li>Windows 10 (all releases)</li><li>Windows Server 2019 or later</li><li>Windows Server, version 1803 or later</li><li>Windows Server 2016 (only when Microsoft Defender Antivirus is in active mode)</li></ul>|

-|Microsoft Defender for Endpoint|Devices must be onboarded to Defender for Endpoint. See [Minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md).|

-description: Provides information about the certificates APIs that pull "threat and vulnerability management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization.

-description: Provides information about the security baselines APIs that pull "threat and vulnerability management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization.

-keywords: apis, graph api, supported apis, get, security recommendations, Microsoft Defender for Endpoint tvm api, threat and vulnerability management, threat and vulnerability management api

-description: Provides information about the APIs that pull "threat and vulnerability management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization.

-osPlatform|String|Platform of the operating system running on the device. Specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management (MDVM) supported operating systems and platforms for details.

-OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management (MDVM) supported operating systems and platforms for details.

-OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management (MDVM) supported operating systems and platforms for details.

-OSPlatform|String|Platform of the operating system running on the device; specific operating systems with variations within the same family, such as Windows 10 and Windows 11. See Microsoft Defender Vulnerability Management (MDVM) supported operating systems and platforms for details.

-description: Provides information about the security baselines assessment configurations that pull "threat and vulnerability management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization.

-description: Provides information about the security baselines assessment profiles APIs that pull "threat and vulnerability management" data. There are different API calls to get different types of data. In general, each API call contains the requisite data for devices in your organization.

-## Threat Vulnerability Management

-## Threat and Vulnerability Management

-On January 25, 2022, we announced the general availability of Threat and Vulnerability management on Android and iOS. For more details, see [the techcommunity post here](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-general-availability-of-vulnerability-management/ba-p/3071663).

-<summary>July-2022 (Platform: 4.18.2205.TBD | Engine: 1.1.19500.2)</summary>

-*This section contains pre-release information that is still in active development. Expect updates, including the final security update version number, to occur.*

-&ensp;Security intelligence update version: *coming soon*<br/>

-&ensp;Release date: **August 8, 2022**<br/>

-&ensp;Platform: *4.18.2205.TBD*<br/>

-Security intelligence update version: *coming soon*<br/>

-| Threat Analytics | Alerts and incidents data: <ul><li>View data- security operations</li></ul>MDVM mitigations:<ul><li>View data - Microsoft Defender Vulnerability Management</li></ul> | Alerts and incidents data:<ul> <li>View-only manage alerts</li> <li>Manage alerts</li> <li>Organization configuration</li><li>Audit logs</li> <li>View-only audit logs</li><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> </ul> Prevented email attempts: <ul><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> | Not available for Defender for Cloud Apps or MDI users |

- - **Threat and vulnerability management** - View threat and vulnerability management data in the portal

-### Threat and vulnerability management - security baselines

-| Threat Analytics | Alerts and incidents data: <ul><li>View data- security operations</li></ul>MDVM mitigations:<ul><li>View data - Microsoft Defender Vulnerability Management</li></ul> | Alerts and incidents data:<ul> <li>View-only Manage alerts</li> <li>Manage alerts</li> <li>Organization configuration</li><li>Audit logs</li> <li>View-only audit logs</li><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> </ul> Prevented email attempts: <ul><li>Security reader</li> <li>Security admin</li><li>View-only recipients</li> | Not available for Defender for Cloud Apps or MDI users |

-Usually, the SOC team's core function is to make sure all security devices such as firewalls, intrusion prevention systems, data loss prevention systems, Defender Vulnerability Management systems, and identity systems are functioning correctly and being monitored. The SOC teams will work with the broader network operations such as identity, DevOps, cloud, application, data science, and other business teams to ensure the analysis of security information is centralized and secured. Additionally, the SOC team is responsible for maintaining logs of the data in useable and readable formats, which could include parsing and normalizing disparate formats.

-|Track Microsoft Defender Vulnerability Management (MDVM) activity|Generate MDVM Secure Score remediation activity and report to asset owners through an intranet portal.|Daily|Monitoring|

-## Create block for domains or email addresses entries

-### Use the Microsoft 365 Defender portal

-> The emails from these addresses or domains will be blocked as _high confidence spam_ (SCL = 9).

-> Users in the organization won't be able to send emails to these blocked domains and addresses. They will receive a non-delivery report which will state the following: "5.7.1 Your message can't be delivered because one or more recipients are blocked by your organizationΓÇÖs tenant allow/block list policy."

-### Use PowerShell

-This example adds a block for the specified email address or domain that expires on a specific date.

-## Create allow sender entries

-### Use Microsoft 365 Defender

-> - Because Microsoft manages the allow entries for you, unneeded domains or email addresses, URL, or file allow entries that aren't needed will be removed. This behavior protects your organization and helps prevent misconfigured allow entries. If you disagree with the verdict, you might need to open a support case to help determine why a message is still considered bad.

-7. Add why you are adding the allow using the **Optional Note** box.

-## View domain or email addresses entries

-## Modify domain or email addresses entries

-## Remove domain or email addresses entries

-### Use Microsoft 365 Defender

-> The emails from these senders will be blocked as _phish_.

-### Use PowerShell

-## Create allowed spoofed sender entries

-### Use the Tenant Allow/Block List in Microsoft 365 Defender

-### Use Admin Submission in Microsoft 365 Defender

-Use [admin submissions](admin-submission.md) to submit the blocked message. This action will add the corresponding URL, file, spoofed sender domain pair, impersonated domain (or user) and/or sender to the Tenant Allow/Block List. If the item has not been blocked, then the allow won't be created.

-### Use PowerShell

-## Modify spoofed sender entries

-## Remove spoofed sender entries

-### Use Admin Submission in Microsoft 365 Defender

-Use [admin submissions](admin-submission.md) to submit the blocked message. This action will add the corresponding URL, file, spoofed sender domain pair, impersonated domain (or user) and/or sender to the Tenant Allow/Block List. If the item has not been blocked, then the allow won't be created.

- - **Phishing**: The spam filter verdict was **Phishing** or anti-phishing protection quarantined the message ([spoof settings](set-up-anti-phishing-policies.md#spoof-settings) or [impersonation protection](set-up-anti-phishing-policies.

- - (Choose to) Apply Preset Strict/Standard policies to entire organization and avoid the hassle of selecting specific recipient users, groups, or domains, thereby securing all recipient users of your organization.

-

-Guest sharing settings are now configured, so you can start adding internal users and guests to your site. Site access is controlled through the associated Microsoft 365 Group, so we'll be adding users there.

-Guests can't be added from the site. You need to add them using Outlook on the web. Therefore, as a prerequisite to add and invite guests to a group, click the URL of the site in the **URL** column to navigate to the site-specific page. From this page, click the **App launcher** icon and select **Outlook**. This is the screen from which you can invite guests into a group, for which procedure is described below.

-To invite guests to a group

-1. Under **Groups**, click the group to which you want to invite guests.

-2. Open the group contact card, click **Members** link in the upper right (the link which denotes the member count).

-3. click **Add members**.

-4. Type the email addresses of the guests that you want to invite, and then click **Add**.

-5. Click **Close**.

-Note that you need to click **Close** only if you are not the owner of the group and as a result, you are not allowed to add the guest into the group. In such cases, the request to add the guest into the group is transferred to the group owner for approval.