| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| admin | Office 365 Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md | Title: "Overview of Microsoft 365 Groups for administrators"-+ Last updated 02/18/2020 f1.keywords: NOCSH -+ audience: Admin The following limits apply to Microsoft 365 Groups: |:|:-| |Owners per group|100| |Groups a user can create|250|-|Groups an admin can create|There are no Microsoft 365 group specific limits. There's an overall Azure AD object limit specific to each organization. An Azure AD admin who can manage groups in the organization can create an unlimited number of Microsoft 365 groups up to the Azure AD object limit. See [AAD service limits and restrictions](/azure/active-directory/enterprise-users/directory-service-limits-restrictions).| +|Groups an admin can create|There are no Microsoft 365 group specific limits. There's an overall Azure AD object limit specific to each organization. An Azure AD admin who can manage groups in the organization can create an unlimited number of Microsoft 365 groups up to the Azure AD object limit. See [Azure AD service limits and restrictions](/azure/active-directory/enterprise-users/directory-service-limits-restrictions).| |Number of members|More than 1,000, though only 1,000 can access the group conversations concurrently. <br>Users might notice delays when accessing the calendar and conversations in large groups in Outlook.| |Number of groups a user can be an owner of|7,000| |Number of groups a user can be a member of|7,000| Managing your Microsoft 365 groups is more effective when you have actionable in You can create sensitivity labels that the users in your organization can set when they create a Microsoft 365 group. With sensitivity labels, you can configure: - Privacy (public or private)-- External users access+- Guest access - Unmanaged device access -For example, you can create a label called *Highly Confidential* and specify that any group created with this label will be private and not allow external users. When users in your organization select this label during group creation, the group will be set to private and group members will not be allowed to add external users to the group. +For example, you can create a label called *Highly Confidential* and specify that any group created with this label will be private and not allow guests. When users in your organization select this label during group creation, the group will be set to private and group members will not be allowed to add guests users to the group. > [!IMPORTANT] > If you are currently using classification labels, they will no longer be available to users who create groups once sensitivity labels are enabled. For information about creating, managing, and using sensitivity labels, see [Use ## Which Microsoft 365 plans include groups? -Any Microsoft 365 subscription that has Exchange Online and SharePoint Online will support groups. That includes the Business Essentials and Business Premium plans, and the Enterprise E1, E3, and E5 plans. The group takes on the licensing of the person who creates the group (also known as the "organizer" of the group). As long as the organizer has the proper license for whatever features you want the group to have, that license will convey to the group. +Any Microsoft 365 subscription that has Exchange Online and SharePoint Online will support groups. That includes the Business Essentials and Business Premium plans, and the Enterprise E1, E3, and E5 plans. The group takes on the licensing of the person who creates the group. As long as they have the proper license for whatever features you want the group to have, that license will convey to the group. > [!NOTE] > For more details about Microsoft 365 service families and plans, see [Microsoft 365 plan options](/office365/servicedescriptions/office-365-platform-service-description/office-365-plan-options). If you have an Exchange-only plan you can still get the shared inbox and shared calendar features of groups in Outlook but you won't get the document library, Planner or any of the other capabilities. -Microsoft 365 groups work with Azure Active Directory. The groups features you get depends on which Azure Active Directory subscription you have, and what licenses are assigned to the organizer of the group. +Microsoft 365 groups work with Azure Active Directory. The groups features you get depends on which Azure Active Directory subscription you have, and what licenses are assigned to the person who created the group. > [!IMPORTANT]-> For all the groups features, if you have an Azure AD Premium subscription, users can join the group whether or not they have an AAD P1 license assigned to them. Licensing isn't enforced. +> For all the groups features, if you have an Azure AD Premium subscription, users can join the group whether or not they have an Azure AD P1 license assigned to them. Licensing isn't enforced. > Periodically we will generate usage reports that tell you which users are missing a license, and need one assigned to them to be compliant with the licensing requirements. For example, let's say a user doesn't have a license and they are added to a group where the naming policy is enforced. The report will flag for you that they need a license. ## Related content |
| lighthouse | M365 Lighthouse Assign A Baseline | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-assign-a-baseline.md | + + Title: "Assign a baseline in Microsoft 365 Lighthouse" +f1.keywords: CSH ++++ Last updated : 08/16/2023+audience: Admin +++ms.localizationpriority: medium ++- Tier1 +- scotvorg +- M365-subscription-management +- Adm_O365 ++- AdminSurgePortfolio +- M365-Lighthouse +search.appverid: MET150 +description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to assign a baseline to a tenant." +++# Assign a baseline in Microsoft 365 Lighthouse ++By default, Microsoft 365 Lighthouse assigns the default baseline to all tenants. You can create and assign a baseline to accommodate varying customer requirements. ++> [!NOTE] +> Some features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, you should see it soon. +> +> To see which new features are currently available in your partner tenant, go to the **Home** page of Microsoft 365 Lighthouse, and then either select the **What's new** link in the upper-right corner of the page or select **What's new** on the **What's new & learning resources** card. ++## Before you begin ++Make sure you and your customer tenants meet the requirements listed in [Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md). ++Additionally, each partner tenant user must be a Microsoft 365 Lighthouse admin. ++## Assign a baseline to a tenant ++1. In the left navigation pane in Lighthouse, select **Tenants**. +2. Select a tenant to which you want to assign a new baseline. +3. Select **Assign baseline**. +4. Select the baseline you want to assign to the selected tenants. ++> [!NOTE] +> Baselines do not include tenant-specific attributes, and the assignment of a new baseline will overwrite any pre-existing customization to the configuration of a tenant’s deployment plan, such as deployment task dismissals, user and user group exclusions, and deployment statuses of manual deployment tasks. These values will need to be re-entered for each tenant, as needed. ++## Next steps ++Once the baseline is assigned, Lighthouse queries the assigned tenants to detect and report their deployment status. [Review the deployment plan](m365-lighthouse-review-deployment-plan.md) to determine the next steps in the deployment process. ++## Related content ++[Create baselines](m365-lighthouse-create-a-baseline.md) (article)\ +[Overview of using Microsoft 365 Lighthouse baselines to deploy standard tenant configurations](m365-lighthouse-deploy-standard-tenant-configurations-overview.md) (article)\ +[Overview of permissions in Microsoft 365 Lighthouse](m365-lighthouse-overview-of-permissions.md) (article)\ +[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article) |
| lighthouse | M365 Lighthouse Create A Baseline | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-create-a-baseline.md | + + Title: "Create a baseline in Microsoft 365 Lighthouse" +f1.keywords: CSH ++++ Last updated : 08/16/2023+audience: Admin +++ms.localizationpriority: medium ++- Tier1 +- scotvorg +- M365-subscription-management +- Adm_O365 ++- AdminSurgePortfolio +- M365-Lighthouse +search.appverid: MET150 +description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to create a custom baseline." +++# Create baselines in Microsoft 365 Lighthouse ++Microsoft 365 Lighthouse empowers you to create your own baselines to deploy to customer tenants. Create your own baselines to accommodate customers with varying degrees of tenant maturity, customers from different industries, customers that have subscribed to different managed services from your company, or customers with varying licensing models. ++> [!NOTE] +> Some features get rolled out at different speeds to our customers. If you aren't seeing a feature yet, you should see it soon. +> +> To see which new features are currently available in your partner tenant, go to the **Home** page of Microsoft 365 Lighthouse, and then either select the **What's new** link in the upper-right corner of the page or select **What's new** on the **What's new & learning resources** card. ++## Before you begin ++Make sure you and your customer tenants meet the requirements listed in [Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md). ++Additionally, each partner tenant user must be a Microsoft 365 Lighthouse admin. ++## Create a baseline ++There are three ways to create a baseline in Lighthouse. You can clone an existing baseline, import a baseline, or create a new baseline. ++To clone an existing baseline: ++1. In the left navigation pane in Lighthouse, select **Deployment \> Baselines**. ++2. From the baseline list, select the baseline you want to clone. ++3. Select **Clone** ++> [!NOTE] +> The new baseline will be the name of the baseline from which it was cloned with “(1)” added to the end. ++To import a baseline: ++1. In the left navigation pane in Lighthouse, select **Deployment \> Baselines**. ++2. Select **Import**. ++3. Select the desired baseline file. ++4. Select **Import**. ++To create a new baseline: ++1. In the left navigation pane in Lighthouse, select **Deployment \> Baselines**. ++2. Select **Create**. ++3. Provide a display name and description for the new baseline. ++4. Select **Create**. ++> [!NOTE] +> Baselines can be edited, deleted, and exported from the page. The Default baseline can’t be edited or deleted. ++## Add deployment task to a baseline ++Baselines are composed of deployment tasks. You can add as many deployment tasks as you want to a baseline. There are two ways to add deployment tasks to a baseline. You can clone a deployment task from an existing baseline or extract a configuration from a managed tenant. ++To clone a deployment task from an existing baseline: ++1. In the left navigation pane in Lighthouse, select **Deployment \> Baselines**. +2. Select a baseline from the list. +3. Select **New task**. +4. From the list, select **Clone**. +5. From the **New task** panel, select the baseline that contains the task you want to clone. +6. Select the deployment task you want to clone. +7. Select **Import**. ++To extract a configuration from a managed tenant: ++> [!IMPORTANT] +> Extracted configurations may contain tenant-specific setting values that should be removed from a baseline to avoid applying them to other managed tenants. ++Lighthouse will, where possible, detect configurations and policies that contain sensitive information and remove the tenant-specific value from the baseline. There are some configuration types where sensitive setting values must be detected and removed manually to ensure they aren't included in the baseline. ++Lighthouse admins must review the extracted configuration and remove any tenant-specific setting values that shouldn't be applied to other managed tenants. ++1. In the left navigation pane in Lighthouse, select **Deployment \> Baselines**. +2. Select a baseline from the list. +3. Select **New task**. +4. From the list, select the desired configuration. +5. Select the tenant from which you want to extract the configuration. +6. Select the configuration you want to extract. +7. Select **Next**. +8. Provide the display name, description, and user impact details. +9. Review the task to ensure that any tenant-specific setting values that shouldn't be applied to other managed tenants are removed. +10. If applicable, select the **Remove** icon to remove any tenant-specific setting values +11. Select **Create**. ++> [!NOTE] +> Deployment tasks can be edited or deleted by accessing the ellipsis menu for the task and can be prioritized by selecting the **Priority** arrows to make a task a higher or lower priority. ++## Next steps ++Once a baseline is created, you can assign the baseline to a tenant. For more information, see [Assign a baseline](m365-lighthouse-assign-a-baseline.md). ++## Related content ++[Overview of using Microsoft 365 Lighthouse baselines to deploy standard tenant configurations](m365-lighthouse-deploy-standard-tenant-configurations-overview.md) (article)\ +[Overview of permissions in Microsoft 365 Lighthouse](m365-lighthouse-overview-of-permissions.md) (article)\ +[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article) |
| ms-feed | M365 Feed | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/ms-feed/m365-feed.md | Read more about how the feed works here: [Discover and learn with Microsoft Fee ## Where can users see Microsoft Feed? -In **Microsoft 365** (previously Office.com), while signed in with a work or school account, select **Feed** from the left navigation bar. +In **Microsoft Edge**, select the **Work feed** page when opening a new tab. - --In **Microsoft Edge**, select the **Microsoft 365** page when opening a new tab. -- + See the section *Find your way around* in [Discover and learn with Microsoft Feed](https://support.microsoft.com/en-us/office/discover-and-learn-with-microsoft-feed-9c190800-e348-46b7-9d46-41c628b80ebb) In Microsoft 365, as a tenant admin, if you want to disable the new experience, 3. If you're in the admin center, select **Support** > **New service request.** 4. To re-enable the feature, you can create a **New service request.** -In Microsoft Edge, while signed in with a work or school account, as a tenant admin, if you want to disable the new experience, you can choose to *not show* Microsoft 365 content on the Microsoft Edge new tab page: +In Microsoft Edge, while signed in with a work or school account, as a tenant admin, if you want to disable the new experience, you can choose to *not show* Work feed content on the Microsoft Edge new tab page: 1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com) 2. Go to **Org settings** > **News.** 3. Under **News**, select **Microsoft Edge new tab page**. 4. *Clear* the box that says **Show Microsoft 365 content on the Microsoft Edge new tab page.** 5. To re-enable the feature, check the box that says **Show Microsoft 365 content on the Microsoft Edge new tab page.**+6. To make it a default feed, **Set Users default to Work feed**. ## Provide feedback We would love to hear from you! To let us know what you think of this feature, you can reach us by: -1. Responding to our Message Center post with feedback. This option is only available for tenant admins with access to the Microsoft Admin Center in Microsoft 365. -2. Providing general feature feedback when viewing Microsoft Feed by clicking on "Feedback" in the lower right-hand corner. +1. Responding to our Message Center post with feedback. This option is only available for tenant admins with access to the Microsoft Admin Center in Microsoft 365. +2. Providing general feature feedback when viewing Microsoft Feed by clicking on "Feedback" in the lower right-hand corner. ## Frequently Asked Questions (FAQ) Following is synchronized between Microsoft Feed and Viva Engage. Following feat 3. **What's the connection between** [Office Delve](https://delve.office.com) **and Microsoft Feed?** -Office Delve and Microsoft Feed are both based on Microsoft Graph. However, turning off Office Delve will not turn off Microsoft Feed. +Office Delve and Microsoft Feed are both based on Microsoft Graph. However, turning off Office Delve will not turn off Microsoft Feed. |
| security | Reports Email Security | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-email-security.md | The **URL protection report** is available only in Microsoft Defender for Office ## User reported messages report > [!IMPORTANT]-> In order for the **User reported messages** report to work correctly, **audit logging must be turned on** in your Microsoft 365 organization (it's on by default). For more information, see [Turn auditing on or off](../../compliance/audit-log-enable-disable.md). +> In order for the **User reported messages** report to work correctly, **audit logging must be turned on** in your Microsoft 365 organization (it's on by default). For more information, see [Turn auditing on or off](/purview/audit-log-enable-disable). The **User reported messages** report shows information about email messages that users have reported as junk, phishing attempts, or good mail by using the [built-in Report button in Outlook on the web](submissions-outlook-report-messages.md#use-the-built-in-report-button-in-outlook-on-the-web) or the [Microsoft Report Message or Report Phishing add-ins](submissions-outlook-report-messages.md#use-the-report-message-and-report-phishing-add-ins-in-outlook). |
| security | Responding To A Compromised Email Account | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account.md | Users might notice and report unusual activity in their Microsoft 365 mailboxes. If a user reports these symptoms or other unusual symptoms, you should investigate. The Microsoft 365 Defender portal and the Azure portal offer the following tools to help you investigate suspicious activity on a user account. -- **Unified audit logs in the Microsoft 365 Defender portal**: Filter the logs for activity using a date range that starts immediately before the suspicious activity occurred to today. Don't filter on specific activities during the search. For more information, see [Search the audit log](../../compliance/search-the-audit-log-in-security-and-compliance.md).+- **Unified audit logs in the Microsoft 365 Defender portal**: Filter the logs for activity using a date range that starts immediately before the suspicious activity occurred to today. Don't filter on specific activities during the search. For more information, see [Search the audit log](/purview/audit-log-search). - **Azure AD Sign-in logs and other risk reports in the Azure AD portal**: Examine the values in these columns: - Review IP address |
| security | Safe Attachments For Spo Odfb Teams Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-configure.md | You turn on or turn off Safe Attachments for Office 365 for SharePoint, OneDrive - To use SharePoint Online PowerShell to prevent people from downloading malicious files, you need to be member of the [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator) or [SharePoint Administrator](/azure/active-directory/roles/permissions-reference#sharepoint-administrator) roles in Azure AD. -- Verify that audit logging is enabled for your organization (it's on by default). For instructions, see [Turn auditing on or off](../../compliance/audit-log-enable-disable.md).+- Verify that audit logging is enabled for your organization (it's on by default). For instructions, see [Turn auditing on or off](/purview/audit-log-enable-disable). - Allow up to 30 minutes for the settings to take effect. For detailed syntax and parameter information, see [Set-SPOTenant](/powershell/m ## Step 3 (Recommended) Use the Microsoft 365 Defender portal to create an alert policy for detected files -You can create an alert policy that notifies admins when Safe Attachments for SharePoint, OneDrive, and Microsoft Teams detects a malicious file. To learn more about alert policies, see [Alert policies](../../compliance/alert-policies.md). +You can create an alert policy that notifies admins when Safe Attachments for SharePoint, OneDrive, and Microsoft Teams detects a malicious file. To learn more about alert policies, see [Alert policies](/purview/alert-policies). 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Alert policy**. To go directly to the **Alert policy** page, use <https://security.microsoft.com/alertpolicies>. |
| security | Scc Permissions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/scc-permissions.md | Last updated 8/3/2023 [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)] -The [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal) and [Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center) have replaced the Security & Compliance Center as the place to manage Microsoft Defender for Office 365 and Microsoft Purview compliance roles and role groups for your organization. For more information about permissions within these portals, see the following articles: +The [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal) and [Microsoft Purview compliance portal](/purview/microsoft-365-compliance-center) have replaced the Security & Compliance Center as the place to manage Microsoft Defender for Office 365 and Microsoft Purview compliance roles and role groups for your organization. For more information about permissions within these portals, see the following articles: - [Email & collaboration permissions in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/mdo-portal-permissions)-- [Microsoft Purview solutions permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions)+- [Permissions in the Microsoft Purview compliance portal](/purview/microsoft-365-compliance-center-permissions) These portals let you grant permissions to people who perform tasks like device management, data loss prevention, eDiscovery, retention, and so on. These people can perform only the tasks that you explicitly grant them access to. To access these portals, users need to be a global admin or a member of one or more role groups in Defender for Office 365 (**Email & collaboration** role groups) or Purview compliance (**Microsoft Purview solutions** role groups). Managing permissions in Defender for Office 365 or Purview compliance gives user |**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader| |**Data Investigator**|Perform searches on mailboxes, SharePoint Online sites, and OneDrive for Business locations.|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge| |**Data Source Administrators**|Manage data sources and data scans.|Credential Reader <br/><br/> Credential Writer <br/><br/> Scan Reader <br/><br/> Scan Writer <br/><br/> Source Reader <br/><br/> Source Writer|-|**eDiscovery Manager**|Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the **eDiscovery cases** page in the compliance portal. An eDiscovery manager can only access the cases they created or cases they're a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the compliance portal](../../compliance/assign-ediscovery-permissions.md).|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Manage Review Set Tags <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Scope Manager| +|**eDiscovery Manager**|Members can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the **eDiscovery cases** page in the compliance portal. An eDiscovery manager can only access the cases they created or cases they're a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the compliance portal](/purview/ediscovery-assign-permissions).|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Manage Review Set Tags <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Scope Manager| |**Global Reader**|Members have read-only access to reports, alerts, and can see all the configuration and settings. <br/><br/> The primary difference between Global Reader and Security Reader is that a Global Reader can access **configuration and settings**.|Compliance Manager Reader <br/><br/> Security Reader <br/><br/> Sensitivity Label Reader <br/><br/> Service Assurance View <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management| |**Information Protection**|Full control over all information protection features, including sensitivity labels and their policies, DLP, all classifier types, activity and content explorers, and all related reports.|Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Purview Evaluation Administrator| |**Information Protection Admins**|Create, edit, and delete DLP policies, sensitivity labels and their policies, and all classifier types. Manage endpoint DLP settings and simulation mode for auto-labeling policies.|Information Protection Admin <br/><br/> Purview Evaluation Administrator| Managing permissions in Defender for Office 365 or Purview compliance gives user |**Privacy Management Viewers**|Viewer of privacy management solution that can access the available dashboards and widgets.|Compliance Manager Reader <br/><br/> Data Classification List Viewer <br/><br/> Privacy Management Viewer| |**Quarantine Administrator**|Members can access all Quarantine actions. For more information, see [Manage quarantined messages and files as an admin in EOP](quarantine-admin-manage-messages-files.md)|Quarantine| |**Records Management**|Members can configure all aspects of records management, including retention labels and disposition reviews.|Disposition Management <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Scope Manager|-|**Reviewer**|Members can access review sets in [eDiscovery (Premium)](../../compliance/overview-ediscovery-20.md) cases. Members of this role group can see and open the list of cases on the **eDiscovery \> Advanced** page in the Microsoft Purview compliance portal that they're members of. After the user accesses an eDiscovery (Premium) case, they can select **Review sets** to access case data. This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. Members of this role group can only access the data in a review set.|Review| +|**Reviewer**|Members can access review sets in [eDiscovery (Premium)](/purview/ediscovery-overview) cases. Members of this role group can see and open the list of cases on the **eDiscovery \> Advanced** page in the Microsoft Purview compliance portal that they're members of. After the user accesses an eDiscovery (Premium) case, they can select **Review sets** to access case data. This role doesn't allow the user to preview the results of a collection search that's associated with the case or do other search or case management tasks. Members of this role group can only access the data in a review set.|Review| |**Security Administrator**|Members have access to many security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. <br/><br/> By default, this role group may not appear to have any members. However, the Security Administrator role from Azure Active Directory is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Administrator role from Azure Active Directory. <br/><br/> To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). If you edit this role group in these portals (membership or roles), those changes apply only to the security and compliance areas and not to any other services. <br/><br/> This role group includes all of the read-only permissions of the Security reader role, plus many additional administrative permissions for the same |**Security Operator**|Members can manage security alerts, and also view reports and settings of security features.|Compliance Search <br/><br/> Manage Alerts <br/><br/> Security Reader <br/><br/> Tag Contributor <br/><br/> Tag Reader <br/><br/> Tenant AllowBlockList Manager <br/><br/> View-Only Audit Logs <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts| |**Security Reader**|Members have read-only access to many security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. <br/><br/> By default, this role group may not appear to have any members. However, the Security Reader role from Azure Active Directory is assigned to this role group. Therefore, this role group inherits the capabilities and membership of the Security Reader role from Azure Active Directory. <br/><br/> To manage permissions centrally, add and remove group members in the Azure Active Directory admin center. For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference). If you edit this role group in the portals (membership or roles), those changes apply only to security and compliance areas and not to any other services.|Compliance Manager Reader <br/><br/> Security Reader <br/><br/> Sensitivity Label Reader <br/><br/> Tag Reader <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts|-|**Service Assurance User**|Members can access the Service assurance section in the compliance portal. Service assurance provides reports and documents that describe Microsoft's security practices for customer data that's stored in Microsoft 365. It also provides independent third-party audit reports on Microsoft 365. For more information, see [Service assurance in the compliance portal](../../compliance/service-assurance.md).|Service Assurance View| +|**Service Assurance User**|Members can access the Service assurance section in the compliance portal. Service assurance provides reports and documents that describe Microsoft's security practices for customer data that's stored in Microsoft 365. It also provides independent third-party audit reports on Microsoft 365. For more information, see [Service assurance in the compliance portal](/purview/service-assurance).|Service Assurance View| |**Subject Rights Request Administrators**|Create subject rights requests.|Case Management <br/><br/> Compliance Manager Contribution <br/><br/> Compliance Manager Reader <br/><br/> Subject Rights Request Admin <br/><br/> View-Only Case| |**Subject Rights Request Approvers**|Approvers who are able to approve subject rights requests.|Compliance Manager Reader <br/><br/> Subject Rights Request Approver|-|**Supervisory Review**|Members can create and manage the policies that define which communications are subject to review in an organization. For more information, see [Configure communication compliance policies for your organization](../../compliance/communication-compliance-configure.md).|Supervisory Review Administrator| +|**Supervisory Review**|Members can create and manage the policies that define which communications are subject to review in an organization. For more information, see [Configure communication compliance policies for your organization](/purview/communication-compliance-configure).|Supervisory Review Administrator| > [!NOTE]-> <sup>1</sup> This role group doesn't assign members the permissions necessary to search the audit log or to use any reports that might include Exchange data, such as the DLP or Defender for Office 365 reports. To search the audit log or to view all reports, a user has to be assigned permissions in Exchange Online. This action is required because the underlying cmdlet that's used to search the audit log is an Exchange Online cmdlet. Global admins can search the audit log and view all reports because they're automatically added as members of the Organization Management role group in Exchange Online. For more information, see [Search the audit log in the compliance portal](../../compliance/search-the-audit-log-in-security-and-compliance.md). +> <sup>1</sup> This role group doesn't assign members the permissions necessary to search the audit log or to use any reports that might include Exchange data, such as the DLP or Defender for Office 365 reports. To search the audit log or to view all reports, a user has to be assigned permissions in Exchange Online. This action is required because the underlying cmdlet that's used to search the audit log is an Exchange Online cmdlet. Global admins can search the audit log and view all reports because they're automatically added as members of the Organization Management role group in Exchange Online. For more information, see [Search the audit log in the compliance portal](/purview/audit-log-search). ## Roles in Microsoft Defender for Office 365 and Microsoft Purview compliance |
| security | Secure Email Recommended Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-email-recommended-policies.md | See the steps to configure this policy in [Manage messaging collaboration access With Microsoft Purview Message Encryption, which leverages the protection features in Azure Information Protection, your organization can easily share protected email with anyone on any device. Users can send and receive protected messages with other Microsoft 365 organizations as well as non-customers using Outlook.com, Gmail, and other email services. -For more information, see [Set up new Office 365 Message Encryption capabilities](../../compliance/set-up-new-message-encryption-capabilities.md). +For more information, see [Set up new Office 365 Message Encryption capabilities](/purview/set-up-new-message-encryption-capabilities). ## Next steps |
| security | Siem Integration With Office 365 Ti | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/siem-integration-with-office-365-ti.md | The following table summarizes the values of **AuditLogRecordType** that are rel > [!IMPORTANT] > You must have either the global administrator or Security Administrator role assigned in the Microsoft 365 Defender portal to set up SIEM integration with Microsoft Defender for Office 365. For more information, see [Permissions in the Microsoft 365 Defender portal](mdo-portal-permissions.md). >-> Audit logging must be turned on for your Microsoft 365 environment (it's on by default). To verify that audit logging is turned on or to turn it on, see [Turn auditing on or off](../../compliance/audit-log-enable-disable.md). +> Audit logging must be turned on for your Microsoft 365 environment (it's on by default). To verify that audit logging is turned on or to turn it on, see [Turn auditing on or off](/purview/audit-log-enable-disable). ## See also |
| security | Siem Server Integration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/siem-server-integration.md | A SIEM server can receive data from a wide variety of Microsoft 365 services and Make sure that audit logging is turned on before you configure SIEM server integration: -- For SharePoint Online, OneDrive for Business, and Azure Active Directory, see [Turn auditing on or off](../../compliance/audit-log-enable-disable.md).-- For Exchange Online, see [Manage mailbox auditing](../../compliance/audit-mailboxes.md).+- For SharePoint Online, OneDrive for Business, and Azure Active Directory, see [Turn auditing on or off](/purview/audit-log-enable-disable). +- For Exchange Online, see [Manage mailbox auditing](/purview/audit-mailboxes). ## Integration steps if your SIEM is Microsoft Sentinel |
| security | Skip Filtering Phishing Simulations Sec Ops Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes.md | Use the _advanced delivery policy_ in EOP to prevent inbound messages _in these - Filters in EOP and Defender for Office 365 take no action on these messages.┬╣ - [Zero-hour Purge (ZAP)](zero-hour-auto-purge.md) for spam and phishing take no action on these messages┬▓.-- [Default system alerts](/microsoft-365/compliance/alert-policies#default-alert-policies) aren't triggered for these scenarios.+- [Default system alerts](/purview/alert-policies#default-alert-policies) aren't triggered for these scenarios. - [AIR and clustering in Defender for Office 365](air-about.md) ignores these messages. - Specifically for third-party phishing simulations: - [Admin submission](submissions-admin.md) generates an automatic response saying that the message is part of a phishing simulation campaign and isn't a real threat. Alerts and AIR aren't triggered. The admin submissions experience shows these messages as a simulated threat. |
| security | Submissions Teams | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-teams.md | For more information, see [User reported settings](submissions-user-reported-mes - If you select **Send the reported messages to** \> **My reporting mailbox only**, reported messages don't go to Microsoft for analysis unless an admin manually submits the message from the **User reported** tab on the **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=user>. Reporting messages to Microsoft is an important part of training the service to help improve the accuracy of filtering (reduce false positives and false negatives). That's why we use **Send the reported messages to** \> **Microsoft and my reporting mailbox** as the default. - Regardless of the **Send the reported messages to** setting, metadata from the reported Teams message (for example, senders, recipients, reported by, and message details) is available on the **User reported** tab on the **Submissions** page.-- Regardless of the **Send the reported messages to** setting, the alert policy named **Teams message reported by user as a security risk** generates an alert when a user reports a message in Teams by default. For more information, see [Manage alerts](/microsoft-365/compliance/alert-policies#manage-alerts).+- Regardless of the **Send the reported messages to** setting, the alert policy named **Teams message reported by user as a security risk** generates an alert when a user reports a message in Teams by default. For more information, see [Manage alerts](/purview/alert-policies#manage-alerts). To view the corresponding alert for a user reported message in Teams, go to the **User reported** tab on the **Submission** page, and then double-click the message to open the submission flyout. Select :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: **More options** and then select **View alert**. |
| security | Submissions User Reported Messages Custom Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox.md | Before you get started, you need to use the following steps to configure Exchang - Create a Safe Links policy for the reporting mailbox where Safe Links scanning in email is turned off (**URL & click protection settings** \> **On: Safe Links checks a list of known, malicious links when users click links in email** isn't selected or `EnableSafeLinksForEmail $false` in PowerShell). For instructions, see [Set up Safe Links policies in Microsoft Defender for Office 365](safe-links-policies-configure.md). -- If you have data loss prevention (DLP), exclude the reporting mailbox from DLP. For more information, see [Data loss prevention Exchange conditions and actions reference](../../compliance/dlp-exchange-conditions-and-actions.md).+- If you have data loss prevention (DLP), exclude the reporting mailbox from DLP. For more information, see [Data loss prevention Exchange conditions and actions reference](/purview/dlp-exchange-conditions-and-actions). After you verify that the reporting mailbox meets all of these requirements, use the procedures in this article to identify the reporting mailbox and to configure the related settings. |
| security | Tenant Allow Block List About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list-about.md | By default, allow entries for domains and email addresses, files, and URLs exist After you add an allow entry on the **Submissions** page or a block entry in the Tenant Allow/Block List, the entry should start working immediately 99.999% of the time. For the rest, it could take up to 24 hours. -If Microsoft has learned from the allow entry, the entry is removed. You'll get an alert about the removal of the now unnecessary allow entry from the built-in [alert policy](../../compliance/alert-policies.md) named **Removed an entry in Tenant Allow/Block List**). +If Microsoft has learned from the allow entry, the entry is removed. You'll get an alert about the removal of the now unnecessary allow entry from the built-in [alert policy](/purview/alert-policies) named **Removed an entry in Tenant Allow/Block List**). |
| security | User Tags About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/user-tags-about.md | After you apply system tags or custom tags to users, you can use those tags as f - [Alerts](../defender/investigate-alerts.md) - [Incidents](mdo-sec-ops-manage-incidents-and-alerts.md)-- [Custom alert policies](../../compliance/alert-policies.md#view-alerts)+- [Custom alert policies](/purview/alert-policies#view-alerts) - [Threat Explorer](threat-explorer-about.md) - [Campaign Views](campaigns.md) - [Email entity page](mdo-email-entity-page.md) |
| security | Why Do I Need Microsoft Defender For Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/why-do-i-need-microsoft-defender-for-office-365.md | To access Microsoft Defender for Office 365 features, you *must* be assigned an |global administrator (or Organization Management)|You can assign this role in Azure Active Directory or in the Microsoft 365 Defender portal. For more information, see [Permissions in the Microsoft 365 Defender portal](mdo-portal-permissions.md).| |Security Administrator|You can assign this role in Azure Active Directory or in the Microsoft 365 Defender portal. For more information, see [Permissions in the Microsoft 365 Defender portal](mdo-portal-permissions.md).| |Organization Management in Exchange Online|[Permissions in Exchange Online](/exchange/permissions-exo/permissions-exo) <p> [Exchange Online PowerShell](/powershell/exchange/exchange-online-powershell)|-|Search and Purge|This role is available only in the Microsoft 365 Defender portal or the Microsoft Purview compliance portal. For more information, see [Permissions in the Microsoft 365 Defender portal](mdo-portal-permissions.md) and [Permissions in the Microsoft Purview compliance portal](../../compliance/microsoft-365-compliance-center-permissions.md).| +|Search and Purge|This role is available only in the Microsoft 365 Defender portal or the Microsoft Purview compliance portal. For more information, see [Permissions in the Microsoft 365 Defender portal](mdo-portal-permissions.md) and [Permissions in the Microsoft Purview compliance portal](/purview/microsoft-365-compliance-center-permissions).| ||| ## Where can you get Microsoft Defender for Office 365? |
| syntex | Adoption Getstarted | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/adoption-getstarted.md | Determine who in your organization will build and manage the models. The followi |:-|:-|:-|:-| | Microsoft Entra role| Microsoft Entra role | Microsoft Entra role | Champions | | Configure structured document processing and freeform document processing models | Configure Dataverse environment | Gather use cases | Gather business use cases |-| Manage content centers and permissions| Purchase and allocate AIB credits | Establish best practices and review model analytics | Create and apply models | +| Manage content centers and permissions| Purchase and allocate AI Builder credits | Establish best practices and review model analytics | Create and apply models | Knowledge manager, business process owner, and content model owner create sample models and champion adoption in the organization. Others who might be involved the compliance admin and taxonomy managers. |
| syntex | Ocr Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/ocr-overview.md | The OCR service is available for the following file types: - JPG - PNG - BMP-- TIFF-- PDF (image only) ### Supported languages The OCR service supports more than [150 languages](/azure/cognitive-services/language-support). +### Supported locations and solutions ++|Location |Supported solution | +||| +|Exchange |Text is available in end-user search and search-driven scenarios. | +|SharePoint sites |Text is available in end-user search and search-driven scenarios. | +|OneDrive accounts |Text is available in end-user search and search-driven scenarios. | + ### File limitations - Image file sizes must be less than 50 MB. |
| syntex | Syntex Licensing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-licensing.md | To use Syntex, you must have a license for each Syntex user. If you remove all S The following tasks require a [Syntex per-user license](https://www.microsoft.com/microsoft-365/enterprise/sharepoint-syntex) for the user performing them: - Apply an unstructured document processing model to a library. (Unlicensed users can be granted access to a content center and can create models there, but can't apply them to a document library.)-- Create a structured document processing model or a freeform document processing model via the entry point in a library-- Upload content to a library where a custom model has been applied-- Run an unstructured document processing model on-demand-- Create a modern template with content assembly-- Generate a document from a modern template-- Use of content query to search for metadata-- Use of annotations to add notes and comments+- Create a structured document processing model or a freeform document processing model via the entry point in a library. +- Upload content to a library where a custom model has been applied. +- Run an unstructured document processing model on-demand. +- Use of content query to search for metadata. +- Use of annotations to add notes and comments. - Use of premium taxonomy services. (Premium taxonomy services comprise SKOS-based term set import, pushing enterprise content types to hub-associated sites, and term store reports.)-- Use the document library rules to move or copy content-- Merge and extract PDFs in OneDrive for Android and iOS+- Use the document library rules to move or copy content. +- Merge and extract PDFs in OneDrive for Android and iOS. Unlicensed users can be granted access to a content center and can create models there, but can't apply them to a document library. |
| index | Index | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/security-copilot/index.md | -# Welcome to Security-copilot! |