Updates from: 08/19/2021 03:07:24
Category Microsoft Docs article Related commit history on GitHub Change details
admin Active Users Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/active-users-ww.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin About Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-admin-roles.md
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin About Guest Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-guest-users.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Intune Admin Roles In The Mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/intune-admin-roles-in-the-mac.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
description: "Admin roles map to business functions and give permissions to do specific tasks in the admin center. For example, the Service admin opens support tickets with Microsoft."
admin About The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/about-the-admin-center.md
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - MET150 - MOE150
admin Admin Mobile App https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/admin-mobile-app.md
- OKR_SMB_Videos - AdminSurgePortfolio - okr_smb
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin What Is Help https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-is-help.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - MET150 - MOE150
admin Enroll Your Mobile Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/enroll-your-mobile-device.md
- Adm_TOC - AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - MET150 description: "Before you can use Microsoft 365 services with your device, you might need to first enroll it in Basic Mobility and Security for Microsoft 365."
admin Manage Enrolled Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices.md
- Adm_TOC - AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - MET150 description: "Basic Mobility and Security can help you secure and manage your organizations mobile devices."
admin Wipe Mobile Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/wipe-mobile-device.md
- Adm_TOC - AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - MET150 description: "Use built-in Basic Mobility and Security to remove information from enrolled devices."
admin Compare Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/compare-groups.md
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Create Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/create-groups.md
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Manage Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-groups.md
- M365-subscription-management - Adm_O365 - Adm_TOC+ search.appverid: - BCS160 - MET150
admin Manage Guest Access In Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - MET150 - MOE150
admin Office 365 Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/office-365-groups.md
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Create Edit Or Delete A Security Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-edit-or-delete-a-security-group.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Create Dns Records At Any Dns Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md
- okr_smb - AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
# Add DNS records to connect your domain
admin Dns Basics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/dns-basics.md
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - MET150 - MOE150
You can use your domain name in Microsoft 365 with your email, public website, a
There are a number of DNS records required for Microsoft 365 to work with your domain. In addition to setting up your domain's MX record so email will be sent to Microsoft 365, there are records to help with tasks like making sure Outlook can automatically connect to the right Exchange server, setting up instant messaging, and helping to prevent spam email.
-You can [find a list of values](information-for-dns-records.md) to set up your domain. They're included right in the Microsoft 365 admin center.
+You can [find a list of values](information-for-dns-records.md) to set up your domain. They're included right in the <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">Microsoft 365 admin center</a>.
Or, if you're planning a deployment, you may want to review a list of all the DNS records required for Microsoft 365, what their function is, and example values. Check out [External Domain Name System records for Microsoft 365](../../enterprise/external-domain-name-system-records.md).
admin Information For Dns Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/information-for-dns-records.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Change Address Contact And More https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/change-address-contact-and-more.md
- AdminSurgePortfolio - commcerce_billing - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: MET150 description: "Make changes to your organization profile, such as organization name, address, phone, technical contact, and email." Last updated 03/30/2021
admin Find Your Partner Or Reseller https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/find-your-partner-or-reseller.md
- MSStore_Link - AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Language Translation For Message Center Posts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/language-translation-for-message-center-posts.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Manage Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-deployment-of-add-ins.md
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Manage Feedback Ms Org https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-feedback-ms-org.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
description: "Manage feedback your users can send to Microsoft about Microsoft p
# Manage Microsoft feedback for your organization
-As the admin of a Microsoft 365 organization, there are now several policies to help you manage the feedback collection and the customer engagement experience of your users when using Microsoft 365 applications. You can create and use existing Azure Active directory groups in your organization for each of these policies. With these polices, you can control how different departments in your organization can send feedback to Microsoft. Microsoft reviews all feedback submitted by customers and uses this feedback to improve the product. Keeping the feedback experiences turned **On** allows you to see what your users are saying about the Microsoft products they're using. The feedback we collect from your users will soon be available in the Microsoft 365 admin center.
+As the admin of a Microsoft 365 organization, there are now several policies to help you manage the feedback collection and the customer engagement experience of your users when using Microsoft 365 applications. You can create and use existing Azure Active directory groups in your organization for each of these policies. With these polices, you can control how different departments in your organization can send feedback to Microsoft. Microsoft reviews all feedback submitted by customers and uses this feedback to improve the product. Keeping the feedback experiences turned **On** allows you to see what your users are saying about the Microsoft products they're using. The feedback we collect from your users will soon be available in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
To learn more about the types of feedback and how Microsoft uses user feedback, see [Learn about Microsoft feedback for your organization](../misc/feedback-user-control.md).
admin Manage Industry News https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-industry-news.md
localization_priority: Normal - M365-subscription-management -+
+- AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - MET150 description: "Provide your users with up-to-date news headlines about your industry and info from your organization, use the News service to enable a customized news feed for your organization."
admin Manage Office Scripts Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-office-scripts-settings.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: MET150 description: "Learn how to manage Office Scripts settings for users in your organization."
admin Pin Apps To App Launcher https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/pin-apps-to-app-launcher.md
- Adm_O365 - M365-subscription-management + localization_priority: Normal description: "As a global admin you can pin up to three apps to your users' app launcher."
admin Room And Equipment Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/room-and-equipment-mailboxes.md
- Lean - MSStore_Link - AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - MET150 - MOE150
admin Set Password Expiration Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Show Hide New Features https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/show-hide-new-features.md
- M365-subscription-management - Adm_O365 - Adm_TOC-+
+- AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Update Phone Number And Email Address https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/update-phone-number-and-email-address.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Cortana Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/cortana-integration.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Mailbox Not Found Error https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/mailbox-not-found-error.md
localization_priority: Priority - M365-subscription-management-+
+- AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - MET150
admin Pilot Microsoft 365 From My Custom Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/pilot-microsoft-365-from-my-custom-domain.md
localization_priority: Priority
- Adm_O365
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Transition To Global Exchange Online https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/transition-to-global-exchange-online.md
audience: Admin
localization_priority: Normal-+
+- AdminSurgePortfolio
+- admindeeplinkMAC
description: "Learn how to transition from Microsoft Cloud Germany Exchange Online to the global Exchange Online service"
admin Manage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/multi-tenant/manage.md
- M365-subscription-management - Adm_O365 - Adm_NonTOC-+
+- AdminSurgePortfolio
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin New Subscription Names https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/new-subscription-names.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - MET150 - MOE150
admin Multi Factor Authentication Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365.md
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
- AdminSurgePortfolio - okr_smb - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Set Up Multi Factor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Configure Focused Inbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/configure-focused-inbox.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Download Software Licenses Csp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/download-software-licenses-csp.md
search.appverid: MET150
- AdminSurgePortfolio - commerce_licensing
+- admindeeplinkMAC
description: Learn how to download the software and product license keys for perpetual software bought through the Cloud Solution Provider (CSP) program. Last updated 01/27/2021
admin Get Started Windows 365 Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/get-started-windows-365-business.md
This article is for people who plan to buy and set up Windows 365 Business for t
![Users may join devices to Azure AD settings](../../media/deschutes/azure-device-settings.png) ## Prerequisites
-There are no prerequisites to set up Windows 365 Business.
+There are no licensing prerequisites to set up Windows 365 Business.
+
+For the best onboarding experience, please refer to the [setup troubleshooting guide](troubleshoot-windows-365-business.md) to make sure your environment preferences are optimized for Windows 365 Business.
+ ## Buy subscriptions There are two different ways in which you can buy Windows 365 Business subscriptions for your users:
admin Priority Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/priority-accounts.md
localization_priority: Normal - Adm_O365-+
+- AdminSurgePortfolio
+- admindeeplinkMAC
description: "Monitor failed and delayed emailed messages sent to or from accounts who have high business impact."
admin Set Up File Storage And Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-file-storage-and-sharing.md
- seo-marvel-may2020 - AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
admin Setup Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-standard.md
- OKR_SMB_Videos - AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - MET150 - MOE150
admin Enable Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/enable-usage-analytics.md
- AdminSurgePortfolio - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
description: "Learn how to start collecting data for your tenant by using the Mi
# Enable Microsoft 365 usage analytics
-Microsoft 365 usage analytics is not yet available for Microsoft 365 US Government Community.
+To enable Microsoft 365 usage analytics in a Microsoft 365 US Government Community Cloud (GCC) tenant, see [Connect to Microsoft 365 Government Community Cloud (GCC) data with Usage Analytics](connect-to-gcc-data-with-usage-analytics.md).
## Before you begin
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
description: "The Microsoft 365 admin center - learn about the features that wer
- MACDashWhatsNew - AdminSurgePortfolio
+- admindeeplinkMAC
# What's new in the Microsoft 365 admin center
compliance Advanced Audit https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-audit.md
All audit records generated in other services that aren't covered by the default
You can also specify how long to retain audit records that match the policy and a priority level so that specific policies will take priority over other policies. Also note that any custom audit log retention policy will take precedence over the default audit retention policy in case you need retain Exchange, SharePoint, or Azure Active Directory audit records for less than a year (or for 10 years) for some or all users in your organization. For more information, see [Manage audit log retention policies](audit-log-retention-policies.md).
-## Access to crucial events for investigations
+## Advanced Audit events
-Advanced Audit helps organizations to conduct forensic and compliance investigations by providing access to crucial events such as when mail items were accessed, or when mail items were replied to and forwarded, and when and what a user searched for in Exchange Online and SharePoint Online. These crucial events can help you investigate possible breaches and determine the scope of compromise. Advanced Auditing provides the following crucial events:
+Advanced Audit helps organizations to conduct forensic and compliance investigations by providing access to crucial events such as when mail items were accessed, or when mail items were replied to and forwarded, and when and what a user searched for in Exchange Online and SharePoint Online. These crucial events can help you investigate possible breaches and determine the scope of compromise. In addition to the crucial events in Exchange and SharePoint, there are events in other Microsoft 365 services that are considered crucial events and require an [appropriate Advanced Audit license](auditing-solutions-overview.md#licensing-requirements) to be logged.
+
+Advanced Auditing provides the following crucial events:
- [MailItemsAccessed](#mailitemsaccessed)
Advanced Audit helps organizations to conduct forensic and compliance investigat
- [SearchQueryInitiatedSharePoint](#searchqueryinitiatedsharepoint)<sup>*</sup>
+- [Other Advanced Audit events in Microsoft 365](#other-advanced-audit-events-in-microsoft-365)
+ > [!NOTE] > <sup>*</sup> At this time, this event isn't available in Office 365 and Microsoft 365 Government GCC High and DoD environments.
To search for SearchQueryInitiatedExchange audit records, you can search for the
You can also run the [Search-UnifiedAuditLog -Operations SearchQueryInitiatedExchange](/powershell/module/exchange/search-unifiedauditlog) in Exchange Online PowerShell. > [!NOTE]
-> You must enable SearchQueryInitiatedExchange to be logged so you can search for this event in the audit log. For instructions, see [Set up Advanced Audit](set-up-advanced-audit.md#step-2-enable-crucial-events).
+> You must enable SearchQueryInitiatedExchange to be logged so you can search for this event in the audit log. For instructions, see [Set up Advanced Audit](set-up-advanced-audit.md#step-2-enable-advanced-audit-events).
### SearchQueryInitiatedSharePoint
To search for SearchQueryInitiatedSharePoint audit records, you can search for t
You can also run the [Search-UnifiedAuditLog -Operations SearchQueryInitiatedSharePoint](/powershell/module/exchange/search-unifiedauditlog) in Exchange Online PowerShell. > [!NOTE]
-> You must enable SearchQueryInitiatedSharePoint to be logged so you can search for this event in the audit log. For instructions, see [Set up Advanced Audit](set-up-advanced-audit.md#step-2-enable-crucial-events).
+> You must enable SearchQueryInitiatedSharePoint to be logged so you can search for this event in the audit log. For instructions, see [Set up Advanced Audit](set-up-advanced-audit.md#step-2-enable-advanced-audit-events).
+
+### Other Advanced Audit events in Microsoft 365
+
+In addition to the crucial events in Exchange Online and SharePoint Online, there are crucial events in other Microsoft 365 services that are logged when users are assigned the appropriate Advanced Audit licensing. The following Microsoft 365 services provide crucial events. Clink the corresponding link to go to an article that identifies and describes these events.
+
+- [Microsoft Forms](search-the-audit-log-in-security-and-compliance.md#microsoft-forms-activities)
+
+- [Microsoft Stream](/stream/audit-logs#actions-logged-in-stream)
+
+- [Microsoft Teams](/microsoftteams/audit-log-events#teams-activities)
+
+- [Yammer](search-the-audit-log-in-security-and-compliance.md#yammer-activities)
## High-bandwidth access to the Office 365 Management Activity API
compliance App Governance Visibility Insights View Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-view-apps.md
The app details pane provides additional information on these tabs:
| Tab name | Description | |:-|:--| | Details | See additional data on the app such as the date first consented and the App ID. To see the properties of the app as registered in Azure AD, select **View app in Azure AD**. |
-| Usage |See the data accessed by the app in the tenant and plot the data usage for Sharepoint and Exchange resources. |
+| Usage |See the data accessed by the app in the tenant and plot the data usage for SharePoint and Exchange resources. |
| Users | See a list of users who are using the app, whether they are a priority account, and the amount of data downloaded and uploaded. | | Permissions | See a summary of the permissions granted to and used by the app and the list of specific permissions. See the [Microsoft Graph permissions reference](/graph/permissions-reference) for more information. | |||
compliance Auditing Solutions Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/auditing-solutions-overview.md
Advanced Audit builds on the capabilities of Basic Audit by providing audit log
- **Longer retention of audit records**. Exchange, SharePoint, and Azure Active Directory audit records are retained for one year by default. Audit records for all other activities are retained for 90 days by default, or you can use audit log retention policies to configure longer retention periods. -- **High-value, crucial events**. Audit records for crucial events can help your organization conduct forensic and compliance investigations by providing visibility to events such as when mail items were accessed, or when mail items were replied to and forwarded, or when and what a user searched for in Exchange Online and SharePoint Online. These crucial events can help you investigate possible breaches and determine the scope of compromise.
+- **High-value, crucial Advanced Audit events**. Audit records for crucial events can help your organization conduct forensic and compliance investigations by providing visibility to events such as when mail items were accessed, or when mail items were replied to and forwarded, or when and what a user searched for in Exchange Online and SharePoint Online. These crucial events can help you investigate possible breaches and determine the scope of compromise.
- **Higher bandwidth to the Office 365 Management Activity API**. Advanced Audit provides organizations with more bandwidth to access auditing logs through the Office 365 Management Activity API. Although all organizations (that have Basic Audit or Advanced Audit) are initially allocated a baseline of 2,000 requests per minute, this limit will dynamically increase depending on an organization's seat count and their licensing subscription. This results in organizations with Advanced Audit getting about twice the bandwidth as organizations with Basic Audit.
If your organization has a subscription that supports Advanced Audit, perform th
- Enabling the auditing of crucial events and then turning on the Advanced Auditing app/service plan for those users.
-2. Enable crucial events to be logged when users perform searches in Exchange Online and SharePoint Online.
+2. Enable Advanced Audit events to be logged when users perform searches in Exchange Online and SharePoint Online.
3. Set up audit log retention policies. In additional to the default policy that retains Exchange, SharePoint, and Azure AD audit records for one year, you can create additional audit log retention policies to meet the requirements of your organization's security operations, IT, and compliance teams.
-4. Search for crucial events and other activities when conducting forensic investigations. After completing step 1 and step 2, you can search the audit log for crucial events and other activities during forensic investigations of compromised accounts and other types of security or compliance investigations.
+4. Search for crucial Advanced Audit events and other activities when conducting forensic investigations. After completing step 1 and step 2, you can search the audit log for Advanced Audit events and other activities during forensic investigations of compromised accounts and other types of security or compliance investigations.
For more detailed instructions, see [Set up Advanced Audit](set-up-advanced-audit.md).
compliance Communication Compliance Feature Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-feature-reference.md
Adding groups and distribution lists to communication compliance policies are pa
With communication compliance policies, you can choose to scan messages in one or more of the following communication platforms as a group or as standalone sources. Communications captured across these platforms are retained for seven years for each policy by default, even if users leave your organization and their mailboxes are deleted. -- **Microsoft Teams**: Chat communications in both public and private Microsoft Teams channels and individual chats can be scanned. When users are assigned to a communication compliance policy with Microsoft Teams coverage selected, chat communications for the users are automatically monitored across all Microsoft Teams where the users are a member. Microsoft Teams coverage is automatically included for pre-defined policy templates and is selected by default in the custom policy template. Teams chats matching communication compliance policy conditions may take up to 48 hours to process. Use the following group management configurations to supervise individual user chats and channel communications in Teams:
+- **Microsoft Teams**: Chat communications in both public and private Microsoft Teams channels and individual chats can be scanned. When users are assigned to a communication compliance policy with Microsoft Teams coverage selected, chat communications for the users are automatically monitored across all Microsoft Teams where the users are a member. Microsoft Teams coverage is automatically included for pre-defined policy templates and is selected by default in the custom policy template. Teams chats matching communication compliance policy conditions may take up to 48 hours to process.
+
+ For private chat and private channels, communication compliance policies support Modern attachment scanning. Modern attachments are files sourced from [OneDrive](/onedrive/plan-onedrive-enterprise#modern-attachments) or [SharePoint](/sharepoint/dev/solution-guidance/modern-experience-customizations) sites that are included in Teams messages. Text is automatically extracted from these attachments for automated processing and potential matches with active communication compliance policy conditions and classifiers. There isn't any additional configuration necessary for Modern attachment detection and processing. Text is only extracted for attachments matching policy conditions. Text isn't extracted for attachments for messages with policy matches, even if the attachment also has a policy match.
+
+ Modern attachment scanning is supported for the following file types:
+
+ - Microsoft Word (.docx)
+ - Microsoft Excel (.xlsx)
+ - Microsoft PowerPoint (.pptx)
+ - Text (.txt)
+ - Portable Document Format (.pdf)
+
+ Extracted text for Modern attachments is included with the associated message on the **Pending** alerts dashboard for a policy. The extracted text for an attachment is named as the attachment file name (and format extension) and the .txt extension. For example, the extracted text for an attachment named *ContosoBusinessPlan.docx* would appear as *ContosoBusinessPlan.docx.txt* in the **Pending** alerts dashboard for a policy.
+
+ Select the extracted attachment text to view the details in the *Source*, *Plain text*, or *Annotate* views. After reviewing, you can resolve or take action on the attachment text using the command bar controls. You also have the option to download the attachment for review outside of the communication compliance review process.
+
+ Use the following group management configurations to supervise individual user chats and channel communications in Teams:
- **For Teams chat communications:** Assign individual users or assign a [distribution group](https://support.office.com/article/Distribution-groups-E8BA58A8-FAB2-4AAF-8AA1-2A304052D2DE) to the communication compliance policy. This setting is for one-to-one or one-to-many user/chat relationships. - **For Teams Channel communications:** Assign every Microsoft Teams channel or Microsoft 365 group you want to scan that contains a specific user to the communication compliance policy. If you add the same user to other Microsoft Teams channels or Microsoft 365 groups, be sure to add these new channels and groups to the communication compliance policy. If any member of the channel is a supervised user within a policy and the *Inbound* direction is configured in a policy, all messages sent within the channel are subject to review and potential policy matches (even for users in the channel that aren't explicitly supervised). For example, User A is the owner or a member of a channel. User B and User C are members of the same channel and use language that is matched to the offensive language policy that supervises only User A. User B and User C create policy matches for conversations within the channel even though they aren't directly supervised in the offensive language policy. Teams conversations between User B and User C that are outside of the channel that includes User A would not be subject to the offensive language policy that includes User A. To exclude channel members from supervision when other members of the channel are explicitly supervised, turn off the *Inbound* communication direction setting in the applicable communication compliance policy.
For information about trainable classifiers in Microsoft 365, see [Getting start
Configure built-in or custom communication compliance policies to scan and identify printed or handwritten text from images that may be inappropriate in your organization. Integrated [Azure Cognitive Services and optical scanning support](/azure/cognitive-services/computer-vision/overview-ocr) for identifying text in images help analysts and investigators detect and act on instances where inappropriate conduct may be missed in communications that is primarily non-textual.
-You can enable optical character recognition (OCR) in new policies from templates, custom policies, or update existing policies to expand support for processing embedded images and attachments. When enabled in a policy created from a policy template, automatic scanning is supported for embedded or attached images in email and Microsoft Teams chat messages. For custom policies, one or more conditional settings associated with keywords, built-in classifiers, or sensitive info types must be configured in the policy to enable the selection of OCR scanning.
+You can enable optical character recognition (OCR) in new policies from templates, custom policies, or update existing policies to expand support for processing embedded images and attachments. When enabled in a policy created from a policy template, automatic scanning is supported for embedded or attached images in email and Microsoft Teams chat messages. For images embedded in document files, OCR scanning isn't supported. For custom policies, one or more conditional settings associated with keywords, built-in classifiers, or sensitive info types must be configured in the policy to enable the selection of OCR scanning.
Images from 50 KB to 4 MB in the following image formats are scanned and processed:
Complete the following steps to delete a Power Automate flow:
## Reports
-The new **Reports** dashboard is the central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities. Information contained in the report widgets is not exportable. Detailed reports provide in-depth information related to specific communication compliance areas and offer the ability to filter, group, sort, and export information while reviewing.
+The new **Reports** dashboard is the central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities. Information contained in the report widgets is not exportable. Detailed reports provide in-depth information related to specific communication compliance areas and offer the ability to filter, group, sort, and export information while reviewing. For the date and time range filters, the date and time for events are listed in Coordinated Universal Time (UTC).
![Communication compliance reports dashboard](../media/communication-compliance-reports-dashboard.png)
compliance Communication Compliance Investigate Remediate https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-investigate-remediate.md
No matter where you start to review alerts or the filtering you configure, the n
### Step 2: Examine the message details
-After reviewing the message basics, it's time to open a message to examine the details and to determine further remediation actions. Select a message to view the complete message header and body information. Several different views are available to help you decide the proper course of action:
+After reviewing the message basics, it's time to open a message to examine the details and to determine further remediation actions. Select a message to view the complete message header and body information. Several different options and views are available to help you decide the proper course of action:
+- **Attachments**: This option allows you to examine Modern attachments that match policy conditions. Modern attachments content is extracted as text and is viewable on the Pending alerts dashboard for a policy. For more information, see the [Communication compliance feature reference](/microsoft-365/compliance/communication-compliance-feature-reference#supported-communication-types).
- **Source**: This view is the standard message view commonly seen in most web-based messaging platforms. The header information is formatted in the normal style and the message body supports imbedded graphic files and word-wrapped text. If [optical character recognition (OCR)](communication-compliance-feature-reference.md#optical-character-recognition-ocr) is enabled for the policy, images containing printed or handwritten text that match policy conditional are viewed as a child item for the associated message in this view. - **Plain text**: Text view displays a line-numbered text-only view of the message and includes keyword highlighting in messages and attachments for sensitive info type terms or keywords matched in the associated communication compliance policy. Keyword highlighting can help you quickly scan long messages and attachments for the area of interest. In some cases, highlighted text may be only in attachments for messages matching policy conditions. Keyword highlighting isn't supported for terms identified by built-in classifiers assigned to a policy. Embedded files aren't displayed and the line numbering this view is helpful for referencing pertinent details among multiple reviewers. - **Annotate**: This view allows reviewers to add annotations directly on the message that are saved to the view of the message. If [OCR is enabled](communication-compliance-feature-reference.md#optical-character-recognition-ocr) for the policy, images containing printed or handwritten text that match policy conditional are viewed as a child item for the associated message in this view and may be annotated.
compliance Communication Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance.md
Built-in remediation workflows allow you to quickly identify and take action on
- **User history**: Historical view of all user message remediation activities, such as past notifications and escalations for policy matches, now provides reviewers with more context during the remediation workflow process. First-time or repeat instances of policy matches for users are now archived and easily viewable. - **Pattern detected notification**: Many harassing and bullying actions take place over time and involve reoccurring instances of the same behavior by a user. The new pattern detected notification displayed in alert details helps raise attention to these alerts and this type of behavior. - **Translation**: Quickly investigate message details in eight languages using translate support in the remediation workflow. Messages in other languages are automatically converted to the display language of the reviewer.
+- **Attachment detection**: Scan, detect, and investigate linked content (Modern attachments) from OneDrive and Microsoft Teams that match policy classifiers and conditions for Microsoft Teams messages. Attachment content is automatically extracted to a text file for detailed review and action.
### Actionable insights
compliance Compliance Manager Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md
View the [full list of templates](compliance-manager-templates-list.md) availabl
### Purchase premium template licenses
-Template licenses can be purchased in the admin center ([learn more about subscriptions, licenses, and billing](/microsoft-365/commerce/)). Select the quantity of licenses you wish to purchase and your payment plan. You may also acquire licenses through your participation in the [Cloud Solution Provider program](https://partner.microsoft.com/membership/cloud-solution-provider) or [volume licensing](https://www.microsoft.com/licensing/licensing-programs/licensing-programs).
+Template licenses can be obtained by one or more of these methods, depending on your Compliance Manager licensing agreement. Once your purchase has been finalized, the templates should become available in your tenant within 48 hours.
-Once your purchase has been finalized, the templates should become available in your tenant within 48 hours.
+**Commercial and GCC Moderate**
+
+Commercial and GCC Moderate accounts can purchase template licenses in the admin center ([learn more about subscriptions, licenses, and billing](/microsoft-365/commerce/)). Select the quantity of licenses you wish to purchase and your payment plan.
+
+Purchase links:
+
+- [Commercial](https://admin.microsoft.com/Adminportal/Home?#/catalog/offer-details/compliance-manager-premium-assessment-add-on/46E9BF2A-3C8D-4A69-A7E7-3DA04687636D)
+- [GCC Moderate](https://admin.microsoft.com/Adminportal/Home?#/catalog/offer-details/compliance-manager-premium-assessment-add-on/3129986d-5f4b-413b-a34b-b706db5a7669)
+
+You may also acquire licenses through your participation in the [Cloud Solution Provider program](https://partner.microsoft.com/membership/cloud-solution-provider) or [volume licensing](https://www.microsoft.com/licensing/licensing-programs/licensing-programs).
+
+**GCC High and DOD accounts**
+
+GCC High and DOD accounts must purchase template licenses through [volume licensing](https://www.microsoft.com/licensing/licensing-programs/licensing-programs).
### Try out premium templates To try out premium templates before you make a purchase, you may also acquire trial versions of the licenses. Trial licenses are good for up to 25 templates for 90 days. Once you obtain your trial license, the templates should become available in your tenant within 48 hours.
+To start a trial, choose the appropriate link for your organization:
+
+- [Commercial](https://admin.microsoft.com/Adminportal/Home?#/catalog/offer-details/compliance-manager-premium-assessment-add-on/e320704d-b7c9-4012-b6a6-0a2679790360)
+- [GCC Moderate](https://admin.microsoft.com/Adminportal/Home?#/catalog/offer-details/compliance-manager-premium-assessment-add-on/87ed2908-0a8d-430a-9635-558ed42b581f)
+- [GCC High](https://portal.office365.us/SubscriptionDetails?OfferId=e14362d7-2c11-4a43-9c92-59f1b499b96a)
+- [DOD](https://portal.apps.mil/Commerce/Trial.aspx?OfferId=17e28290-7de6-41a9-af30-f6497396ab2e)
+ #### Active and inactive templates Templates will display an activation status as either active or inactive:
compliance Data Classification Activity Explorer Available Events https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-activity-explorer-available-events.md
This event is generated each time a label is removed from a file or document.
- When the recommended label tool tip is shown to an end user, it is not captured. But if the user chooses to apply the recommended label, the label will be shown under the *How applied* field as *Recommended* -- Justification text is not currently available on sensitivity label downgrade from Sharepoint and OneDrive.
+- Justification text is not currently available on sensitivity label downgrade from SharePoint and OneDrive.
- Sensitive information types are currently not available for autolabeling activities from Word, Excel, PowerPoint, and Outlook, as well as SharePoint Online, and OneDrive.
compliance Dlp Policy Tips Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-tips-reference.md
Please note that custom sensitive information types will also be detected in add
|**Outlook Web Access**|:::image type="icon" source="../media/rightmrk.png" border="false":::|All|Subset|See [Data Loss Prevention policy tips reference](#data-loss-prevention-policy-tips-reference)| |**Outlook Win32 (Outlook 2013 and beyond)**|:::image type="icon" source="../media/rightmrk.png" border="false":::|Subset|Subset|See [Outlook 2013 and later supports showing policy tips for only some conditions and exceptions](#outlook-2013-and-later-supports-showing-policy-tips-for-only-some-conditions-and-exceptions) and [Outlook 2013 and later and Office apps on Desktop support showing policy tips for only some sensitive information types](#outlook-2013-and-later-and-office-apps-on-desktop-support-showing-policy-tips-for-only-some-sensitive-information-types) for details on support for sensitive information types and DLP conditions and actions supported for showing DLP policy tips on Outlook Win32.| |**Outlook Mobile (iOS, Android)/Outlook Mac**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|DLP policy tips are not supported on Outlook mobile|
-|**Sharepoint Online/One Drive for Business Web client**|:::image type="icon" source="../media/rightmrk.png" border="false":::|All|All SPO/ODB predicates and actions in DLP||
-|**Sharepoint Win32/ One Drive for Business Win32 client**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|DLP policy tips are not supported on Sharepoint or OneDrive desktop client apps|
+|**SharePoint Online/OneDrive for Business Web client**|:::image type="icon" source="../media/rightmrk.png" border="false":::|All|All SPO/ODB predicates and actions in DLP||
+|**SharePoint Win32/ OneDrive for Business Win32 client**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|DLP policy tips are not supported on SharePoint or OneDrive desktop client apps|
|**Word, Excel, PowerPoint Web Client**|:::image type="icon" source="../media/rightmrk.png" border="false":::|All|All SPO/ODB predicates and actions in DLP|DLP policy tip is supported if the document is hosted on SPO or ODB web app and the DLP policy is already stamped.| |**Word, Excel, PowerPoint Mobile Client**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|DLP policy tips are not supported in mobile apps for Office.| |**Teams Web/ Teams Desktop/ Teams Mobile/ Teams Mac**|:::image type="icon" source="../media/rightmrk.png" border="false":::|All|All Teams predicates in DLP policy|Policy tips will show when a message is flagged as ΓÇ£This message has been flagged. What can I do?ΓÇ¥ When clicking the link, the user can review the sensitive info types detected and override or report an issue if allowed by the admin. Note that no policy tips are shown for files. When the recipient tries to access the document, they might get access denied if not allowed.|
Please note that custom sensitive information types will also be detected in add
|**Mac devices**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|Data loss prevention policies are not enforceable on Mac devices today| |**3rd party cloud apps**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|Data Loss Prevention policy tips are not supported on 3rd party cloud apps| |**On-prem**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None||
-|**Word, Excel, PowerPoint Win32 Client**|:::image type="icon" source="../medi#policy-tips-in-excel-powerpoint-and-word) for more details|
+|**Word, Excel, PowerPoint Win32 Client**|:::image type="icon" source="../medi#policy-tips-in-excel-powerpoint-and-word) for more details|
||||||
compliance Ediscovery Troubleshooting Common Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-troubleshooting-common-issues.md
If you receive this error, we recommend that you verify the locations that faile
## Error/issue: File not found
-When running an eDiscovery search that includes SharePoint Online and One Drive For Business locations, you may receive the error `File Not Found` although the file is located on the site. This error will be in the export warnings and errors.csv or skipped items.csv. This may occur if the file can't be found on the site or if the index is out of date. Here's the text of an actual error (with emphasis added).
+When running an eDiscovery search that includes SharePoint Online and OneDrive for Business locations, you may receive the error `File Not Found` although the file is located on the site. This error will be in the export warnings and errors.csv or skipped items.csv. This may occur if the file can't be found on the site or if the index is out of date. Here's the text of an actual error (with emphasis added).
> 28.06.2019 10:02:19_FailedToExportItem_Failed to download content. Additional diagnostic info : Microsoft.Office.Compliance.EDiscovery.ExportWorker.Exceptions.ContentDownloadTemporaryFailure: Failed to download from content 6ea52149-91cd-4965-b5bb-82ca6a3ec9be of type Document. Correlation Id: 3bd84722-937b-4c23-b61b-08d6fba9ec32. ServerErrorCode: -2147024894 > Microsoft.SharePoint.Client.ServerException: ***File Not Found***. at Microsoft.SharePoint.Client.ClientRequest.ProcessResponseStream(Stream responseStream) at Microsoft.SharePoint.Client.ClientRequest.ProcessResponse() End of inner exception stack trace
When running an eDiscovery search that includes SharePoint Online and One Drive
## Error/issue: This file wasn't exported because it doesn't exist anymore. The file was included in the count of estimated search results because it's still listed in the index. The file will eventually be removed from the index, and won't cause an error in the future.
-You may see that error when running an eDiscovery search that includes SharePoint Online and One Drive For Business locations. eDiscovery relies on the SPO index to identify the file locations. If the file was deleted but the SPO index was not yet updated this error may occur.
+You may see that error when running an eDiscovery search that includes SharePoint Online and OneDrive for Business locations. eDiscovery relies on the SPO index to identify the file locations. If the file was deleted but the SPO index was not yet updated this error may occur.
### Resolution Open the SPO location and verify that this file indeed is not there.
Suggested solution is to manually reindex the site, or wait until the site reind
## Error/issue: This search result was not downloaded as it is a folder or other artifact that can't be downloaded by itself, any items inside the folder or library will be downloaded.
-You may see that error when running an eDiscovery search that includes SharePoint Online and One Drive For Business locations. It means that we were going to try to export the item reported in the index, but it turned out to be a folder so we did not export it. As mentioned in the error, we don't export folder items but we do export their contents.
-
+You may see that error when running an eDiscovery search that includes SharePoint Online and OneDrive for Business locations. It means that we were going to try and export the item reported in the index, but it turned out to be a folder so we did not export it. As mentioned in the error, we don't export folder items but we do export their contents.
## Error/issue: Search fails because recipient is not found
compliance Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery.md
The following table compares the key capabilities available in Content search, C
Here's description of each eDiscovery capability. -- **Search for content**. Search for content that's stored in Exchange mailboxes, One Drive for Business accounts, SharePoint sites, Microsoft Teams, Microsoft 365 Groups, and Yammer Teams. This includes content generated by other Microsoft 365 apps that store data in mailboxes and sites.
+- **Search for content**. Search for content that's stored in Exchange mailboxes, OneDrive for Business accounts, SharePoint sites, Microsoft Teams, Microsoft 365 Groups, and Yammer Teams. This includes content generated by other Microsoft 365 apps that store data in mailboxes and sites.
- **Keyword queries and search conditions**. Create KQL keyword search queries to search for content that match query criteria. You can also include conditions to narrow the scope of your search.
compliance Insider Risk Management Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/insider-risk-management-settings.md
Before you get started and create insider risk management policies, it's importa
Protecting the privacy of users that have policy matches is important and can help promote objectivity in data investigation and analysis reviews for insider risk alerts. For users with an insider risk policy match, you can choose one of the following settings: - **Show anonymized versions of usernames**: Names of users are anonymized to prevent admins, data investigators, and reviewers from seeing who is associated with policy alerts. For example, a user 'Grace Taylor' would appear with a randomized pseudonym such as 'AnonIS8-988' in all areas of the insider risk management experience. Choosing this setting anonymizes all users with current and past policy matches and applies to all policies. User profile information in the insider risk alert and case details will not be available when this option is chosen. However, usernames are displayed when adding new users to existing policies or when assigning users to new policies. If you choose to turn off this setting, usernames will be displayed for all users that have current or past policy matches.+
+ >[!IMPORTANT]
+ >To maintain referential integrity across multiple users with insider risk management alerts and cases in other systems, anonymization of usernames isn't preserved for exported alerts. Exported alerts will display usernames for each alert.
+ - **Do not show anonymized versions of usernames**: Usernames are displayed for all current and past policy matches for alerts and cases. User profile information (the name, title, alias, and organization or department) is displayed for the user for all insider risk management alerts and cases. ![Insider risk management privacy settings](../media/insider-risk-settings-privacy.png)
For each of the following domain settings, you can enter up to 500 domains:
Insider risk management alert information is exportable to security information and event management (SIEM) services via the [Office 365 Management Activity API schema](/office/office-365-management-api/office-365-management-activity-api-schema#security-and-compliance-alerts-schema). You can use the Office 365 Management Activity APIs to export alert information to other applications your organization may use to manage or aggregate insider risk information.
+>[!IMPORTANT]
+>To maintain referential integrity across multiple users with insider risk management alerts and cases in other systems, anonymization of usernames isn't preserved for exported alerts. Exported alerts will display usernames for each alert.
+ To use the APIs to review insider risk alert information: 1. Enable Office 365 Management Activity API support in **Insider risk management** > **Settings** > **Export alerts**. By default, this setting is disabled for your Microsoft 365 organization.
compliance Privacy Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privacy-management.md
description: "Microsoft privacy management offers solutions for evaluating perso
## What is privacy management?
-As your companyΓÇÖs cloud data grows in size and complexity, so does your need to understand and safeguard the personal data held in your environment. Privacy management in Microsoft 365 empowers your employees to make smart data handling decisions and address critical privacy risks by providing efficient ways to find and manage personal data, automate privacy operations, and fulfill subject rights requests. These solutions will enable you to build a privacy resilient workplace and handle issues at scale.
+Understanding the private data that your organization controls and maintaining it in a way that reduces risks for you, your customers, and your partners are at the heart of the privacy management discipline. Governments, industries, and other regulatory bodies have established privacy management laws and standards that must be followed, including practices around how data is stored and shared and the rights of individuals to control their own personal information. The best practices that organizations use to keep information safe and comply with these laws and standards are continually evolving.
-> [!NOTE]
-> These services are currently in preview and subject to the terms and conditions in the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products).
-
-## Privacy management solutions
+To help your organization meet these needs, Microsoft 365 privacy management provides solutions for managing personal data in your Microsoft 365 environment and gives your workers tools for efficient data review, issue remediation, and collaboration.
-In today's data landscape, organizations must invest in managing and protecting the personal data they store. Privacy regulations around the world have established standards to follow and the rights of individuals to control their own personal information, and best practices for businesses are continually evolving to keep information about their employees and customers safe.
+## Microsoft 365 privacy management solutions
Microsoft 365 privacy management provides solutions that enable you to: - **Find and visualize personal data**: Protecting data starts with having a thorough understanding of what your organization is storing, where it lives across the services you use, and the conditions under which it's managed in the long term. - **Manage privacy risks**: Use privacy management to evaluate your data for key risk scenarios, and use built-in tools to set alerts and remediate issues like unintended oversharing, exposure, or unnecessary storage of personal information.-- **Efficiently fulfill personal data requests**: When individuals request to manage the personal data that you store about them, use the privacy management solution to collect data, review the findings, and produce reports.
+- **Efficiently fulfill personal data requests**: When individuals, also referred to as *data subjects*, request to manage the personal data that you store about them, use the privacy management solution to collect data, review the findings, and produce reports.
-Privacy management gives you tools to help you navigate these situations, automate key tasks, and easily manage your data handling workflows.
+> [!NOTE]
+> These services are currently in preview and subject to the terms and conditions in the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products).
### Understand your data
To learn more, see [Find and visualize your personal data](privacy-management-da
### Manage risk scenarios
-Complex data environments can present potentially risky scenarios for personal data. Privacy management provides easy ways to detect risks in the following areas and establish ongoing processes for handling these scenarios.
+Complex data environments can present potentially risky scenarios for personal data. Privacy management provides easy ways to detect risks in the following areas and establish ongoing processes for handling essential scenarios, such as:
- **Overexposed personal data**: Companies may collect various types of information that can be used to identify individual customers or employees. Access rights to this data must be properly managed to protect privacy and prevent inappropriate use. - **Data transfers**: Transferring personal data between departments in your organization or across country or regional borders may increase the risk of exposure of data, or of stepping out of accordance with privacy regulations and laws. - **Data minimization**: Companies may collect excess information or keep it longer than necessary, resulting in storage of unused personal data. This data should be minimized to help prevent privacy risks.
-Privacy management provides built-in templates for setting up data-handling policies in these areas. These policies can evaluate your Microsoft 365 data on an ongoing basis, alert you to potential issues, and help you remediate these issues. As a result, your employees can better follow best privacy practices and stay aware of recommended actions to take. The templates can either be used as provided or customized to meet your companyΓÇÖs specific needs.
+Microsoft 365 privacy management provides built-in templates for setting up data-handling policies tailored to these situations. Based on the policies you set, privacy management can evaluate your data on an ongoing basis, alert you to potential issues, and help you remediate these issues. As a result, your employees can better follow best privacy practices and stay aware of recommended actions to take. The templates can either be used as provided or customized to meet your companyΓÇÖs specific needs.
To learn more, see [Create and manage policies](privacy-management-policies.md). ### Manage subject rights requests
-In accordance with certain privacy regulations, for example General Data Protection Regulation (GDPR) in the EU, individuals may make requests to review or manage the personal data about themselves that companies have collected. For companies that store large amounts of information, finding the relevant data may seem like a formidable task.
+In accordance with certain privacy regulations around the world, individuals may make requests to review or manage the personal data about themselves that companies have collected. For companies that store large amounts of information, finding the relevant data can be a formidable task.
-Privacy management in Microsoft 365 can help you handle these inquiries through the subject rights request solution. It provides automation and workflow capabilities for helping you search for subject data that youΓÇÖve stored in Microsoft 365, review the findings, select the appropriate files, and produce reports. Along the way, you can securely collaborate with other experts in your organization to bring the request to completion.
+Microsoft 365 privacy management can help you handle these inquiries through the subject rights request solution. It provides automation and workflow capabilities for helping you search for subject data that youΓÇÖve stored in Microsoft 365, review the findings, select the appropriate files, and produce reports. Along the way, you can securely collaborate with other experts in your organization to bring the request to completion.
To learn more, see [Manage subject rights requests](privacy-management-subject-rights-requests.md). ## Where privacy management identifies personal data
-The privacy management solution for Microsoft 365 evaluates data and files stored by your organization in Microsoft 365ΓÇÖs cloud
+Microsoft 365 privacy management evaluates data and files stored by your organization in Microsoft 365ΓÇÖs cloud
- Microsoft Exchange - Microsoft SharePoint
Privacy management does not collect data beyond what is already collected in Mic
Privacy management utilizes the capabilities of Microsoft 365 to help you identify and tag sensitive items. This is done through the use of [sensitive information types (SIT)](sensitive-information-type-learn-about.md), trainable [classifiers](classifier-learn-about.md), and auto and manual application of [sensitivity labels](sensitivity-labels.md).
-Sensitive information types (SIT) are the data types supported by Microsoft data classification. For example, this includes personal information about individuals such as their name, address, or Social Security number.
+Sensitive information types (SIT) are the data types supported by Microsoft data classification. For example, these data types include personal information about individuals such as their name, address, or Social Security number.
For more information about how Microsoft 365 defines sensitive information, see [Learn about sensitive information types](sensitive-information-type-learn-about.md).
compliance Search The Audit Log In Security And Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance.md
The following table lists the activities that can be logged by mailbox audit log
|Friendly name|Operation|Description| |:--|:--|:--|
-|Accessed mailbox items|MailItemsAccessed|Messages were read or accessed in mailbox. Audit records for this activity are triggered in one of two ways: when a mail client (such as Outlook) performs a bind operation on messages or when mail protocols (such as Exchange ActiveSync or IMAP) sync items in a mail folder. This activity is only logged for users with an Office 365 or Microsoft 365 E5 license. Analyzing audit records for this activity is useful when investigating compromised email account. For more information, see the "Access to crucial events for investigations" section in [Advanced Audit](advanced-audit.md#access-to-crucial-events-for-investigations). |
+|Accessed mailbox items|MailItemsAccessed|Messages were read or accessed in mailbox. Audit records for this activity are triggered in one of two ways: when a mail client (such as Outlook) performs a bind operation on messages or when mail protocols (such as Exchange ActiveSync or IMAP) sync items in a mail folder. This activity is only logged for users with an Office 365 or Microsoft 365 E5 license. Analyzing audit records for this activity is useful when investigating compromised email account. For more information, see the "Advanced Audit events" section in [Advanced Audit](advanced-audit.md#advanced-audit-events). |
|Added delegate mailbox permissions|Add-MailboxPermission|An administrator assigned the FullAccess mailbox permission to a user (known as a delegate) to another person's mailbox. The FullAccess permission allows the delegate to open the other person's mailbox, and read and manage the contents of the mailbox.| |Added or removed user with delegate access to calendar folder|UpdateCalendarDelegation|A user was added or removed as a delegate to the calendar of another user's mailbox. Calendar delegation gives someone else in the same organization permissions to manage the mailbox owner's calendar.| |Added permissions to folder|AddFolderPermissions|A folder permission was added. Folder permissions control which users in your organization can access folders in a mailbox and the messages located in those folders.|
The following table lists the activities that can be logged by mailbox audit log
|Purged messages from the mailbox|HardDelete|A message was purged from the Recoverable Items folder (permanently deleted from the mailbox).| |Removed delegate mailbox permissions|Remove-MailboxPermission|An administrator removed the FullAccess permission (that was assigned to a delegate) from a person's mailbox. After the FullAccess permission is removed, the delegate can't open the other person's mailbox or access any content in it.| |Removed permissions from folder|RemoveFolderPermissions|A folder permission was removed. Folder permissions control which users in your organization can access folders in a mailbox and the messages located in those folders.|
-|Sent message|Send|A message was sent, replied to or forwarded. This activity is only logged for users with an Office 365 or Microsoft 365 E5 license. For more information, see the "Access to crucial events for investigations" section in [Advanced Audit](advanced-audit.md#access-to-crucial-events-for-investigations).|
+|Sent message|Send|A message was sent, replied to or forwarded. This activity is only logged for users with an Office 365 or Microsoft 365 E5 license. For more information, see the "Advanced Audit events" section in [Advanced Audit](advanced-audit.md#advanced-audit-events).|
|Sent message using Send As permissions|SendAs|A message was sent using the SendAs permission. This means that another user sent the message as though it came from the mailbox owner.| |Sent message using Send On Behalf permissions|SendOnBehalf|A message was sent using the SendOnBehalf permission. This means that another user sent the message on behalf of the mailbox owner. The message indicates to the recipient whom the message was sent on behalf of and who actually sent the message.| |Updated inbox rules from Outlook client|UpdateInboxRules|A mailbox owner or other user with access to the mailbox modified an inbox rule in the Outlook client.|
For a description of Shifts app activities, see [Search the audit log for events
The following table lists the user and admin activities in Yammer that are logged in the audit log. To return Yammer-related activities from the audit log, you have to select **Show results for all activities** in the **Activities** list. Use the date range boxes and the **Users** list to narrow the search results.
+> [!NOTE]
+> Some Yammer audit activities are only available in Advanced Audit. That means users must be assigned the appropriate license before these activities are logged in the audit log. For more information about activities only available in Advanced Audit, see [Advanced Audit in Microsoft 365](advanced-audit.md#advanced-audit-events). For Advanced Audit licensing requirements, see [Auditing solutions in Microsoft 365](auditing-solutions-overview.md#licensing-requirements). <br/><br/>In the following table, Advanced Audit activities are highlighted with an asterisk (*).
+ |Friendly name|Operation|Description| |:--|:--|:--| |Changed data retention policy|SoftDeleteSettingsUpdated|Verified admin updates the setting for the network data retention policy to either Hard Delete or Soft Delete. Only verified admins can perform this operation.|
The following table lists the user and admin activities in Yammer that are logge
|Changed security configuration|NetworkSecurityConfigurationUpdated|Verified admin updates the Yammer network's security configuration. This includes setting password expiration policies and restrictions on IP addresses. Only verified admins can perform this operation.| |Created file|FileCreated|User uploads a file.| |Created group|GroupCreation|User creates a group.|
+|Created message<sup>*</sup>|MessageCreated|User creates a message.|
|Deleted group|GroupDeletion|A group is deleted from Yammer.| |Deleted message|MessageDeleted|User deletes a message.| |Downloaded file|FileDownloaded|User downloads a file.| |Exported data|DataExport|Verified admin exports Yammer network data. Only verified admins can perform this operation.|
+|Failed to access community<sup>*</sup>|CommunityAccessFailure|User failed to access a community.|
+|Failed to access file<sup>*</sup>|FileAccessFailure|User failed to access a file.|
+|Failed to access message<sup>*</sup>|MessageAccessFailure|User failed to access a message.|
|Shared file|FileShared|User shares a file with another user.| |Suspended network user|NetworkUserSuspended|Network or verified admin suspends (deactivates) a user from Yammer.| |Suspended user|UserSuspension|User account is suspended (deactivated).| |Updated file description|FileUpdateDescription|User changes the description of a file.| |Updated file name|FileUpdateName|User changes the name of a file.|
+|Updated message<sup>*</sup>|MessageUpdated|User updates a message.|
|Viewed file|FileVisited|User views a file.|
+|Viewed message<sup>*</sup>|MessageViewed|User views a message.|
|||| ### Microsoft Power Automate activities
The following table lists the quarantine activities that you can search for in t
### Microsoft Forms activities
-The following table lists the user and admin activities in Microsoft Forms that are logged in the audit log. Microsoft Forms is a forms/quiz/survey tool used to collect data for analysis.
+The tables in this section the user and admin activities in Microsoft Forms that are logged in the audit log. Microsoft Forms is a forms/quiz/survey tool used to collect data for analysis. Where noted below in the descriptions, some operations contain additional activity parameters.
-Where noted below in the descriptions, some operations contain additional activity parameters.
+If a Forms activity is performed by a co-author or an anonymous responder, it will be logged slightly differently. For more information, see the [Forms activities performed by co-authors and anonymous responders](#forms-activities-performed-by-coauthors-and-anonymous-responders) section.
> [!NOTE]
-> If a Forms activity is performed by a co-author or an anonymous responder, it will be logged slightly differently. For more information, see the [Forms activities performed by co-authors and anonymous responders](#forms-activities-performed-by-coauthors-and-anonymous-responders) section.
+> Some Forms audit activities are only available in Advanced Audit. That means users must be assigned the appropriate license before these activities are logged in the audit log. For more information about activities only available in Advanced Audit, see [Advanced Audit in Microsoft 365](advanced-audit.md#advanced-audit-events). For Advanced Audit licensing requirements, see [Auditing solutions in Microsoft 365](auditing-solutions-overview.md#licensing-requirements). <br/><br/>In the following table, Advanced Audit activities are highlighted with an asterisk (*).
|Friendly name|Operation|Description| |:--|:--|:--|
Where noted below in the descriptions, some operations contain additional activi
|Updated form phishing status|UpdatePhishingStatus|This event is logged whenever the detailed value for the internal security status was changed, regardless of whether this changed the final security state (for example, form is now Closed or Opened). This means you may see duplicate events without a final security state change. The possible status values for this event are:<br/>- Take Down <br/>- Take Down by Admin <br/>- Admin Unblocked <br/>- Auto Blocked <br/>- Auto Unblocked <br/>- Customer Reported <br/>- Reset Customer Reported| |Updated user phishing status|UpdateUserPhishingStatus|This event is logged whenever the value for the user security status was changed. The value of the user status in the audit record is **Confirmed as Phisher** when the user created a phishing form that was taken down by the Microsoft Online safety team. If an admin unblocks the user, the value of the user's status is set to **Reset as Normal User**.| |Sent Forms Pro invitation|ProInvitation|User clicks to activate a Pro trial.|
-|Updated form setting|UpdateFormSetting|Form owner updates one or multiple form settings. <br><br>Property FormSettingName:string indicates updated sensitive settings' name. Property NewFormSettings:string indicates updated settings' name and new value. Property thankYouMessageContainsLink:boolean indicates updated thankyou message contains a URL link.|
+|Updated form setting<sup>*</sup> |UpdateFormSetting|Form owner updates one or multiple form settings. <br><br>Property FormSettingName:string indicates updated sensitive settings' name. Property NewFormSettings:string indicates updated settings' name and new value. Property thankYouMessageContainsLink:boolean indicates updated thankyou message contains a URL link.|
|Updated user setting|UpdateUserSetting|Form owner updates a user setting. <br><br>Property UserSettingName:string indicates the setting's name and new value|
-|Listed forms|ListForms|Form owner is viewing a list of forms. <br><br>Property ViewType:string indicates which view the form owner is looking at: All Forms, Shared with Me, or Group Forms|
+|Listed forms<sup>*</sup>|ListForms|Form owner is viewing a list of forms. <br><br>Property ViewType:string indicates which view the form owner is looking at: All Forms, Shared with Me, or Group Forms|
|Submitted response|SubmitResponse|A user submits a response to a form. <br><br>Property IsInternalForm:boolean indicates if the responder is within the same organization as the form owner.|
-|Enabled anyone can respond setting|AllowAnonymousResponse|Form owner turns on the setting allowing any one to respond to the form.|
-|Disabled anyone can respond setting|DisallowAnonymousResponse|Form owner turns off the setting allowing any one to respond to the form.|
-|Enabled specific people can respond setting|EnableSpecificResponse|Form owner turns on the setting allowing only specific people or specific groups in the current organization to respond to the form.|
-|Disabled specific people can respond setting|DisableSpecificResponse|Form owner turns off the setting allowing only specific people or specific groups in the current organization to respond to the form.|
-|Added specific responder|AddSpecificResponder|Form owner adds a new user or group to the specific responders list.|
-|Removed specific responder|RemoveSpecificResponder|Form owner removes a user or group from the specific responders list.|
-|Disabled collaboration|DisableCollaboration|Form owner turns off the setting of collaboration on the form.|
-|Enabled Office 365 work or school account collaboration|EnableWorkOrSchoolCollaboration|Form owner turns on the setting allowing users with an Office 365 work or school account to view and edit the form.|
-|Enabled people in my organization collaboration|EnableSameOrgCollaboration|Form owner turns on the setting allowing users in the current organization to view and edit the form.|
-|Enabled specific people collaboration|EnableSpecificCollaboaration|Form owner turns on the setting allowing only specific people or specific groups in the current organization to view and edit the form.|
-|Connected to Excel workbook|ConnectToExcelWorkbook|Connected the form to an Excel workbook. <br><br>Property ExcelWorkbookLink:string indicates the associated Excel workbook ID of the current form.|
+|Enabled anyone can respond setting<sup>*</sup>|AllowAnonymousResponse|Form owner turns on the setting allowing any one to respond to the form.|
+|Disabled anyone can respond setting<sup>*</sup>|DisallowAnonymousResponse|Form owner turns off the setting allowing any one to respond to the form.|
+|Enabled specific people can respond setting<sup>*</sup>|EnableSpecificResponse|Form owner turns on the setting allowing only specific people or specific groups in the current organization to respond to the form.|
+|Disabled specific people can respond setting<sup>*</sup>|DisableSpecificResponse|Form owner turns off the setting allowing only specific people or specific groups in the current organization to respond to the form.|
+|Added specific responder<sup>*</sup>|AddSpecificResponder|Form owner adds a new user or group to the specific responders list.|
+|Removed specific responder<sup>*</sup>|RemoveSpecificResponder|Form owner removes a user or group from the specific responders list.|
+|Disabled collaboration<sup>*</sup>|DisableCollaboration|Form owner turns off the setting of collaboration on the form.|
+|Enabled Office 365 work or school account collaboration<sup>*</sup>|EnableWorkOrSchoolCollaboration|Form owner turns on the setting allowing users with an Office 365 work or school account to view and edit the form.|
+|Enabled people in my organization collaboration<sup>*</sup>|EnableSameOrgCollaboration|Form owner turns on the setting allowing users in the current organization to view and edit the form.|
+|Enabled specific people collaboration<sup>*</sup>|EnableSpecificCollaboaration|Form owner turns on the setting allowing only specific people or specific groups in the current organization to view and edit the form.|
+|Connected to Excel workbook<sup>*</sup>|ConnectToExcelWorkbook|Connected the form to an Excel workbook. <br><br>Property ExcelWorkbookLink:string indicates the associated Excel workbook ID of the current form.|
|||| #### Forms activities performed by coauthors and anonymous responders
compliance Set Up Advanced Audit https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-advanced-audit.md
Advanced Audit features such as the ability to log crucial events such as MailIt
5. If the checkbox isn't selected, select it, and then click **Save changes.**
- The logging of audit records for MailItemsAccessed and Send will begin within 24 hours. You have to perform Step 3 to start logging of two other Advanced Audit crucial events: SearchQueryInitiatedExchange and SearchQueryInitiatedSharePoint.
+ The logging of audit records for MailItemsAccessed and Send will begin within 24 hours. You have to perform Step 3 to start logging of two other Advanced Audit events: SearchQueryInitiatedExchange and SearchQueryInitiatedSharePoint.
For organizations that assign licenses to groups of users by using group-based licensing, you have to turn off the licensing assignment for Microsoft 365 Advanced Auditing for the group. After you save your changes, verify that Microsoft 365 Advanced Auditing is turned off for the group. Then turn the licensing assignment for the group back on. For instructions about group-based licensing, see [Assign licenses to users by group membership in Azure Active Directory](/azure/active-directory/users-groups-roles/licensing-groups-assign).
-Also, if you have customized the mailbox actions that are logged on user mailboxes or shared mailboxes, any new crucial events released by Microsoft will not be automatically audited on those mailboxes. For information about changing the mailbox actions that are audited for each logon type, see the "Change or restore mailbox actions logged by default" section in [Manage mailbox auditing](enable-mailbox-auditing.md#change-or-restore-mailbox-actions-logged-by-default).
+Also, if you have customized the mailbox actions that are logged on user mailboxes or shared mailboxes, any new Advanced Audit events released by Microsoft will not be automatically audited on those mailboxes. For information about changing the mailbox actions that are audited for each logon type, see the "Change or restore mailbox actions logged by default" section in [Manage mailbox auditing](enable-mailbox-auditing.md#change-or-restore-mailbox-actions-logged-by-default).
-## Step 2: Enable crucial events
+## Step 2: Enable Advanced Audit events
-You have to enable two crucial events (SearchQueryInitiatedExchange and SearchQueryInitiatedSharePoint) to be logged when users perform searches in Exchange Online and SharePoint Online. To enable these two events to be audited for users, run the following command (for each user) in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell):
+You have to enable two Advanced Audit events (SearchQueryInitiatedExchange and SearchQueryInitiatedSharePoint) to be logged when users perform searches in Exchange Online and SharePoint Online. To enable these two events to be audited for users, run the following command (for each user) in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell):
```powershell Set-Mailbox <user> -AuditOwner @{Add="SearchQueryInitiated"}
If the command to enable the auditing of search queries was previously run in a
In additional to the default policy that retains Exchange, SharePoint, and Azure AD audit records for one year, you can create additional audit log retention policies to meet the requirements of your organization's security operations, IT, and compliance teams. For more information, see [Manage audit log retention policies](audit-log-retention-policies.md).
-## Step 4: Search for crucial events
+## Step 4: Search for Advanced Audit events
-Now that you have Advanced Audit set up for your organization, you can search for crucial events and other activities when conducting forensic investigations. After completing Step 1 and Step 2, you can search the audit log for crucial events and other activities during forensic investigations of compromised accounts and other types of security or compliance investigations. For more information about conducting a forensics investigation of compromised user accounts by using the MailItemsAccessed crucial event, see [Use Advanced Audit to investigate compromised accounts](mailitemsaccessed-forensics-investigations.md).
+Now that you have Advanced Audit set up for your organization, you can search for crucial Advanced Audit events and other activities when conducting forensic investigations. After completing Step 1 and Step 2, you can search the audit log for Advanced Audit events and other activities during forensic investigations of compromised accounts and other types of security or compliance investigations. For more information about conducting a forensics investigation of compromised user accounts by using the MailItemsAccessed Advanced Audit event, see [Use Advanced Audit to investigate compromised accounts](mailitemsaccessed-forensics-investigations.md).
enterprise During And After Your Data Move https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/during-and-after-your-data-move.md
Some users open a shared mail folder from another mailbox (that the user has rea
When SharePoint Online is moved, data for the following services is also moved: -- One Drive for Business
+- OneDrive for Business
- Microsoft 365 Video services
enterprise Internet Sites In Microsoft Azure Using Sharepoint Server 2013 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/internet-sites-in-microsoft-azure-using-sharepoint-server-2013.md
- Ent_Architecture - seo-marvel-apr2020 ms.assetid: 0d93ff4a-8fbd-42b8-9227-d817dba0046d
-description: This article provides resources for designing and implementing Sharepoint Server 2013 Internet sites hosted in Azure Infrastructure Services.
+description: This article provides resources for designing and implementing SharePoint Server 2013 Internet sites hosted in Azure Infrastructure Services.
# Internet Sites in Microsoft Azure using SharePoint Server 2013
enterprise Modern Page Call Optimization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/modern-page-call-optimization.md
If the **Requests to SharePoint** result appears in the **Attention required** s
## Remediate performance issues related to too many calls on a page
-If a page contains too many calls, you can use the list of URLs in the **Requests to Sharepoint** results to determine whether there are any repeated calls, calls that should be batched, or calls that return data that should be cached.
+If a page contains too many calls, you can use the list of URLs in the **Requests to SharePoint** results to determine whether there are any repeated calls, calls that should be batched, or calls that return data that should be cached.
**Batching REST calls** can help to reduce performance overhead. For more information about API call batching, see [Make batch requests with the REST APIs](/sharepoint/dev/sp-add-ins/make-batch-requests-with-the-rest-apis).
enterprise Modern Portal Limits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/modern-portal-limits.md
- seo-marvel-apr2020 search.appverid: - MET150
-description: Learn about performance recommendations for modern sites in SharePoint Online, such as limiting calls to Sharepoint and external endpoints.
+description: Learn about performance recommendations for modern sites in SharePoint Online, such as limiting calls to SharePoint and external endpoints.
# SharePoint Online modern portal site limits
enterprise Navigation Options For Sharepoint Online https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/navigation-options-for-sharepoint-online.md
This article describes navigation options sites with SharePoint Publishing enabl
Navigation provider configuration can significantly impact performance for the entire site, and careful consideration must be taken to pick a navigation provider and configuration that scales effectively for the requirements of a SharePoint site. There are two out-of-the-box navigation providers, as well as custom navigation implementations.
-The first option, [**Structural navigation**](#using-structural-navigation-in-sharepoint-online), is the recommended navigation option in SharePoint Online for classic Sharepoint sites, **if you turn on structural navigation caching for your site**. This navigation provider displays the navigation items below the current site, and optionally the current site and its siblings. It provides additional capabilities such as security trimming and site structure enumeration. If caching is disabled, this will negatively impact performance and scalability, and may be subject to throttling.
+The first option, [**Structural navigation**](#using-structural-navigation-in-sharepoint-online), is the recommended navigation option in SharePoint Online for classic SharePoint sites, **if you turn on structural navigation caching for your site**. This navigation provider displays the navigation items below the current site, and optionally the current site and its siblings. It provides additional capabilities such as security trimming and site structure enumeration. If caching is disabled, this will negatively impact performance and scalability, and may be subject to throttling.
The second option, [**Managed (Metadata) navigation**](#using-managed-navigation-and-metadata-in-sharepoint-online), represents navigation items using a Managed Metadata term set. We recommend that security trimming be disabled unless required. Security trimming is enabled as a secure-by-default setting for this navigation provider; however, many sites do not require the overhead of security trimming since navigation elements often are consistent for all users of the site. With the recommended configuration to disable security trimming, this navigation provider does not require enumerating site structure and is highly scalable with acceptable performance impact.
enterprise Upgrade From Sharepoint 2010 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/upgrade-from-sharepoint-2010.md
search.appverid:
ms.assetid: 985a357f-6db7-401f-bf7a-1bafdf1f312c f1.keywords: - NOCSH
-description: Find information and resources to upgrade from SharePoint 2010 and Sharepoint Server 2010. Support for both ends April 13, 2021.
+description: Find information and resources to upgrade from SharePoint 2010 and SharePoint Server 2010. Support for both ends April 13, 2021.
lti Teams Classes With Canvas https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-classes-with-canvas.md
Microsoft Teams classes is a Learning Tools Interoperability (LTI) app that help
> The current Class Teams LTI only supports syncing Canvas users with Microsoft Azure Active Directory (AAD) in a limited scope. > - Your tenant must have an Microsoft Education license. > - Only a single Microsoft tenant can be used for mapping users between Canvas and Microsoft.
-> - You will have to turn off SDS before using the Class Teams LTI in order to avoid duplication of groups.
+> - You will have to turn off School Data Sync (SDS) before using the Class Teams LTI in order to avoid duplication of groups.
## Microsoft Office 365 Admin
lti Teams Meetings With Canvas https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/teams-meetings-with-canvas.md
Microsoft Teams meetings is a Learning Tools Interoperability (LTI) app that hel
> The current Teams Meetings LTI only supports syncing Canvas users with Microsoft Azure Active Directory (AAD) in a limited scope. > - Your tenant must have an Microsoft Education license. > - Only a single Microsoft tenant can be used for mapping users between Canvas and Microsoft.
-> - You will have to turn off SDS before using the Class Teams LTI in order to avoid duplication of groups.
+> - You will have to turn off School Data Sync (SDS) before using the Class Teams LTI in order to avoid duplication of groups.
## Microsoft Office 365 Admin
managed-desktop Privacy Personal Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/privacy-personal-data.md
Microsoft 365 Apps for enterprise collects and shares data with Microsoft Manage
Microsoft Managed Desktop follows a change control process as outlined in our service communication framework. We notify customers through the Microsoft 365 Message Center and Microsoft Managed Desktop Admin portal of both security incidents and major changes to the service. Changes to the types of data gathered and where it is stored are considered a material change. We will provide a minimum of 30 days of advanced notification of this change as is standard practice for Microsoft 365 products and services. For more information, see [Service changes and communication](/microsoft-365/managed-desktop/service-description/servicechanges). ## Compliance
-Microsoft Managed Desktop has undergone external audits and obtained a comprehensive set of compliance offerings. You can find more information in Microsoft Managed Desktop [Compliance](/microsoft-365/managed-desktop/intro/compliance). Audit reports are available for download at the Microsoft [Service Trust Portal](https://aka.ms/stp), which serves as a central repository for Microsoft Enterprise Online Services. (Microsoft Managed Desktop is listed within these documents under the category ΓÇ£Monitoring and Management.ΓÇ¥)
+Microsoft Managed Desktop has undergone external audits and obtained a comprehensive set of compliance offerings. You can find more information in Microsoft Managed Desktop [Compliance](/microsoft-365/managed-desktop/intro/compliance). Audit reports are available for download at the Microsoft [Service Trust Portal](https://aka.ms/stp), which serves as a central repository for Microsoft Enterprise Online Services. (Microsoft Managed Desktop is listed within these documents under the category ΓÇ£Monitoring and Management.ΓÇ¥)
+
+## Data Subject Rights
+
+Microsoft Managed Desktop follows GDPR and CCPA privacy regulations, which give data subjects specific rights to their personal data. These rights include obtaining copies of personal data, requesting corrections to it, restricting the processing of it, deleting it, or receiving it in an electronic format so it can be moved to another controller. For more information about Data Subject Requests (DSRs) generally, see [Data Subject Requests and the GDPR and CCPA](/compliance/regulatory/gdpr-data-subject-requests).
+
+To exercise Data Subject Rights (DSRs) on data collected by the Microsoft Managed Desktop case management system, see the following:
+
+- Data from Microsoft Defender for Endpoint alerts: Your security administrator can request deletion or extraction of personal data related to Microsoft Defender for Endpoint alerts by submitting a report request at the [Admin Portal](https://aka.ms/memadmin). In the request, select request type **Change request**, category **Security**, and subcategory **Other**. Provide the relevant device names in the request description.
+- Data from Microsoft Managed Desktop support requests: Your IT administrator can request deletion or extraction of personal data related support requests by submitting a report request at the [Admin Portal](https://aka.ms/memadmin). In the request, select request type **Change request**, category **Security**, and subcategory **Other**. Provide the relevant device names or user names in the request description.
+
+For DSRs from other products related to the service, see the following articles:
+
+- Windows [diagnostic data](/compliance/regulatory/gdpr-dsr-windows)
+- Microsoft [Intune data](/compliance/regulatory/gdpr-dsr-intune)
+- Azure Active [Directory data](/compliance/regulatory/gdpr-dsr-azure)
## Legal **MicrosoftΓÇÖs privacy notice to end users of products provided by organizational customers** - The [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) notifies end users that when they sign in to Microsoft products with a work account, a) their organization can control and administer their account (including controlling privacy-related settings) and access and process their data, and b) Microsoft may collect and process the data to provide the service to the organization and end users.
scheduler Scheduler Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-setup.md
Tenant admins need to setup a Scheduler assistant mailbox and obtain Scheduler l
Learn more: [Scheduler for Microsoft 365 licensing](https://wwww.microsoft.com/microsoft-365/meeting-scheduler-pricing)
->[Note:
+>[Note]
>Meeting attendees do not need a Scheduler or Microsoft 365 license. <br>The Scheduler assistant mailbox does not require a Microsoft 365 or a Scheduler license. -
+## Prerequisites
| Prerequisite | Description | |-|-|
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
##### [Customize controlled folder access](customize-controlled-folders.md) #### [Device Control]()
-##### [Control USB devices](control-usb-devices-using-intune.md)
##### [Removable Storage Protection](device-control-removable-storage-protection.md) ##### [Removable Storage Access Control](device-control-removable-storage-access-control.md) ##### [Device Control Printer Protection](printer-protection.md)
+##### [Device Control reports](device-control-report.md)
#### [Behavioral blocking and containment]() ##### [Behavioral blocking and containment](behavioral-blocking-containment.md)
security Configure Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-updates.md
update channels:
| Setting title | Description | Location | |:|:|:|
-| Select gradual Microsoft Defender monthly platform update rollout channel | Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices. <br><br> Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments. <br><br> Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%). <br><br> Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). <br><br> If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices. | Windows Components\Microsoft Defender Antivirus |
+| Select gradual Microsoft Defender monthly platform update rollout channel | Enable this policy to specify when devices receive Microsoft Defender platform updates during the monthly gradual rollout. <br><br> Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices. <br><br> Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments. <br><br> Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%). <br><br> Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). <br><br> If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices. | Windows Components\Microsoft Defender Antivirus |
| Select gradual Microsoft Defender monthly engine update rollout channel | Enable this policy to specify when devices receive Microsoft Defender engine updates during the monthly gradual rollout. <br><br> Beta Channel: Devices set to this channel will be the first to receive new updates. Select Beta Channel to participate in identifying and reporting issues to Microsoft. Devices in the Windows Insider Program are subscribed to this channel by default. For use in (manual) test environments only and a limited number of devices. <br><br> Current Channel (Preview): Devices set to this channel will be offered updates earliest during the monthly gradual release cycle. Suggested for pre-production/validation environments. <br><br> Current Channel (Staged): Devices will be offered updates after the monthly gradual release cycle. Suggested to apply to a small, representative part of your production population (~10%). <br><br> Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). <br><br> If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices. | Windows Components\Microsoft Defender Antivirus | | Select gradual Microsoft Defender daily definition updates rollout channel | Enable this policy to specify when devices receive Microsoft Defender definition updates during the daily gradual rollout. <br><br> Current Channel (Staged): Devices will be offered updates after the release cycle. Suggested to apply to a small, representative part of production population (~10%). <br><br> Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). <br><br> If you disable or do not configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices. | Windows Components\Microsoft Defender Antivirus | | Disable gradual rollout of Microsoft Defender updates | Enable this policy to disable gradual rollout of Defender updates. <br><br> Current Channel (Broad): Devices set to this channel will be offered updates last during the gradual release cycle. Best for datacenter machines that only receive limited updates. <br><br> Note: This setting applies to both monthly as well as daily Defender updates and will override any previously configured channel selections for platform and engine updates. <br><br> If you disable or do not configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices. | Windows Components\Microsoft Defender Antivirus |
security Control Usb Devices Using Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/control-usb-devices-using-intune.md
audience: ITPro ms.technology: mde+ # How to control USB devices and other removable media using Microsoft Defender for Endpoint
Microsoft recommends [a layered approach to securing removable media](https://ak
You can view plug and play connected events in Microsoft Defender for Endpoint advanced hunting to identify suspicious usage activity or perform internal investigations. For examples of Defender for Endpoint advanced hunting queries, see the [Microsoft Defender for Endpoint hunting queries GitHub repo](https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries).
-Sample Power BI report templates are available for Microsoft Defender for Endpoint that you can use for Advanced hunting queries. With these sample templates, including one for device control, you can integrate the power of Advanced hunting into Power BI. See the [GitHub repository for PowerBI templates](https://github.com/microsoft/MDATP-PowerBI-Templates) for more information. See [Create custom reports using Power BI](/microsoft-365/security/defender-endpoint/api-power-bi) to learn more about Power BI integration.
+Sample Power BI report templates are available for Microsoft Defender for Endpoint that you can use for Advanced hunting queries. With these sample templates, including one for device control, you can integrate the power of Advanced hunting into Power BI. See the [GitHub repository for Power BI templates](https://github.com/microsoft/MDATP-PowerBI-Templates) for more information. See [Create custom reports using Power BI](/microsoft-365/security/defender-endpoint/api-power-bi) to learn more about Power BI integration.
## Allow or block removable devices The following table describes the ways Microsoft Defender for Endpoint can allow or block removable devices based on granular configuration.
For example, using either approach, you can automatically have the Microsoft Def
- [Defender/AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-csp-defender#defender-allowfullscanremovabledrivescanning) - [Policy/DeviceInstallation CSP](/windows/client-management/mdm/policy-csp-deviceinstallation) - [Perform a custom scan of a removable device](/samples/browse/?redirectedfrom=TechNet-Gallery)-- [Device Control PowerBI Template for custom reporting](https://github.com/microsoft/MDATP-PowerBI-Templates)
+- [Device Control Power BI Template for custom reporting](https://github.com/microsoft/MDATP-PowerBI-Templates)
- [BitLocker](/windows/security/information-protection/bitlocker/bitlocker-overview.md) - [Windows Information Protection](/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md)
security Create Alert By Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/create-alert-by-reference.md
One of the following permissions is required to call this API. To learn more, in
Permission type | Permission | Permission display name :|:|:
-Application | Alerts.ReadWrite.All | 'Read and write all alerts'
+Application | Alert.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' > [!NOTE]
security Device Control Removable Storage Access Control https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control.md
Deploy Removable Storage Access Control on Windows 10 devices that have antimalw
- **4.18.2104 or later**: Add SerialNumberId, VID_PID, filepath-based GPO support, ComputerSid - **4.18.2105 or later**: Add Wildcard support for HardwareId/DeviceId/InstancePathId/FriendlyNameId/SerialNumberId, the combination of specific user on specific machine, removeable SSD (a SanDisk Extreme SSD)/USB Attached SCSI (UAS) support-- **4.18.2107 or later**: Add Windows Portable Device (WPD) support (for mobile devices, such as tablets)
+- **4.18.2107 or later**: Add Windows Portable Device (WPD) support (for mobile devices, such as tablets); add AccountName into [advanced hunting](device-control-removable-storage-access-control.md#view-device-control-removable-storage-access-control-data-in-microsoft-defender-for-endpoint)
:::image type="content" source="images/powershell.png" alt-text="The PowerShell interface":::
The Microsoft 365 security portal shows removable storage blocked by the Device
```kusto //events triggered by RemovableStoragePolicyTriggered DeviceEvents
-| where ActionType == &quot;RemovableStoragePolicyTriggered&quot;
+| where ActionType == "RemovableStoragePolicyTriggered"
| extend parsed=parse_json(AdditionalFields) | extend RemovableStorageAccess = tostring(parsed.RemovableStorageAccess)  | extend RemovableStoragePolicyVerdict = tostring(parsed.RemovableStoragePolicyVerdict) 
DeviceEvents
| extend MediaProductId = tostring(parsed.ProductId)  | extend MediaVendorId = tostring(parsed.VendorId)  | extend MediaSerialNumber = tostring(parsed.SerialNumber) 
-| extend MediaVolume = tostring(parsed.Volume) 
-| project Timestamp, DeviceId, DeviceName, ActionType, RemovableStorageAccess, RemovableStoragePolicyVerdict, MediaBusType, MediaClassGuid, MediaClassName, MediaDeviceId, MediaInstanceId, MediaName, RemovableStoragePolicy, MediaProductId, MediaVendorId, MediaSerialNumber, MediaVolume
+| project Timestamp, DeviceId, DeviceName, InitiatingProcessAccountName, ActionType, RemovableStorageAccess, RemovableStoragePolicyVerdict, MediaBusType, MediaClassGuid, MediaClassName, MediaDeviceId, MediaInstanceId, MediaName, RemovableStoragePolicy, MediaProductId, MediaVendorId, MediaSerialNumber
| order by Timestamp desc ```
security Get Live Response Result https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-live-response-result.md
started](apis-intro.md).
|Permission type|Permission|Permission display name| ||||
-|Application|Machine.LiveResponse|Run live response on a specific machine|
+Application|Machine.Read.All|''Read all machine profiles''
+Application|"Machine.ReadWrite.All|'Read and write all machine information'
|Delegated (work or school account)|Machine.LiveResponse|Run live response on a specific machine| ## HTTP request
security Get Package Sas Uri https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-package-sas-uri.md
One of the following permissions is required to call this API. To learn more, in
Permission type|Permission|Permission display name :|:|:
-Application|Machine.CollectForensics|'Collect forensics'
+Application|Machine.Read.All|''Read all machine profiles''
+Application|"Machine.ReadWrite.All|'Read and write all machine information'
Delegated (work or school account)|Machine.CollectForensics|'Collect forensics' > [!NOTE]
security Indicator File https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/indicator-file.md
Cert and File IoC policy handling conflict will follow the below order:
If there are conflicting file IoC policies with the same enforcement type and target, the policy of the more secure (meaning longer) hash will be applied. For example, an SHA-256 file hash IoC policy will win over an MD5 file hash IoC policy if both hash types define the same file.
+> [!WARNING]
+> Policy conflict handling for files and certs differ from policy conflict handling for domains/URLs/IP addresses.
+ Threat and vulnerability management's block vulnerable application features uses the file IoCs for enforcement and will follow the above conflict handling order. ### Examples
security Mac Whatsnew https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-whatsnew.md
ms.technology: mde
> [!IMPORTANT] > On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md).
+## 101.37.97 (20.121062.13797.0)
+
+- Performance improvements & bug fixes
+ ## 101.34.28 (20.121061.13428.0) - Bug fixes
security Run Live Response https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-live-response.md
Runs a sequence of live response commands on a device
5. Live response commands cannot be queued up and can only be executed one at a time.
-6. Multiple live response commands can be run on a single API call. However, when a live response command fails all the following actions will not be
+6. If the machine that you are trying to run this API call is in an RBAC device group that does not have an automated remediation level assigned to it, you'll need to at least enable the minimum Remediation Level for a given Device Group.
+
+7. Multiple live response commands can be run on a single API call. However, when a live response command fails all the subsequent actions will not be
executed. ## Minimum Requirements
security Whats New In Microsoft Defender Atp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-atp.md
For more information on preview features, see [Preview features](preview.md).
- [Device group definitions](/microsoft-365/security/defender-endpoint/machine-groups) can now include multiple values for each condition. You can set multiple tags, device names, and domains to the definition of a single device group.
+- [Mobile Application management support](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730) <br> This enhancement enables Microsoft Defender for Endpoint protect an organizationΓÇÖs data within a managed application when Intune is being used to manage mobile applications. For more information about mobile application management, see [this documentation](/microsoft-365/mem/intune/apps/mam-faq).
+
+- [Microsoft Tunnel VPN integration](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730) <br> Microsoft Tunnel VPN capabilities is now integrated with Microsoft Defender for Endpoint app for Android. This unification enables organizations to offer a simplified end user experience with one security app ΓÇô offering both mobile threat defense and the ability to access on-prem resources from their mobile device, while security and IT teams are able to maintain the same admin experiences they are familiar with.
+
+- [Jailbreak detection on iOS](/microsoft-365/security/defender-endpoint/ios-configure-features.md#conditional-access-with-defender-for-endpoint-on-ios) <br> Jailbreak detection capability in Microsoft Defender for Endpoint on iOS is now generally available. This adds to the phishing protection that already exists. For more information, see [Setup Conditional Access Policy based on device risk signals](/microsoft-365/security/defender-endpoint/ios-configure-features.md#conditional-access-with-defender-for-endpoint-on-ios).
++ ## March 2021 - [Manage tamper protection using the Microsoft Defender Security Center](prevent-changes-to-security-settings-with-tamper-protection.md#manage-tamper-protection-for-your-organization-using-the-microsoft-365-defender-portal) <br> You can manage tamper protection settings on Windows 10, Windows Server 2016, and Windows Server 2019 by using a method called *tenant attach*.
security Eval Defender Endpoint Enable Eval https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-defender-endpoint-enable-eval.md
You'll first need to check the license state to verify that it was properly prov
After verifying that the license state has been provisioned properly, you can start onboarding devices to the service.
-For the purpose of evaluating Microsoft Defender for Endpoint, we recommend choosing a couple of Windows 10 devices to conduct the evaluation on.
+For the purpose of evaluating Microsoft Defender for Endpoint, we recommend choosing a couple of Windows 10 devices to conduct the evaluation on.
+
+You can choose to use any of the supported management tools, but Intune provides optimal integration. For more information, see [Configure Microsoft Defender for Endpoint in Microsoft Intune](/mem/intune/protect/advanced-threat-protection-configure.md#enable-microsoft-defender-for-endpoint-in-intune)
The [Plan deployment](../defender-endpoint/deployment-strategy.md) topic outlines the general steps you need to take to deploy Defender for Endpoint.
security Configure Advanced Delivery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-advanced-delivery.md
Set-PhishSimOverridePolicy -Identity PhishSimOverridePolicy -Enabled $false
For detailed syntax and parameter information, see [Set-PhishSimOverridePolicy](/powershell/module/exchange/set-phishsimoverridepolicy).
+### Use PowerShell to modify the simulation url settings
+
+To modify the phishing simulation override policy, use the following syntax:
+
+```powershell
+New-TenantAllowBlockListItems -ListType URL -ListSubType AdvancedDelivery -Entries "<url>"
+```
+For the URL syntax format, see [URL syntax for the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list#url-syntax-for-the-tenant-allowblock-list).
+
+This example adds a simulation URL for sub-domains of contoso.com.
+
+```powershell
+New-TenantAllowBlockListItems -ListType URL -ListSubType AdvancedDelivery -Entries "*.contoso.com"
+```
+
+For detailed syntax and parameter information, see [New-TenantAllowBlockListItems](/powershell/module/exchange/new-tenantallowblocklistitems).
+ ### Use PowerShell to modify a phishing simulation override rule To modify the phishing simulation override rule, use the following syntax:
security Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/defender-for-office-365.md
Title: Microsoft Defender for Office 365 - CSH
security View Email Security Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/view-email-security-reports.md
When you're finished configuring the filters, click **Apply**, **Cancel**, or **
In the **View data by Content \> Malware** view, the following information is shown in the chart for Microsoft Defender for Office 365 organizations: -- **Anti-malware engine**: Malicious files detected in Sharepoint, OneDrive, and Microsoft Teams by the [built-in virus detection in Microsoft 365](virus-detection-in-spo.md).
+- **Anti-malware engine**: Malicious files detected in SharePoint, OneDrive, and Microsoft Teams by the [built-in virus detection in Microsoft 365](virus-detection-in-spo.md).
- **File detonation**: Malicious files detected by [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](mdo-for-spo-odb-and-teams.md). In the details table below the chart, the following information is available:
solutions Groups Teams Compliance Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/groups-teams-compliance-governance.md
DLP in Teams can help protect sensitive information in Teams chat and channel me
- [Data loss prevention and Microsoft Teams](../compliance/dlp-microsoft-teams.md)
-If you have sensitive information that is unique to your organization, such as project code names, you can create your own sensitive information types and apply them to DLP policies to protect content in groups, teams, and Sharepoint.
+If you have sensitive information that is unique to your organization, such as project code names, you can create your own sensitive information types and apply them to DLP policies to protect content in groups, teams, and SharePoint.
- [Custom sensitive information types](../compliance/sensitive-information-type-learn-about.md)