Updates from: 08/20/2021 03:30:00
Category Microsoft Docs article Related commit history on GitHub Change details
admin Transfer Data Manually https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/transfer-data-manually.md
Prepare to roll up your sleeves and block out a chunk of time on your calendar:
|**Tasks**|**Steps**| |:--|:--|
-|Purchase the plan you want to move to. <br/> |When you sign up, you specify the company name to use in the initial domain names: *yourcompany* .onmicrosoft.com, *yourcompany* -public.sharepoint.com, and *yourcompany* .sharepoint.com. You need to use a different *yourcompany* name than you did for any existing subscriptions. <br/> > [!NOTE]> It typically takes a minimum of several months after cancelling a subscription to release the initial domain names that use *yourcompany* from our systems. Even if you plan to save all your data from your old Microsoft 365 subscription, and cancel that subscription, the old *yourcompany* value is not immediately available for use in a new subscription. |
+|Purchase the plan you want to move to. <br/> |When you sign up, you specify the company name to use in the initial domain names: *yourcompany* .onmicrosoft.com, *yourcompany* -public.sharepoint.com, and *yourcompany* .sharepoint.com. You need to use a different *yourcompany* name than you did for any existing subscriptions. <br/> > [!NOTE]> It typically takes a minimum of several months after canceling a subscription to release the initial domain names that use *yourcompany* from our systems. Even if you plan to save all your data from your old Microsoft 365 subscription, and cancel that subscription, the old *yourcompany* value is not immediately available for use in a new subscription. |
|Remove your custom domain from your old Microsoft 365 subscription. <br/> | Follow the [required steps before you remove a domain](remove-a-domain.md) to remove the domain name from user email addresses and remove DNS records for email and Lync for the custom domain. If you host your public website on Microsoft 365, you'll also need to remove the CNAME record that points to it. <br/> > [!IMPORTANT]> After you remove the MX record that routes email to this custom domain, email will stop working until you have added the domain to your new account, set up the new MX record, and set up your users. When you remove the DNS records for Lync, Lync will stop working. And after you remove the CNAME record that points to your public website, it will not be available. [Remove the domain](remove-a-domain.md) . <br/> | |Set up your custom domain for your new subscription, and set up your users. <br/> | Set up your new subscription, including creating the required DNS records for your custom domain. <br/> Create your users, with email addresses on your custom domain. <br/> | |Transfer data from your old subscription to your new subscription. <br/> | Sign in to both accounts in separate browser windows: <br/> Right-click your browser icon, and open two private browser windows. You can use different credentials in the two windows to sign in on both accounts. <br/> [Transfer administrative settings between subscriptions](#email) <br/> [Transfer team site structure and data](#transfer-team-site-structure-and-data) <br/> [Transfer a public website between subscriptions](#transfer-a-public-website-between-subscriptions) <br/> [Transfer administrative settings between subscriptions](#email) <br/> |
There are several ways to save or transfer team site data:
Ask users to [move their email, contacts, tasks, and calendar information](https://support.microsoft.com/office/0996ece3-57c6-49bc-977b-0d1892e2aacc) after you set up your new subscription. They can get to their old email by using their initial user name, such as sue@contoso.onmicrosoft.com.
-### OneDrive For Business data:
+### OneDrive for Business data:
Ask users to Copy/Sync [OneDrive for Business content to their computer](https://support.microsoft.com/office/59b1de2b-519e-4d3a-8f45-51647cf291cd), and then add it back to their new subscription. ### OneNote
-Ask users to [Back up OneNote](https://support.microsoft.com/office/back-up-notes-f58b34b0-611d-435e-87fa-7942a1767af4?ui=en-us&rs=en-us&ad=us) and to [Restore notes from a backup](https://support.microsoft.com/en-us/office/restore-notes-from-a-backup-5daf9cb0-6769-4998-a5de-f044fdd0d831?ui=en-us&rs=en-us&ad=us) to their new subscriptions.
+Ask users to [Back up OneNote](https://support.microsoft.com/office/back-up-notes-f58b34b0-611d-435e-87fa-7942a1767af4?ui=en-us&rs=en-us&ad=us) and to [Restore notes from a backup](https://support.microsoft.com/en-us/office/restore-notes-from-a-backup-5daf9cb0-6769-4998-a5de-f044fdd0d831?ui=en-us&rs=en-us&ad=us) to their new subscriptions.
admin Self Service Sign Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/self-service-sign-up.md
Following are the currently available self-service programs. This list will be u
|**Office 365 A1 Plus** <br/> |Eligible students and teachers can sign up for Office 365 A1 Plus, which includes everything mentioned above plus Microsoft 365 Apps for enterprise. Microsoft 365 Apps for enterprise is productivity software, including Word, PowerPoint, Excel, Outlook, OneNote, Publisher, Access, and Skype for Business, that is installed on your desktop or laptop computer. <br/> |[Office 365 Education Technical FAQ](/microsoft-365/education/deploy/office-365-education-self-sign-up) <br/> |[Office 365 Education](https://go.microsoft.com/fwlink/p/?linkid=140841) <br/> | |**Power BI** <br/> |Power BI enables users to visualize data, share discoveries, and collaborate in intuitive new ways. <br/> If your organization already subscribes you may additionally see licenses for "Power BI Pro Individual User Trial," which offer users limited, free access to advanced capabilities. <br/> |[Power BI in your organization](./power-bi-in-your-organization.md) <br/> |[Microsoft Power BI](https://go.microsoft.com/fwlink/p/?LinkId=536629) <br/> | |**Rights Management Services (RMS)** <br/> |RMS for individuals is a free self-service subscription for users in an organization who have been sent sensitive files that have been protected by Azure Rights Management (Azure RMS), but their IT department has not implemented Azure Rights Management (Azure RMS), or Active Directory Rights Management Services (AD RMS). <br/> |[RMS for Individuals and Azure Rights Management](/azure/information-protection/rms-for-individuals) <br/> |[Microsoft Rights Management portal](https://portal.azure.com/) so you can check whether you can open a given rights-protected document. <br/> |
-|**Microsoft Power Apps** <br/> |In PowerApps, you can manage organizational data by running an app that you created or that someone else created and shared with you. Apps run on mobile devices such as phones, or you can run them in a browser by opening Dynamics 365. You can create an infinite variety of apps - all without learning a programming language such as C#. <br/> |[Self-service sign up for PowerApps](/powerapps/maker/signup-for-powerapps) <br/> |[Microsoft Power Apps](https://go.microsoft.com/fwlink/p/?linkid=841462) <br/> |
+|**Microsoft Power Apps** <br/> |In Power Apps, you can manage organizational data by running an app that you created or that someone else created and shared with you. Apps run on mobile devices such as phones, or you can run them in a browser by opening Dynamics 365. You can create an infinite variety of apps - all without learning a programming language such as C#. <br/> |[Self-service sign up for Power Apps](/powerapps/maker/signup-for-powerapps) <br/> |[Microsoft Power Apps](https://go.microsoft.com/fwlink/p/?linkid=841462) <br/> |
|**Dynamics 365 for Financials** <br/> |Get a complete business and financial management solution for small and medium-sized businesses. Dynamics 365 for Financials makes ordering, selling, invoicing, and reporting easierΓÇöstarting on day one. <br/> |[Microsoft Dynamics 365 for Financials](https://go.microsoft.com/fwlink/p/?linkid=841466) <br/> |[Microsoft Dynamics 365 for Financials](https://go.microsoft.com/fwlink/p/?linkid=841466) <br/> | |**Microsoft Dynamics 365 for Operations** <br/> |Increase your speed of doing business. The complete ERP tools in Dynamics 365 for Operations provide global scalability and digital intelligence to help you grow at your pace. <br/> |[Microsoft Dynamics 365 for Operations](https://go.microsoft.com/fwlink/p/?linkid=841467) <br/> |[Microsoft Dynamics 365 for Operations](https://go.microsoft.com/fwlink/p/?linkid=841467) <br/> | |**Microsoft AppSource** <br/> |Microsoft AppSource is a destination for software-as-a-service business apps built on the Microsoft cloud platform. AppSource features hundreds of apps, add-ons, and content packs that extend the functionality of Microsoft products like Azure, Dynamics 365, Office 365, and Power BI. <br/> |[Microsoft AppSource](https://go.microsoft.com/fwlink/p/?linkid=841474) <br/> |[Microsoft AppSource](https://go.microsoft.com/fwlink/p/?linkid=841474) <br/> |
admin Services In China https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/services-in-china.md
If you would like to learn how to get started with general Office 365 services,
|:--|:--| |Sharing a document, library, or site by email with someone outside of your organization <br/> |This feature is available, but off by default as using it could make files shared accessible outside of your country. Administrators do have the ability to turn it on, but will get a warning message indicating that it could make files shared accessible outside of your country. Users who attempt to share with someone outside of the organization will also receive a warning. For more information, see [Share SharePoint files or folders in Office 365](https://support.microsoft.com/office/1fe37332-0f9a-4719-970e-d2578da4941c). <br/> | |Access Services <br/> |Access 2013 is supported, but adding new Access apps may not be available as this feature will be retired from Office 365 and SharePoint Online. Creation of new Access-based web apps and Access web databases in Office 365 and SharePoint Online will stop starting in June 2017 and any remaining web apps and web databases by April 2018. Additionally, Access 2010 functionality is not supported, and attempting to use an Access 2010 database will result in errors and possible data loss. <br/> |
-|Microsoft PowerApps <br/> |Coming soon. <br/> |
+|Microsoft Power Apps <br/> |Coming soon. <br/> |
|Information Rights Management (IRM) <br/> |The ability to set IRM capabilities to SharePoint for your organization is coming soon. <br/> | |Ability to translate text or pages <br/> |Available, but off by default. Tenant admins can turn this ability on, but the translation cloud service may be located outside your country. If you do not want users to send content to a translation cloud service, you may keep these features disabled. <br/> | |Public website ICP registration <br/> |China Internet compliance policy requires that you get an Internet Content Provider (ICP) number for your public website. |
admin Navigate And Utilize Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/navigate-and-utilize-reports.md
The user who has instantiated the template app will have the ability to customiz
- Create your own visuals by using the underlying [datasets](usage-analytics-data-model.md). -- Use PowerBI Desktop to bring in your own data sources.
+- Use Power BI Desktop to bring in your own data sources.
To share your reports, just select the share button ![Power BI Share icon](../../media/dbb0569d-2013-4f9d-ab9d-d01b09631b92.png) at the top of the page.
business-video Choose Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/choose-subscription.md
Choosing the right Microsoft 365 subscription is key to getting the most out of
| **Email &amp; calendar** | Outlook, Exchange Online | 50 GB | 50 GB | 100 GB | | **Hub for teamwork** | Chat-based workspace, online meetings, and more in Microsoft Teams | Yes | Yes | Yes | | **File storage** | OneDrive for Business | 1 TB per user | 1 TB per user | Unlimited |
-| **Social, video, sites** | Stream, Yammer, Planner, SharePoint Online\*, PowerApps\*, Microsoft Flow\* | Yes | Yes | Yes |
+| **Social, video, sites** | Stream, Yammer, Planner, SharePoint Online\*, Power Apps\*, Microsoft Flow\* | Yes | Yes | Yes |
| **Business apps** | Scheduling apps - Bookings\*\* | Yes | Yes | Yes | | **Threat Protection** | Office 365 Advanced Threat Protection | No | Yes | No | | Windows Exploit Guard enforcement| | No | Yes | No |
commerce Allowselfservicepurchase Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell.md
This may be due to an older version of Transport Layer Security (TLS). To connec
### Solution
-Upgrade to TLS 1.2: (/mem/configmgr/core/plan-design/security/enable-tls-1-2)
+Upgrade to TLS 1.2. The following syntax updates the ServicePointManager Security Protocol to TLS1.2:
+
+```powershell
+ [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
+```
+
+To learn more, see [How to enable TLS 1.2](/mem/configmgr/core/plan-design/security/enable-tls-1-2).
<!-- ## Uninstall the MSCommerce module
compliance Archive 17A 4 Skype For Business Server Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-skype-for-business-server-data.md
description: "Learn how to set up and use a 17a-4 Skype for Business Server DataParser connector to import and archive Skype for Business Server data in Microsoft 365."
-# Set up a connector to archive Skype for Business Server data (preview)
+# Set up a connector to archive Skype for Business Server data
Use the [Skype Server DataParser](https://www.17a-4.com/skype-server-dataparser/) from 17a-4 LLC to import and archive data from a Skype for Business Server to user mailboxes in your Microsoft 365 organization. The DataParser includes a Skype for Business connector that's configured to capture items from a third-party data source and import those items to Microsoft 365. The Skype for Business Server DataParser connector converts Skype for Business Server data to an email message format and then imports those items to user mailboxes in Microsoft 365.
compliance Archive Ringcentral Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-ringcentral-data.md
description: "Admins can set up a connector to import and archive RingCentral da
# Set up a connector to archive RingCentral data
-Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the RingCentral platform to user mailboxes in your Microsoft 365 organization. Veritas provides the RingCentral connector that is configured to capture items from the third-party data source and import those items to Microsoft 365. The connector converts content such as chats, attachments, tasks, notes, and posts from RingCentral to an email message format and then imports those items to the user mailboxes in Microsoft 365.
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from the RingCentral platform to user mailboxes in your Microsoft 365 organization. Veritas provides a [RingCentral](https://www.veritas.com/insights/merge1/ringcentral) connector that is configured to capture items from the third-party data source and import those items to Microsoft 365. The connector converts content such as chats, attachments, tasks, notes, and posts from RingCentral to an email message format and then imports those items to the user mailboxes in Microsoft 365.
After RingCentral data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels. Using a RingCentral connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
compliance Archive Rogers Network Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-rogers-network-archiver-data.md
description: "Admins can set up a TeleMessage connector to import and archive Rogers Network data in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."
-# Set up a connector to archive Rogers Network data (preview)
+# Set up a connector to archive Rogers Network data
Use the TeleMessage connector in the Microsoft 365 compliance center to import and archive SMS and MMS data from the Rogers mobile network. After you set up and configure a [Rogers Network Archiver connector](https://www.telemessage.com/mobile-archiver/network-archiver/rogers/), it connects to your organization's Rogers mobile network, and imports SMS and MMS data to mailboxes in Microsoft 365.
compliance Customer Key Manage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-manage.md
To create a DEP, you need to remotely connect to SharePoint Online by using Wind
2. In the Microsoft SharePoint Online Management Shell, run the Register-SPODataEncryptionPolicy cmdlet as follows: ```powershell
- Register-SPODataEncryptionPolicy -Identity <adminSiteCollectionURL> -PrimaryKeyVaultName <PrimaryKeyVaultName> -PrimaryKeyName <PrimaryKeyName> -PrimaryKeyVersion <PrimaryKeyVersion> -SecondaryKeyVaultName <SecondaryKeyVaultName> -SecondaryKeyName <SecondaryKeyName> -SecondaryKeyVersion <SecondaryKeyVersion>
+ Register-SPODataEncryptionPolicy <adminSiteCollectionURL> -PrimaryKeyVaultName <PrimaryKeyVaultName> -PrimaryKeyName <PrimaryKeyName> -PrimaryKeyVersion <PrimaryKeyVersion> -SecondaryKeyVaultName <SecondaryKeyVaultName> -SecondaryKeyName <SecondaryKeyName> -SecondaryKeyVersion <SecondaryKeyVersion>
``` Example: ```powershell
- Register-SPODataEncryptionPolicy -Identity https://contoso.sharepoint.com -PrimaryKeyVaultName 'stageRG3vault' -PrimaryKeyName 'SPKey3' -PrimaryKeyVersion 'f635a23bd4a44b9996ff6aadd88d42ba' -SecondaryKeyVaultName 'stageRG5vault' -SecondaryKeyName 'SPKey5' -SecondaryKeyVersion '2b3e8f1d754f438dacdec1f0945f251aΓÇÖ
+ Register-SPODataEncryptionPolicy https://contoso.sharepoint.com -PrimaryKeyVaultName 'stageRG3vault' -PrimaryKeyName 'SPKey3' -PrimaryKeyVersion 'f635a23bd4a44b9996ff6aadd88d42ba' -SecondaryKeyVaultName 'stageRG5vault' -SecondaryKeyName 'SPKey5' -SecondaryKeyVersion '2b3e8f1d754f438dacdec1f0945f251aΓÇÖ
``` When you register the DEP, encryption begins on the data in the geo. Encryption can take some time. For more information on using this parameter, see [Register-SPODataEncryptionPolicy](/powershell/module/sharepoint-online/register-spodataencryptionpolicy?preserve-view=true&view=sharepoint-ps).
Microsoft 365 audits and validates the data purge path. For more information, se
- [O365 Exit Planning Considerations](https://servicetrust.microsoft.com/ViewPage/TrustDocuments?command=Download&downloadType=Document&downloadId=77ea7ebf-ce1b-4a5f-9972-d2d81a951d99&docTab=6d000410-c9e9-11e7-9a91-892aae8839ad_FAQ_and_White_Papers)
-Purging of multi-workload DEP is not supported for Microsoft 365 Customer Key. The multi-workload DEP is used to encrypt data across multiple workloads across all tenant users. Purging such DEP would result into data from across multiple workloads become inaccessible. If you decide to exit Microsoft 365 services altogether then you could pursue the path of tenant deletion per the documented process. See [how to delete a tenant in Azure Active Directoy](/azure/active-directory/enterprise-users/directory-delete-howto).
+Purging of multi-workload DEP is not supported for Microsoft 365 Customer Key. The multi-workload DEP is used to encrypt data across multiple workloads across all tenant users. Purging such DEP would result into data from across multiple workloads become inaccessible. If you decide to exit Microsoft 365 services altogether then you could pursue the path of tenant deletion per the documented process. See [how to delete a tenant in Azure Active Directory](/azure/active-directory/enterprise-users/directory-delete-howto).
### Revoke your Customer Keys and the availability key for Exchange Online and Skype for Business
To initiate the data purge path for SharePoint Online, OneDrive for Business
- [Customer Lockbox](customer-lockbox-requests.md) -- [Service Encryption](office-365-service-encryption.md)
+- [Service Encryption](office-365-service-encryption.md)
compliance Search The Audit Log In Security And Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance.md
You can export the results of an audit log search to a comma-separated value (CS
2. On the search results page, click **Export** > **Download all results**.
- All entries from the audit log that meet the search criteria rre exported to a CSV file. The raw data from the audit log is saved to a CSV file. Additional information from the audit log entry is included in a column named **AuditData** in the CSV.
+ All entries from the audit log that meet the search criteria are exported to a CSV file. The raw data from the audit log is saved to a CSV file. Additional information from the audit log entry is included in a column named **AuditData** in the CSV.
> [!IMPORTANT] > You can download a maximum of 50,000 entries to a CSV file from a single audit log search. If 50,000 entries are downloaded to the CSV file, you can probably assume there are more than 50,000 events that met the search criteria. To export more than this limit, try using a date range to reduce the number of audit log entries. You might have to run multiple searches with smaller date ranges to export more than 50,000 entries.
The following table describes the file and page activities in SharePoint Online
|Moved file|FileMoved|User moves a document from its current location on a site to a new location.| |(none)|FilePreviewed|User previews files on a SharePoint or OneDrive for Business site. These events typically occur in high volumes based on a single activity, such as viewing an image gallery.| |Performed search query|SearchQueryPerformed|User or system account performs a search in SharePoint or OneDrive for Business. Some common scenarios where a service account performs a search query include applying an eDiscovery holds and retention policy to sites and OneDrive accounts, and auto-applying retention or sensitivity labels to site content.|
+|Recycled a file | FileRecycled | User moves a file into the SharePoint Recycle Bin. |
+|Recycled a folder | FolderRecycled | User moves a folder into the SharePoint Recycle Bin. |
|Recycled all minor versions of file|FileVersionsAllMinorsRecycled|User deletes all minor versions from the version history of a file. The deleted versions are moved to the site's recycle bin.| |Recycled all versions of file|FileVersionsAllRecycled|User deletes all versions from the version history of a file. The deleted versions are moved to the site's recycle bin.| |Recycled version of file|FileVersionRecycled|User deletes a version from the version history of a file. The deleted version is moved to the site's recycle bin.|
If a Forms activity is performed by a co-author or an anonymous responder, it wi
|Updated form phishing status|UpdatePhishingStatus|This event is logged whenever the detailed value for the internal security status was changed, regardless of whether this changed the final security state (for example, form is now Closed or Opened). This means you may see duplicate events without a final security state change. The possible status values for this event are:<br/>- Take Down <br/>- Take Down by Admin <br/>- Admin Unblocked <br/>- Auto Blocked <br/>- Auto Unblocked <br/>- Customer Reported <br/>- Reset Customer Reported| |Updated user phishing status|UpdateUserPhishingStatus|This event is logged whenever the value for the user security status was changed. The value of the user status in the audit record is **Confirmed as Phisher** when the user created a phishing form that was taken down by the Microsoft Online safety team. If an admin unblocks the user, the value of the user's status is set to **Reset as Normal User**.| |Sent Forms Pro invitation|ProInvitation|User clicks to activate a Pro trial.|
-|Updated form setting<sup>*</sup> |UpdateFormSetting|Form owner updates one or multiple form settings. <br><br>Property FormSettingName:string indicates updated sensitive settings' name. Property NewFormSettings:string indicates updated settings' name and new value. Property thankYouMessageContainsLink:boolean indicates updated thankyou message contains a URL link.|
+|Updated form setting<sup>*</sup> |UpdateFormSetting|Form owner updates one or multiple form settings. <br><br>Property FormSettingName:string indicates updated sensitive settings' name. Property NewFormSettings:string indicates updated settings' name and new value. Property thankYouMessageContainsLink:boolean indicates updated thank-you message contains a URL link.|
|Updated user setting|UpdateUserSetting|Form owner updates a user setting. <br><br>Property UserSettingName:string indicates the setting's name and new value| |Listed forms<sup>*</sup>|ListForms|Form owner is viewing a list of forms. <br><br>Property ViewType:string indicates which view the form owner is looking at: All Forms, Shared with Me, or Group Forms| |Submitted response|SubmitResponse|A user submits a response to a form. <br><br>Property IsInternalForm:boolean indicates if the responder is within the same organization as the form owner.|
compliance Sensitivity Labels Teams Groups Sites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-teams-groups-sites.md
Known limitations for this preview:
- The following features and apps might be incompatible with authentication contexts, so we encourage you to check that these continue to work after a user successfully accesses a site by using an authentication context:
- - Workflows that use PowerApps or Power Automate
+ - Workflows that use Power Apps or Power Automate
- Third-party apps ## Sensitivity label management
contentunderstanding Create A Form Processing Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/create-a-form-processing-model.md
description: Learn how to create a form processing model in SharePoint Syntex.
</br>
-Using [AI Builder](/ai-builder/overview)ΓÇöa feature in Microsoft PowerAppsΓÇöSharePoint Syntex users can create a [form processing model](form-processing-overview.md) directly from a SharePoint document library.
+Using [AI Builder](/ai-builder/overview) - a feature in Microsoft Power Apps - SharePoint Syntex users can create a [form processing model](form-processing-overview.md) directly from a SharePoint document library.
Creating a form processing model involves the following steps:
The first step in creating a form processing model is to name the model, define
## Step 2: Add and analyze documents
-After you create your new form processing model, your browser opens a new PowerApps AI Builder forms processing model page. On this page, you can add and analyze your example documents.
+After you create your new form processing model, your browser opens a new Power Apps AI Builder forms processing model page. On this page, you can add and analyze your example documents.
> [!NOTE] > When you look for example files to use, see the [form processing model input document requirements and optimization tips](/ai-builder/form-processing-model-requirements).
contentunderstanding Difference Between Document Understanding And Form Processing Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model.md
Document understanding models are created and managed in a SharePoint content ce
> [!NOTE] > For more information about input documents, see [Form processing model requirements and limitations](/ai-builder/form-processing-model-requirements).
-Form processing models are created in PowerApps [AI Builder](/ai-builder/overview), but the creation starts directly from a SharePoint document library. A document library must have form processing model creation enabled before a user can create a form processing model for it. Admins can enable form processing model creation in the content understanding admin settings. Form processing models use PowerAutomate flows to process files when they're uploaded to the document library.
+Form processing models are created in Power Apps [AI Builder](/ai-builder/overview), but the creation starts directly from a SharePoint document library. A document library must have form processing model creation enabled before a user can create a form processing model for it. Admins can enable form processing model creation in the content understanding admin settings. Form processing models use PowerAutomate flows to process files when they're uploaded to the document library.
When you create a document understanding model, you create a new [SharePoint content type](https://support.microsoft.com/office/use-content-types-to-manage-content-consistently-on-a-site-48512bcb-6527-480b-b096-c03b7ec1d978) that is saved to the SharePoint Content Types gallery. Or you can use existing content types to define your model if needed.
contentunderstanding Form Processing Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/form-processing-overview.md
description: Learn about form processing in Microsoft SharePoint Syntex.
![AI Builder](../media/content-understanding/ai-builder.png)</br>
-Microsoft SharePoint Syntex uses Microsoft PowerApps [AI Builder](/ai-builder/overview) form processing to create models within SharePoint document libraries.
+Microsoft SharePoint Syntex uses Microsoft Power Apps [AI Builder](/ai-builder/overview) form processing to create models within SharePoint document libraries.
You can use AI Builder form processing to create AI models that use machine learning technology to identify and extract key-value pairs and table data from structured or semi-structured documents, like forms and invoices.
enterprise Administering A Multi Geo Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/administering-a-multi-geo-environment.md
The DLP policies are automatically synchronized based on their applicability to
Implementing Information Protection and Data Loss prevention policies to all users in a geo location is not an option available in the UI, instead you must select the applicable accounts for the policy or apply the policy globally to all accounts.
-## Microsoft PowerApps
+## Microsoft Power Apps
-PowerApps created for the satellite location will use the end point located in the central location for the tenant. Microsoft PowerApps is not a Multi-Geo service.
+Power Apps created for the satellite location will use the end point located in the central location for the tenant. Microsoft Power Apps is not a Multi-Geo service.
## Power Automate
enterprise Assign Licenses To User Accounts With Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell.md
$subscriptionTo="<SKU part number of the new subscription>"
# Unassign $license = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense $licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
-$license.SkuId = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value $subscriptionFrom -EQ).SkuID
-$licenses.AddLicenses = $license
-Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $licenses
-$licenses.AddLicenses = @()
$licenses.RemoveLicenses = (Get-AzureADSubscribedSku | Where-Object -Property SkuPartNumber -Value $subscriptionFrom -EQ).SkuID Set-AzureADUserLicense -ObjectId $userUPN -AssignedLicenses $licenses # Assign
enterprise Azure Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/azure-integration.md
For more information about Microsoft 365 and Azure AD, see [Microsoft 365 identi
|**Feature**|**Description**| |:--|:--|
-|Integrated apps <br/> |You can grant individual apps access to your Microsoft 365 data, such as mail, calendars, contacts, users, groups, files, and folders. You can also authorize these apps at global admin level and make them available to your entire company by registering the apps in Azure AD. Formore information, see [Integrated Apps and Azure AD for Microsoft 365 administrators](integrated-apps-and-azure-ads.md). <br/> Also see [Single sign-on](/azure/active-directory/manage-apps/what-is-single-sign-on). <br/> |
-|PowerApps <br/> | Power apps are focused apps for mobile devices that can connect to your existing data sources like SharePoint lists and other data apps. See [Create a PowerApp for a list in SharePoint Online](https://support.office.com/article/9338b2d2-67ac-4b81-8e67-97da27e5e9ab) and the [PowerApps page](https://powerapps.microsoft.com/) for details. <br/> |
+|Integrated apps <br/> |You can grant individual apps access to your Microsoft 365 data, such as mail, calendars, contacts, users, groups, files, and folders. You can also authorize these apps at global admin level and make them available to your entire company by registering the apps in Azure AD. For more information, see [Integrated Apps and Azure AD for Microsoft 365 administrators](integrated-apps-and-azure-ads.md). <br/> Also see [Single sign-on](/azure/active-directory/manage-apps/what-is-single-sign-on). <br/> |
+|Power Apps <br/> | Power Apps are focused apps for mobile devices that can connect to your existing data sources like SharePoint lists and other data apps. See [Create a Power App for a list in SharePoint Online](https://support.office.com/article/9338b2d2-67ac-4b81-8e67-97da27e5e9ab) and the [Power Apps page](https://powerapps.microsoft.com/) for details. <br/> |
## See also
-[Microsoft 365 Enterprise overview](microsoft-365-overview.md)
+[Microsoft 365 Enterprise overview](microsoft-365-overview.md)
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
The target admin setup is now complete!
#### Step-by-step instructions for the source tenant admin
-1. Sign in to your mailbox as the -ResourceTenantAdminEmail specified by the target admin during their setup. Find the email invitation from the target tenant, and then select the **Get Started** button.
+1. Sign in with your Global Admin credentials. Sign in to your mailbox as the -ResourceTenantAdminEmail specified by the target admin during their setup. Find the email invitation from the target tenant, and then select the **Get Started** button.
:::image type="content" source="../media/tenant-to-tenant-mailbox-move/invited-by-target-tenant.png" alt-text="You've been invited dialog box":::
enterprise Move Sharepoint Between Geo Locations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/move-sharepoint-between-geo-locations.md
If you are moving a site with apps, you must re-instantiate the app in the site'
In most cases Flows will continue to work after a SharePoint site geo move. We recommend that you test them once the move has completed.
-### PowerApps
+### Power Apps
-PowerApps need to be recreated in the destination location.
+Power Apps need to be recreated in the destination location.
### Data movement between geo locations
enterprise Ms Cloud Germany Transition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition.md
There are currently 39 services available as part of Office 365 services in the
30. Microsoft Forms 31. Power Automate for Office 365 32. Power Virtual Agents for Office 365
-33. PowerApps for Office 365
+33. Power Apps for Office 365
34. Microsoft Bookings 35. To-Do 36. Whiteboard
managed-desktop Technologies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/intro/technologies.md
Microsoft 365 Apps for enterprise (64-bit) | These Office applications will be s
OneDrive |Azure Active Directory Single Sign On is enabled for users when they first sign in to OneDrive.<br><br>Known Folder Redirection for "Desktop", "Document", and "Pictures" folders is included; enabled and configured by Microsoft Managed Desktop. Store Apps | Microsoft Sway and Power BI aren't shipped with the device. These apps are available for download from Microsoft Store. Win32 Applications | Teams isn't shipped with the device, but is packaged and provided by Microsoft for Microsoft Managed Desktop devices. Azure Information Protection Client isn't shipped with the device, but you can have it packaged for deployment.
-Web Applications | Yammer, Office in a browser, Delve, Flow, StaffHub, PowerApps, and Planner aren't shipped with the device. Users can access the web version of these applications with a browser.
+Web Applications | Yammer, Office in a browser, Delve, Flow, StaffHub, Power Apps, and Planner aren't shipped with the device. Users can access the web version of these applications with a browser.
## Windows 10 Enterprise E5 or E3 with Microsoft Defender for Endpoint
managed-desktop Device Lifecycle https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/managed-desktop/service-description/device-lifecycle.md
# Microsoft Managed Desktop product lifecycle
-Microsoft Managed Desktop benefits users assuring that they always use devices that offer the best performance, reliability, design, and security capabilities (such as support for features like Windows Hello). To accomplish this, Microsoft Managed Desktop maintains a short catalog of continuously updated approved devices. You can view approved devices by filtering for Microsoft Managed Desktop on the [Shop Windows 10 Pro business devices](https://www.microsoft.com/windowsforbusiness/view-all-devices) site.
+> [!NOTE]
+> As of September 18, 2021, this product lifecycle for Microsoft Managed Desktop will no longer apply. None of the requirements listed here will apply to devices in the service. Only the [hardware requirements](device-requirements.md) will be relevant.
++
+Microsoft Managed Desktop benefits users by assuring that they always use devices that offer the best performance, reliability, design, and security capabilities (such as support for features like Windows Hello). To accomplish this, Microsoft Managed Desktop maintains a short catalog of continuously updated approved devices. You can view approved devices by filtering for Microsoft Managed Desktop on the [Shop Windows 10 Pro business devices](https://www.microsoft.com/en-us/windowsforbusiness/view-all-devices) site.
This article details the lifecycle of devices as they are added and removed from the approved catalog.
security Batch Update Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/batch-update-alerts.md
One of the following permissions is required to call this API. To learn more, in
Permission type | Permission | Permission display name :|:|:
-Application | Alerts.ReadWrite.All | 'Read and write all alerts'
+Application | Alert.ReadWrite.All | 'Read and write all alerts'
Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' > [!NOTE]
security Cancel Machine Action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/cancel-machine-action.md
## API description
-Cancel an already launched machine action that are not yet in final state (completed, cancelled, failed).
+Cancel an already launched machine action that are not yet in final state (completed, canceled, failed).
## Limitations
started](apis-intro.md).
|Permission type|Permission|Permission display name| ||||
-|Application|Machine.CollectForensic <br> Machine.Isolate <br> Machine.RestrictExecution <br> Machine.Scan <br> Machine.Offboard <br> Machine.StopAndQuarantine <br> Machine.LiveResponse|Collect forensics <br>Isolate machine<br>Restrict code execution<br> Scan machine<br> Offboard machine<br> Stop And Quarantine<br> Run live response on a specific machine|
-|Delegated (work or school account)|Machine.CollectForensic<br> Machine.Isolate <br>Machine.RestrictExecution<br> Machine.Scan<br> Machine.Offboard<br> Machine.StopAndQuarantineMachine.LiveResponse|Collect forensics<br> Isolate machine<br> Restrict code execution<br> Scan machine<br>Offboard machine<br> Stop And Quarantine<br> Run live response on a specific machine|
+|Application|Machine.CollectForensics <br> Machine.Isolate <br> Machine.RestrictExecution <br> Machine.Scan <br> Machine.Offboard <br> Machine.StopAndQuarantine <br> Machine.LiveResponse|Collect forensics <br>Isolate machine<br>Restrict code execution<br> Scan machine<br> Offboard machine<br> Stop And Quarantine<br> Run live response on a specific machine|
+|Delegated (work or school account)|Machine.CollectForensics<br> Machine.Isolate <br>Machine.RestrictExecution<br> Machine.Scan<br> Machine.Offboard<br> Machine.StopAndQuarantineMachine.LiveResponse|Collect forensics<br> Isolate machine<br> Restrict code execution<br> Scan machine<br>Offboard machine<br> Stop And Quarantine<br> Run live response on a specific machine|
## HTTP request
security Control Usb Devices Using Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/control-usb-devices-using-intune.md
For information on device control related advance hunting events and examples on
## Respond to threats
-You can create custom alerts and automatic response actions with the [Microsoft Defender for Endpoint Custom Detection Rules](/microsoft-365/security/defender-endpoint/custom-detection-rules). Response actions within the custom detection cover both machine and file level actions. You can also create alerts and automatic response actions using [PowerApps](https://powerapps.microsoft.com/) and [Flow](https://flow.microsoft.com/) with the [Microsoft Defender for Endpoint connector](/connectors/wdatp/). The connector supports actions for investigation, threat scanning, and restricting running applications. It is one of over 200 pre-defined connectors including Outlook, Teams, Slack, and more. Custom connectors can also be built. See [Connectors](/connectors/) to learn more about connectors.
+You can create custom alerts and automatic response actions with the [Microsoft Defender for Endpoint Custom Detection Rules](/microsoft-365/security/defender-endpoint/custom-detection-rules). Response actions within the custom detection cover both machine and file level actions. You can also create alerts and automatic response actions using [Power Apps](https://powerapps.microsoft.com/) and [Flow](https://flow.microsoft.com/) with the [Microsoft Defender for Endpoint connector](/connectors/wdatp/). The connector supports actions for investigation, threat scanning, and restricting running applications. It is one of over 200 pre-defined connectors including Outlook, Teams, Slack, and more. Custom connectors can also be built. See [Connectors](/connectors/) to learn more about connectors.
For example, using either approach, you can automatically have the Microsoft Defender Antivirus run when a USB device is mounted onto a machine.
security Get Missing Kbs Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-missing-kbs-machine.md
Retrieves missing KBs (security updates) by device ID
```http GET /api/machines/{machineId}/getmissingkbs ```
+## Permissions
+
+The following permission is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md).
+
+Permission type | Permission | Permission display name
+:|:|:
+Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information'
## Request header
Here is an example of the response.
"url": "https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4540673", "machineMissedOn": 1, "cveAddressed": 97
- },
- ...
+ }
] } ```
security Get Remediation All Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-all-activities.md
One of the following permissions is required to call this API. To learn more, in
Permission type|Permission|Permission display name :|:|:
-Application|RemediationTask.Read.All|\'Read Threat and Vulnerability Management vulnerability information\'
+Application|RemediationTasks.Read.All|\'Read Threat and Vulnerability Management vulnerability information\'
Delegated (work or school account)|RemediationTask.Read|\'Read Threat and Vulnerability Management vulnerability information\' ## Properties
security Get Remediation Exposed Devices Activities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-exposed-devices-activities.md
One of the following permissions is required to call this API. To learn more, in
Permission type|Permission|Permission display name :|:|:
-Application|RemediationTask.Read.All|\'Read Threat and Vulnerability Management vulnerability information\'
+Application|RemediationTasks.Read.All|\'Read Threat and Vulnerability Management vulnerability information\'
Delegated (work or school account)|RemediationTask.Read.Read|\'Read Threat and Vulnerability Management vulnerability information\' ## Properties details
security Indicator File https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/indicator-file.md
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**+ - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
One of the options when takingΓÇ»[response actions on a file](respond-file-alert
Files automatically blocked by an indicator won't show up in the file's Action center, but the alerts will still be visible in the Alerts queue.
+## Private Preview: Alerting on file blocking actions
+
+> [!IMPORTANT]
+> Information in this section (**Public Preview for Automated investigation and remediation engine**) relates to prerelease product which might be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The current supported actions for file IOC are allow, audit and block and remediate.
+After choosing to block a file, you can choose whether triggering an alert is needed. In this way you will be able to control the number of alerts getting to your security operations teams and make sure only required alerts are raised.
+In Microsoft 365 Defender, go to Settings > Endpoints > Indicators > add new File hash
+Choose to Block and remediate the file
+Choose if to Generate an alert on the file block event and define the alerts settings:
+
+- The alert title
+- The alert severity
+- Category
+- Description
+- Recommended actions
+
+![Alert settings for file indicators](images/indicators-generate-alert.png)
+ > [!IMPORTANT] > >- Typically, file blocks are enforced and removed within a couple of minutes, but can take upwards of 30 minutes. > >- If there are conflicting file IoC policies with the same enforcement type and target, the policy of the more secure hash will be applied. An SHA-256 file hash IoC policy will win over an SHA-1 file hash IoC policy, which will win over an MD5 file hash IoC policy if the hash types define the same file. This is always true regardless of the device group.
-> In all other cases, if conflicting file IoC policies with the same enforcement target are applied to all devices and to the device's group, then for a device, the policy in the device group will win.
>
-> - If the EnableFileHashComputation group policy is disabled, the blocking accuracy of the file IoC is reduced. However, enabling `EnableFileHashComputation` may impact device performance. For example, copying large files from a network share onto your local device, especially over a VPN connection, might have an effect on device performance.
+>- In all other cases, if conflicting file IoC policies with the same enforcement target are applied to all devices and to the device's group, then for a device, the policy in the device group will win.
+>
+>- If the EnableFileHashComputation group policy is disabled, the blocking accuracy of the file IoC is reduced. However, enabling `EnableFileHashComputation` may impact device performance. For example, copying large files from a network share onto your local device, especially over a VPN connection, might have an effect on device performance.
>
-> For more information about the EnableFileHashComputation group policy, see [Defender CSP](/windows/client-management/mdm/defender-csp)
+> For more information about the EnableFileHashComputation group policy, see [Defender CSP](/windows/client-management/mdm/defender-csp).
+
+## Private Preview: Advanced hunting capabilities
+
+> [!IMPORTANT]
+> Information in this section (**Public Preview for Automated investigation and remediation engine**) relates to prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+You can query the response action activity in advance hunting. Below is a sample advance hunting query:
+
+```console
+search in (DeviceFileEvents, DeviceProcessEvents, DeviceEvents, DeviceRegistryEvents, DeviceNetworkEvents, DeviceImageLoadEvents, DeviceLogonEvents)
+Timestamp > ago(30d)
+| where AdditionalFields contains "EUS:Win32/CustomEnterpriseBlock!cl"
+```
+
+For more information about advanced hunting, see [Proactively hunt for threats with advanced hunting](advanced-hunting-overview.md).
+
+Below are additional thread names which can be used in the sample query from above:
+
+Files:
+
+- EUS:Win32/CustomEnterpriseBlock!cl
+- EUS:Win32/CustomEnterpriseNoAlertBlock!cl
+
+Certificates:
+
+- EUS:Win32/CustomCertEnterpriseBlock!cl
+
+The response action activity can also be viewable in the device timeline.
## Policy conflict handling
security Manage Indicators https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-indicators.md
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**+ - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - > [!TIP]
+>
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability gives SecOps the ability to set a list of indicators for detection and for blocking (prevention and response).
Create indicators that define the detection, prevention, and exclusion of entiti
Currently supported sources are the cloud detection engine of Defender for Endpoint, the automated investigation and remediation engine, and the endpoint prevention engine (Microsoft Defender Antivirus).
-**Cloud detection engine**<br>
+## Cloud detection engine
+ The cloud detection engine of Defender for Endpoint regularly scans collected data and tries to match the indicators you set. When there is a match, action will be taken according to the settings you specified for the IoC.
-**Endpoint prevention engine**<br>
+## Endpoint prevention engine
+ The same list of indicators is honored by the prevention agent. Meaning, if Microsoft Defender AV is the primary AV configured, the matched indicators will be treated according to the settings. For example, if the action is "Alert and Block", Microsoft Defender AV will prevent file executions (block and remediate) and a corresponding alert will be raised. On the other hand, if the Action is set to "Allow", Microsoft Defender AV will not detect nor block the file from being run.
-**Automated investigation and remediation engine**<BR>
-The automated investigation and remediation behave the same. If an indicator is set to "Allow", Automated investigation and remediation will ignore a "bad" verdict for it. If set to "Block", Automated investigation and remediation will treat it as "bad".
+## Automated investigation and remediation engine
-> [!NOTE]
-> The EnableFileHashComputation setting computes the file hash for the cert and file IoC during file scans. It supports IoC enforcement of hashes and certs belong to trusted applications. It will be concurrently enabled and disabled with the allow or block file setting. EnableFileHashComputation is enabled manually through Group Policy, and is disabled by default.
+The automated investigation and remediation behave the same. If an indicator is set to "Allow", Automated investigation and remediation will ignore a "bad" verdict for it. If set to "Block", Automated investigation and remediation will treat it as "bad".
+The EnableFileHashComputation setting computes the file hash for the cert and file IoC during file scans. It supports IoC enforcement of hashes and certs belong to trusted applications. It will be concurrently enabled and disabled with the allow or block file setting. EnableFileHashComputation is enabled manually through Group Policy, and is disabled by default.
The current supported actions are:+ - Allow - Alert only - Alert and block - Warn - >[!NOTE] > Using Warn mode will prompt your users with a warning if they open a risky app. The prompt won't block them from using the app, but you can provide a custom message and links to a company page that describes appropriate usage of the app. Users can still bypass the warning and continue to use the app if they need. For more information, see [Govern apps discovered by Microsoft Defender for Endpoint](/cloud-app-security/mde-govern). - You can create an indicator for:+ - [Files](indicator-file.md) - [IP addresses, URLs/domains](indicator-ip-domain.md) - [Certificates](indicator-certificates.md) - > [!NOTE]
-> There is a limit of 15,000 indicators per tenant. File and certificate indicators do not block [exclusions defined for Microsoft Defender Antivirus](/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus). Indicators are not supported in Microsoft Defender Antivirus when it is in passive mode.
+>
+> There is a limit of 15,000 indicators per tenant. File and certificate indicators do not block [exclusions defined for Microsoft Defender Antivirus](/windows/security/threat-protection/microsoft-defender-antivirus/configure-exclusions-microsoft-defender-antivirus). Indicators are not supported in Microsoft Defender Antivirus when it is in passive mode.
+
+## Public Preview for Automated investigation and remediation engine
+
+> [!IMPORTANT]
+> Information in this section (**Public Preview for Automated investigation and remediation engine**) relates to prereleased product which might be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+When creating a new indicator (IoC), one or more of the following actions are now available:
+
+- Allow ΓÇô the IoC will be allowed to run on your devices.
+- Audit ΓÇô an alert will be triggered when the IoC runs.
+- Block execution - the IoC will not be allowed to run.
+- Block and remediate - the IoC will not be allowed to run and a remediation action will be applied to the IoC.
+
+The table below shows exactly which actions are available per indicator (IoC) type:
+
+| IoC type | Available actions |
+|:|:|
+| [Files](indicator-file.md) | Allow <br> Audit <br> Block and remediate |
+| [IP addresses](indicator-ip-domain.md) | Allow <br> Audit <br> Block execution |
+| [URLs and domains](indicator-ip-domain.md) | Allow <br> Audit <br> Block execution |
+| [Certificates](indicator-certificates.md) | Allow <br> Block and remediate |
+
+For example, the original three IoC response actions were ΓÇ£allow,ΓÇ¥ ΓÇ£alert only,ΓÇ¥ and ΓÇ£alert and block.ΓÇ¥ As part of the update, the functionality of pre-existing IoCs will not change. However, the indicators were renamed to match the current supported response actions:
+
+- The ΓÇ£alert onlyΓÇ¥ response action was renamed to ΓÇ£auditΓÇ¥ with the generate alert setting enabled.
+- The ΓÇ£alert and blockΓÇ¥ response was renamed to ΓÇ£block and remediateΓÇ¥ with the optional generate alert setting.
+
+The IoC API schema and the threat ids in advance hunting have been updated to align with the renaming of the IoC response actions. The API scheme changes applies to all IoC Types.
+> [!Note]
+> For file indicators, raising an alert on block actions is optional.
+>
+> There is a limit of 15,000 indicators per tenant. File and certificate indicators do not block exclusions defined for Microsoft Defender Antivirus. Indicators are not supported in Microsoft Defender Antivirus when it is in passive mode.
+>
+> The format for importing new indicators (IoCs) has changed according to the new updated actions and alerts settings. We recommend downloading the new CSV format that can be found at the bottom of the import panel.
## Related topics
security Printer Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/printer-protection.md
To see device configuration reports, the account must have view reports permissi
Make sure that the Windows 10 devices that you plan on deploying Printer Protection to meet these requirements.
-1. Join the Insider Program.
- 1. The following Windows Updates are installed. - For Windows 1809: install Windows Update [KB5003217](https://support.microsoft.com/topic/may-20-2021-kb5003217-os-build-17763-1971-preview-08687c95-0740-421b-a205-54aa2c716b46) - For Windows 1909: install Windows Update [KB5003212](https://support.microsoft.com/topic/may-20-2021-kb5003212-os-build-18363-1593-preview-05381524-8380-4b30-b783-e330cad3d4a1) - For Windows 2004 or later
-1. If you're planning to deploy policy via Group Policy, the device must be MDATP joined; if you're planning to deploy policy via MEM, the device must be Intune joined.
+2. If you're planning to deploy policy via Group Policy, the device must be onboarded to Microsoft Defender for Endpoint joined; if you're planning to deploy policy via Microsoft Endpoint Manager, the device must be joined by using Microsoft Intune.
## Deploy Device Control Printer Protection policy
security Stop And Quarantine File https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/stop-and-quarantine-file.md
One of the following permissions is required to call this API. To learn more, in
Permission type|Permission|Permission display name :|:|: Application|Machine.StopAndQuarantine|'Stop And Quarantine'
+Application|Machine.Read.All|'Read all machine profiles'
+Application|Machine.ReadWrite.All|'Read and write all machine information'
Delegated (work or school account)|Machine.StopAndQuarantine|'Stop And Quarantine' > [!NOTE]
security Ti Indicator https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ti-indicator.md
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:**+ - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) - [!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)] [!include[Improve request performance](../../includes/improve-request-performance.md)] --- See the corresponding [Indicators page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal.
+- See the corresponding [Indicators page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal.
Method|Return Type|Description :|:|:
description|String|Description of the indicator.
recommendedActions|String|Recommended actions for the indicator. rbacGroupNames|List of strings|RBAC device group names where the indicator is exposed and active. Empty list in case it exposed to all devices.
+## Public Preview: Indicator types
+
+> [!IMPORTANT]
+> Information in this section (**Public Preview for Automated investigation and remediation engine**) relates to prereleased product which might be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+The indicator action types supported by the API are:
+
+- AlertAndBlock
+- Allow
+- Audit
+- Alert
+- Warn
+- BlockExecution
+- BlockRemdiation
+
+The API list of action types contains the new response actions along with the prior response actions (AlertAndBlock, and Alert).
+
+> [!Note]
+>
+> The prior response actions (AlertAndBlock, and Alert) will be removed when the feature has reached GAed. The estimated GA date with grace period is end of October 2021. We advise updating any existing templates or scripts as soon as possible.
+ ## Json representation ```json
security Admin Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md
Title: Admin submissions
+ Title: Manage submissions
f1.keywords: - NOCSH
ms.technology: mdo
ms.prod: m365-security
-# Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft
+# Use the Submissions portal to submit suspected spam, phish, URLs, and files to Microsoft
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender-for-office.md)]
For other ways to submit email messages, URLs, and attachments to Microsoft, see
4. In the **Select a reason for submitting to Microsoft** section, select one of the following options: - **Should not have been blocked (false positive)**
- - **Should have been blocked**: In the **The email should have been categorized as** section that appears, select one of the following values (if you're not sure, use your best judgement):
+ - **Should have been blocked**: In the **The email should have been categorized as** section that appears, select one of the following values (if you're not sure, use your best judgment):
- **Phish** - **Spam** - **Malware**
security Report False Positives And False Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-false-positives-and-false-negatives.md
ms.prod: m365-security
- [Microsoft 365 Defender](../defender/microsoft-365-defender.md) > [!NOTE]
-> If you're an admin in a Microsoft 365 organization with Exchange Online mailboxes, we recommend that you use the **Submissions** page in the Microsoft 365 Defender portal. For more information, see [Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft](admin-submission.md).
+> If you're an admin in a Microsoft 365 organization with Exchange Online mailboxes, we recommend that you use the **Submissions** page in the Microsoft 365 Defender portal. For more information, see [Use the Submissions portal to submit suspected spam, phish, URLs, and files to Microsoft](admin-submission.md).
In Microsoft 365 organizations with mailboxes in Exchange Online or on-premises mailboxes using hybrid modern authentication, you can submit false positives (good email that was blocked or sent to junk folder) and false negatives (unwanted email or phish that was delivered to the inbox) to Exchange Online Protection (EOP).
security Report Junk Email Messages To Microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft.md
In Microsoft 365 organizations with mailboxes in Exchange Online or standalone E
|Method|Description| |||
-|[Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft](admin-submission.md)|The recommended reporting method for admins in organizations with Exchange Online mailboxes (not available in standalone EOP).|
+|[Use the Submissions portal to submit suspected spam, phish, URLs, and files to Microsoft](admin-submission.md)|The recommended reporting method for admins in organizations with Exchange Online mailboxes (not available in standalone EOP).|
|[Enable the Report Message or the Report Phishing add-ins](enable-the-report-message-add-in.md)|Works with Outlook and Outlook on the web (formerly known as Outlook Web App). <p> Depending on your subscription, messages that users reported with the add-ins are available in [the Admin Submissions portal](admin-submission.md), [Automated investigation and response (AIR) results](air-view-investigation-results.md), the [User-reported messages report](view-email-security-reports.md#user-reported-messages-report), and [Explorer](threat-explorer-views.md#email--submissions). <p> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md). |[Report false positives and false negatives in Outlook](report-false-positives-and-false-negatives.md)|Submit false positives (good email that was blocked or sent to junk folder) and false negatives (unwanted email or phish that was delivered to the inbox) to Exchange Online Protection (EOP) using the Report Message feature.| |[Manually submit messages to Microsoft for analysis](submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis.md)|Manually send attached messages to specific Microsoft email addresses for spam, not spam, and phishing.|
security Submit Spam Non Spam And Phishing Scam Messages To Microsoft For Analysis https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis.md
ms.prod: m365-security
- [Microsoft 365 Defender](../defender/microsoft-365-defender.md) > [!NOTE]
-> If you're an admin in an organization with Exchange Online mailboxes, we recommend that you use the **Submissions** page in the Microsoft 365 Defender portal. For more information, see [Use Admin Submission to submit suspected spam, phish, URLs, and files to Microsoft](admin-submission.md).
+> If you're an admin in an organization with Exchange Online mailboxes, we recommend that you use the **Submissions** page in the Microsoft 365 Defender portal. For more information, see [Use the Submissions portal to submit suspected spam, phish, URLs, and files to Microsoft](admin-submission.md).
It can be frustrating when users in your organization receive junk messages (spam) or phishing messages in their Inbox, or if they don't receive a legitimate email message because it's marked as junk. We're constantly fine-tuning our spam filters to be more accurate.
solutions Financial Services Secure Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/financial-services-secure-collaboration.md
Collaboration typically requires various forms of communication, the ability to
Providing employees with a modern, cloud-based collaboration platform allows them to choose and integrate tools that make them more productive and empower them to find agile ways to work. Using Teams in conjunction with security controls and information governance policies that protect the organization can help your workforce communicate and collaborate effectively.
-Teams provides a collaboration hub for the organization. It helps bring people together to work productively on common initiatives and projects. Teams lets team members conduct 1:1 and multi-party chat conversations, collaborate and coauthor documents, and store and share files. Teams also facilitates online meetings through integrated enterprise voice and video. Teams can also be customized with Microsoft apps such as Microsoft Planner, Microsoft Dynamics 365, PowerApps, Power BI, and third-party line-of-business applications. Teams is designed for use by both internal team members and permitted external users who can join team channels, participate in chat conversations, access stored files, and leverage other applications
+Teams provides a collaboration hub for the organization. It helps bring people together to work productively on common initiatives and projects. Teams lets team members conduct 1:1 and multi-party chat conversations, collaborate and coauthor documents, and store and share files. Teams also facilitates online meetings through integrated enterprise voice and video. Teams can also be customized with Microsoft apps such as Microsoft Planner, Microsoft Dynamics 365, Power Apps, Power BI, and third-party line-of-business applications. Teams is designed for use by both internal team members and permitted external users who can join team channels, participate in chat conversations, access stored files, and leverage other applications
Every Microsoft Team is backed by a Microsoft 365 group. That group is considered the membership service for numerous Office 365 services, including Teams. Microsoft 365 groups are used to securely distinguish between "owners" and "members" and to control access to various capabilities within Teams. When coupled with appropriate governance controls and regularly administered access reviews, Teams allows only members and owners to utilize authorized channels and capabilities.
solutions Microsoft 365 Guest Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-guest-settings.md
Because OneDrive is a hierarchy of sites within SharePoint, the organization-lev
|Guests must sign in using the same account to which sharing invitations are sent|Off|Prevents guests from redeeming site sharing invitations using a different email address than the invitation was sent to. <p> [SharePoint and OneDrive integration with Azure AD B2B (Preview)](/sharepoint/sharepoint-azureb2b-integration-preview) does not use this setting because all guests are added to the directory based on the email address that the invitation was sent to. Alternate email addresses cannot be used to access the site.| |Allow guests to share items they don't own|On|When **On**, guests can share items that they don't own with other users or guests; when **Off** they cannot. Guests can always share items for which they have full control.| |People who use a verification code must reauthenticate after this many days|Off|This setting allows you to require that users authenticating with a one-time passcode need to reauthenticate after a certain number of days.|
+|Guest access to a site or OneDrive will expire automatically after this many days|On|If your administrator has set an expiration time for guest access, each guest that you invite to the site or with whom you share individual files and folders will be given access for a certain number of days. For more information visit, [Manage guest expiration for a site](https://support.microsoft.com/en-us/office/manage-guest-expiration-for-a-site-25bee24f-42ad-4ee8-8402-4186eed74dea)
### SharePoint and OneDrive file and folder link settings