| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| includes | Defender Content Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/includes/defender-content-updates.md | -## Week of July 10, 2023 +## Week of August 14, 2023 | Published On |Topic title | Change | |||--|-| 7/14/2023 | [What is Microsoft Defender Threat Intelligence (Defender TI)?](/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti) | added | +| 8/18/2023 | [What is Microsoft Defender Threat Intelligence (Defender TI)?](/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti) | modified | |
| admin | Microsoft Teams User Activity Preview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-user-activity-preview.md | Title: "Microsoft 365 admin center Teams user activity reports" Previously updated : 07/16/2020 Last updated : 08/21/2023 audience: Admin |
| admin | Add Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/add-users.md | Title: "Add users and assign licenses in Microsoft 365" f1.keywords: - NOCSH--++ audience: Admin |
| admin | Remove Former Employee Step 1 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-1.md | + - MSStore_Link + - TRN_M365B + - OKR_SMB_Videos + - AdminSurgePortfolio + - m365solution-removeemployee + - admindeeplinkEXCHANGE + - has-azure-ad-ps-ref search.appverid: - BCS160 - MET150 |
| admin | Remove Former Employee Step 5 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-5.md | f1.keywords: Previously updated : 02/18/2020 Last updated : 08/09/2023 audience: Admin |
| admin | Remove Former Employee | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee.md | f1.keywords: Previously updated : 02/18/2020 Last updated : 08/21/2020 audience: Admin To complete the steps in this series, you use these Microsoft 365 capabilities a |Outlook|Import pst files, add mailbox | |Active Directory|Remove users in hybrid environments | - ## Solution: Remove a former employee > [!IMPORTANT] Check out this video and others on our [YouTube channel](https://go.microsoft.co > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FOfR?autoplay=false] -When an employee leaves the company, you'll need to remove them from Microsoft 365 for business. Before doing so, you should block them from accessing company files, preserve the documents they created, and perform several other admin tasks associated with removing a user. +When an employee leaves the company, you'll need to remove them from your Microsoft 365 organization. Before doing so, you should block them from accessing company files, preserve the documents they created, and perform several other admin tasks associated with removing a user. 1. From the admin center, select **Users**, and choose **Active users**. 1. Select the user you want to remove, and then select **Delete user**. When an employee leaves the company, you'll need to remove them from Microsoft 3 1. Review your results, and select **Close**. After you remove a user, you have up to 30 days to restore their account.- + ## Does your organization use Active Directory? If your organization synchronizes user accounts to Microsoft 365 from a local Active Directory environment, you must delete and restore those user accounts in your local Active Directory service. You can't delete or restore them in Microsoft 365. |
| admin | Reset Passwords | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/reset-passwords.md | + - VSBFY23 + - TopSMBIssues + - MSStore_Link + - TRN_M365B + - OKR_SMB_Videos + - AdminSurgePortfolio + - AdminTemplateSet + - business_assist + - adminvideo + - has-azure-ad-ps-ref description: "Sign in with your Microsoft 365 admin account to reset passwords for users when you have a Microsoft 365 for business subscription." |
| admin | Set Password To Never Expire | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/set-password-to-never-expire.md | + - VSBFY23 + - MSStore_Link + - AdminSurgePortfolio + - AdminTemplateSet + - has-azure-ad-ps-ref search.appverid: description: "Sign in to your Microsoft 365 admin account to set some individual user passwords to never expire by using Azure AD PowerShell." |
| admin | Manage Device Access Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-device-access-settings.md | + - AdminSurgePortfolio + - has-azure-ad-ps-ref search.appverid: - MET150 description: "For devices you can't manage with Basic Mobility and Security, block Exchange ActiveSync app access to email and use Azure AD PowerShell to get details about org devices." The information is exported to your Windows Desktop as a CSV file. You can use a [Get-MgDevice](/powershell/module/microsoft.graph.users/get-mgdevice) -[Get-MgUserOwnedDevice](/powershell/module/microsoft.graph.users/get-mguserowneddevice) +[Get-MgUserOwnedDevice](/powershell/module/microsoft.graph.users/get-mguserowneddevice) |
| admin | Manage Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-groups.md | + - admindeeplinkMAC + - has-azure-ad-ps-ref search.appverid: - BCS160 - MET150 |
| admin | Manage Guest Access In Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/manage-guest-access-in-groups.md | + - AdminSurgePortfolio + - AdminTemplateSet + - admindeeplinkMAC + - has-azure-ad-ps-ref search.appverid: - MET150 - MOE150 |
| admin | About Shared Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/about-shared-mailboxes.md | f1.keywords: Previously updated : 02/18/2020 Last updated : 08/18/2023 audience: Admin Shared mailboxes are used when multiple people need access to the same mailbox, Users with permissions to the group mailbox can send as or send on behalf of the mailbox email address if the administrator has given that user permissions to do that. This is particularly useful for help and support mailboxes because users can send emails from "Contoso Support" or "Building A Reception Desk." -## Before you begin - Before you [create a shared mailbox](create-a-shared-mailbox.md), here are some things you should know: - **Licenses:** Your shared mailbox can store up to 50GB of data without you assigning a license to it. After that, you need to assign a license to the mailbox to store more data. For more details on shared mailbox licensing, please see [Exchange Online Limits](/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#StorageLimits). When a shared mailbox reaches the storage limit, you'll be able to receive email for a while, but you won't be able to send new email. Then, after that, it will stop receiving email. Senders to the mailbox will get a non-delivery receipt. Before you [create a shared mailbox](create-a-shared-mailbox.md), here are some > - The shared mailbox has more than 50 GB of storage in use. > - The shared mailbox uses in-place archiving. > - The shared mailbox is placed on litigation hold.-> -> For step-by-step instructions on how to assign licenses, see [Assign licenses to users](/microsoft-365/admin/manage/assign-licenses-to-users). ++> For step-by-step instructions on how to assign licenses, see [Assign licenses to users](/microsoft-365/admin/manage/assign-licenses-to-users). - **User permissions:** You need to give users permissions (membership) to use the shared mailbox. Only people inside your organization can use a shared mailbox. Before you [create a shared mailbox](create-a-shared-mailbox.md), here are some - **Signing in:** A shared mailbox is not intended for direct sign-in by its associated user account. You should always block sign-in for the shared mailbox account and keep it blocked. -- **Too many users:** When there are too many designated users concurrently accessing a shared mailbox (the max supported is 25), they may intermittently fail to connect to this mailbox or have inconsistencies like messages being duplicated in the outbox. In this case, you can consider reducing the number of users or using a different workload, such as a Microsoft 365 group or a Public folder.+- **Too many users:** When there are too many designated users concurrently accessing a shared mailbox (the max supported is 25), they may intermittently fail to connect to this mailbox or have inconsistencies like messages being duplicated in the outbox. In this case, reduce the number of users or use a different workload, like a Microsoft 365 group. - **Message deletion:** Unfortunately, you can't prevent people from deleting messages in a shared mailbox. The only way around this is to [create a Microsoft 365 group](/microsoft-365/admin/create-groups/create-groups) instead of a shared mailbox. A group in Outlook is like a shared mailbox. For a comparison of the two, see [Compare groups](../create-groups/compare-groups.md). To learn more about groups, see [Learn about Microsoft 365 groups](https://support.microsoft.com/office/b565caa1-5c40-40ef-9915-60fdb2d97fa2). -- **Multi-Geo** In a multi-geo environment, shared mailboxes need to be licensed the same way a user mailbox is licensed. Note that cross-geo mailbox auditing is not supported. For example, if a user is assigned permissions to access a shared mailbox in a different geo location, mailbox actions performed by that user are not logged in the mailbox audit log of the shared mailbox. -+- **Multi-Geo** In a multi-geo environment, shared mailboxes need to be licensed the same way a user mailbox is licensed. Note that cross-geo mailbox auditing is not supported. For example, if a user is assigned permissions to access a shared mailbox in a different geo location, mailbox actions performed by that user are not logged in the mailbox audit log of the shared mailbox. > [!NOTE] > To access a shared mailbox, a user must have an Exchange Online license, but the shared mailbox doesn't require a separate license. Every shared mailbox has a corresponding user account. Notice how you weren't asked to provide a password when you created the shared mailbox? The account has a password, but it's system-generated (unknown). You shouldn't use the account to log in to the shared mailbox. Without a license, shared mailboxes are limited to 50 GB. To increase the size limit to 100 GB, the shared mailbox must be assigned an Exchange Online Plan 2 license. The Exchange Online Plan 1 license with an Exchange Online Archiving add-on license will only increase the size of the archive mailbox. This will also let you enable auto-expanding archiving for additional archive storage capacity. Similarly, if you want to place a shared mailbox on litigation hold, the shared mailbox must have an Exchange Online Plan 2 license or an Exchange Online Plan 1 license with an Exchange Online Archiving add-on license. |
| admin | Configure A Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-a-shared-mailbox.md | f1.keywords: Previously updated : 02/18/2020 Last updated : 08/21/2023 audience: Admin -After you have [created a shared mailbox](create-a-shared-mailbox.md), you'll want to configure some settings for the mailbox users, such as email forwarding and automatic replies. Later, you might want to change other settings, such as the mailbox name, members, or member permissions. +After you have [created a shared mailbox](create-a-shared-mailbox.md), you'll want to configure some settings for the mailbox users, such as email forwarding and automatic replies. Later, you might want to change other settings, such as the mailbox name, members, or member permissions. -## Change the name or email alias of a shared mailbox, or change the primary email address +## Change the name of a shared mailbox 1. In the admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. -2. Select the shared mailbox you want to edit, and then select either **Edit name** or **Edit email addresses**. +2. Select the shared mailbox you want to edit, and then select **Edit** under **Basic information**. -3. Enter a new name for the shared mailbox, or add another email alias. If you want to change the primary email address, your mailbox must have more than one email alias. +3. Enter a new name for the shared mailbox. 4. Select **Save**. +## Change the email address of a shared mailbox ++1. In the admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. ++2. Select the shared mailbox you want to edit, and then select **Edit** under **Email addresses**. ++3. Enter a new email address for the shared mailbox. If you want to change the primary email address, your mailbox must have more than one email alias. + ## Forward emails that are sent to a shared mailbox You do not need to assign a license to the shared mailbox in order to forward email that's sent to it. You can forward the messages to any valid email address or distribution list. 1. In the admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. -2. Select the shared mailbox you want to edit, then select **Email forwarding** \> **Edit**. - -3. Set the toggle to **On**, and enter one email address to forward the messages to. It can be any valid email address. To forward to multiple addresses, you need to [create a distribution group](/office365/admin/setup/create-distribution-lists) for the addresses, and then enter the name of the group in this box. - +2. Select the shared mailbox you want to edit, then select **Edit** under **Email forwarding**. ++3. Select the checkbox to **Forward all emails sent to this mailbox**. Enter one email address to forward the messages to. It can be any valid email address. To forward to multiple addresses, you need to [create a distribution group](/office365/admin/setup/create-distribution-lists) for the addresses, and then enter the name of the group in this box. + 4. Select **Save**. ## Send automatic replies from a shared mailbox 1. In the admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. -2. Select the shared mailbox you want to edit, then select **Automatic replies** \> **Edit**. - -3. Set the toggle to **On**, and choose whether to send the reply to people inside your organization or outside your organization. +2. Select the shared mailbox you want to edit, then select **Edit** under **Automatic replies**. -4. Enter the reply you want to send to people inside your organization. You can't add images, only text. +3. Select the checkbox to **Send automatic replies to senders inside this organization**. -5. If you want to *also* send a reply to people outside your organization, select the check box, who you want to get the reply, and type the text. There's no way to only send to people outside your organization but not to people inside your organization. +4. Enter the replies you want to send to people inside or outside your organization. You can't add images, only text. -6. Select **Save**. +5. Select **Save**. ## Allow everyone to see the Sent email (the replies) By default, messages sent from the shared mailbox aren't saved to the Sent Items folder of the shared mailbox. Instead, they are saved to the Sent Items folder of the person who sent the message. -If you want to allow everyone to see the Sent email, in the admin center, edit the shared mailbox settings, and select **Sent items** \> **Edit**. -+If you want to allow everyone to see the Sent email, in the admin center, edit the shared mailbox settings. Select **Edit** under **Sent items**. Select the options you want for sent items. ## Choose the apps that a shared mailbox can use to access Microsoft email 1. In the admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. -2. Select the shared mailbox you want to edit, then select **Email apps** \> **Edit**. +2. Select the shared mailbox you want to edit, then select **Edit** under **Email apps**. -3. Set the toggle to **On** for all of the apps you want members to be able to use to access the shared mailbox. Set the toggle to **Off** for any apps you don't want them to use. +3. Select the checkboxes for all of the apps you want members to be able to use to access the shared mailbox. 4. Select **Save**. - ## Put a shared mailbox on litigation hold To learn more about litigation hold, see [Create a Litigation Hold](../../compliance/ediscovery-create-a-litigation-hold.md). -1. In the admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. +1. Go to the <a href="https://admin.exchange.microsoft.com/#/homepage" target="_blank"> Exchange admin center</a>. -2. Select the shared mailbox you want to edit, then select **Litigation hold** \> **Edit**. +2. Select **Recipients** > **Mailboxes** and select the shared mailbox you want to manage. -3. Set the toggle to **On**. +3. On the **Others** tab, select **Edit** under **Litigation hold**. -4. Optionally, enter a duration, s note about the hold, and a URL with more information. +4. Enter a duration, a note about the hold for the user if you want, and a URL with more information. 5. Select **Save**. - ## Add or remove members -1. In the admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. +1. In the Microsoft 365 admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. -2. Select the shared mailbox you want to edit, then select **Members** \> **Edit**. +2. Select the shared mailbox you want to edit, then select **Edit** under **Members**. 3. Do one of the following: - To add members, select **Add members**, search for or select a member to add, and then select **Save**.- - To remove members, use the Search box to search for the member if necessary, select the **X** next to the member's name, and then select **Save**. --4. Select **Save** again. + - To remove members, use the Search box to search for the member if necessary, deselect the member and choose **Remove member**. ## Add or remove permissions of members -1. In the admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. +1. In the Microsoft 365 admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. -2. Select the shared mailbox you want to edit, then select **Members** \> **Customize permissions**. +2. Select the shared mailbox you want to edit, then select **Members** > **Customize permissions**. -3. Select **Edit** next to the permission you want to change for a member. +Select Edit next to the permission you want to change for a member. -4. Do one of the following: +3. Do one of the following: - To give that permission to an additional member, select **Add permissions**, search for or select a member to add, and then select **Save**.- - To remove the permission from a member, use the Search box to search for the member if necessary, select the **X** next to the member's name, and then select **Save**. --4. Select **Save** again. + - To remove the permission from a member, use the Search box to search for the member if necessary, select the **X** next to the member's name, and then select **Save**. ## Show or hide a shared mailbox in the global address list -If you choose not to show the shared mailbox in the global address list, the mailbox won't appear in your organization's address list, but it will still receive email sent to it. +If you choose not to show the shared mailbox in the global address list, the mailbox won't appear in your organization's address list, but it will still receive email sent to it. -1. In the admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. +1. In the Microsoft 365 admin center, go to **Teams & groups** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2066847" target="_blank">Shared mailboxes</a>. -2. Select the shared mailbox you want to edit, then select **Show in global address list** \> **Edit**. +2. Select the shared mailbox you want to edit, then select **Edit** under **Show in global address list**. -3. Set the toggle to **On** or **Off**. --4. Select **Save**. +3. Select the option you want next to Show in my organization's global address list. Select **Save**. > [!NOTE] > Hiding a shared mailbox from address list will make it impossible for new shared mailbox members to add the hidden mailbox to their Outlook profile until the shared mailbox is again shown in the address list. |
| admin | Convert User Mailbox To Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/convert-user-mailbox-to-shared-mailbox.md | f1.keywords: Previously updated : 02/18/2020 Last updated : 08/18/2023 audience: Admin -description: "Learn to convert a private mailbox to a shared mailbox that can be accessed by several people instead of by just one person. " +description: "Learn to convert a private mailbox to a shared mailbox that can be accessed by several people instead of by just one person." # Convert a user mailbox to a shared mailbox -When you convert a user's mailbox to a shared mailbox, all of the existing email and calendar is retained. Only now it's in a shared mailbox where several people will be able to access it instead of one person. At a later date, you can convert a shared mailbox back to a user (private) mailbox. +When you convert a user's mailbox to a shared mailbox, all of the existing email and calendar information is retained. Only now it's in a shared mailbox where several people will be able to access it instead of one person. At a later date, you can convert a shared mailbox back to a user (private) mailbox. > [!TIP] > If you need help with the steps in this topic, consider [working with a Microsoft small business specialist](https://go.microsoft.com/fwlink/?linkid=2186871). With Business Assist, you and your employees get around-the-clock access to small business specialists as you grow your business, from onboarding to everyday use. When you convert a user's mailbox to a shared mailbox, all of the existing email **Here are some really important things that you need to know**: -- The user mailbox needs a license assigned to it before you convert it to a shared mailbox. Otherwise, you won't see the option to convert the mailbox. If you've removed the license, add it back so you can convert the mailbox. After converting the user mailbox to a shared mailbox, you can remove the license from the user's account.+- The user mailbox needs a license assigned to it before you convert it to a shared mailbox. Otherwise, you won't see the option to convert the mailbox. If you've removed the license, add it back so you can convert the mailbox. After converting the user mailbox to a shared mailbox, **you can remove the license from the user's account**. - Without a license, shared mailboxes are limited to 50 GB. You might need to delete a bunch of large messages (say, messages with attachments) from the shared mailbox to shrink it down so you can remove the license. When you convert a user's mailbox to a shared mailbox, all of the existing email - To put an In-Place Hold or a Litigation Hold on a shared mailbox, you must assign an Exchange Online Plan 2 license *or* an Exchange Online Plan 1 license and an Exchange Online Archiving add-on license to the shared mailbox. -## Use the Classic Exchange admin center to convert a mailbox --1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Classic Exchange admin center</a>. --2. Select **Recipients** \> **Mailboxes**. --3. Select the user mailbox. Under **Convert to Shared Mailbox**, select **Convert**. --4. If the mailbox is smaller than 50 GB, you can remove the [license from the user](../manage/remove-licenses-from-users.md), and stop paying for it. Don't delete the user's account. The shared mailbox needs it there as an anchor. If you're converting the mailbox of an employee that's leaving your organization, you should take additional steps to make sure that they can no longer log in. For more information, see [Remove a former employee from Microsoft 365](../add-users/remove-former-employee.md). --For everything else you need to know about shared mailboxes, see [About shared mailboxes](about-shared-mailboxes.md) and [Create a shared mailbox](create-a-shared-mailbox.md). --## Use the New Exchange admin center to convert a mailbox +## Use the Exchange admin center to convert a mailbox 1. Go to the <a href="https://admin.exchange.microsoft.com/#/homepage" target="_blank"> Exchange admin center</a>. After deleting a user account, follow these steps to convert their old mailbox t 2. Select **Recipients** \> **Mailboxes**. -3. Select the shared mailbox. Under **Convert to Regular Mailbox**, select **Convert**. +3. Select the shared mailbox. On the **Others** tab, select **Convert to regular mailbox**. ++4. Select **Confirm** on the Convert mailbox from shared to regular page. -4. Go back to the admin center. Under **Users**, choose the user account associated with the old shared mailbox. Assign a license to the account, and then reset the password. +5. Go back to the admin center. Under **Users**, choose the user account associated with the old shared mailbox. Assign a license to the account, and then reset the password. It will take a few minutes for the mailbox to get set up, but after that, the person who's going to use that account is ready to go. When they sign in, they'll see the email and calendar items that used to be in the shared mailbox. |
| admin | Create A Shared Mailbox | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-a-shared-mailbox.md | f1.keywords: Previously updated : 02/18/2020 Last updated : 08/21/2023 audience: Admin ms.assetid: 871a246d-3acd-4bba-948e-5de8be0544c9 description: "Create a shared mailbox to enable multiple users in your business to share the responsibility of reading and answering email sent to one address." -# Create a shared mailbox +# Create a shared mailbox > [!NOTE] > If your organization uses a hybrid Exchange environment, you should use the on-premises <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a> to create and manage shared mailboxes. See [Create shared mailboxes in the Exchange admin center](/Exchange/collaboration/shared-mailboxes/create-shared-mailboxes?preserve-view=true.&view=exchserver-2019) >-> If you're not sure if you should create a shared mailbox or a Microsoft 365 group for Outlook, see [Compare groups](../create-groups/compare-groups.md) for some guidance. Note that currently, it's not possible to migrate a shared mailbox to a Microsoft 365 group. If this is something you want, let us know by [voting here](https://go.microsoft.com/fwlink/?linkid=871518). +> If you're not sure if you should create a shared mailbox or a Microsoft 365 group for Outlook, see [Compare groups](../create-groups/compare-groups.md) for some guidance. It's not possible to migrate a shared mailbox to a Microsoft 365 group. -It's easy to create shared mailboxes so a group of people can monitor and send email from a common email addresses, like info@contoso.com. When a person in the group replies to a message sent to the shared mailbox, the email appears to be from the shared mailbox, not from the individual user. +Create shared mailboxes so a group of people can monitor and send email from a common email addresses, like info@contoso.com. When a person in the group replies to a message sent to the shared mailbox, the email appears to be from the shared mailbox, not from the individual user. -Shared mailboxes include a shared calendar. A lot of small businesses like to use the shared calendar as a place for everyone to enter their appointments. For example, if you have 3 people who do customer visits, all can use the shared calendar to enter the appointments. This is an easy way to keep everyone informed where people are. +Shared mailboxes include a shared calendar. Your team can use the shared calendar as a place for everyone to enter their appointments. For example, if you have 3 people who do customer visits, all can use the shared calendar to enter the customer visit information. Before creating a shared mailbox, be sure to read [About shared mailboxes](about-shared-mailboxes.md) for more information. Before creating a shared mailbox, be sure to read [About shared mailboxes](about ## Create a shared mailbox and add members -1. Sign in with a global admin account or Exchange admin account. If you get the message "**You don't have permission to access this page or perform this action**," then you aren't an admin. +1. Sign in with a global admin account or Exchange admin account. If you get the message "**You don't have permission to access this page or perform this action**," then you aren't an admin. ::: moniker range="o365-worldwide" Before creating a shared mailbox, be sure to read [About shared mailboxes](about ::: moniker-end 3. On the **Shared mailboxes** page, select **+ Add a shared mailbox**. Enter a name for the shared mailbox. This chooses the email address, but you can edit it if needed.- -  4. Select **Save changes**. It may take a few minutes before you can add members. 5. Under **Next steps**, select **Add members to this mailbox**. Members are the people who will be able to view the incoming mail to this shared mailbox, and the outgoing replies. -  --6. Select the **+Add members** button. Put a check mark next to the people who you want to use this shared mailbox, and then select **Save**. --  --7. Select **Close**. +6. Select the **Add members** button. Select the people who you want to use this shared mailbox, and then select **Add**. and then **Close**. You have a shared mailbox and it includes a shared calendar. Go on to the next step: [Block sign-in for the shared mailbox account](#block-sign-in-for-the-shared-mailbox-account). You can use the following permissions with a shared mailbox: 4. Select **Save** to save your changes. - ## Block sign-in for the shared mailbox account Every shared mailbox has a corresponding user account. Notice how you weren't asked to provide a password when you created the shared mailbox? The account has a password, but it's system-generated (unknown). You aren't supposed to use the account to log in to the shared mailbox. But what if an admin simply resets the password of the shared mailbox user accou 2. In the list of user accounts, find the account for the shared mailbox (for example, change the filter to **Unlicensed users**). -3. Select the user to open their properties pane, and then select the **Block this user** icon . +3. Select the user to open their properties pane, and then select **Block sign-in**. > [!NOTE] > If the account is already blocked, **Sign in blocked** will appear at the top and the icon will read **Unblock this user**. -4. In the **Block this user?** pane, select **Block the user from signing in**, and then select **Save changes**. +4. On the **Block sign-in** page, select **Block the user from signing in**, and then select **Save changes**. For instructions on how to block sign-in for accounts using Azure AD PowerShell (including many accounts at the same time), see [Block Microsoft 365 user accounts with PowerShell](../../enterprise/block-user-accounts-with-microsoft-365-powershell.md). ## Add the shared mailbox to Outlook -If you have automapping enabled in your business (by default, most people do), the shared mailbox will appear in your user's Outlook app automatically after they close and restart Outlook. +If you have automapping enabled in your business (by default, most people do), the shared mailbox will appear in your user's Outlook app automatically after they close and restart Outlook. Automapping is set on the user's mailbox, not the shared mailbox. This means if you try to use a security group to manage who has access to the shared mailbox, automapping won't work. So, if you want automapping, you have to assign permissions explicitly. Automapping is on by default. To learn how to turn it off, see [Remove automapping for a shared mailbox](/office365/troubleshoot/administration/remove-automapping-for-shared-mailbox). To learn more about shared mailboxes in Outlook, see: ## Use a shared mailbox on a mobile device (phone or tablet) You can access a shared mailbox on a mobile device in two ways:-- Add the shared mailbox in the <a href="https://apps.apple.com/us/app/microsoft-outlook/id951937596" target="_blank">Outlook for iOS app</a> or the <a href="https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&hl=en_US" target="_blank">Outlook for Android mobile app</a>. - +- Add the shared mailbox in the <a href="https://apps.apple.com/us/app/microsoft-outlook/id951937596" target="_blank">Outlook for iOS app</a> or the <a href="https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&hl=en_US" target="_blank">Outlook for Android mobile app</a>. + For instructions, see <a href="https://support.microsoft.com/office/f866242c-81b2-472e-8776-6c49c5473c9f" target="_blank">Add a shared mailbox to Outlook mobile</a>. - Open your browser, sign in, and then go to Outlook on the web. From Outlook on the web you'll be able to access the shared mailbox. For instructions, see <a href="https://support.microsoft.com/office/98b5a90d-4e38-415d-a030-f09a4cd28207" target="_blank">Add a shared mailbox to Outlook on the web</a>.- + > [!NOTE] > Shared mailbox can only be added to Outlook for iOS app or the Outlook for Android mobile app When you created the shared mailbox, you automatically created a shared calendar 1. In the Outlook app, go to calendar view, and select the shared mailbox. -2. When you enter appointments, everyone who is a member of the shared mailbox will be able to see them. +2. When you enter meetings or appointments, everyone who is a member of the shared mailbox will be able to see them. 3. Any member of the shared mailbox can create, view, and manage appointments on the calendar, just like they would their personal appointments. Everyone who is a member of shared mailbox can see their changes to the shared calendar. |
| admin | Remove A Domain | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/remove-a-domain.md | + - AdminSurgePortfolio + - AdminTemplateSet + - business_assist + - has-azure-ad-ps-ref search.appverid: - BCS160 - MET150 |
| admin | Set Password Expiration Policy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/set-password-expiration-policy.md | + - VSBFY23 + - AdminSurgePortfolio + - okr_smb + - AdminTemplateSet + - admindeeplinkMAC + - business_assist + - has-azure-ad-ps-ref description: "Learn how an admin can set a password expiration policy for your business, school, or nonprofit in Microsoft 365 admin center." |
| admin | Update Phone Number And Email Address | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/update-phone-number-and-email-address.md | f1.keywords: Previously updated : 02/18/2020 Last updated : 08/21/2023 audience: Admin If you're looking for how to change your company's profile information, such as For more information about changing user contact information or removing former employees, see [Related content](#related-content). -## To update your phone number and email address --Use the **Security Info** page to change your mobile phone number and alternate email address. The alternate email address is used for important notifications, such as resetting your admin password (not your computer admin password). +## Update your phone number 1. Browse to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. -2. In the header, select your profile icon \> **My account** \> **Security Info**. +2.Go to **Users** > **Active users**. -3. In the **Security info** tab, select **Add Method** \> **Phone** \> **Alternate Phone** or **Email** to add details. To update your mobile, phone, and alternate email address details, select **Change**. Make sure you use something other than your Microsoft email address for your alternate email address. +3. Select your admin account and choose **Manage contact information** under **Contact information**. - > [!IMPORTANT] - > The alternate email address and the mobile phone number are needed for resetting your admin password (not your computer admin password). +4. Update your phone number and when you're finished, select **Save changes**. -4. When you are finished, select **Save**. +## Update your email address +1. Browse to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. ++2.Go to **Users** > **Active users**. ++3. Select your admin account and choose **Manage username and email** under **Username and email**. ++4. Update your email address and when you're finished, select **Save changes**. + For answers to billing questions, see: - [Change your billing addresses for Microsoft 365 for business](../../commerce/billing-and-payments/change-your-billing-addresses.md) |
| admin | Self Service Sign Up | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/self-service-sign-up.md | + - commerce_signup + - AdminSurgePortfolio + - okr_SMB + - has-azure-ad-ps-ref search.appverid: MET150 description: "Learn about the Microsoft 365 self-service sign-up and available self-service programs such as Microsoft Power Apps, Microsoft Power Automate, and Dynamics 365 for Finance." Last updated 03/17/2021 |
| commerce | Close Your Account | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/close-your-account.md | + - commerce_subscriptions + - AdminSurgePortfolio + - fwlink 2133922 to Delete subscription heading + - AdminTemplateSet + - has-azure-ad-ps-ref search.appverid: MET150 description: "When you close your account with Microsoft all information related to your account is deleted including licenses, users, and user data." Last updated 04/02/2021 After you complete this final step, your account with Microsoft is closed and de [Understand your bill or invoice for Microsoft 365 for business](./billing-and-payments/understand-your-invoice2.md) (article)\ [Cancel your subscription](./subscriptions/cancel-your-subscription.md) (article)- |
| commerce | Manage Self Service Purchases Admins | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-self-service-purchases-admins.md | + - commerce_ssp + - AdminSurgePortfolio + - okr_smb + - has-azure-ad-ps-ref search.appverid: - MET150 description: "Learn how admins can use the Microsoft 365 admin center to manage self-service purchases and trials made by users in their organization." |
| commerce | Manage Self Service Signup Subscriptions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/manage-self-service-signup-subscriptions.md | + - commerce_subscriptions + - AdminSurgePortfolio + - has-azure-ad-ps-ref search.appverid: MET150 description: "Learn how to manage free self-service sign-up subscriptions for your organization." Last updated 03/17/2021 |
| commerce | Renew Your Subscription | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/renew-your-subscription.md | Last updated 08/18/2023 If you pay for your Microsoft business subscription by using a credit or debit card, or a billing profile, recurring billing is turned on by default. When recurring billing is on, we continue to bill your subscription at the end of the subscription term period. If your subscription is active, you can turn recurring billing off or back on again in the Microsoft 365 admin center. -To renew a subscription by using a product key that you bought from a retail store or Microsoft partner, see [Enter your product key for Microsoft 365 Business Standard](../enter-your-product-key.md). +If you have a prepaid subscription for Microsoft 365 Business Standard that you bought from a retail store or Microsoft partner, you can use a new product key to renew your subscription. For more information, see [Enter your product key for Microsoft 365 Business Standard](../enter-your-product-key.md). ## Before you begin |
| enterprise | Add A Domain To A Client Tenancy With Windows Powershell For Delegated Access Pe | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/add-a-domain-to-a-client-tenancy-with-windows-powershell-for-delegated-access-pe.md | + - seo-marvel-apr2020 + - admindeeplinkMAC + - has-azure-ad-ps-ref ms.assetid: f49b4d24-9aa0-48a6-95dd-6bae9cf53d2c description: "Summary: Use PowerShell for Microsoft 365 to add an alternate domain name to an existing customer tenant." |
| enterprise | Add A Sharepoint Geo Admin | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/add-a-sharepoint-geo-admin.md | ms.localizationpriority: medium f1.keywords: - NOCSH description: Need to configure separate administrators for each geo location? Learn how to add or remove a geo administrator in Microsoft 365 Multi-Geo.-++ - seo-marvel-apr2020 + - has-azure-ad-ps-ref # Add or remove a _Geography_ administrator in Microsoft 365 Multi-Geo |
| enterprise | Assign Licenses To User Accounts With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell.md | + - Ent_Office_Other + - LIL_Placement + - PowerShell + - O365ITProTrain + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: ba235f4f-e640-4360-81ea-04507a3a70be search.appverid: - MET150 |
| enterprise | Assign Roles To User Accounts With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell.md | + - O365ITProTrain + - PowerShell + - Ent_Office_Other + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: ede7598c-b5d5-4e3e-a488-195f02f26d93 description: In this article, learn how quickly and easily use PowerShell for Microsoft 365 to assign admin roles to user accounts. |
| enterprise | Block User Accounts With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/block-user-accounts-with-microsoft-365-powershell.md | + - Ent_Office_Other + - PowerShell + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: 04e58c2a-400b-496a-acd4-8ec5d37236dc description: How to use PowerShell to block and unblock access to Microsoft 365 accounts. |
| enterprise | Cmdlet References For Microsoft 365 Services | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cmdlet-references-for-microsoft-365-services.md | + - Ent_Office_Other + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: 3a1ea1a6-edbd-4922-9ad3-0b075f7f9009 description: Find Microsoft 365 PowerShell cmdlet references for Azure AD, Exchange Online, SharePoint Online, Skype for Business Online, and Security & Compliance. For connection instructions for Security & Compliance PowerShell, see [Connect t [Manage Microsoft 365 with PowerShell](manage-microsoft-365-with-microsoft-365-powershell.md) -[Get started with PowerShell for Microsoft 365](getting-started-with-microsoft-365-powershell.md) +[Get started with PowerShell for Microsoft 365](getting-started-with-microsoft-365-powershell.md) |
| enterprise | Configure Exchange Server For Hybrid Modern Authentication | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication.md | + - seo-marvel-apr2020 + - has-azure-ad-ps-ref # How to configure Exchange Server on-premises to use Hybrid Modern Authentication |
| enterprise | Configure Skype For Business For Hybrid Modern Authentication | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-skype-for-business-for-hybrid-modern-authentication.md | + - seo-marvel-apr2020 + - has-azure-ad-ps-ref # How to configure Skype for Business on-premises to use Hybrid Modern Authentication |
| enterprise | Configure User Account Properties With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell.md | + - O365ITProTrain + - Ent_Office_Other + - PowerShell + - admindeeplinkMAC + - has-azure-ad-ps-ref ms.assetid: 30813f8d-b08d-444b-98c1-53df7c29b4d7 description: "Use PowerShell for Microsoft 365 to configure properties of individual or multiple user accounts in your Microsoft 365 tenant." |
| enterprise | Connect To All Microsoft 365 Services In A Single Windows Powershell Window | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-all-microsoft-365-services-in-a-single-windows-powershell-window.md | + - LIL_Placement + - Ent_Office_Other + - O365ITProTrain + - httpsfix + - has-azure-ad-ps-ref ms.assetid: 53d3eef6-4a16-4fb9-903c-816d5d98d7e8 description: "Summary: Connect to all Microsoft 365 services in a single PowerShell window." |
| enterprise | Connect To Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/connect-to-microsoft-365-powershell.md | + - LIL_Placement + - O365ITProTrain + - Ent_Office_Other + - has-azure-ad-ps-ref ms.assetid: 5ebc0e21-b72d-46d8-96fa-00643b18eaec description: "Connect to your Microsoft 365 tenant by using PowerShell for Microsoft 365 to do admin center tasks from the command line." |
| enterprise | Create User Accounts With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/create-user-accounts-with-microsoft-365-powershell.md | + - PowerShell + - Ent_Office_Other + - O365ITProTrain + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: 6770c5fa-b886-4512-8c67-ffd53226589e description: How to use PowerShell to create individual or multiple Microsoft 365 user accounts. |
| enterprise | Cross Tenant Mailbox Migration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md | + - has-azure-ad-ps-ref ms.localizationpriority: high - scotvorg |
| enterprise | Delete And Restore User Accounts With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/delete-and-restore-user-accounts-with-microsoft-365-powershell.md | + - PowerShell + - Ent_Office_Other + - O365ITProTrain + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: 209c9868-448c-49bc-baae-11e28b923a39 description: Learn how to use different modules in PowerShell to delete Microsoft 365 user accounts. Restore-MsolUser -UserPrincipalName BelindaN@litwareinc.com [Manage Microsoft 365 with PowerShell](manage-microsoft-365-with-microsoft-365-powershell.md) -[Get started with PowerShell for Microsoft 365](getting-started-with-microsoft-365-powershell.md) +[Get started with PowerShell for Microsoft 365](getting-started-with-microsoft-365-powershell.md) |
| enterprise | Disable Access To Services While Assigning User Licenses | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/disable-access-to-services-while-assigning-user-licenses.md | search.appverid: f1.keywords: - CSH -- PowerShell-- Ent_Office_Other+ - PowerShell + - Ent_Office_Other + - has-azure-ad-ps-ref ms.assetid: bb003bdb-3c22-4141-ae3b-f0656fc23b9c description: "Learn how to assign licenses to user accounts and disable specific service plans at the same time using PowerShell for Microsoft 365." This PowerShell command block: [Manage Microsoft 365 user accounts, licenses, and groups with PowerShell](manage-user-accounts-and-licenses-with-microsoft-365-powershell.md) -[Manage Microsoft 365 with PowerShell](manage-microsoft-365-with-microsoft-365-powershell.md) +[Manage Microsoft 365 with PowerShell](manage-microsoft-365-with-microsoft-365-powershell.md) |
| enterprise | Disable Access To Services With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/disable-access-to-services-with-microsoft-365-powershell.md | + - Ent_Office_Other + - PowerShell + - LIL_Placement + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: 264f4f0d-e2cd-44da-a9d9-23bef250a720 description: In this article, learn how to use PowerShell to disable access to Microsoft 365 services for users. |
| enterprise | Dns Records For Office 365 Dod | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/dns-records-for-office-365-dod.md | ms.localizationpriority: medium - M365-subscription-management - Strat_O365_Enterprise-++ - Adm_O365 + - has-azure-ad-ps-ref search.appverid: - OGA150 - OGC150 For example, if your tenant name is contoso.onmicrosoft.us, youΓÇÖd use **contos > [!IMPORTANT] > If you have an existing *msoid* CNAME record in your DNS zone, you must **remove** the record from DNS at this time. The msoid record is incompatible with Microsoft 365 Enterprise Apps *(formerly Office 365 ProPlus)* and will prevent activation from succeeding.- |
| enterprise | Dns Records For Office 365 Gcc High | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/dns-records-for-office-365-gcc-high.md | ms.localizationpriority: medium - M365-subscription-management - Strat_O365_Enterprise-++ - Adm_O365 + - has-azure-ad-ps-ref search.appverid: - OGA150 - OGC150 For example, if your tenant name is contoso.onmicrosoft.us, youΓÇÖd use **contos > [!IMPORTANT] > If you have an existing *msoid* CNAME record in your DNS zone, you must **remove** the record from DNS at this time. The msoid record is incompatible with Microsoft 365 Enterprise Apps *(formerly Office 365 ProPlus)* and will prevent activation from succeeding.- |
| enterprise | Lightweight Base Configuration Microsoft 365 Enterprise | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/lightweight-base-configuration-microsoft-365-enterprise.md | + - Ent_TLGs + - seo-marvel-apr2020 + - admindeeplinkMAC + - has-azure-ad-ps-ref ms.assetid: 6f916a77-301c-4be2-b407-6cec4d80df76 description: Use this Test Lab Guide to create a lightweight test environment for testing Microsoft 365 for enterprise. |
| enterprise | M365 Dr Workload Exo | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/m365-dr-workload-exo.md | f1.keywords: Last updated 09/20/2022 -- it-pro+ - it-pro + - has-azure-ad-ps-ref ms.localizationpriority: medium - M365-subscription-management |
| enterprise | M365 Multi Geo User Testing | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/m365-multi-geo-user-testing.md | f1.keywords: - NOCSH Last updated 09/20/2022 -- it-pro+ - it-pro + - has-azure-ad-ps-ref ms.localizationpriority: medium - M365-subscription-management |
| enterprise | Maintain Group Membership With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/maintain-group-membership-with-microsoft-365-powershell.md | + - PowerShell + - Ent_Office_Other + - O365ITProTrain + - has-azure-ad-ps-ref ms.assetid: 6770c5fa-b886-4512-8c67-ffd53226589e description: "Learn how to use PowerShell to maintain membership in Microsoft 365 groups." |
| enterprise | Manage Microsoft 365 Groups With Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-microsoft-365-groups-with-powershell.md | + - Adm_O365 + - seo-marvel-apr2020 + - admindeeplinkMAC + - admindeeplinkEXCHANGE + - has-azure-ad-ps-ref search.appverid: - MET150 - MOE150 |
| enterprise | Manage Microsoft 365 Tenants With Windows Powershell For Delegated Access Permissio | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-microsoft-365-tenants-with-windows-powershell-for-delegated-access-permissio.md | + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: f92d5116-5b66-4150-ad20-1452fc3dd712 description: In this article, learn how to use PowerShell for Microsoft 365 to manage your customer tenancies. |
| enterprise | Manage Passwords With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-passwords-with-microsoft-365-powershell.md | + - PowerShell + - Ent_Office_Other + - O365ITProTrain + - has-azure-ad-ps-ref description: "Learn how to use PowerShell to manage passwords." |
| enterprise | Manage Security Groups With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-security-groups-with-microsoft-365-powershell.md | + - PowerShell + - Ent_Office_Other + - O365ITProTrain + - has-azure-ad-ps-ref description: "Learn how to use PowerShell to manage security groups." |
| enterprise | Plan For Multi Geo | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/plan-for-multi-geo.md | + - seo-marvel-apr2020 + - has-azure-ad-ps-ref - Strat_SP_gtc - SPO_Content |
| enterprise | Remove Licenses From User Accounts With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/remove-licenses-from-user-accounts-with-microsoft-365-powershell.md | + - PowerShell + - Ent_Office_Other + - LIL_Placement + - O365ITProTrain + - has-azure-ad-ps-ref ms.assetid: e7e4dc5e-e299-482c-9414-c265e145134f description: "Explains how to use PowerShell to remove Microsoft 365 licenses that were previously assigned to users." |
| enterprise | Turn Off Directory Synchronization | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/turn-off-directory-synchronization.md | + - Adm_O365 + - seo-marvel-apr2020 + - has-azure-ad-ps-ref - scotvorg - Ent_O365 |
| enterprise | View Account License And Service Details With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/view-account-license-and-service-details-with-microsoft-365-powershell.md | + - PowerShell + - Ent_Office_Other + - LIL_Placement + - has-azure-ad-ps-ref ms.assetid: ace07d8a-15ca-4b89-87f0-abbce809b519 description: "Explains how to use PowerShell to determine the Microsoft 365 services that have been assigned to users." |
| enterprise | View Licensed And Unlicensed Users With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/view-licensed-and-unlicensed-users-with-microsoft-365-powershell.md | + - O365ITProTrain + - Ent_Office_Other + - PowerShell + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: e4ee53ed-ed36-4993-89f4-5bec11031435 description: This article explains how to use PowerShell to view licensed and unlicensed Microsoft 365 user accounts. |
| enterprise | View Licenses And Services With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/view-licenses-and-services-with-microsoft-365-powershell.md | + - Ent_Office_Other + - O365ITProTrain + - LIL_Placement + - PowerShell + - has-azure-ad-ps-ref ms.assetid: bb5260a9-a6a3-4f34-b19a-06c6699f6723 description: "Explains how to use PowerShell to view information about the licensing plans, services, and licenses that are available in your Microsoft 365 organization." This example shows the services that are available in the litwareinc:ENTERPRISEP [Manage Microsoft 365 with PowerShell](manage-microsoft-365-with-microsoft-365-powershell.md) -[Getting started with PowerShell for Microsoft 365](getting-started-with-microsoft-365-powershell.md) +[Getting started with PowerShell for Microsoft 365](getting-started-with-microsoft-365-powershell.md) |
| enterprise | View User Accounts With Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/view-user-accounts-with-microsoft-365-powershell.md | + - LIL_Placement + - PowerShell + - Ent_Office_Other + - seo-marvel-apr2020 + - has-azure-ad-ps-ref ms.assetid: bb12f49d-a85d-4f3b-ada2-5c4e33977b10 description: Learn how to view, list, or display your Microsoft 365 user accounts in different ways with PowerShell. |
| enterprise | Why You Need To Use Microsoft 365 Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/why-you-need-to-use-microsoft-365-powershell.md | + - admindeeplinkEXCHANGE + - has-azure-ad-ps-ref ms.assetid: b3209b1a-40c7-4ede-8e78-8a88bb2adc8a description: "Summary: Understand why you must use PowerShell to manage Microsoft 365, in some cases more efficiently and in other cases by necessity." |
| includes | Microsoft 365 Content Updates | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md | +## Week of August 14, 2023 +++| Published On |Topic title | Change | +|||--| +| 8/14/2023 | [Allow cookies for LMS URLs in your browser](/microsoft-365/lti/browser-cookies?view=o365-worldwide) | modified | +| 8/14/2023 | [Onboard trusted vendors to collaborate in Microsoft 365](/microsoft-365/solutions/trusted-vendor-onboarding?view=o365-worldwide) | added | +| 8/14/2023 | Limit guest sharing to specific organizations | removed | +| 8/14/2023 | [Get scan history by definition](/microsoft-365/security/defender-endpoint/get-scan-history-by-definition?view=o365-worldwide) | modified | +| 8/15/2023 | [Manage your Microsoft Defender for Endpoint subscription settings across client devices (preview!)](/microsoft-365/security/defender-endpoint/defender-endpoint-subscription-settings?view=o365-worldwide) | modified | +| 8/15/2023 | [Enable controlled folder access](/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-worldwide) | modified | +| 8/16/2023 | [Overview of Microsoft 365 Groups for administrators](/microsoft-365/admin/create-groups/office-365-groups?view=o365-worldwide) | modified | +| 8/16/2023 | [Overview of the Microsoft Feed](/microsoft-365/ms-feed/m365-feed?view=o365-worldwide) | modified | +| 8/16/2023 | [Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance](/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide) | modified | +| 8/16/2023 | [Licensing for Microsoft Syntex](/microsoft-365/syntex/syntex-licensing) | modified | +| 8/16/2023 | [Assign a baseline in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-assign-a-baseline?view=o365-worldwide) | added | +| 8/16/2023 | [Create a baseline in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-create-a-baseline?view=o365-worldwide) | added | +| 8/16/2023 | [Product keys FAQ](/microsoft-365/commerce/licenses/product-keys-faq?view=o365-worldwide) | modified | +| 8/16/2023 | [Overview of optical character recognition in Microsoft Syntex](/microsoft-365/syntex/ocr-overview) | modified | +| 8/17/2023 | [Summary of compliance capabilities for Loop experiences](/microsoft-365/loop/loop-compliance-summary?view=o365-worldwide) | modified | +| 8/17/2023 | Enable Corelight as data source in Microsoft Defender for Endpoint | removed | +| 8/17/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | +| 8/17/2023 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) | modified | +| 8/17/2023 | [Microsoft 365 for the web monitoring](/microsoft-365/enterprise/microsoft-365-for-the-web-monitoring?view=o365-worldwide) | added | +| 8/18/2023 | [Sign up for Microsoft 365 Business Basic](/microsoft-365/admin/setup/signup-business-basic?view=o365-worldwide) | modified | +| 8/18/2023 | [Enter your product key for Microsoft 365 Business Standard](/microsoft-365/commerce/enter-your-product-key?view=o365-worldwide) | modified | +| 8/18/2023 | [Reactivate your subscription in the Microsoft 365 admin center](/microsoft-365/commerce/subscriptions/reactivate-your-subscription?view=o365-worldwide) | modified | +| 8/18/2023 | [Manage recurring billing in the Microsoft 365 admin center](/microsoft-365/commerce/subscriptions/renew-your-subscription?view=o365-worldwide) | modified | +| 8/18/2023 | [Professional services supported by Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/professional-services?view=o365-worldwide) | modified | +| 8/18/2023 | [How Microsoft names malware](/microsoft-365/security/intelligence/malware-naming?view=o365-worldwide) | modified | +| 8/18/2023 | [Prevent malware infection](/microsoft-365/security/intelligence/prevent-malware-infection?view=o365-worldwide) | modified | ++ ## Week of August 07, 2023 | 7/21/2023 | [Device inventory](/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-worldwide) | modified | | 7/21/2023 | [Microsoft Defender Antivirus event IDs and error codes](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-worldwide) | modified | | 7/21/2023 | [Custom functions in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-custom-functions?view=o365-worldwide) | modified |---## Week of July 10, 2023 ---| Published On |Topic title | Change | -|||--| -| 7/10/2023 | [Manage endpoint security policies in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/manage-security-policies?view=o365-worldwide) | added | -| 7/10/2023 | [Get started with your Microsoft Defender for Endpoint deployment](/microsoft-365/security/defender-endpoint/mde-planning-guide?view=o365-worldwide) | added | -| 7/10/2023 | [List of fixed customer reported inaccuracies](/microsoft-365/security/defender-vulnerability-management/fixed-reported-inaccuracies?view=o365-worldwide) | added | -| 7/10/2023 | [Get started with collecting files that match data loss prevention policies from devices (preview)](/microsoft-365/compliance/dlp-copy-matched-items-get-started?view=o365-worldwide) | modified | -| 7/10/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified | -| 7/10/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | -| 7/10/2023 | [Identify priority physical assets for insider risk management policies](/microsoft-365/compliance/insider-risk-management-settings-priority-physical-assets?view=o365-worldwide) | modified | -| 7/10/2023 | [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) | modified | -| 7/10/2023 | [Onboard Windows devices using a local script](/microsoft-365/security/defender-endpoint/configure-endpoints-script?view=o365-worldwide) | modified | -| 7/10/2023 | Microsoft Defender for Endpoint deployment overview | removed | -| 7/10/2023 | Deploy Microsoft Defender for Endpoint in rings | removed | -| 7/10/2023 | [Identify Defender for Endpoint architecture and deployment method](/microsoft-365/security/defender-endpoint/deployment-strategy?view=o365-worldwide) | modified | -| 7/10/2023 | [Investigate Microsoft Defender for Endpoint files](/microsoft-365/security/defender-endpoint/investigate-files?view=o365-worldwide) | modified | -| 7/10/2023 | [Investigate devices in the Defender for Endpoint Devices list](/microsoft-365/security/defender-endpoint/investigate-machines?view=o365-worldwide) | modified | -| 7/10/2023 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified | -| 7/10/2023 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) | modified | -| 7/10/2023 | [Onboard to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboarding?view=o365-worldwide) | modified | -| 7/10/2023 | [Assign roles and permissions](/microsoft-365/security/defender-endpoint/prepare-deployment?view=o365-worldwide) | modified | -| 7/10/2023 | [Set up Microsoft Defender for Endpoint deployment](/microsoft-365/security/defender-endpoint/production-deployment?view=o365-worldwide) | modified | -| 7/10/2023 | [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) | modified | -| 7/10/2023 | [Supported Microsoft Defender for Endpoint capabilities by platform](/microsoft-365/security/defender-endpoint/supported-capabilities-by-platform?view=o365-worldwide) | modified | -| 7/10/2023 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) | modified | -| 7/10/2023 | [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/anti-phishing-policies-eop-configure?view=o365-worldwide) | modified | -| 7/10/2023 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure?view=o365-worldwide) | modified | -| 7/10/2023 | [Use DMARC to validate email, setup steps](/microsoft-365/security/office-365-security/email-authentication-dmarc-configure?view=o365-worldwide) | modified | -| 7/10/2023 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-worldwide) | modified | -| 7/10/2023 | [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide) | modified | -| 7/10/2023 | [Set up Microsoft Syntex per-user licensing](/microsoft-365/syntex/set-up-content-understanding) | modified | -| 7/10/2023 | [Pay-as-you-go services and pricing for Microsoft Syntex](/microsoft-365/syntex/syntex-pay-as-you-go-services) | modified | -| 7/10/2023 | [Test your DLP policies](/microsoft-365/compliance/dlp-test-dlp-policies?view=o365-worldwide) | modified | -| 7/10/2023 | [Get started with sensitivity labels](/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365-worldwide) | modified | -| 7/11/2023 | [Microsoft 365 for business security best practices](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | modified | -| 7/11/2023 | [Understand your Microsoft business billing profile](/microsoft-365/commerce/billing-and-payments/manage-billing-profiles?view=o365-worldwide) | modified | -| 7/11/2023 | [Understand your Microsoft business billing account](/microsoft-365/commerce/manage-billing-accounts?view=o365-worldwide) | modified | -| 7/11/2023 | [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365?view=o365-worldwide) | modified | -| 7/11/2023 | [Get help and support for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-get-help-and-support?view=o365-worldwide) | modified | -| 7/11/2023 | [Manage your tenant list in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-tenant-list?view=o365-worldwide) | modified | -| 7/11/2023 | [Overview of the Users page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-users-page-overview?view=o365-worldwide) | modified | -| 7/11/2023 | [Investigate data loss alerts with Microsoft 365 Defender](/microsoft-365/security/defender/dlp-investigate-alerts-defender?view=o365-worldwide) | added | -| 7/11/2023 | [Investigate data loss prevention alerts with Microsoft Sentinel](/microsoft-365/security/defender/dlp-investigate-alerts-sentinel?view=o365-worldwide) | added | -| 7/11/2023 | [Overview of Syntex File Q&A for Microsoft 365 Copilot (Preview)](/microsoft-365/syntex/copilot-syntex) | added | -| 7/11/2023 | [Set up, review, and edit your security policies and settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 7/11/2023 | [Configure advanced features in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-features?view=o365-worldwide) | modified | -| 7/11/2023 | [Security Operations Guide for Defender for Endpoint](/microsoft-365/security/defender-endpoint/mde-sec-ops-guide?view=o365-worldwide) | modified | -| 7/11/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | modified | -| 7/11/2023 | [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) | modified | -| 7/11/2023 | [Microsoft Defender for Endpoint Device Control Printer Protection](/microsoft-365/security/defender-endpoint/printer-protection?view=o365-worldwide) | modified | -| 7/11/2023 | Investigate data loss incidents with Microsoft 365 Defender | removed | -| 7/11/2023 | [Anti-phishing policies](/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide) | modified | -| 7/12/2023 | [Increase Classifier Accuracy](/microsoft-365/compliance/data-classification-increase-accuracy?view=o365-worldwide) | modified | -| 7/12/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | -| 7/12/2023 | [Enable sensitivity labels for Office files](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide) | modified | -| 7/12/2023 | [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) | modified | -| 7/12/2023 | [Configure Microsoft Defender Antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/12/2023 | [Identify internet-facing devices in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/internet-facing-devices?view=o365-worldwide) | modified | -| 7/12/2023 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-worldwide) | modified | -| 7/12/2023 | [Device control for macOS](/microsoft-365/security/defender-endpoint/mac-device-control-overview?view=o365-worldwide) | modified | -| 7/12/2023 | [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide) | modified | -| 7/12/2023 | [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) | modified | -| 7/12/2023 | [Tamper resiliency with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/tamper-resiliency?view=o365-worldwide) | modified | -| 7/12/2023 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) | modified | -| 7/12/2023 | [How to use the Microsoft Defender Experts for XDR service](/microsoft-365/security/defender/start-using-mdex-xdr?view=o365-worldwide) | modified | -| 7/12/2023 | [Set up Safe Attachments policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-attachments-policies-configure?view=o365-worldwide) | modified | -| 7/12/2023 | [Understanding detection technology within the email entity page in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/understand-detection-technology-in-email-entity?view=o365-worldwide) | modified | -| 7/12/2023 | [Microsoft 365 admin center Viva Engage activity reports](/microsoft-365/admin/activity-reports/viva-engage-activity-report-ww?view=o365-worldwide) | renamed | -| 7/12/2023 | [Microsoft 365 admin center Viva Engage device usage reports](/microsoft-365/admin/activity-reports/viva-engage-device-usage-report-ww?view=o365-worldwide) | added | -| 7/12/2023 | [Microsoft 365 admin center Viva Engage groups activity reports](/microsoft-365/admin/activity-reports/viva-engage-groups-activity-report-ww?view=o365-worldwide) | added | -| 7/12/2023 | [Learn about retention for Viva Engage](/microsoft-365/compliance/retention-policies-viva-engage?view=o365-worldwide) | added | -| 7/12/2023 | [End of lifecycle options for groups, teams, and Viva Engage](/microsoft-365/solutions/end-life-cycle-groups-teams-sites-viva-engage?view=o365-worldwide) | renamed | -| 7/12/2023 | Microsoft 365 admin center Yammer device usage reports | removed | -| 7/12/2023 | Microsoft 365 admin center Yammer groups activity reports | removed | -| 7/12/2023 | [Let users reset their own passwords](/microsoft-365/admin/add-users/let-users-reset-passwords?view=o365-worldwide) | modified | -| 7/12/2023 | [Reset passwords](/microsoft-365/admin/add-users/reset-passwords?view=o365-worldwide) | modified | -| 7/12/2023 | [Set an individual user's password to never expire](/microsoft-365/admin/add-users/set-password-to-never-expire?view=o365-worldwide) | modified | -| 7/12/2023 | [About the Microsoft 365 admin mobile app](/microsoft-365/admin/admin-overview/admin-mobile-app?view=o365-worldwide) | modified | -| 7/12/2023 | [Microsoft Adoption Score - Communication](/microsoft-365/admin/adoption/communication?view=o365-worldwide) | modified | -| 7/12/2023 | [Microsoft Adoption Score - Mobility](/microsoft-365/admin/adoption/mobility?view=o365-worldwide) | modified | -| 7/12/2023 | [Share calendars with external users](/microsoft-365/admin/manage/share-calendars-with-external-users?view=o365-worldwide) | modified | -| 7/12/2023 | [Customize the reports in Microsoft 365 usage analytics](/microsoft-365/admin/usage-analytics/customize-reports?view=o365-worldwide) | modified | -| 7/12/2023 | [Microsoft 365 usage analytics data model](/microsoft-365/admin/usage-analytics/usage-analytics-data-model?view=o365-worldwide) | modified | -| 7/12/2023 | [Microsoft Bookings Frequently Asked Questions](/microsoft-365/bookings/bookings-faq?view=o365-worldwide) | modified | -| 7/12/2023 | [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) | modified | -| 7/12/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | -| 7/12/2023 | [Case study - Contoso configures a communication compliance policy to identify potentially inappropriate text](/microsoft-365/compliance/communication-compliance-case-study?view=o365-worldwide) | modified | -| 7/12/2023 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide) | modified | -| 7/12/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | -| 7/12/2023 | [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) | modified | -| 7/12/2023 | [Feature reference for Content search](/microsoft-365/compliance/ediscovery-content-search-reference?view=o365-worldwide) | modified | -| 7/12/2023 | [Create eDiscovery holds in a eDiscovery (Standard) case](/microsoft-365/compliance/ediscovery-create-holds?view=o365-worldwide) | modified | -| 7/12/2023 | [Document metadata fields in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-document-metadata-fields?view=o365-worldwide) | modified | -| 7/12/2023 | [Identify the available PowerShell cmdlets for retention](/microsoft-365/compliance/retention-cmdlets?view=o365-worldwide) | modified | -| 7/12/2023 | Learn about retention for Yammer | removed | -| 7/12/2023 | [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) | modified | -| 7/12/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | -| 7/12/2023 | [Special considerations for Stream and live events in VPN environments](/microsoft-365/enterprise/microsoft-365-vpn-stream-and-live-events?view=o365-worldwide) | modified | -| 7/12/2023 | [Engage your frontline employees and focus on wellbeing](/microsoft-365/frontline/flw-wellbeing-engagement?view=o365-worldwide) | modified | -| 7/12/2023 | [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) | modified | -| 7/12/2023 | [A collaboration governance framework for Microsoft 365](/microsoft-365/solutions/collaboration-governance-overview?view=o365-worldwide) | modified | -| 7/12/2023 | [Groups services interactions](/microsoft-365/solutions/groups-services-interactions?view=o365-worldwide) | modified | -| 7/12/2023 | [Microsoft 365 group expiration policy](/microsoft-365/solutions/microsoft-365-groups-expiration-policy?view=o365-worldwide) | modified | -| 7/12/2023 | [Overview of optical character recognition in Microsoft Syntex](/microsoft-365/syntex/ocr-overview) | added | -| 7/12/2023 | [Set up and manage prebuilt document processing in Microsoft Syntex](/microsoft-365/syntex/prebuilt-setup) | added | -| 7/12/2023 | [Set up and manage unstructured document processing in Microsoft Syntex](/microsoft-365/syntex/unstructured-setup) | added | -| 7/12/2023 | [Set up and manage optical character recognition in Microsoft Syntex](/microsoft-365/syntex/ocr) | modified | -| 7/12/2023 | [Set up Microsoft Syntex](/microsoft-365/syntex/set-up-microsoft-syntex) | modified | -| 7/13/2023 | [Query the content in a review set](/microsoft-365/compliance/ediscovery-review-set-search?view=o365-worldwide) | modified | -| 7/13/2023 | [Configure Microsoft Defender for Endpoint on Android risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) | modified | -| 7/13/2023 | [Configure Microsoft Defender Antivirus exclusions on Windows Server](/microsoft-365/security/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/13/2023 | [Manage exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) | modified | -| 7/13/2023 | [Manage payment methods for Microsoft business accounts](/microsoft-365/commerce/billing-and-payments/manage-payment-methods?view=o365-worldwide) | modified | -| 7/13/2023 | [Turn auditing on or off](/microsoft-365/compliance/audit-log-enable-disable?view=o365-worldwide) | modified | -| 7/13/2023 | [Configure Microsoft Defender for Endpoint on Android features](/microsoft-365/security/defender-endpoint/android-configure?view=o365-worldwide) | modified | -| 7/13/2023 | [Configure local overrides for Microsoft Defender Antivirus settings](/microsoft-365/security/defender-endpoint/configure-local-policy-overrides-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/13/2023 | [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) | modified | -| 7/13/2023 | [Overview of Microsoft Syntex](/microsoft-365/syntex/syntex-overview) | modified | -| 7/13/2023 | [Get started with oversharing pop ups](/microsoft-365/compliance/dlp-osp-get-started?view=o365-worldwide) | added | -| 7/13/2023 | [Create and deploy a data loss prevention policy](/microsoft-365/compliance/dlp-create-deploy-policy?view=o365-worldwide) | modified | -| 7/14/2023 | [Set up a connector to import third-party insider risk detections (preview)](/microsoft-365/compliance/import-insider-risk-indicators?view=o365-worldwide) | added | -| 7/14/2023 | [Audit New Search](/microsoft-365/compliance/audit-new-search?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified | -| 7/14/2023 | [Create eDiscovery holds in a eDiscovery (Standard) case](/microsoft-365/compliance/ediscovery-create-holds?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage holds in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-managing-holds?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure policy indicators in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-policy-indicators?view=o365-worldwide) | modified | -| 7/14/2023 | [Troubleshoot license issues for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-support-license?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-whatsnew?view=o365-worldwide) | modified | -| 7/14/2023 | [Reduce the attack surface for Microsoft Teams](/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams?view=o365-worldwide) | modified | -| 7/14/2023 | [Train a structured or freeform document processing model in Microsoft Syntex](/microsoft-365/syntex/create-a-form-processing-model) | modified | -| 7/14/2023 | [Overview of structured and freeform document processing in Microsoft Syntex](/microsoft-365/syntex/form-processing-overview) | modified | -| 7/14/2023 | [Create blocked sender lists](/microsoft-365/security/office-365-security/create-block-sender-lists-in-office-365?view=o365-worldwide) | modified | -| 7/14/2023 | [Understand the proposal workflow](/microsoft-365/commerce/understand-proposal-workflow?view=o365-worldwide) | modified | -| 7/14/2023 | [Investigate and remediate communication compliance alerts](/microsoft-365/compliance/communication-compliance-investigate-remediate?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about retention for Teams](/microsoft-365/compliance/retention-policies-teams?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | -| 7/14/2023 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-worldwide) | modified | -| 5/12/2022 | [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-worldwide) | modified | -| 5/12/2022 | [Enable archive mailboxes for Microsoft 365](/microsoft-365/compliance/enable-archive-mailboxes?view=o365-worldwide) | modified | -| 5/12/2022 | [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide) | modified | -| 5/12/2022 | [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Active Directory setup guides](/microsoft-365/admin/misc/azure-ad-setup-guides?view=o365-worldwide) | modified | -| 7/14/2023 | [How SMTP DNS-based Authentication of Named Entities (DANE) secures email communications](/microsoft-365/compliance/how-smtp-dane-works?view=o365-worldwide) | modified | -| 7/14/2023 | [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) | modified | -| 7/14/2023 | [Minification and bundling in SharePoint Online](/microsoft-365/enterprise/minification-and-bundling-in-sharepoint-online?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 network connectivity test tool](/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with the Microsoft Compliance Extension](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about the default data loss prevention policy in Microsoft Teams (preview)](/microsoft-365/compliance/dlp-teams-default-policy?view=o365-worldwide) | modified | -| 7/14/2023 | [Double Key Encryption (DKE)](/microsoft-365/compliance/double-key-encryption?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 Business Premium resources # < 60 chars](/microsoft-365/business/index?view=o365-worldwide) | modified | -| 7/14/2023 | [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage Microsoft Defender for Endpoint after initial setup or migration](/microsoft-365/security/defender-endpoint/manage-mde-post-migration?view=o365-worldwide) | modified | -| 7/14/2023 | [Migration and setup guides to move to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/migration-guides?view=o365-worldwide) | modified | -| 7/14/2023 | [View your Azure Active Directory roles in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-your-roles?view=o365-worldwide) | added | -| 7/14/2023 | [Microsoft Defender for Business frequently asked questions](/microsoft-365/security/defender-business/mdb-faq?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-whatsnew?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 3 - Wipe and block a former employee's mobile device](/microsoft-365/admin/add-users/remove-former-employee-step-3?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 4 - Forward a former employee's email to another employee or convert to a shared mailbox](/microsoft-365/admin/add-users/remove-former-employee-step-4?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 5 - Give another employee access to OneDrive and Outlook data](/microsoft-365/admin/add-users/remove-former-employee-step-5?view=o365-worldwide) | modified | -| 7/14/2023 | [Visit the Action center to see remediation actions](/microsoft-365/security/defender-endpoint/auto-investigation-action-center?view=o365-worldwide) | modified | -| 7/14/2023 | [Use automated investigations to investigate and remediate threats](/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide) | modified | -| 7/14/2023 | [Automation levels in automated investigation and remediation](/microsoft-365/security/defender-endpoint/automation-levels?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure automated investigation and remediation capabilities](/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with troubleshooting mode in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-worldwide) | modified | -| 7/14/2023 | [Review remediation actions following automated investigations](/microsoft-365/security/defender-endpoint/manage-auto-investigation?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage devices with Intune](/microsoft-365/solutions/manage-devices-with-intune-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Change your organization's address, technical contact, and more](/microsoft-365/admin/manage/change-address-contact-and-more?view=o365-worldwide) | modified | -| 7/14/2023 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) | modified | -| 7/14/2023 | [Custom Sensitive Information Type Filters Reference](/microsoft-365/compliance/sit-custom-sit-filters?view=o365-worldwide) | modified | -| 7/14/2023 | [Top scoring in industry tests - Microsoft 365 Defender](/microsoft-365/security/defender/top-scoring-industry-tests?view=o365-worldwide) | modified | -| 7/14/2023 | [Assess the Microsoft 365 Active Users report](/microsoft-365/admin/activity-reports/active-users-ww?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 admin center email activity reports](/microsoft-365/admin/activity-reports/email-activity-ww?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 admin center email apps usage reports](/microsoft-365/admin/activity-reports/email-apps-usage-ww?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 admin center forms activity reports](/microsoft-365/admin/activity-reports/forms-activity-ww?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Dynamics 365 customer voice activity reports](/microsoft-365/admin/activity-reports/forms-pro-activity-ww?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 admin center mailbox usage reports](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 admin center apps usage reports](/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 OneDrive for Business usage reports](/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 feature descriptions](/microsoft-365/admin/m365-feature-descriptions?view=o365-worldwide) | added | -| 7/14/2023 | [Microsoft 365 Business Premium overview](/microsoft-365/business-premium/index?view=o365-worldwide) | modified | -| 7/14/2023 | [Apply encryption using sensitivity labels](/microsoft-365/compliance/encryption-sensitivity-labels?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about the default labels and policies to protect your data](/microsoft-365/compliance/mip-easy-trials?view=o365-worldwide) | modified | -| 7/14/2023 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide) | modified | -| 7/14/2023 | [Investigate alerts in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide) | modified | -| 7/14/2023 | [Customer Lockbox Requests](/microsoft-365/compliance/customer-lockbox-requests?view=o365-worldwide) | modified | -| 7/14/2023 | [Choose your scenarios for Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-choose-scenarios?view=o365-worldwide) | modified | -| 7/14/2023 | [Start with a pilot deployment of Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-pilot?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 for frontline workers - scenario posters](/microsoft-365/frontline/flw-scenario-posters?view=o365-worldwide) | added | -| 7/14/2023 | [Frontline team collaboration](/microsoft-365/frontline/flw-team-collaboration?view=o365-worldwide) | modified | -| 7/14/2023 | [Message delegation](/microsoft-365/frontline/hc-delegates?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 for retail organizations](/microsoft-365/frontline/teams-for-retail-landing-page?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with Microsoft 365 for healthcare organizations](/microsoft-365/frontline/teams-in-hc?view=o365-worldwide) | modified | -| 7/14/2023 | [Attack surface reduction rules reporting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report?view=o365-worldwide) | added | -| 7/14/2023 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint?view=o365-worldwide) | modified | -| 7/14/2023 | [Preset security policies](/microsoft-365/security/office-365-security/preset-security-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 productivity illustrations](/microsoft-365/solutions/productivity-illustrations?view=o365-worldwide) | modified | -| 7/14/2023 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-worldwide) | modified | -| 7/14/2023 | [Compare device compliance policy settings in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-compare-compliance-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage multifactor authentication in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-mfa?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage your tenant list in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-tenant-list?view=o365-worldwide) | modified | -| 7/14/2023 | [Mitigate threats in Microsoft 365 Lighthouse with Microsoft Defender Antivirus](/microsoft-365/lighthouse/m365-lighthouse-mitigate-threats?view=o365-worldwide) | modified | -| 7/14/2023 | [Overview of Quarantined Messages in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-quarantine-messages-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Overview of the Tenants page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-whats-new?view=o365-worldwide) | modified | -| 7/14/2023 | [Compare groups](/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about the default labels and policies for Microsoft Information Protection](/microsoft-365/compliance/mip-easy-trials?view=o365-worldwide) | modified | -| 7/14/2023 | [How to configure Exchange Server on-premises to use Hybrid Modern Authentication](/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-worldwide) | modified | -| 7/14/2023 | [MRS service alerts](/microsoft-365/enterprise/microsoft-365-mrs-source-delays-service-alerts?view=o365-worldwide) | added | -| 7/14/2023 | [View or edit policies in Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-worldwide) | renamed | -| 7/14/2023 | [App-based deployment for Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) | modified | -| 7/14/2023 | [Train your security staff for Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender-train-security-staff?view=o365-worldwide) | added | -| 7/14/2023 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure authentication for Microsoft 365 support integration with ServiceNow](/microsoft-365/admin/manage/servicenow-authentication?view=o365-worldwide) | modified | -| 7/14/2023 | [Compare Microsoft endpoint security plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) | modified | -| 7/14/2023 | [All credentials entity definition](/microsoft-365/compliance/sit-defn-all-creds?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage insider risk management forensic evidence](/microsoft-365/compliance/insider-risk-management-forensic-evidence-manage?view=o365-worldwide) | modified | -| 7/14/2023 | [Use PowerShell to connect Shifts to Blue Yonder Workforce Management](/microsoft-365/frontline/shifts-connector-blue-yonder-powershell-setup?view=o365-worldwide) | modified | -| 7/14/2023 | [Use PowerShell to connect Shifts to UKG Dimensions](/microsoft-365/frontline/shifts-connector-ukg-powershell-setup?view=o365-worldwide) | modified | -| 7/14/2023 | [Use the Shifts connector wizard to connect Shifts to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-wizard-ukg?view=o365-worldwide) | modified | -| 7/14/2023 | [Use the Shifts connector wizard to connect Shifts to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-wizard?view=o365-worldwide) | modified | -| 7/14/2023 | [Understanding deployment insights in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deployment-insights-overview?view=o365-worldwide) | added | -| 7/14/2023 | [Manage tenants using insights in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-manage-tenants-using-deployment-insights?view=o365-worldwide) | added | -| 7/14/2023 | [View task details in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-view-task-details?view=o365-worldwide) | modified | -| 7/14/2023 | [Set up, review, and edit your security policies and settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 7/14/2023 | [Understand policy order in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-policy-order?view=o365-worldwide) | modified | -| 7/14/2023 | [View or edit policies in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-view-edit-create-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage tamper protection for your organization using Microsoft Intune](/microsoft-365/security/defender-endpoint/manage-tamper-protection-intune?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](/microsoft-365/security/office-365-security/skip-filtering-phishing-simulations-sec-ops-mailboxes?view=o365-worldwide) | modified | -| 7/14/2023 | [Enable attack surface reduction (ASR) rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide) | modified | -| 7/14/2023 | [Exclusions for Microsoft Defender for Endpoint and Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide) | added | -| 7/14/2023 | [Take response actions on a file in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-file-alerts?view=o365-worldwide) | modified | -| 7/14/2023 | [Campaigns in Microsoft Defender for Office 365 Plan](/microsoft-365/security/office-365-security/campaigns?view=o365-worldwide) | modified | -| 1/10/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) | modified | -| 1/10/2022 | [Common Zero Trust identity and device access policies - Microsoft 365 for enterprise \| Microsoft Docs](/microsoft-365/security/office-365-security/identity-access-policies?view=o365-worldwide) | modified | -| 1/10/2022 | [Step 4. Deploy endpoint management for your devices, PCs, and other endpoints](/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints?view=o365-worldwide) | modified | -| 1/10/2022 | [Step 2. Provide remote access to on-premises apps and services](/microsoft-365/solutions/empower-people-to-work-remotely-remote-access?view=o365-worldwide) | modified | -| 1/10/2022 | [Set up your infrastructure for hybrid work with Microsoft 365](/microsoft-365/solutions/empower-people-to-work-remotely?view=o365-worldwide) | modified | -| 12/15/2022 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | -| 12/15/2022 | [Customize an archive and deletion policy (MRM) for mailboxes](/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide) | modified | -| 12/15/2022 | [Block sign-in for shared mailbox accounts in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-block-signin-shared-mailboxes?view=o365-worldwide) | added | -| 12/15/2022 | [Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance](/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide) | modified | -| 7/14/2023 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with the Microsoft Service Trust Portal](/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide) | modified | -| 7/14/2023 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Labeling actions reported in Activity explorer](/microsoft-365/compliance/data-classification-activity-explorer-available-events?view=o365-worldwide) | modified | -| 7/14/2023 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) | modified | -| 7/14/2023 | [Add a new employee to Microsoft 365](/microsoft-365/admin/add-users/add-new-employee?view=o365-worldwide) | modified | -| 7/14/2023 | [Delete a user from your organization](/microsoft-365/admin/add-users/delete-a-user?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 admin center - Overview](/microsoft-365/admin/admin-overview/admin-center-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Adoption Score - Content collaboration](/microsoft-365/admin/adoption/content-collaboration?view=o365-worldwide) | modified | -| 7/14/2023 | [Idle session timeout for Microsoft 365](/microsoft-365/admin/manage/idle-session-timeout-web-apps?view=o365-worldwide) | modified | -| 7/14/2023 | [Automatically apply a retention label to Microsoft 365 items](/microsoft-365/compliance/apply-retention-labels-automatically?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in Microsoft Purview risk and compliance solutions](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | -| 7/14/2023 | [Troubleshoot Microsoft Defender Antivirus while migrating from a third-party solution](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus-when-migrating?view=o365-worldwide) | added | -| 2/23/2023 | [Block vulnerable applications](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-worldwide) | modified | -| 2/23/2023 | [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-worldwide) | modified | -| 7/14/2023 | [Cancel your business subscription](/microsoft-365/commerce/subscriptions/cancel-your-subscription?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint Block at First Sight (BAFS) demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-block-at-first-sight-bafs?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint Cloud-delivered protection demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-cloud-delivered-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint Controlled folder access (CFA) demonstration test tool](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access-test-tool?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint Controlled folder access (CFA) demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-controlled-folder-access?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint Exploit protection (EP) demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-exploit-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint Network protection demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-network-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint Potentially unwanted applications (PUA) demonstration](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-potentially-unwanted-applications?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint SmartScreen URL reputation demonstrations](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstration-smartscreen-url-reputation?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint demonstration scenarios](/microsoft-365/security/defender-endpoint/defender-endpoint-demonstrations?view=o365-worldwide) | modified | -| 7/14/2023 | [Use AllowSelfServicePurchase for the MSCommerce PowerShell module](/microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell?view=o365-worldwide) | modified | -| 7/14/2023 | [Use Content search for targeted collections](/microsoft-365/compliance/ediscovery-use-content-search-for-targeted-collections?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Purview setup guides](/microsoft-365/compliance/purview-fast-track-setup-guides?view=o365-worldwide) | added | -| 7/14/2023 | [Allow or block URLs using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-urls-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Search the audit log for events in Microsoft Teams](/microsoft-365/compliance/audit-teams-audit-log-events?view=o365-worldwide) | added | -| 7/14/2023 | [Increase Classifier Accuracy](/microsoft-365/compliance/data-classification-increase-accuracy?view=o365-worldwide) | modified | -| 7/14/2023 | [Advanced deployment guides for Microsoft 365 and Office 365 products](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-worldwide) | modified | -| 12/14/2022 | [Define your Bookings service offerings](/microsoft-365/bookings/define-service-offerings?view=o365-worldwide) | modified | -| 12/14/2022 | [Trainable classifiers definitions](/microsoft-365/compliance/classifier-tc-definitions?view=o365-worldwide) | modified | -| 12/14/2022 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | -| 12/14/2022 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified | -| 12/14/2022 | [Get Microsoft Defender for Business](/microsoft-365/security/defender-business/get-defender-business?view=o365-worldwide) | modified | -| 12/14/2022 | [Analyzing the Causes of Regressions](/microsoft-365/test-base/analyze-regression-causes?view=o365-worldwide) | added | -| 12/14/2022 | [Determining Relevant Processes for Regression Detection](/microsoft-365/test-base/determine-relevant-processes-regression-detection?view=o365-worldwide) | added | -| 12/14/2022 | [Downloading and Analyzing Test Result Files](/microsoft-365/test-base/download-analyze-test-result-files?view=o365-worldwide) | added | -| 12/14/2022 | [Understanding CPU Regression Analysis](/microsoft-365/test-base/learn-cpu-regression-analysis?view=o365-worldwide) | added | -| 12/14/2022 | [Understanding Memory Regression Analysis](/microsoft-365/test-base/learn-memory-regression-analysis?view=o365-worldwide) | added | -| 12/14/2022 | [Memory and CPU Regression Results Overview](/microsoft-365/test-base/memory-cpu-regressions-results-overview?view=o365-worldwide) | added | -| 12/14/2022 | [Monitoring Test Status](/microsoft-365/test-base/monitor-test-status?view=o365-worldwide) | added | -| 12/14/2022 | [Viewing Application Reliability Results](/microsoft-365/test-base/view-application-liability-results?view=o365-worldwide) | added | -| 12/14/2022 | [Viewing Log Files](/microsoft-365/test-base/view-log-files?view=o365-worldwide) | added | -| 12/14/2022 | [Viewing Script Execution Results](/microsoft-365/test-base/view-script-execution-results?view=o365-worldwide) | added | -| 12/14/2022 | [Viewing Test Results](/microsoft-365/test-base/view-test-results?view=o365-worldwide) | added | -| 9/16/2022 | [Try and evaluate Defender for Office 365](/microsoft-365/security/office-365-security/try-microsoft-defender-for-office-365?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) | modified | -| 7/14/2023 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint for US Government customers](/microsoft-365/security/defender-endpoint/gov?view=o365-worldwide) | modified | -| 7/14/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Teams in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-teams?view=o365-worldwide) | added | -| 7/14/2023 | [Sensitive information type REGEX validators and additional checks](/microsoft-365/compliance/sit-regex-validators-additional-checks?view=o365-worldwide) | modified | -| 7/14/2023 | [Use the Microsoft 365 admin center to manage your Shifts connection to Blue Yonder Workforce Management (Preview)](/microsoft-365/frontline/shifts-connector-blue-yonder-admin-center-manage?view=o365-worldwide) | modified | -| 7/14/2023 | [Use the Microsoft 365 admin center to manage your Shifts connection to UKG Dimensions (Preview)](/microsoft-365/frontline/shifts-connector-ukg-admin-center-manage?view=o365-worldwide) | modified | -| 7/14/2023 | [Protect security settings with tamper protection](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [Investigate Microsoft Defender for Endpoint files](/microsoft-365/security/defender-endpoint/investigate-files?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 6. Monitor device risk and compliance to security baselines](/microsoft-365/solutions/manage-devices-with-intune-monitor-risk?view=o365-worldwide) | modified | -| 4/12/2023 | [Create and manage communication compliance policies](/microsoft-365/compliance/communication-compliance-policies?view=o365-worldwide) | modified | -| 4/12/2023 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) | modified | -| 7/14/2023 | [Paying for your subscription](/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?view=o365-worldwide) | modified | -| 7/14/2023 | [Bulk import external contacts to Exchange Online](/microsoft-365/compliance/bulk-import-external-contacts?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage Protection](/microsoft-365/security/defender-endpoint/device-control-removable-storage-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified | -| 7/14/2023 | [Submit files for analysis by Microsoft](/microsoft-365/security/intelligence/submission-guide?view=o365-worldwide) | modified | -| 6/29/2022 | [Onboard previous versions of Windows on Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/onboard-downlevel?view=o365-worldwide) | modified | -| 6/29/2022 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide) | modified | -| 6/29/2022 | [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) | modified | -| 7/14/2023 | [Maintain your environment](/microsoft-365/business-premium/m365bp-mdb-maintain-environment?view=o365-worldwide) | modified | -| 7/14/2023 | [Administering Exchange Online mailboxes in a multi-geo environment](/microsoft-365/enterprise/administering-exchange-online-multi-geo?view=o365-worldwide) | modified | -| 7/14/2023 | [Review or edit your next-generation protection policies Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-next-generation-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Office 365 support for Microsoft Teams (Preview)](/microsoft-365/security/office-365-security/mdo-support-teams-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Help your clients and customers use virtual appointments](/microsoft-365/frontline/virtual-appointments-toolkit?view=o365-worldwide) | modified | -| 7/14/2023 | [Migrating servers from Microsoft Monitoring Agent to the unified solution](/microsoft-365/security/defender-endpoint/application-deployment-via-mecm?view=o365-worldwide) | modified | -| 7/14/2023 | [Admin review for user reported messages](/microsoft-365/security/office-365-security/submissions-admin-review-user-reported-messages?view=o365-worldwide) | modified | -| 7/14/2023 | [Extract text from images using the OCR service in Microsoft Syntex](/microsoft-365/syntex/ocr) | added | -| 7/14/2023 | [Advanced data residency in Microsoft 365](/microsoft-365/enterprise/advanced-data-residency?view=o365-worldwide) | modified | -| 7/14/2023 | [OneDrive Cross-Tenant User Data Migration Step 7](/microsoft-365/enterprise/cross-tenant-onedrive-migration-step7?view=o365-worldwide) | modified | -| 7/14/2023 | [Set preferences for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-preferences?view=o365-worldwide) | modified | -| 7/14/2023 | [Migrate to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2?view=o365-worldwide) | modified | -| 7/14/2023 | [Troubleshooting issues when moving to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting?view=o365-worldwide) | modified | -| 7/14/2023 | [Investigate users in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-users?view=o365-worldwide) | modified | -| 7/14/2023 | [Buy a domain name](/microsoft-365/admin/get-help-with-domains/buy-a-domain-name?view=o365-worldwide) | modified | -| 7/14/2023 | [Top 10 ways to secure your business data with Microsoft 365 for business](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) | modified | -| 7/14/2023 | [Add, update or delete a scan definition](/microsoft-365/security/defender-endpoint/add-a-new-scan-definition?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy and manage using group policy](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-group-policy?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy and manage using Intune](/microsoft-365/security/defender-endpoint/deploy-and-manage-using-intune?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy and manage Removable Storage Access Control using Intune](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune?view=o365-worldwide) | modified | -| 7/14/2023 | [Get scan definitions](/microsoft-365/security/defender-endpoint/get-all-scan-definitions?view=o365-worldwide) | modified | -| 7/14/2023 | [Printer Protection Overview](/microsoft-365/security/defender-endpoint/printer-protection-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Migrate to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-worldwide) | modified | -| 7/14/2023 | [Security Operations Guide for Defender for Office 365](/microsoft-365/security/office-365-security/mdo-sec-ops-guide?view=o365-worldwide) | modified | -| 7/14/2023 | [Responding to a Compromised Email Account](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account?view=o365-worldwide) | modified | -| 7/14/2023 | [Secure your business data with Microsoft 365 for business](/microsoft-365/business-premium/secure-your-business-data?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard macOS devices into Microsoft 365 overview](/microsoft-365/compliance/device-onboarding-macos-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard Windows 10 and Windows 11 devices using Mobile Device Management tools](/microsoft-365/compliance/device-onboarding-mdm?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard and offboard macOS devices into Compliance solutions using Microsoft Intune for Microsoft Defender for Endpoint customers](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune-mde?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard and offboard macOS devices into Microsoft Purview solutions using Microsoft Intune](/microsoft-365/compliance/device-onboarding-offboarding-macos-intune?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard and offboard macOS devices into Compliance solutions using JAMF Pro for Microsoft Defender for Endpoint customers](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro-mde?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard and offboard macOS devices into Microsoft Purview solutions using JAMF Pro](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro?view=o365-worldwide) | modified | -| 7/14/2023 | [IPv6 support in Microsoft 365 services](/microsoft-365/enterprise/ipv6-support?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 data locations](/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure and validate exclusions based on extension, name, or location](/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with troubleshooting mode in Microsoft Defender for Endpoint (preview)](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-worldwide) | modified | -| 7/14/2023 | [Multi-factor authentication for users](/microsoft-365/business-premium/m365bp-mfa-for-users?view=o365-worldwide) | renamed | -| 7/14/2023 | [Secure managed devices with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-protect-managed-devices?view=o365-worldwide) | renamed | -| 7/14/2023 | [Set up information protection capabilities in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-set-up-compliance?view=o365-worldwide) | modified | -| 7/14/2023 | [Install Microsoft 365 Apps on your devices with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-users-install-m365-apps?view=o365-worldwide) | renamed | -| 7/14/2023 | [Protect unmanaged computers with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-users-protect-unmanaged-devices?view=o365-worldwide) | renamed | -| 7/14/2023 | [Set up GDAP for your customers](/microsoft-365/lighthouse/m365-lighthouse-setup-gdap?view=o365-worldwide) | modified | -| 7/14/2023 | [Troubleshoot error messages and problems in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-troubleshoot?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender Antivirus security intelligence and product updates](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-updates?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender Antivirus updates - Previous versions for technical upgrade support](/microsoft-365/security/defender-endpoint/msda-updates-previous-versions-technical-upgrade-support?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365-whats-new?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 Group mailbox size management](/microsoft-365/admin/create-groups/group-mailbox-size-management?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 Health Dashboard](/microsoft-365/admin/manage/health-dashboard-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Launch your portal using the Portal launch scheduler](/microsoft-365/enterprise/portallaunchscheduler?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Business](/microsoft-365/security/defender-business/index?view=o365-worldwide) | modified | -| 7/14/2023 | [Create an enterprise model in Microsoft Syntex](/microsoft-365/syntex/create-syntex-model) | modified | -| 7/14/2023 | [Overview of model types in Microsoft Syntex](/microsoft-365/syntex/model-types-overview) | modified | -| 7/14/2023 | [Use a prebuilt model to extract information from contracts in Microsoft Syntex](/microsoft-365/syntex/prebuilt-model-contract) | added | -| 7/14/2023 | [Overview of prebuilt models in Microsoft Syntex](/microsoft-365/syntex/prebuilt-overview) | modified | -| 7/14/2023 | [Requirements and limitations for models in Microsoft Syntex](/microsoft-365/syntex/requirements-and-limitations) | modified | -| 7/14/2023 | [Bookings with me](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | -| 7/14/2023 | [Attack surface reduction (ASR) rules reporting](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report?view=o365-worldwide) | modified | -| 7/14/2023 | [Connect your DNS records at GoDaddy to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-godaddy?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 Multi-Tenant Organization People Search](/microsoft-365/enterprise/multi-tenant-people-search?view=o365-worldwide) | modified | -| 7/14/2023 | [Use Office 365 Content Delivery Network (CDN) with SharePoint Online](/microsoft-365/enterprise/use-microsoft-365-cdn-with-spo?view=o365-worldwide) | modified | -| 7/14/2023 | [Use the command line to manage Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/14/2023 | [Map fields of a modern template to library columns in Microsoft Syntex](/microsoft-365/syntex/content-assembly-map-fields) | added | -| 11/14/2022 | [What's new in Microsoft 365 Business Premium and Microsoft Defender for Business](/microsoft-365/business-premium/m365bp-mdb-whats-new?view=o365-worldwide) | modified | -| 11/14/2022 | [Get started with insider risk management](/microsoft-365/compliance/insider-risk-management-configure?view=o365-worldwide) | modified | -| 11/14/2022 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) | modified | -| 11/14/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) | modified | -| 11/14/2022 | [Deploy and manage Removable Storage Access Control using group policy](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-group-policy?view=o365-worldwide) | modified | -| 11/14/2022 | [Deploy and manage Removable Storage Access Control using Intune](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune?view=o365-worldwide) | modified | -| 11/14/2022 | [Server migration scenarios for the new version of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 alert policies](/microsoft-365/compliance/alert-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Adaptive scopes](/microsoft-365/compliance/purview-adaptive-scopes?view=o365-worldwide) | modified | -| 7/14/2023 | [View email security reports](/microsoft-365/security/office-365-security/reports-email-security?view=o365-worldwide) | modified | -| 7/14/2023 | [Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance](/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide) | modified | -| 7/14/2023 | [How-to deploy and configure the report message add-in](/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in?view=o365-worldwide) | modified | -| 7/14/2023 | [Admin review for user reported messages](/microsoft-365/security/office-365-security/submissions-admin-review-user-reported-messages?view=o365-worldwide) | renamed | -| 7/14/2023 | [Manage submissions](/microsoft-365/security/office-365-security/submissions-admin?view=o365-worldwide) | modified | -| 7/14/2023 | [Report false positives and false negatives in Outlook](/microsoft-365/security/office-365-security/submissions-outlook-report-messages?view=o365-worldwide) | modified | -| 7/14/2023 | [Report spam, non-spam, phishing, suspicious emails and files to Microsoft](/microsoft-365/security/office-365-security/submissions-report-messages-files-to-microsoft?view=o365-worldwide) | modified | -| 7/14/2023 | [User reported settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox?view=o365-worldwide) | renamed | -| 7/14/2023 | [Enable the Report Message or the Report Phishing add-ins](/microsoft-365/security/office-365-security/submissions-users-report-message-add-in-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage allows and blocks in the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Allow or block email using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-email-spoof-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Allow or block files using the Tenant Allow/Block List](/microsoft-365/security/office-365-security/tenant-allow-block-list-files-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-worldwide) | modified | -| 7/14/2023 | [Enable sensitivity labels for Office files](/microsoft-365/compliance/sensitivity-labels-sharepoint-onedrive-files?view=o365-worldwide) | modified | -| 7/14/2023 | [All credentials entity definition](/microsoft-365/compliance/sit-defn-all-creds?view=o365-worldwide) | added | -| 7/14/2023 | [Amazon S3 client secret access key entity definition](/microsoft-365/compliance/sit-defn-amazon-s3-client-secret-access-key?view=o365-worldwide) | modified | -| 7/14/2023 | [ASP.NET machine key entity definition](/microsoft-365/compliance/sit-defn-asp-net-machine-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure AD client access token entity definition](/microsoft-365/compliance/sit-defn-azure-ad-client-access-token?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure AD client secret entity definition](/microsoft-365/compliance/sit-defn-azure-ad-client-secret?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure AD user credentials entity definition](/microsoft-365/compliance/sit-defn-azure-ad-user-credentials?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure App Service Deployment Password entity definition](/microsoft-365/compliance/sit-defn-azure-app-service-deployment-password?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Batch Shared Access Key entity definition](/microsoft-365/compliance/sit-defn-azure-batch-shared-access-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Bot Framework secret key entity definition](/microsoft-365/compliance/sit-defn-azure-bot-framework-secret-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Bot service app secret entity definition](/microsoft-365/compliance/sit-defn-azure-bot-service-app-secret?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Cognitive search API key entity definition](/microsoft-365/compliance/sit-defn-azure-cognitive-search-api-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Cognitive Service key entity definition](/microsoft-365/compliance/sit-defn-azure-cognitive-service-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Container Registry access key entity definition](/microsoft-365/compliance/sit-defn-azure-container-registry-access-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure COSMOS DB account access key entity definition](/microsoft-365/compliance/sit-defn-azure-cosmos-db-account-access-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Databricks personal access token entity definition](/microsoft-365/compliance/sit-defn-azure-databricks-personal-access-token?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure DevOps app secret entity definition](/microsoft-365/compliance/sit-defn-azure-devops-app-secret?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure DevOps personal access token entity definition](/microsoft-365/compliance/sit-defn-azure-devops-personal-access-token?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure EventGrid access key entity definition](/microsoft-365/compliance/sit-defn-azure-eventgrid-access-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Function Master / API key entity definition](/microsoft-365/compliance/sit-defn-azure-function-master-api-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure IoT connection string entity definition](/microsoft-365/compliance/sit-defn-azure-iot-connection-string?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Logic App shared access signature entity definition](/microsoft-365/compliance/sit-defn-azure-logic-app-shared-access-signature?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Machine Learning web service API key entity definition](/microsoft-365/compliance/sit-defn-azure-machine-learning-web-service-api-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Maps subscription key entity definition](/microsoft-365/compliance/sit-defn-azure-maps-subscription-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Redis cache connection string password entity definition](/microsoft-365/compliance/sit-defn-azure-redis-cache-connection-string-password?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure service bus shared access signature entity definition](/microsoft-365/compliance/sit-defn-azure-service-bus-shared-access-signature?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Shared Access key / Web Hook token signature entity definition](/microsoft-365/compliance/sit-defn-azure-shared-access-key-web-hook-token?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure SignalR access key entity definition](/microsoft-365/compliance/sit-defn-azure-signalr-access-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure SQL connection string entity definition](/microsoft-365/compliance/sit-defn-azure-sql-connection-string?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure storage account access key entity definition](/microsoft-365/compliance/sit-defn-azure-storage-account-access-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Storage account shared access signature for high risk resources entity definition (preview)](/microsoft-365/compliance/sit-defn-azure-storage-account-shared-access-signature-high-risk-resources?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Storage account shared access signature entity definition](/microsoft-365/compliance/sit-defn-azure-storage-account-shared-access-signature?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure subscription management certificate entity definition](/microsoft-365/compliance/sit-defn-azure-subscription-management-certificate?view=o365-worldwide) | modified | -| 7/14/2023 | [Client secret / API key entity definition](/microsoft-365/compliance/sit-defn-client-secret-api-key?view=o365-worldwide) | modified | -| 7/14/2023 | [General password entity definition](/microsoft-365/compliance/sit-defn-general-password?view=o365-worldwide) | modified | -| 7/14/2023 | [General Symmetric key entity definition](/microsoft-365/compliance/sit-defn-general-symmetric-key?view=o365-worldwide) | modified | -| 7/14/2023 | [GitHub personal access token entity definition](/microsoft-365/compliance/sit-defn-github-personal-access-token?view=o365-worldwide) | modified | -| 7/14/2023 | [Google API key entity definition](/microsoft-365/compliance/sit-defn-google-api-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Http authorization header entity definition](/microsoft-365/compliance/sit-defn-http-authorization-header?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Bing maps key entity definition](/microsoft-365/compliance/sit-defn-microsoft-bing-maps-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Slack access token entity definition](/microsoft-365/compliance/sit-defn-slack-access-token?view=o365-worldwide) | modified | -| 7/14/2023 | [User login credentials entity definition](/microsoft-365/compliance/sit-defn-user-login-credentials?view=o365-worldwide) | modified | -| 7/14/2023 | [X.509 certificate private key entity definition (preview)](/microsoft-365/compliance/sit-defn-x-509-certificate-private-key?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure advanced features in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-features?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure and manage Microsoft Threat Experts capabilities](/microsoft-365/security/defender-endpoint/configure-microsoft-threat-experts?view=o365-worldwide) | modified | -| 7/14/2023 | [Endpoint Attack Notifications](/microsoft-365/security/defender-endpoint/endpoint-attack-notifications?view=o365-worldwide) | added | -| 7/14/2023 | [Experts on Demand](/microsoft-365/security/defender-endpoint/experts-on-demand?view=o365-worldwide) | added | -| 7/14/2023 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-worldwide) | added | -| 7/14/2023 | [Change the hold duration for an inactive mailbox](/microsoft-365/compliance/change-the-hold-duration-for-an-inactive-mailbox?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Purview solutions trial user guide](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-worldwide) | modified | -| 7/14/2023 | [Analyze data in a review set in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-analyzing-data-in-review-set?view=o365-worldwide) | renamed | -| 7/14/2023 | [Assign eDiscovery permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/ediscovery-assign-permissions?view=o365-worldwide) | renamed | -| 7/14/2023 | [CJK/Double Byte support for eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-cjk-support?view=o365-worldwide) | modified | -| 7/14/2023 | [Overview of collections in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-collections?view=o365-worldwide) | renamed | -| 7/14/2023 | [Configure search and analytics settings - eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-configure-search-and-analytics-settings?view=o365-worldwide) | renamed | -| 7/14/2023 | [Feature reference for Content search](/microsoft-365/compliance/ediscovery-content-search-reference?view=o365-worldwide) | renamed | -| 7/14/2023 | [Create and run a Content search in the Microsoft Purview compliance portal](/microsoft-365/compliance/ediscovery-content-search?view=o365-worldwide) | renamed | -| 7/14/2023 | [Review conversations in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-conversation-review-sets?view=o365-worldwide) | renamed | -| 7/14/2023 | [Create and manage an eDiscovery (Premium) case](/microsoft-365/compliance/ediscovery-create-and-manage-cases?view=o365-worldwide) | renamed | -| 7/14/2023 | [Create a collection estimate](/microsoft-365/compliance/ediscovery-create-draft-collection?view=o365-worldwide) | renamed | -| 7/14/2023 | [Create eDiscovery holds in a eDiscovery (Standard) case](/microsoft-365/compliance/ediscovery-create-holds?view=o365-worldwide) | renamed | -| 7/14/2023 | [eDiscovery solution series Data spillage scenario - Search and purge](/microsoft-365/compliance/ediscovery-data-spillage-search-and-purge?view=o365-worldwide) | renamed | -| 7/14/2023 | [Advanced indexing of custodian data](/microsoft-365/compliance/ediscovery-indexing-custodian-data?view=o365-worldwide) | renamed | -| 7/14/2023 | [Keyword queries and search conditions for eDiscovery](/microsoft-365/compliance/ediscovery-keyword-queries-and-search-conditions?view=o365-worldwide) | renamed | -| 7/14/2023 | [Legacy eDiscovery tools retired](/microsoft-365/compliance/ediscovery-legacy-retirement?view=o365-worldwide) | renamed | -| 7/14/2023 | [Limits for Content search and eDiscovery (Standard) in the Microsoft Purview compliance portal](/microsoft-365/compliance/ediscovery-limits-for-content-search?view=o365-worldwide) | renamed | -| 7/14/2023 | [Manage legal investigations in Microsoft 365](/microsoft-365/compliance/ediscovery-manage-legal-investigations?view=o365-worldwide) | renamed | -| 7/14/2023 | [Work with custodians in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-managing-custodians?view=o365-worldwide) | renamed | -| 7/14/2023 | [Manage jobs in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-managing-jobs?view=o365-worldwide) | renamed | -| 7/14/2023 | [Manage review sets in eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-managing-review-sets?view=o365-worldwide) | renamed | -| 7/14/2023 | [Configure permissions filtering for eDiscovery](/microsoft-365/compliance/ediscovery-permissions-filtering-for-content-search?view=o365-worldwide) | renamed | -| 7/14/2023 | [Predictive coding in eDiscovery (Premium) - Quick start](/microsoft-365/compliance/ediscovery-predictive-coding-quick-start?view=o365-worldwide) | renamed | -| 7/14/2023 | [Search for and delete chat messages in Teams](/microsoft-365/compliance/ediscovery-search-and-delete-teams-chat-messages?view=o365-worldwide) | renamed | -| 7/14/2023 | [Search for content in a eDiscovery (Standard) case](/microsoft-365/compliance/ediscovery-search-for-content?view=o365-worldwide) | renamed | -| 7/14/2023 | [Set up compliance boundaries for eDiscovery investigations](/microsoft-365/compliance/ediscovery-set-up-compliance-boundaries?view=o365-worldwide) | renamed | -| 7/14/2023 | [Get started with eDiscovery (Standard) cases in Microsoft Purview](/microsoft-365/compliance/ediscovery-standard-get-started?view=o365-worldwide) | renamed | -| 7/14/2023 | [Microsoft Purview eDiscovery solutions](/microsoft-365/compliance/ediscovery?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about inactive mailboxes](/microsoft-365/compliance/inactive-mailboxes-in-office-365?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about retention policies & labels to retain or delete](/microsoft-365/compliance/retention?view=o365-worldwide) | modified | -| 7/14/2023 | [Choose Microsoft Purview Information Protection built-in labeling for Office apps over the Azure Information Protection (AIP) add-in](/microsoft-365/compliance/sensitivity-labels-aip?view=o365-worldwide) | modified | -| 7/14/2023 | [Enable autoexpanding archiving](/microsoft-365/compliance/enable-autoexpanding-archiving?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft recommendations for EOP and Defender for Office 365 security settings](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide) | modified | -| 7/14/2023 | [Take response actions on a device in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Purview Compliance Manager templates list](/microsoft-365/compliance/compliance-manager-templates-list?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage tamper protection using tenant attach with Configuration Manager, version 2006](/microsoft-365/security/defender-endpoint/manage-tamper-protection-configuration-manager?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage tamper protection on an individual device](/microsoft-365/security/defender-endpoint/manage-tamper-protection-individual-device?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage tamper protection for your organization using Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/manage-tamper-protection-microsoft-365-defender?view=o365-worldwide) | modified | -| 7/14/2023 | [Compare Microsoft Defender Vulnerability Management plans and capabilities](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-worldwide) | modified | -| 7/14/2023 | [Set up Microsoft Syntex per-user licensing](/microsoft-365/syntex/set-up-content-understanding) | modified | -| 7/14/2023 | [Set up Microsoft Syntex](/microsoft-365/syntex/set-up-microsoft-syntex) | added | -| 7/14/2023 | [Configure Microsoft Syntex for pay-as-you-go billing in Azure](/microsoft-365/syntex/syntex-azure-billing) | modified | -| 7/14/2023 | [Licensing for Microsoft Syntex](/microsoft-365/syntex/syntex-licensing) | modified | -| 7/14/2023 | [Pay-as-you-go services and pricing for Microsoft Syntex](/microsoft-365/syntex/syntex-pay-as-you-go-services) | added | -| 3/3/2022 | [Microsoft 365 global tenant performance optimization for China users](/microsoft-365/enterprise/microsoft-365-networking-china?view=o365-worldwide) | modified | -| 3/3/2022 | [Common VPN split tunneling scenarios for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-common-scenarios?view=o365-worldwide) | added | -| 3/3/2022 | [Implementing VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide) | modified | -| 3/3/2022 | [Securing Teams media traffic for VPN split tunneling](/microsoft-365/enterprise/microsoft-365-vpn-securing-teams?view=o365-worldwide) | added | -| 3/3/2022 | [Overview: VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-split-tunnel?view=o365-worldwide) | modified | -| 3/3/2022 | [Special considerations for Stream and live events in VPN environments](/microsoft-365/enterprise/microsoft-365-vpn-stream-and-live-events?view=o365-worldwide) | added | -| 3/3/2022 | [Networking roadmap for Microsoft 365](/microsoft-365/enterprise/networking-roadmap-microsoft-365?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage Microsoft feedback for your organization](/microsoft-365/admin/manage/manage-feedback-ms-org?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started using Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Payloads in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payloads?view=o365-worldwide) | modified | -| 7/14/2023 | [Simulation automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulation-automations?view=o365-worldwide) | modified | -| 7/14/2023 | [Security incident management](/microsoft-365/business-premium/m365bp-security-incident-management?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Business Premium trial playbook](/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft security portals and admin centers](/microsoft-365/security/defender/portals?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Purview solutions trial playbook](/microsoft-365/compliance/compliance-easy-trials-compliance-playbook?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in Microsoft Purview](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | -| 7/14/2023 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard devices to Microsoft Defender for Business (preview)](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) | modified | -| 7/14/2023 | [Create safe sender lists](/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365?view=o365-worldwide) | modified | -| 7/14/2023 | [Boost your security protection with Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [What DLP policy templates include](/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide) | modified | -| 7/14/2023 | [Guest users in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-guest-users?view=o365-worldwide) | modified | -| 7/14/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 7/14/2023 | [Get help and support for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-get-help?view=o365-worldwide) | modified | -| 7/14/2023 | [Visit the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) | modified | -| 7/14/2023 | [Requirements for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-requirements?view=o365-worldwide) | modified | -| 7/14/2023 | [Email analysis in investigations for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-analysis-investigations?view=o365-worldwide) | modified | -| 7/14/2023 | [Continuous access evaluation for Microsoft 365 - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-continuous-access-evaluation?view=o365-worldwide) | modified | -| 7/14/2023 | [Remove yourself from the blocked senders list and address 5.7.511 Access denied errors](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Teams Advanced Virtual Appointments activity report](/microsoft-365/frontline/advanced-virtual-appointments-activity-report?view=o365-worldwide) | modified | -| 7/14/2023 | [Quarantine notifications (end-user spam notifications) in Microsoft 365](/microsoft-365/security/office-365-security/quarantine-quarantine-notifications?view=o365-worldwide) | modified | -| 7/14/2023 | [Contracts Frequently Asked Questions](/microsoft-365/commerce/licenses/license-summary-faq?view=o365-worldwide) | added | -| 7/14/2023 | [Use Cost management in the Microsoft 365 admin center](/microsoft-365/commerce/use-cost-mgmt?view=o365-worldwide) | added | -| 7/14/2023 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard devices to Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-onboard-devices?view=o365-worldwide) | modified | -| 7/14/2023 | [Understand the analyst report section in threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics-analyst-reports?view=o365-worldwide) | modified | -| 7/14/2023 | [Threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with the Microsoft Purview Chrome Extension](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about the Microsoft Purview Chrome Extension](/microsoft-365/compliance/dlp-chrome-learn-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with the Microsoft Purview Firefox Extension](/microsoft-365/compliance/dlp-firefox-extension-get-started?view=o365-worldwide) | added | -| 7/14/2023 | [Learn about the Microsoft Purview Firefox Extension](/microsoft-365/compliance/dlp-firefox-extension-learn?view=o365-worldwide) | added | -| 7/14/2023 | [Get started with the Microsoft Purview Data Loss Prevention migration assistant for Symantec](/microsoft-365/compliance/dlp-migration-assistant-for-symantec-get-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Identify the available PowerShell cmdlets for retention](/microsoft-365/compliance/retention-cmdlets?view=o365-worldwide) | modified | -| 7/14/2023 | [Use attack surface reduction rules to prevent malware infection](/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide) | modified | -| 7/14/2023 | [Upgrade or change to a different Microsoft 365 for business plan](/microsoft-365/commerce/subscriptions/upgrade-to-different-plan?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with eDiscovery (Premium)](/microsoft-365/compliance/ediscovery-premium-get-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with eDiscovery (Standard)](/microsoft-365/compliance/ediscovery-standard-get-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Changing from a Microsoft 365 E plan to a Microsoft 365 F plan](/microsoft-365/frontline/switch-from-enterprise-to-frontline?view=o365-worldwide) | modified | -| 7/14/2023 | [Why do I need Microsoft Defender for Office 365?](/microsoft-365/security/office-365-security/why-do-i-need-microsoft-defender-for-office-365?view=o365-worldwide) | modified | -| 7/14/2023 | [Compare Microsoft Defender for Endpoint plans](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender Antivirus in Windows](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide) | modified | -| 7/14/2023 | [Advanced indexing of custodian and non-custodial data sources](/microsoft-365/compliance/ediscovery-indexing-custodian-data?view=o365-worldwide) | modified | -| 7/14/2023 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Create a Microsoft 365 Group with a specific preferred data location](/microsoft-365/enterprise/multi-geo-add-group-with-pdl?view=o365-worldwide) | modified | -| 7/14/2023 | [SharePoint Server 2007 end of support roadmap](/microsoft-365/enterprise/sharepoint-2007-end-of-support?view=o365-worldwide) | modified | -| 7/14/2023 | [The Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-worldwide) | modified | -| 7/14/2023 | [Threat Explorer and Real-time detections basics in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/real-time-detections?view=o365-worldwide) | modified | -| 7/14/2023 | [Migrate business email and calendar from Google Workspace](/microsoft-365/admin/moveto-microsoft-365/migrate-email?view=o365-worldwide) | modified | -| 7/14/2023 | [How Sender Policy Framework (SPF) prevents spoofing](/microsoft-365/security/office-365-security/email-authentication-anti-spoofing?view=o365-worldwide) | modified | -| 7/14/2023 | [Overview of freeform document processing in Microsoft Syntex](/microsoft-365/syntex/freeform-document-processing-overview) | modified | -| 7/14/2023 | [Import a term set using a SKOS-based format](/microsoft-365/syntex/import-term-set-skos) | modified | -| 7/14/2023 | [Push content types to a hub](/microsoft-365/syntex/push-content-type-to-hub) | modified | -| 7/14/2023 | [SKOS format reference for SharePoint taxonomy](/microsoft-365/syntex/skos-format-reference) | modified | -| 7/14/2023 | [Term store reports](/microsoft-365/syntex/term-store-analytics) | modified | -| 1/10/2023 | [Troubleshooting issues when switching to Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting?view=o365-worldwide) | modified | -| 3/23/2023 | [Microsoft Teams SMS notifications usage report](/microsoft-365/frontline/sms-notifications-usage-report?view=o365-worldwide) | added | -| 3/23/2023 | [Overview of the Vulnerability management page in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-vulnerability-management-page-overview?view=o365-worldwide) | added | -| 3/23/2023 | [Compare security features in Microsoft 365 plans for small and medium-sized businesses](/microsoft-365/security/defender-business/compare-mdb-m365-plans?view=o365-worldwide) | modified | -| 3/23/2023 | [Requirements for Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-requirements?view=o365-worldwide) | modified | -| 3/23/2023 | [Deploy, manage, and report on Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/14/2023 | [Anti-phishing policies](/microsoft-365/security/office-365-security/anti-phishing-policies-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Endpoint detection and response in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide) | modified | -| 7/14/2023 | [Automatically apply a sensitivity label in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide) | modified | -| 7/14/2023 | [Other endpoints not included in the Office 365 IP Address and URL Web service](/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls?view=o365-worldwide) | modified | -| 7/14/2023 | [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide) | modified | -| 7/14/2023 | [Find Microsoft 365 for business support phone numbers by country or region](/microsoft-365/admin/support-contact-info?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about auto-expanding archiving](/microsoft-365/compliance/autoexpanding-archiving?view=o365-worldwide) | modified | -| 7/14/2023 | [Service advisories for auto-expanding archive utilization in Exchange Online monitoring](/microsoft-365/enterprise/microsoft-365-exo-archive-advisory?view=o365-worldwide) | added | -| 7/14/2023 | [Plan attack surface reduction (ASR) rules deployment](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-plan?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint (MDE) attack surface reduction (ASR) rules deployment overview](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment?view=o365-worldwide) | modified | -| 7/14/2023 | [Connect your DNS records at IONOS by 1&1 to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-1-1-internet?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 admin center Teams usage activity reports](/microsoft-365/admin/activity-reports/microsoft-teams-usage-activity?view=o365-worldwide) | modified | -| 7/14/2023 | [Capabilities of Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/capabilities?view=o365-worldwide) | modified | -| 7/14/2023 | [Choose between Basic Mobility and Security and Intune](/microsoft-365/admin/basic-mobility-security/choose-between-basic-mobility-and-security-and-intune?view=o365-worldwide) | modified | -| 7/14/2023 | [Create an APNs certificate for iOS devices](/microsoft-365/admin/basic-mobility-security/create-an-apns-certificate-for-ios-devices?view=o365-worldwide) | modified | -| 7/14/2023 | [Basic Mobility and Security frequently-asked questions (FAQ)](/microsoft-365/admin/basic-mobility-security/frequently-asked-questions?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage device access settings in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/manage-device-access-settings?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage devices enrolled in Mobile Device Management in Microsoft 365](/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices?view=o365-worldwide) | modified | -| 7/14/2023 | [Overview of Basic Mobility and Security for Microsoft 365](/microsoft-365/admin/basic-mobility-security/overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Set up Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/set-up?view=o365-worldwide) | modified | -| 7/14/2023 | [Turn off Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/turn-off?view=o365-worldwide) | modified | -| 7/14/2023 | [Wipe a mobile device in Basic Mobility and Security](/microsoft-365/admin/basic-mobility-security/wipe-mobile-device?view=o365-worldwide) | modified | -| 7/14/2023 | [Connect your DNS records at Namecheap to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-namecheap?view=o365-worldwide) | modified | -| 7/14/2023 | [Connect your DNS records at Network Solutions to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-network-solutions?view=o365-worldwide) | modified | -| 7/14/2023 | [Connect your DNS records at OVH to Microsoft 365](/microsoft-365/admin/dns/create-dns-records-at-ovh?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage email app access in Microsoft 365 admin center](/microsoft-365/admin/email/manage-email-app-access?view=o365-worldwide) | modified | -| 7/14/2023 | [Transfer a domain from Microsoft to another host](/microsoft-365/admin/get-help-with-domains/transfer-a-domain-from-microsoft-to-another-host?view=o365-worldwide) | modified | -| 7/14/2023 | [Minors and acquiring add-ins from the Store](/microsoft-365/admin/manage/minors-and-acquiring-addins-from-the-store?view=o365-worldwide) | modified | -| 7/14/2023 | [Test and deploy Microsoft 365 Apps by partners in the Integrated apps portal](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) | modified | -| 7/14/2023 | [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide) | modified | -| 7/14/2023 | [Azure Information Protection support for Office 365 operated by 21Vianet](/microsoft-365/admin/services-in-china/parity-between-azure-information-protection?view=o365-21vianet) | modified | -| 7/14/2023 | [Office 365 operated by 21Vianet](/microsoft-365/admin/services-in-china/services-in-china?view=o365-21vianet) | modified | -| 7/14/2023 | [Customize the theme for your organization](/microsoft-365/admin/setup/customize-your-organization-theme?view=o365-worldwide) | modified | -| 7/14/2023 | [Migrate data to my Microsoft 365 Business Standard subscription](/microsoft-365/admin/simplified-signup/migrate-data-business-standard?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard and offboard macOS devices into Microsoft 365 Compliance solutions using JAMF Pro (preview)](/microsoft-365/compliance/device-onboarding-offboarding-macos-jamfpro?view=o365-worldwide) | modified | -| 7/14/2023 | [Design a Data loss prevention policy](/microsoft-365/compliance/dlp-policy-design?view=o365-worldwide) | modified | -| 7/14/2023 | [Investigate insider risk management activities](/microsoft-365/compliance/insider-risk-management-activities?view=o365-worldwide) | modified | -| 7/14/2023 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Limits for retention policies and retention label policies](/microsoft-365/compliance/retention-limits?view=o365-worldwide) | modified | -| 7/14/2023 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) | modified | -| 7/14/2023 | [Server migration scenarios for the new version of Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/server-migration?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 6. Identify SOC maintenance tasks](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-tasks?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 5. Develop and test use cases](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Virus Initiative](/microsoft-365/security/intelligence/virus-initiative-criteria?view=o365-worldwide) | modified | -| 7/14/2023 | [How to retrain a classifier in content explorer](/microsoft-365/compliance/classifier-how-to-retrain-content-explorer?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with Microsoft 365 for frontline workers](/microsoft-365/frontline/flw-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified | -| 7/14/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-support-perf?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 admin center help # < 60 chars](/microsoft-365/admin/index?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 Health Dashboard](/microsoft-365/admin/manage/health-dashboard-overview?view=o365-worldwide) | added | -| 7/14/2023 | [Microsoft Defender Antivirus compatibility with other security products](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-compatibility?view=o365-worldwide) | modified | -| 7/14/2023 | [Work with a partner to archive third-party data](/microsoft-365/compliance/archive-partner-third-party-data?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Purview extensibility](/microsoft-365/compliance/compliance-extensibility?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about optical character recognition in Microsoft Purview (preview)](/microsoft-365/compliance/ocr-learn-about?view=o365-worldwide) | added | -| 7/14/2023 | [Get started with privileged access management](/microsoft-365/compliance/privileged-access-management-configuration?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure anti-malware policies](/microsoft-365/security/office-365-security/anti-malware-policies-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Anti-malware protection](/microsoft-365/security/office-365-security/anti-malware-protection-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure anti-phishing policies in EOP](/microsoft-365/security/office-365-security/anti-phishing-policies-eop-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure anti-phishing policies in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure spam filter policies](/microsoft-365/security/office-365-security/anti-spam-policies-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [End-user notifications for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-end-user-notifications?view=o365-worldwide) | modified | -| 7/14/2023 | [Insights and reports Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-insights?view=o365-worldwide) | modified | -| 7/14/2023 | [Landing pages in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-landing-pages?view=o365-worldwide) | modified | -| 7/14/2023 | [Login pages in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-login-pages?view=o365-worldwide) | modified | -| 7/14/2023 | [Payload automations for Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-payload-automations?view=o365-worldwide) | modified | -| 7/14/2023 | [Simulate a phishing attack with Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-simulations?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Teams in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-teams?view=o365-worldwide) | modified | -| 7/14/2023 | [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) | modified | -| 7/14/2023 | [Training modules for Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-modules?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure the default connection filter policy](/microsoft-365/security/office-365-security/connection-filter-policies-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure outbound spam policies](/microsoft-365/security/office-365-security/outbound-spam-policies-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage quarantined messages and files as an admin](/microsoft-365/security/office-365-security/quarantine-admin-manage-messages-files?view=o365-worldwide) | modified | -| 7/14/2023 | [Find and release quarantined messages as a user](/microsoft-365/security/office-365-security/quarantine-end-user?view=o365-worldwide) | modified | -| 7/14/2023 | [Test your DLP policies](/microsoft-365/compliance/dlp-test-dlp-policies?view=o365-worldwide) | added | -| 7/14/2023 | [Troubleshoot installation issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-install?view=o365-worldwide) | modified | -| 7/14/2023 | [Authenticated scan for Windows in Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/windows-authenticated-scan?view=o365-worldwide) | modified | -| 7/14/2023 | [Errors during admin submissions](/microsoft-365/security/office-365-security/submissions-error-messages?view=o365-worldwide) | added | -| 7/14/2023 | [Create a rule to move or copy a file from one document library to another in Microsoft Syntex](/microsoft-365/syntex/content-processing-create-rules) | added | -| 7/14/2023 | [Delete an inactive mailbox](/microsoft-365/compliance/delete-an-inactive-mailbox?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure Microsoft Defender for Endpoint on iOS features](/microsoft-365/security/defender-endpoint/ios-configure-features?view=o365-worldwide) | modified | -| 7/14/2023 | [Free trial - Microsoft Purview compliance solutions](/microsoft-365/compliance/compliance-easy-trials?view=o365-worldwide) | modified | -| 7/14/2023 | [Optimize search requests in SharePoint Online modern site pages](/microsoft-365/enterprise/modern-search-optimization?view=o365-worldwide) | added | -| 7/14/2023 | [Configure Microsoft Defender for Endpoint risk signals using App Protection Policies (MAM)](/microsoft-365/security/defender-endpoint/android-configure-mam?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) | added | -| 7/14/2023 | [Automatically retain or delete content by using retention policies](/microsoft-365/compliance/create-retention-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure Microsoft 365 retention settings to automatically retain or delete content](/microsoft-365/compliance/retention-settings?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide) | modified | -| 7/14/2023 | [Integration with Microsoft Defender for Cloud](/microsoft-365/security/defender-endpoint/azure-server-integration?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure Microsoft Defender Antivirus on a remote desktop or virtual desktop infrastructure environment](/microsoft-365/security/defender-endpoint/deployment-vdi-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/14/2023 | [Web content filtering](/microsoft-365/security/defender-endpoint/web-content-filtering?view=o365-worldwide) | modified | -| 7/14/2023 | [Work with query results in guided mode for hunting in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-builder-results?view=o365-worldwide) | modified | -| 7/14/2023 | [Hunt for threats across devices, emails, apps, and identities with advanced hunting](/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn the advanced hunting query language in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-language?view=o365-worldwide) | modified | -| 7/14/2023 | [Use shared queries in Microsoft 365 Defender advanced hunting](/microsoft-365/security/defender/advanced-hunting-shared-queries?view=o365-worldwide) | modified | -| 7/14/2023 | [Take action on advanced hunting query results in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-take-action?view=o365-worldwide) | modified | -| 7/14/2023 | [Alert grading playbooks](/microsoft-365/security/defender/alert-grading-playbooks?view=o365-worldwide) | modified | -| 7/14/2023 | [Automatic attack disruption in Microsoft 365 Defender](/microsoft-365/security/defender/automatic-attack-disruption?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure automatic attack disruption capabilities in Microsoft 365 Defender](/microsoft-365/security/defender/configure-attack-disruption?view=o365-worldwide) | modified | -| 7/14/2023 | [Integrate your SIEM tools with Microsoft 365 Defender](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide) | modified | -| 7/14/2023 | [Create custom roles with Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/create-custom-rbac-roles?view=o365-worldwide) | modified | -| 7/14/2023 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide) | modified | -| 7/14/2023 | [Edit or delete roles Microsoft 365 Defender role-based access control (RBAC)](/microsoft-365/security/defender/edit-delete-rbac-roles?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 4. Evaluate Microsoft Defender for Endpoint overview, including reviewing the architecture](/microsoft-365/security/defender/eval-defender-endpoint-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Review architecture requirements and the technical framework for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-architecture?view=o365-worldwide) | modified | -| 7/14/2023 | [Enable the evaluation environment for Microsoft Defender for Identity](/microsoft-365/security/defender/eval-defender-identity-enable-eval?view=o365-worldwide) | modified | -| 7/14/2023 | [Run an attack simulation in a Microsoft 365 Defender pilot environment](/microsoft-365/security/defender/eval-defender-investigate-respond-simulate-attack?view=o365-worldwide) | modified | -| 7/14/2023 | [Review architecture requirements and the structure for Microsoft Defender for Cloud Apps](/microsoft-365/security/defender/eval-defender-mcas-architecture?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 5. Evaluate Microsoft Defender for Cloud Apps overview](/microsoft-365/security/defender/eval-defender-mcas-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal?view=o365-worldwide) | modified | -| 7/14/2023 | [Redirecting accounts from Microsoft Defender for Endpoint to Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-security-mde-redirection?view=o365-worldwide) | modified | -| 7/14/2023 | [Assess your security posture through Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-improvement-actions?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score?view=o365-worldwide) | modified | -| 7/14/2023 | [How to subscribe to Microsoft Defender Experts for Hunting](/microsoft-365/security/defender/onboarding-defender-experts-for-hunting?view=o365-worldwide) | modified | -| 7/14/2023 | [Detecting human-operated ransomware attacks with Microsoft 365 Defender](/microsoft-365/security/defender/playbook-detecting-ransomware-m365-defender?view=o365-worldwide) | modified | -| 7/14/2023 | [Set up your Microsoft 365 Defender trial lab or pilot environment](/microsoft-365/security/defender/setup-m365deval?view=o365-worldwide) | modified | -| 7/14/2023 | [Create a rule to move or copy a file from one document library to another in Microsoft Syntex](/microsoft-365/syntex/content-processing-create-rules) | modified | -| 7/14/2023 | [Overview of content processing in Microsoft Syntex](/microsoft-365/syntex/content-processing-overview) | added | -| 7/14/2023 | [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy Microsoft Whiteboard on Windows 10 devices](/microsoft-365/whiteboard/deploy-on-windows-organizations?view=o365-worldwide) | added | -| 7/14/2023 | [Introduction to Microsoft Whiteboard](/microsoft-365/whiteboard/index?view=o365-worldwide) | added | -| 7/14/2023 | [Manage clients for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-clients-gcc-high?view=o365-worldwide) | added | -| 7/14/2023 | [Manage data for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-data-gcc-high?view=o365-worldwide) | added | -| 7/14/2023 | [Manage data for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-data-organizations?view=o365-worldwide) | added | -| 7/14/2023 | [Manage sharing for Microsoft Whiteboard in GCC High environments](/microsoft-365/whiteboard/manage-sharing-gcc-high?view=o365-worldwide) | added | -| 7/14/2023 | [Manage sharing for Microsoft Whiteboard](/microsoft-365/whiteboard/manage-sharing-organizations?view=o365-worldwide) | added | -| 7/14/2023 | [Microsoft 365 Lighthouse and Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-lighthouse-integration?view=o365-worldwide) | modified | -| 7/14/2023 | [Resources for Microsoft partners using Microsoft Defender for Business and Microsoft 365 Business Premium](/microsoft-365/security/defender-business/mdb-partners?view=o365-worldwide) | modified | -| 7/14/2023 | [View your bill or invoice](/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice?view=o365-worldwide) | modified | -| 7/14/2023 | [Compare device compliance policy settings](/microsoft-365/lighthouse/m365-lighthouse-compare-compliance-policies?view=o365-worldwide) | added | -| 7/14/2023 | [Configure device proxy and Internet connection settings](/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide) | modified | -| 7/14/2023 | [Create EDM SIT sample file for the new experience](/microsoft-365/compliance/sit-create-edm-sit-unified-ux-sample-file?view=o365-worldwide) | modified | -| 7/14/2023 | [Review remediation actions in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-review-remediation-actions?view=o365-worldwide) | modified | -| 7/14/2023 | [How to schedule an antivirus scan using Anacron in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/schedule-antivirus-scan-in-mde?view=o365-worldwide) | modified | -| 7/14/2023 | [Select the domain to use for email from Microsoft 365 products](/microsoft-365/admin/email/select-domain-to-use-for-email-from-microsoft-365-products?view=o365-worldwide) | added | -| 7/14/2023 | [Permissions in the Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center-permissions?view=o365-worldwide) | modified | -| 7/14/2023 | [Train your custom model in Microsoft Syntex](/microsoft-365/syntex/train-model) | modified | -| 7/14/2023 | [Bookings in Outlook](/microsoft-365/bookings/bookings-in-outlook?view=o365-worldwide) | modified | -| 7/14/2023 | [Enhancing mail flow with MTA-STS ](/microsoft-365/compliance/enhancing-mail-flow-with-mta-sts?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about retention policies & labels to automatically retain or delete content](/microsoft-365/compliance/retention?view=o365-worldwide) | modified | -| 7/14/2023 | [Allow cookies for LMS URLs in your browser](/microsoft-365/lti/browser-cookies?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage Microsoft LMS Gateway for any LMS](/microsoft-365/lti/manage-microsoft-one-lti?view=o365-worldwide) | modified | -| 7/14/2023 | [Integrate Microsoft Teams classes and meetings with Moodle](/microsoft-365/lti/teams-classes-meetings-with-moodle?view=o365-worldwide) | modified | -| 7/14/2023 | [Submit files in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-worldwide) | modified | -| 7/14/2023 | [Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with troubleshooting mode in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-troubleshooting-mode?view=o365-worldwide) | added | -| 7/14/2023 | [Security baseline assessment methods and properties per device](/microsoft-365/security/defender-endpoint/export-security-baseline-assessment?view=o365-worldwide) | modified | -| 7/14/2023 | [Security baselines assessment configurations](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-configurations?view=o365-worldwide) | modified | -| 7/14/2023 | [Security baselines assessment profiles](/microsoft-365/security/defender-endpoint/get-security-baselines-assessment-profiles?view=o365-worldwide) | modified | -| 7/14/2023 | [Use network protection to help prevent connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [Troubleshooting mode scenarios in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/troubleshooting-mode-scenarios?view=o365-worldwide) | added | -| 7/14/2023 | [Microsoft Defender Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management?view=o365-worldwide) | modified | -| 7/14/2023 | [Block vulnerable applications (beta)](/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-apps?view=o365-worldwide) | modified | -| 7/14/2023 | [Browser extensions assessment](/microsoft-365/security/defender-vulnerability-management/tvm-browser-extensions?view=o365-worldwide) | modified | -| 7/14/2023 | [Certificate inventory](/microsoft-365/security/defender-vulnerability-management/tvm-certificate-inventory?view=o365-worldwide) | modified | -| 7/14/2023 | [Order and precedence of email protection](/microsoft-365/security/office-365-security/how-policies-and-protections-are-combined?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 Business Premium trial playbook](/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium?view=o365-worldwide) | modified | -| 7/14/2023 | [View or edit device protection policies](/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Integrate Microsoft OneDrive LTI with Canvas](/microsoft-365/lti/onedrive-lti?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy and manage Removable Storage Access Control using group policy](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-group-policy?view=o365-worldwide) | added | -| 7/14/2023 | [Deploy and manage Removable Storage Access Control using Intune](/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune?view=o365-worldwide) | added | -| 7/14/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) | added | -| 7/14/2023 | [Overview of importing your organization's PST files](/microsoft-365/compliance/importing-pst-files-to-office-365?view=o365-worldwide) | modified | -| 7/14/2023 | [Create indicators for IPs and URLs/domains](/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide) | modified | -| 7/14/2023 | [Block user sign-in](/microsoft-365/lighthouse/m365-lighthouse-block-user-signin?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 documentation # < 60 chars](/microsoft-365/index?view=o365-worldwide) | modified | -| 3/28/2023 | [Manage and monitor priority accounts](/microsoft-365/admin/setup/priority-accounts?view=o365-worldwide) | modified | -| 3/28/2023 | [Configure endpoint DLP settings](/microsoft-365/compliance/dlp-configure-endpoint-settings?view=o365-worldwide) | modified | -| 3/28/2023 | [France national ID card (CNI) entity definition](/microsoft-365/compliance/sit-defn-france-national-id-card?view=o365-worldwide) | modified | -| 3/28/2023 | [Indonesia identity card (KTP) number entity definition](/microsoft-365/compliance/sit-defn-indonesia-identity-card-number?view=o365-worldwide) | modified | -| 3/28/2023 | [Portugal citizen card number entity definition](/microsoft-365/compliance/sit-defn-portugal-citizen-card-number?view=o365-worldwide) | modified | -| 3/28/2023 | [Add several users at the same time to Microsoft 365 - Admin Help](/microsoft-365/enterprise/add-several-users-at-the-same-time?view=o365-worldwide) | modified | -| 3/28/2023 | [Specify the cloud protection level for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/specify-cloud-protection-level-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 3/28/2023 | [Configure teams with protection for highly sensitive data](/microsoft-365/solutions/configure-teams-highly-sensitive-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [Migrate Exchange Online DLP policies to Microsoft Purview compliance portal](/microsoft-365/compliance/dlp-migrate-exo-policy-to-unified-dlp?view=o365-worldwide) | modified | -| 7/14/2023 | [Use the Microsoft Purview Data Loss Prevention migration assistant for Symantec](/microsoft-365/compliance/dlp-migration-assistant-for-symantec-use?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-get-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-learn?view=o365-worldwide) | modified | -| 7/14/2023 | [Use data loss prevention on-premises repositories](/microsoft-365/compliance/dlp-on-premises-scanner-use?view=o365-worldwide) | modified | -| 7/14/2023 | [Plan for data loss prevention](/microsoft-365/compliance/dlp-overview-plan-for-dlp?view=o365-worldwide) | modified | -| 7/14/2023 | [Data loss prevention policy tip reference for Outlook on the Web](/microsoft-365/compliance/dlp-owa-policy-tips?view=o365-worldwide) | modified | -| 7/14/2023 | [Data Loss Prevention policy tips reference](/microsoft-365/compliance/dlp-policy-tips-reference?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with DLP for Power BI](/microsoft-365/compliance/dlp-powerbi-get-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Use sensitivity labels as conditions in DLP policies](/microsoft-365/compliance/dlp-sensitivity-label-as-condition?view=o365-worldwide) | modified | -| 7/14/2023 | [Share DLP alerts](/microsoft-365/compliance/dlp-share-alerts?view=o365-worldwide) | modified | -| 7/14/2023 | [Test your DLP policies](/microsoft-365/compliance/dlp-test-dlp-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [Use DLP policies for non-Microsoft cloud apps](/microsoft-365/compliance/dlp-use-policies-non-microsoft-cloud-apps?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Using Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with the default DLP policy](/microsoft-365/compliance/get-started-with-the-default-dlp-policy?view=o365-worldwide) | modified | -| 7/14/2023 | [How DLP works with Compliance portal & Exchange admin center](/microsoft-365/compliance/how-dlp-works-between-admin-centers?view=o365-worldwide) | modified | -| 7/14/2023 | [Use information barriers with SharePoint](/microsoft-365/compliance/information-barriers-sharepoint?view=o365-worldwide) | modified | -| 7/14/2023 | [Use named entities in DLP policies](/microsoft-365/compliance/named-entities-use?view=o365-worldwide) | modified | -| 7/14/2023 | [Create a DLP policy to protect documents](/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties?view=o365-worldwide) | modified | -| 7/14/2023 | [Common usage scenarios for sensitive information types](/microsoft-365/compliance/sit-common-scenarios?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage your exact data match schema](/microsoft-365/compliance/sit-use-exact-data-manage-schema?view=o365-worldwide) | modified | -| 7/14/2023 | [Device health Microsoft Defender Antivirus health report](/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health?view=o365-worldwide) | modified | -| 7/14/2023 | [Install Microsoft 365 apps](/microsoft-365/admin/setup/install-applications?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-worldwide) | modified | -| 7/14/2023 | [Remove yourself from the blocked senders list](/microsoft-365/security/office-365-security/use-the-delist-portal-to-remove-yourself-from-the-office-365-blocked-senders-lis?view=o365-worldwide) | modified | -| 7/14/2023 | [Collaborate and share securely in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-collaborate-share-securely?view=o365-worldwide) | modified | -| 7/14/2023 | [Increase security in Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-security-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Welcome to Microsoft 365 Business Premium](/microsoft-365/business-premium/m365bp-setup-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy, manage, and report on Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/deploy-manage-report-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/14/2023 | [User tags in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/user-tags-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage mailbox auditing](/microsoft-365/compliance/audit-mailboxes?view=o365-worldwide) | modified | -| 7/14/2023 | [Exchange Multi-Geo](/microsoft-365/enterprise/multi-geo-capabilities-in-exchange-online?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy frontline dynamic teams at scale](/microsoft-365/frontline/deploy-dynamic-teams-at-scale?view=o365-worldwide) | added | -| 7/14/2023 | [Deploy frontline static teams at scale with PowerShell for frontline workers](/microsoft-365/frontline/deploy-teams-at-scale?view=o365-worldwide) | modified | -| 7/14/2023 | [How to find the best frontline team solution for your organization](/microsoft-365/frontline/frontline-team-options?view=o365-worldwide) | added | -| 7/14/2023 | [Manage devices in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-manage-devices?view=o365-worldwide) | modified | -| 7/14/2023 | [Set up web content filtering in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-web-content-filtering?view=o365-worldwide) | modified | -| 7/14/2023 | [Secure by default in Office 365](/microsoft-365/security/office-365-security/secure-by-default?view=o365-worldwide) | modified | -| 7/14/2023 | [SIEM integration with Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/siem-integration-with-office-365-ti?view=o365-worldwide) | modified | -| 7/14/2023 | [SIEM server integration with Microsoft 365 services and applications](/microsoft-365/security/office-365-security/siem-server-integration?view=o365-worldwide) | modified | -| 7/14/2023 | [Errors during admin submissions](/microsoft-365/security/office-365-security/submissions-error-messages?view=o365-worldwide) | modified | -| 7/14/2023 | [Report phishing and suspicious emails in Outlook for admins](/microsoft-365/security/office-365-security/submissions-outlook-report-messages?view=o365-worldwide) | modified | -| 7/14/2023 | [Submit malware and good files to Microsoft for analysis](/microsoft-365/security/office-365-security/submissions-submit-files-to-microsoft?view=o365-worldwide) | modified | -| 7/14/2023 | [User reported settings](/microsoft-365/security/office-365-security/submissions-user-reported-messages-custom-mailbox?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure your Microsoft 365 tenant for increased security](/microsoft-365/security/office-365-security/tenant-wide-setup-for-increased-security?view=o365-worldwide) | modified | -| 7/14/2023 | [Threat hunting in Threat Explorer for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/threat-explorer-threat-hunting?view=o365-worldwide) | modified | -| 7/14/2023 | [Use Trusted ARC senders for legitimate devices and services between the sender and receiver](/microsoft-365/security/office-365-security/use-arc-exceptions-to-mark-trusted-arc-senders?view=o365-worldwide) | modified | -| 7/14/2023 | [Migrate from the MDE SIEM API to the Microsoft 365 Defender alerts API](/microsoft-365/security/defender-endpoint/configure-siem?view=o365-worldwide) | modified | -| 7/14/2023 | [Investigate malicious email that was delivered in Microsoft 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-worldwide) | modified | -| 7/14/2023 | [Configure shared mailbox settings](/microsoft-365/admin/email/configure-a-shared-mailbox?view=o365-worldwide) | modified | -| 7/14/2023 | [Address compromised user accounts with automated investigation and response](/microsoft-365/security/office-365-security/address-compromised-users-quickly?view=o365-worldwide) | modified | -| 7/14/2023 | [How EOP validates the From address to prevent phishing](/microsoft-365/security/office-365-security/anti-phishing-from-email-address-validation?view=o365-worldwide) | modified | -| 7/14/2023 | [Anti-phishing protection](/microsoft-365/security/office-365-security/anti-phishing-protection-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Anti-spoofing protection](/microsoft-365/security/office-365-security/anti-phishing-protection-spoofing-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Tune anti-phishing protection](/microsoft-365/security/office-365-security/anti-phishing-protection-tuning?view=o365-worldwide) | modified | -| 7/14/2023 | [Backscatter in EOP](/microsoft-365/security/office-365-security/anti-spam-backscatter-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Bulk complaint level values](/microsoft-365/security/office-365-security/anti-spam-bulk-complaint-level-bcl-about?view=o365-worldwide) | modified | -| 7/14/2023 | [ASF settings in EOP](/microsoft-365/security/office-365-security/anti-spam-policies-asf-settings-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Anti-spam protection](/microsoft-365/security/office-365-security/anti-spam-protection-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Spam confidence level](/microsoft-365/security/office-365-security/anti-spam-spam-confidence-level-scl-about?view=o365-worldwide) | modified | -| 7/14/2023 | [What's the difference between junk email and bulk email?](/microsoft-365/security/office-365-security/anti-spam-spam-vs-bulk-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Spoof intelligence insight](/microsoft-365/security/office-365-security/anti-spoofing-spoof-intelligence?view=o365-worldwide) | modified | -| 7/14/2023 | [Increased Microsoft 365 security for your Microsoft 365 for enterprise test environment](/microsoft-365/enterprise/increased-o365-security-microsoft-365-enterprise-dev-test-environment?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy Microsoft 365 Enterprise for your organization](/microsoft-365/enterprise/setup-overview-for-enterprises?view=o365-worldwide) | modified | -| 7/14/2023 | [Optimize ASR rule deployment and detections](/microsoft-365/security/defender-endpoint/configure-machines-asr?view=o365-worldwide) | modified | -| 7/14/2023 | [How to protect against phishing attacks](/microsoft-365/security/intelligence/phishing?view=o365-worldwide) | modified | -| 7/14/2023 | [Prevent malware infection](/microsoft-365/security/intelligence/prevent-malware-infection?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Office 365 documentation # < 60 chars](/microsoft-365/security/office-365-security/index?view=o365-worldwide) | modified | -| 7/14/2023 | [Create a more secure guest sharing environment](/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 2. Deploy attack detection and response](/microsoft-365/solutions/ransomware-protection-microsoft-365-attack-detection-response?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-worldwide) | modified | -| 1/31/2023 | [View and edit your security settings in Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-configure-security-settings?view=o365-worldwide) | modified | -| 1/31/2023 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/android-intune?view=o365-worldwide) | modified | -| 1/31/2023 | [Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq?view=o365-worldwide) | modified | -| 1/31/2023 | [Protect your organization's data with device control](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-worldwide) | modified | -| 1/31/2023 | [Deploy Microsoft Defender for Endpoint on iOS with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/ios-install?view=o365-worldwide) | modified | -| 1/31/2023 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified | -| 1/31/2023 | [Deploy Microsoft Defender for Endpoint on macOS with Microsoft Endpoint Manager](/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide) | modified | -| 1/31/2023 | [Set up and configure Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration?view=o365-worldwide) | modified | -| 1/31/2023 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) | modified | -| 1/31/2023 | [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding?view=o365-worldwide) | modified | -| 1/31/2023 | [Migrate to Microsoft Defender for Endpoint - Onboard](/microsoft-365/security/defender-endpoint/switch-to-mde-phase-3?view=o365-worldwide) | modified | -| 1/31/2023 | [Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-campaigns?view=o365-worldwide) | added | -| 1/31/2023 | [Training modules for Training campaigns in Attack simulation training](/microsoft-365/security/office-365-security/attack-simulation-training-training-modules?view=o365-worldwide) | added | -| 7/14/2023 | [Secure managed and unmanaged devices](/microsoft-365/business-premium/m365bp-managed-unmanaged-devices?view=o365-worldwide) | added | -| 7/14/2023 | [Get started with exact data match based sensitive information types](/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Export source data for exact data match based sensitive information type](/microsoft-365/compliance/sit-get-started-exact-data-match-export-data?view=o365-worldwide) | modified | -| 7/14/2023 | [Audit log activities](/microsoft-365/compliance/audit-log-activities?view=o365-worldwide) | modified | -| 7/14/2023 | [Detailed properties in the audit log](/microsoft-365/compliance/audit-log-detailed-properties?view=o365-worldwide) | modified | -| 7/14/2023 | [Search the audit log to troubleshoot common scenarios](/microsoft-365/compliance/audit-troubleshooting-scenarios?view=o365-worldwide) | modified | -| 7/14/2023 | [Free trial of Microsoft Purview compliance solutions](/microsoft-365/compliance/compliance-easy-trials?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about the DLP alerts dashboard](/microsoft-365/compliance/dlp-alerts-dashboard-learn?view=o365-worldwide) | modified | -| 7/14/2023 | [Built-in virus protection in SharePoint Online, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/anti-malware-protection-for-spo-odfb-teams-about?view=o365-worldwide) | modified | -| 7/14/2023 | [Anti-spoofing protection FAQ](/microsoft-365/security/office-365-security/anti-phishing-protection-spoofing-faq?view=o365-worldwide) | modified | -| 7/14/2023 | [Anti-spam protection FAQ](/microsoft-365/security/office-365-security/anti-spam-protection-faq?view=o365-worldwide) | modified | -| 7/14/2023 | [Respond to a compromised connector in Microsoft 365](/microsoft-365/security/office-365-security/connectors-detect-respond-to-compromise?view=o365-worldwide) | modified | -| 7/14/2023 | [EOP general FAQ](/microsoft-365/security/office-365-security/eop-faq?view=o365-worldwide) | modified | -| 7/14/2023 | [Application Guard for Office for admins](/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Office 365 email entity page](/microsoft-365/security/office-365-security/mdo-email-entity-page?view=o365-worldwide) | modified | -| 7/14/2023 | [Zero Trust identity and device access configurations - Microsoft 365 for enterprise](/microsoft-365/security/office-365-security/microsoft-365-policies-configurations?view=o365-worldwide) | modified | -| 7/14/2023 | [Security recommendations for priority accounts in Microsoft 365, priority accounts, priority accounts in Office 365, priority accounts in Microsoft 365](/microsoft-365/security/office-365-security/priority-accounts-security-recommendations?view=o365-worldwide) | modified | -| 7/14/2023 | [Remediate malicious email that was delivered in Office 365](/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365?view=o365-worldwide) | modified | -| 7/14/2023 | [Connect Microsoft Defender for Office 365 to Microsoft Sentinel](/microsoft-365/security/office-365-security/step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel?view=o365-worldwide) | modified | -| 7/14/2023 | [Getting started with defense in-depth configuration for email security](/microsoft-365/security/office-365-security/step-by-step-guides/defense-in-depth-guide?view=o365-worldwide) | modified | -| 7/14/2023 | [Steps to quickly set up the Standard or Strict preset security policies for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [How to configure quarantine permissions and policies](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-configure-quarantine-permissions-with-quarantine-policies?view=o365-worldwide) | modified | -| 7/14/2023 | [How to prioritize, Manage, Investigate & Respond to Incidents in Microsoft 365 Defender](/microsoft-365/security/office-365-security/step-by-step-guides/how-to-prioritize-manage-investigate-and-respond-to-incidents-in-microsoft-365-defender?view=o365-worldwide) | modified | -| 7/14/2023 | [Protect your c-suite with Priority account protection in Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/step-by-step-guides/protect-your-c-suite-with-priority-account-protection?view=o365-worldwide) | modified | -| 7/14/2023 | [Review and remove unnecessary allow list entries with Advanced Hunting in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/review-allow-entries?view=o365-worldwide) | modified | -| 7/14/2023 | [Search for emails and remediate threats using Threat Explorer in Microsoft 365 Defender](/microsoft-365/security/office-365-security/step-by-step-guides/search-for-emails-and-remediate-threats?view=o365-worldwide) | modified | -| 7/14/2023 | [Steps to set up a weekly digest email of message center changes for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/stay-informed-with-message-center?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Office 365 step-by-step guides and how to use them](/microsoft-365/security/office-365-security/step-by-step-guides/step-by-step-guide-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Assess and tune your filtering for bulk mail in Defender for Office 365](/microsoft-365/security/office-365-security/step-by-step-guides/tune-bulk-mail-filtering-walkthrough?view=o365-worldwide) | modified | -| 7/14/2023 | [Zero-hour auto purge in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/zero-hour-auto-purge?view=o365-worldwide) | modified | -| 4/5/2022 | [Set up Customer Key](/microsoft-365/compliance/customer-key-set-up?view=o365-worldwide) | modified | -| 4/5/2022 | [Get started using the Microsoft 365 Defender portal](/microsoft-365/security/defender-business/mdb-get-started?view=o365-worldwide) | modified | -| 4/5/2022 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-worldwide) | modified | -| 4/5/2022 | [Overview of Microsoft Defender for Endpoint Plan 1](/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1?view=o365-worldwide) | modified | -| 4/5/2022 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-worldwide) | modified | -| 4/5/2022 | [Exclude devices in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/exclude-devices?view=o365-worldwide) | modified | -| 4/5/2022 | [How to schedule scans with Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-schedule-scan-mde?view=o365-worldwide) | modified | -| 4/5/2022 | [Troubleshoot performance issues for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-support-perf?view=o365-worldwide) | modified | -| 4/5/2022 | [Investigate entities on devices using live response in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide) | modified | -| 4/5/2022 | [Device inventory](/microsoft-365/security/defender-endpoint/machines-view-overview?view=o365-worldwide) | modified | -| 4/5/2022 | [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-worldwide) | modified | -| 4/5/2022 | [Microsoft Defender Antivirus on Windows Server](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-on-windows-server?view=o365-worldwide) | modified | -| 4/5/2022 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-worldwide) | modified | -| 4/5/2022 | [CloudAppEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table?view=o365-worldwide) | modified | -| 4/5/2022 | [Migrate advanced hunting queries from Microsoft Defender for Endpoint](/microsoft-365/security/defender/advanced-hunting-migrate-from-mde?view=o365-worldwide) | modified | -| 4/5/2022 | [Work with advanced hunting query results in Microsoft 365 Defender](/microsoft-365/security/defender/advanced-hunting-query-results?view=o365-worldwide) | modified | -| 4/5/2022 | [Alert grading for suspicious email forwarding activity](/microsoft-365/security/defender/alert-grading-playbook-email-forwarding?view=o365-worldwide) | modified | -| 4/5/2022 | [Alert grading for suspicious inbox forwarding rules](/microsoft-365/security/defender/alert-grading-playbook-inbox-forwarding-rules?view=o365-worldwide) | modified | -| 4/5/2022 | [Alert grading for suspicious inbox manipulation rules](/microsoft-365/security/defender/alert-grading-playbook-inbox-manipulation-rules?view=o365-worldwide) | modified | -| 4/5/2022 | [Deploy services supported by Microsoft 365 Defender](/microsoft-365/security/defender/deploy-supported-services?view=o365-worldwide) | modified | -| 4/5/2022 | [Step 1. Triage and analyze your first incident](/microsoft-365/security/defender/first-incident-analyze?view=o365-worldwide) | modified | -| 4/5/2022 | [Prepare your security posture for your first incident](/microsoft-365/security/defender/first-incident-prepare?view=o365-worldwide) | modified | -| 4/5/2022 | [Incident response with Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-worldwide) | modified | -| 4/5/2022 | [Step 1. Plan for Microsoft 365 Defender operations readiness](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-plan?view=o365-worldwide) | modified | -| 4/5/2022 | [Step 5. Develop and test use cases](/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases?view=o365-worldwide) | modified | -| 4/5/2022 | [Fileless threats](/microsoft-365/security/intelligence/fileless-threats?view=o365-worldwide) | modified | -| 4/5/2022 | [How to protect against phishing attacks](/microsoft-365/security/intelligence/phishing?view=o365-worldwide) | modified | -| 4/5/2022 | [Troubleshoot MSI portal errors caused by admin block](/microsoft-365/security/intelligence/portal-submission-troubleshooting?view=o365-worldwide) | modified | -| 4/5/2022 | [Rootkits](/microsoft-365/security/intelligence/rootkits-malware?view=o365-worldwide) | modified | -| 4/5/2022 | [Submit files for analysis by Microsoft](/microsoft-365/security/intelligence/submission-guide?view=o365-worldwide) | modified | -| 7/14/2023 | [Create a group in the admin center](/microsoft-365/admin/create-groups/create-groups?view=o365-worldwide) | modified | -| 7/14/2023 | [Perform an internal admin takeover](/microsoft-365/admin/misc/become-the-admin?view=o365-worldwide) | modified | -| 7/14/2023 | [Remove a domain from another account](/microsoft-365/admin/misc/remove-a-domain-from-another-account?view=o365-worldwide) | added | -| 7/14/2023 | [How to schedule scans with Microsoft Defender for Endpoint on macOS](/microsoft-365/security/defender-endpoint/mac-schedule-scan?view=o365-worldwide) | modified | -| 7/14/2023 | [Stream Microsoft Defender for Endpoint events to Azure Event Hubs](/microsoft-365/security/defender-endpoint/raw-data-export-event-hub?view=o365-worldwide) | modified | -| 7/14/2023 | [Stream Microsoft Defender for Endpoint events to your Storage account](/microsoft-365/security/defender-endpoint/raw-data-export-storage?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft 365 admin center Teams app usage reports](/microsoft-365/admin/activity-reports/microsoft-teams-apps-usage?view=o365-worldwide) | modified | -| 7/14/2023 | [Get started with communication compliance](/microsoft-365/compliance/communication-compliance-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Use communication compliance with SIEM solutions](/microsoft-365/compliance/communication-compliance-siem?view=o365-worldwide) | modified | -| 7/14/2023 | [Integrate Microsoft OneDrive LTI with Desire2Learn Brightspace](/microsoft-365/lti/onedrive-lti-brightspace?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender Antivirus Device Health export device antivirus health reporting](/microsoft-365/security/defender-endpoint/device-health-export-antivirus-health-report-api?view=o365-worldwide) | modified | -| 7/14/2023 | [Investigate domains and URLs associated with a Microsoft Defender for Endpoint alert](/microsoft-365/security/defender-endpoint/investigate-domain?view=o365-worldwide) | modified | -| 7/14/2023 | [Use network protection to help prevent Linux connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-linux?view=o365-worldwide) | modified | -| 7/14/2023 | [Use network protection to help prevent macOS connections to bad sites](/microsoft-365/security/defender-endpoint/network-protection-macos?view=o365-worldwide) | modified | -| 7/14/2023 | [Professional services supported by Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/professional-services?view=o365-worldwide) | modified | -| 7/14/2023 | [Technological partners of Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/technological-partners?view=o365-worldwide) | modified | -| 7/14/2023 | [What's new in Microsoft Defender Vulnerability Management Public Preview](/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management?view=o365-worldwide) | modified | -| 7/14/2023 | [Alert grading for malicious exchange connectors](/microsoft-365/security/defender/alert-grading-for-malicious-exchange-connectors?view=o365-worldwide) | modified | -| 7/14/2023 | [Alert grading for session cookie theft alert](/microsoft-365/security/defender/session-cookie-theft-alert?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy and manage Office Add-ins](/microsoft-365/admin/manage/office-addins?view=o365-worldwide) | added | -| 7/14/2023 | [SaaS linked apps](/microsoft-365/admin/manage/saas-linked-apps?view=o365-worldwide) | added | -| 7/14/2023 | [Teams apps that work on Outlook and Microsoft 365](/microsoft-365/admin/manage/teams-apps-work-on-outlook-and-m365?view=o365-worldwide) | added | -| 7/14/2023 | [Teams apps that only work on Teams](/microsoft-365/admin/manage/teams-apps-work-only-on-teams?view=o365-worldwide) | added | -| 7/14/2023 | [Get started with Integrated apps](/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps?view=o365-worldwide) | modified | -| 7/14/2023 | [Case study - Contoso configures a communication compliance policy to identify potentially inappropriate text](/microsoft-365/compliance/communication-compliance-case-study?view=o365-worldwide) | modified | -| 7/14/2023 | [Plan for communication compliance](/microsoft-365/compliance/communication-compliance-plan?view=o365-worldwide) | modified | -| 7/14/2023 | [Enable admin notifications in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-admin-notifications?view=o365-worldwide) | added | -| 7/14/2023 | [Export insider risk management alert information](/microsoft-365/compliance/insider-risk-management-settings-alerts?view=o365-worldwide) | added | -| 7/14/2023 | [Enable analytics in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-analytics?view=o365-worldwide) | added | -| 7/14/2023 | [Configure inline alert customization in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-inline-alert-customization?view=o365-worldwide) | added | -| 7/14/2023 | [Configure intelligent detections in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-intelligent-detections?view=o365-worldwide) | added | -| 7/14/2023 | [Configure policy indicators in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-policy-indicators?view=o365-worldwide) | added | -| 7/14/2023 | [Set policy timeframes in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-policy-timeframes?view=o365-worldwide) | added | -| 7/14/2023 | [Automate insider risk management actions with Microsoft Power Automate flows (preview)](/microsoft-365/compliance/insider-risk-management-settings-power-automate?view=o365-worldwide) | added | -| 7/14/2023 | [Identify priority physical assets for insider risk management policies](/microsoft-365/compliance/insider-risk-management-settings-priority-physical-assets?view=o365-worldwide) | added | -| 7/14/2023 | [Prioritize user groups for insider risk management policies](/microsoft-365/compliance/insider-risk-management-settings-priority-user-groups?view=o365-worldwide) | added | -| 7/14/2023 | [Manage username privacy in insider risk management](/microsoft-365/compliance/insider-risk-management-settings-privacy?view=o365-worldwide) | added | -| 7/14/2023 | [Enable Microsoft Teams for collaborating on insider risk management cases](/microsoft-365/compliance/insider-risk-management-settings-teams?view=o365-worldwide) | added | -| 7/14/2023 | [Learn about insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-worldwide) | modified | -| 7/14/2023 | [Enable controlled folder access](/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-worldwide) | modified | -| 7/14/2023 | [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-worldwide) | modified | -| 7/14/2023 | [Use DMARC Reports to protect against spoofing and phishing in Microsoft Office 365](/microsoft-365/security/office-365-security/email-authentication-dmarc-reports?view=o365-worldwide) | added | -| 7/14/2023 | [Microsoft Defender for Office 365 permissions in the Microsoft 365 Defender portal](/microsoft-365/security/office-365-security/mdo-portal-permissions?view=o365-worldwide) | modified | -| 7/14/2023 | [Contextual file and folder exclusions](/microsoft-365/security/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/14/2023 | [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide) | modified | -| 7/14/2023 | [Review architecture requirements and planning concepts for Microsoft Defender for Office 365](/microsoft-365/security/defender/eval-defender-office-365-architecture?view=o365-worldwide) | modified | -| 7/14/2023 | [Enable the evaluation environment for Microsoft Defender for Office 365 in your production environment](/microsoft-365/security/defender/eval-defender-office-365-enable-eval?view=o365-worldwide) | modified | -| 7/14/2023 | [Step 3. Evaluate Microsoft Defender for Office 365 overview](/microsoft-365/security/defender/eval-defender-office-365-overview?view=o365-worldwide) | modified | -| 7/14/2023 | [Pilot Microsoft Defender for Office 365, use the evaluation in your production environment](/microsoft-365/security/defender/eval-defender-office-365-pilot?view=o365-worldwide) | modified | -| 7/14/2023 | [Getting started with defense in-depth configuration for email security](/microsoft-365/security/office-365-security/step-by-step-guides/defense-in-depth-guide?view=o365-worldwide) | added | -| 7/14/2023 | [Use Microsoft Teams for collaboration](/microsoft-365/business-premium/create-teams-for-collaboration?view=o365-worldwide) | modified | -| 7/14/2023 | [Setup overview for Microsoft 365 for Campaigns](/microsoft-365/business-premium/m365-campaigns-setup?view=o365-worldwide) | added | -| 7/14/2023 | [Threats detected by Microsoft Defender Antivirus](/microsoft-365/business-premium/m365bp-threats-detected-defender-av?view=o365-worldwide) | added | -| 7/14/2023 | [Microsoft Defender for Business Premium trial playbook](/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium?view=o365-worldwide) | added | -| 7/14/2023 | [Learn about communication compliance](/microsoft-365/compliance/communication-compliance?view=o365-worldwide) | modified | -| 7/14/2023 | [Locations of Microsoft Online Services Personnel with Remote Access to Data](/microsoft-365/enterprise/personnel-loc/m365-personnel-location?view=o365-worldwide) | added | -| 7/14/2023 | [Offboard a device from Microsoft Defender for Business](/microsoft-365/security/defender-business/mdb-offboard-devices?view=o365-worldwide) | modified | -| 7/14/2023 | [Deploy a task automatically in Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-deploy-task-automatically?view=o365-worldwide) | modified | -| 7/14/2023 | [Turn on cloud protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-worldwide) | modified | -| 7/14/2023 | [Manage the workflow with the insider risk management users dashboard](/microsoft-365/compliance/insider-risk-management-users?view=o365-worldwide) | modified | -| 7/14/2023 | [Delete items in the Recoverable Items folder](/microsoft-365/compliance/ediscovery-delete-items-in-the-recoverable-items-folder-of-mailboxes-on-hold?view=o365-worldwide) | modified | -| 7/14/2023 | [Tamper resiliency with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/tamper-resiliency?view=o365-worldwide) | added | -| 7/14/2023 | [Add a domain to Microsoft 365](/microsoft-365/admin/setup/add-domain?view=o365-worldwide) | modified | -| 7/14/2023 | [Case study - Contoso configures an inappropriate text policy](/microsoft-365/compliance/communication-compliance-case-study?view=o365-worldwide) | modified | -| 7/18/2022 | [What's new in Microsoft Secure Score](/microsoft-365/security/defender/microsoft-secure-score-whats-new?view=o365-worldwide) | modified | -| 3/7/2022 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-worldwide) | modified | -| 3/7/2022 | [Onboard Windows servers to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/configure-server-endpoints?view=o365-worldwide) | modified | -| 7/14/2023 | [Learn about and configure insider risk management browser signal detection](/microsoft-365/compliance/insider-risk-management-browser-support?view=o365-worldwide) | modified | |
| loop | Loop Compliance Summary | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-compliance-summary.md | Previously updated : 06/19/2023 Last updated : 08/21/2023 Title: "Summary of compliance capabilities for Loop experiences" |
| loop | Loop Components Configuration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-components-configuration.md | Previously updated : 06/19/2023 Last updated : 08/21/2023 Title: "Manage Loop components in OneDrive and SharePoint" |
| loop | Loop Components Teams | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-components-teams.md | audience: Admin Previously updated : 07/16/2021 Last updated : 08/21/2023 ms.localizationpriority: medium search.appverid: MET150 |
| loop | Loop Workspaces Configuration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-workspaces-configuration.md | Previously updated : 06/19/2023 Last updated : 08/21/2023 Title: "Manage Loop workspaces in Syntex repository services" |
| loop | Loop Workspaces Storage Permission | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-workspaces-storage-permission.md | audience: Admin Previously updated : 06/20/2023 Last updated : 08/21/2023 ms.localizationpriority: medium search.appverid: MET150 |
| security | Mdb Controlled Folder Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-controlled-folder-access.md | description: Get an overview of attack surface reduction capabilities in Microso Previously updated : 05/04/2023 Last updated : 08/21/2023 audience: Admin # Set up or edit your controlled folder access policy in Microsoft Defender for Business -Controlled folder access allows only trusted apps to access protected folders on Windows devices. Think of this capability as ransomware mitigation. You can set up or edit your controlled folder access policy in Microsoft Intune. --> [!NOTE] -> Intune is not included in the standalone version of Defender for Business, but it can be added on. +Controlled folder access allows only trusted apps to access protected folders on Windows devices. Think of this capability as ransomware mitigation. You can set up or edit your controlled folder access policy using Microsoft Intune. ## Set up controlled folder access -1. As a global administrator, in the Microsoft Intune admin center ([https://intune.microsoft.com/](https://intune.microsoft.com/)), go to **Endpoint security** > **Attack surface reduction**. +1. As a global administrator, in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Attack surface reduction**. 2. Select an existing policy, or choose **Create policy** to create a new policy. |
| security | Basic Permissions | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/basic-permissions.md | + - has-azure-ad-ps-ref audience: ITPro |
| security | Community | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/community.md | - Title: Access the Microsoft Defender for Endpoint Community Center -description: Access the Microsoft Defender for Endpoint Community Center to share experiences, engage, and learn about the product. -keywords: community, community center, tech community, conversation, announcements --ms.sitesec: library -ms.pagetype: security ------ m365-security-- tier3- Previously updated : 04/24/2018-----# Access the Microsoft Defender for Endpoint Community Center ---**Applies to:** --- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)-- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)-- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)---> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-assignaccess-abovefoldlink) --The Defender for Endpoint Community Center is a place where community members can learn, collaborate, and share experiences about the product. --There are several spaces you can explore to learn about specific information: --- Announcements-- What's new-- Threat Intelligence--There are several ways you can access the Community Center: --- In the Microsoft 365 Defender portal navigation pane, select **Community center**. A new browser tab opens and takes you to the Defender for Endpoint Tech Community page.-- Access the community through the [Microsoft Defender for Endpoint Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page--You can instantly view and read conversations that have been posted in the community. --To get the full experience within the community such as being able to comment on posts, you'll need to join the community. For more information on how to get started in the Microsoft Tech Community, see [Microsoft Tech Community: Getting Started](https://techcommunity.microsoft.com/t5/Getting-Started/Microsoft-Tech-Community-Getting-Started-Guide/m-p/77888#M15). |
| security | Fixed Reported Inaccuracies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/fixed-reported-inaccuracies.md | You can use this article to find details on the inaccuracies that have been repo ## July 2023 Inaccuracy report ID |Description |Fix date |-:|:|:| -24162 |Fixed inaccuracy in mysql_workbench| 04-Jul-23 -25736 | Fixed inaccuracy in Keepass | 04-Jul-23 -24598 | Fixed inaccuracy in Adobe flash player plugins |04-Jul-23 -ICM -399305402 | Disabled vulnerability assessment for Lenovo CVEs: </br> CVE-2021-3519, CVE-2021-22499, CVE-2021-22500, CVE-2021-22514| 03-Jul-23 -Not applicable| Added Microsoft Defender Vulnerability Management support for Arcserve_udp | 05-Jul-23 -ICM - 399989383 |Added accurate EOS details for Log4j versions| 05-Jul-23 -27379 | Fixed inaccuracy in adobe_animate | 06-Jul-23 -Not applicable | Added Arcserve_udp affected product details in CVE-2023-26258 |05-Jul-23 -26391 | Fixed inaccuracy in CVE-2020-26941 | 09-Jul-23 -25245 | Fixed inaccuracy in CVE-2022-40011 | 11-Jul-23 -Not applicable |Added Microsoft Defender Vulnerability Management support for Microsoft PowerBi Desktop | 13-Jul-23 -Not applicable | Added zero-day details for CVE-2023-36884 | 12-Jul-23 -26421 | Disabled vulnerability assessment for thinkcentre_m75q_gen_2 & thinkpad_l390_firmware | 14-Jul-23 -23876 | Fixed inaccurate recommendation in Microsoft Teams CVE-2023-24881 | 20-Jul-23 -25969 |Fixed inaccuracy in siemens _-sinec-nms | 24-Jul-23 -Not applicable |Added EOS details for win_server_2012 & win_server_2012_r2 | 25-Jul-23 -29096 | Fixed inaccurate detection of Slack version 1.0.0.0 | 25-Jul-23 -27941 | Disabled vulnerability assessment for application_performance_management | 25-Jul-23 -26116 | Fixed inaccuracy in HP CVEs: </br> CVE-2021-33159, CVE-2022-26845, CVE-2022-27497, CVE-2022-29893 | 27-Jul-23 -25809 | Disabled vulnerability assessment for Visio 2010, 2013, 2016 & 2019 | 31-Jul-23 -25810 | Disabled vulnerability assessment for Project 2019 | 31-Jul-23 -28176 | Fixed inaccuracy in VmWare_tools CVE-2021-31693 | 31-Jul-23 -29089 | Fixed inaccuracy in CVE-2023-24329| 31-Jul-23 -28489 | Fixed inaccuracy in CVE-2020-9484 | 31-Jul-23 -28385 | Fixed inaccuracy in CVE-2023-28759| 31-Jul-23 +|:|:|:| +|24162 |Fixed inaccuracy in MYSQL Workbench| 04-Jul-23 +|25736 | Fixed inaccuracy in Keepass | 04-Jul-23 +|24598 | Fixed inaccuracy in Adobe Flash Player plugins |04-Jul-23 +| - |Defender Vulnerability Management doesn't currently support assessment for these Lenovo CVEs: </br> CVE-2021-3519, CVE-2021-22499, CVE-2021-22500, CVE-2021-22514| 03-Jul-23 +| - |Added Microsoft Defender Vulnerability Management support for Arcserve UDP | 05-Jul-23 +| - |Added accurate EOS details for Log4j versions| 05-Jul-23 +|27379 | Fixed inaccuracy in Adobe Animate | 06-Jul-23 +| - |Added Arcserve UDP affected product details in CVE-2023-26258 |05-Jul-23 +|26391 | Fixed inaccuracy in CVE-2020-26941 | 09-Jul-23 +|25245 | Fixed inaccuracy in CVE-2022-40011 | 11-Jul-23 +| - |Added Microsoft Defender Vulnerability Management support for Microsoft PowerBi Desktop | 13-Jul-23 +| - |Added zero-day details for CVE-2023-36884 | 12-Jul-23 +|26421 |D efender Vulnerability Management does not currently support assessment for ThinkCentre M75q Gen 2 & ThinkPad l390 Firmware| 14-Jul-23 +|23876 |Fixed inaccurate recommendation in Microsoft Teams CVE-2023-24881 | 20-Jul-23 +|25969 |Fixed inaccuracy in Siemens Sinec NMS | 24-Jul-23 +| - |Added EOS details for Windows Server 2012 & Windows Server 2012 R2 | 25-Jul-23 +|29096 | Fixed inaccurate detection of Slack version 1.0.0.0 | 25-Jul-23 +|27941 | Defender Vulnerability Management doesn't currently support assessment for Application Performance Management | 25-Jul-23 +|26116 | Fixed inaccuracy in HP CVEs: </br> CVE-2021-33159, CVE-2022-26845, CVE-2022-27497, CVE-2022-29893 | 27-Jul-23 +|25809 | Defender Vulnerability Management doesn't currently support assessment for Visio 2010, 2013, 2016 & 2019 | 31-Jul-23 +|25810 | Defender Vulnerability Management doesn't currently support assessment for Project 2019| 31-Jul-23 +|28176 | Fixed inaccuracy in VMWare Tools CVE-2021-31693 | 31-Jul-23 +|29089 | Fixed inaccuracy in CVE-2023-24329| 31-Jul-23 +|28489 | Fixed inaccuracy in CVE-2020-9484 | 31-Jul-23 +|28385 | Fixed inaccuracy in CVE-2023-28759| 31-Jul-23 ## June 2023 |
| security | First Incident Analyze | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/first-incident-analyze.md | - Title: Step 1. Triage and analyze your first incident -description: How to triage and begin the analysis of your first incident in Microsoft 365 Defender. -keywords: incidents, alerts, attack story, investigate, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365, incident response, cyber-attack -search.product: eADQiWindows 10XVcnh ---ms.sitesec: library -ms.pagetype: security - - NOCSH ----- - m365-security - - m365solution-firstincident - - highpri - - tier1 -- - MOE150 - - MET150 Previously updated : 04/20/2021---# Step 1. Triage and analyze your first incident ---**Applies to:** -- Microsoft 365 Defender--As you spend some time establishing, implementing, and maintaining security measures according to the organization's standards, you can set up security solutions to help you quickly identify security risks and threats. Microsoft 365 Defender allows you to detect, triage, and investigate incidents through its single-pane-of-glass experience where you can find the information you need to make timely decisions. --Once a security incident is detected, Microsoft 365 Defender presents details you will need to triage or prioritize an incident or incidents over others. After determining prioritization, analysts can then focus their energy on investigating cases assigned to them. --## Detection by Microsoft 365 Defender --Microsoft 365 Defender receives alerts and events from multiple Microsoft security platforms as detection sources to create a holistic picture and context of malicious activity. The possible detection sources are: --- [Microsoft Defender for Endpoint](../defender-endpoint/microsoft-defender-endpoint.md) is an endpoint detection and response solution (EDR) that uses Microsoft Defender antivirus and cloud-enabled advanced threat protection using Microsoft Security Graph. Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response. It protects endpoints from cyberthreats, detects advanced attacks and data breaches, automates security incidents, and improves security posture.-- [Microsoft Defender for Identity](/defender-for-identity/what-is) is a cloud-based security solution that uses your on-premises Active Directory Domain Services (AD DS) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.-- [Microsoft Defender for Cloud Apps](/cloud-app-security/) acts as a gatekeeper to broker access in real time between your enterprise users and the cloud resources they use, wherever your users are located and regardless of the device they are using.-- [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365) safeguards your organization against malicious threats in email messages, links (URLs), and collaboration tools.-- [Azure Security Center](/azure/security-center/security-center-introduction) is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in the cloud and on premises.---In Microsoft 365 Defender, [incidents](incidents-overview.md) are identified by correlating alerts from these different detection sources. Instead of spending resources stringing together or distinguishing multiple alerts into their respective incidents, you can start with the incident queue in Microsoft 365 Defender right away. This approach allows you to triage incidents in an efficient manner across endpoints, identities, email, and applications, and reduce the damage from an attack. --## Triage your incidents --Incident response in Microsoft 365 Defender starts once you triage the list of incidents using your organization's recommended method of prioritization. To triage means to assign a level of importance or urgency to incidents, which then determines the order in which they will be investigated. --A useful sample guide for determining which incident to prioritize in Microsoft 365 Defender can be summarized by the formula: *Severity + Impact = Priority*. --- **Severity** is the level designated by Microsoft 365 Defender and its integrated security components.-- **Impact** is determined by the organization and generally includes, but not limited to, a threshold number of impacted users, devices, services affected (or a combination thereof), and even alert type.--Analysts then initiate investigations based on the **Priority** criteria set by the organization. --Incident prioritization might vary depending on the organization. NIST also recommends considering the functional and informational impact of the incident, and recoverability. --One approach to triage is described below: --1. Go to the [incidents](incidents-overview.md) page to initiate triage. Here you can see a list of incidents affecting your organization. By default, they are arranged from the most recent to the oldest incident. From here, you can also see different columns for each incident showing their severity, category, number of active alerts, and impacted entities, among others. You can customize the set of columns and sort the incident queue by some of these columns by selecting the column name. You can also filter the incident queue according to your needs. For a full list of available filters, see [Prioritize incidents](incident-queue.md#available-filters). -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-queue.png" alt-text="The incidents in the Microsoft 365 security portal" lightbox="../../media/first-incident-analyze/first-incident-analyze-queue.png"::: -- One example of how you might perform triage for this set of incidents is to prioritize incidents that affected more users and devices. In this example, you might prioritize incident ID 6769 because it affected the largest number of entities: seven devices, six users, and two mailboxes. Furthermore, the incident appears to contain alerts from Microsoft Defender for Identity, which indicate an identity-based alert and possible credential theft. -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-high-impact.png" alt-text="The Incidents** page showing example of a high-impact incident in the Microsoft 365 security portal" lightbox="../../media/first-incident-analyze/first-incident-analyze-high-impact.png"::: --2. Select the circle next to the incident name to review the details. A side pane will appear on the right side, which contains additional information that can assist your triage further. -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-incident-flyout.png" alt-text="The Incidents page showing example of an incident side pane in the Microsoft 365 security portal" lightbox="../../media/first-incident-analyze/first-incident-analyze-incident-flyout.png"::: -- For example, by looking at which [MITRE ATT&CK](https://attack.mitre.org/) tactics the attacker used based on the incident's categories, you might prioritize this incident because the attacker used stolen credentials, established command and control, performed lateral movement, and exfiltrated some data. These actions suggest that the attacker has already gone deep into the network and possibly stolen confidential information. -- Additionally, if your organization has implemented the Zero Trust framework, you would consider credential access as an important security violation worth prioritizing. -- Scrolling down the side pane, you will see the specific impacted entities such as users, devices, and mailboxes. You can check the exposure level of each device and the owners of affected mailboxes. -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-incident-flyout-details.png" alt-text="The incident side pane details" lightbox="../../media/first-incident-analyze/first-incident-analyze-incident-flyout-details.png"::: --3. Further down the side pane, you can find the associated alerts. Microsoft 365 Defender has already performed the correlation of said alerts into a single incident, saving you time and resources better spent remediating the attack. Alerts are suspicious and therefore possibly malicious system events that suggest the presence of an attacker on a network. -- In this example, 87 individual alerts were determined to be part of one security incident. You can view all the alerts to get a quick view of how the attack played out. -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-incident-flyout-alerts.png" alt-text="The alerts in an incident side pane in the Microsoft 365 security portal" lightbox="../../media/first-incident-analyze/first-incident-analyze-incident-flyout-alerts.png"::: --## Analyze your first incident --Understanding the context that surrounds alerts is equally important. Often an alert is not a single independent event. There is a chain of processes created, commands, and actions that might not have occurred at the same time. Therefore, an analyst must look for the first and last activities of the suspicious entity in device timelines to understand the context of the alerts. --There are multiple ways to read and analyze data using Microsoft 365 Defender but the end goal for analysts is to respond to incidents as quickly as possible. While Microsoft 365 Defender can significantly reduce [Mean Time to Remediate (MTTR)](https://www.microsoft.com/security/blog/2020/05/04/lessons-learned-microsoft-soc-part-3c/) through the industry-leading [automated investigation and response](m365d-autoir.md) feature, there are always cases that require manual analysis. --Here's an example: --1. Once triage priority has been determined, an analyst begins an in-depth analysis by selecting the incident name. This page brings up the **Attack story** where data is displayed in tabs to assist with the analysis. Under the **Alerts story** tab, the types of alerts are displayed. Analysts can click on each alert to drill down into the respective detection source. -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-summary-tab.png" alt-text="Screenshot that shows the attack story of an incident." lightbox="../../media/first-incident-analyze/first-incident-analyze-summary-tab.png"::: -- For a quick guide about which domain each detection source covers, review the [Detect](#detection-by-microsoft-365-defender) section of this article. --2. From the **Alerts** tab, you can pivot to the detection source to conduct a more in-depth investigation and analysis. For example, selecting Malware Detection with Microsoft Defender for Cloud Apps as the detection source takes the analyst to its corresponding alert page. -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-select-alert.png" alt-text="The Incidents page that shows an example of selecting an alert of an incident." lightbox="../../media/first-incident-analyze/first-incident-analyze-select-alert.png"::: -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-link-to-mcas.png" alt-text="A corresponding page in the Microsoft Defender for Cloud Apps" lightbox="../../media/first-incident-analyze/first-incident-analyze-link-to-mcas.png"::: --3. To investigate our example further, scrolling to the bottom of the page to view the **Users affected**. To see the activity and context surrounding the malware detection, select Annette Hill's user page. -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-user-page.png" alt-text="A user page" lightbox="../../media/first-incident-analyze/first-incident-analyze-user-page.png"::: --4. The user page lists events chronologically, starting with a *Risky Sign-in from a TOR network IP Address* alert. While the suspiciousness of an activity depends on the nature of how an organization conducts its business, in most cases the use of The Onion Router (TOR), a network that allows users to browse the web anonymously, in an enterprise environment might be considered highly unlikely and unnecessary for regular online operations. -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-user-event-list.png" alt-text="The chronological list of events for a user" lightbox="../../media/first-incident-analyze/first-incident-analyze-user-event-list.png"::: --5. Each alert can be selected to obtain more information on the activity. For example, selecting **Activity from a Tor IP Address** alert leads you to that alert's own page. Annette is an Administrator of Office 365, which indicates elevated privileges and that the source incident might have led to access to confidential information. -- :::image type="content" source="../../media/first-incident-analyze/first-incident-analyze-mcas-alert.png" alt-text="The alerts details for the Microsoft Defender for Cloud Apps" lightbox="../../media/first-incident-analyze/first-incident-analyze-mcas-alert.png" ::: --6. By selecting other alerts, you can get a complete picture of the attack. --## Next step ---Learn how to [remediate incidents](first-incident-remediate.md). --## See also --- [Incidents overview](incidents-overview.md)-- [Investigate incidents](investigate-incidents.md)-- [Manage incidents](manage-incidents.md) |
| security | First Incident Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/first-incident-overview.md | - Title: Responding to your first incident -description: The basics of responding to your first incident in Microsoft 365 Defender. -keywords: incidents, alerts, investigate, correlation, attack, devices, users, identities, identity, mailbox, email, 365, microsoft, m365, incident response, cyber-attack, self-study, ramp up, ramp-up, onboard, incident responder -search.product: eADQiWindows 10XVcnh ---ms.sitesec: library -ms.pagetype: security - - NOCSH ----- - m365-security - - m365solution-firstincident - - highpri - - tier1 -- - MOE150 - - MET150 Previously updated : 04/20/2021---# Responding to your first incident ---**Applies to:** -- Microsoft 365 Defender--An organization's incident response strategy determines its ability to deal with increasingly disruptive security incidents and cybercrime. While taking preventative measures is important, the ability to act quickly to contain, eradicate, and recover from detected incidents can minimize damage and business losses. --This incident response walkthrough shows how you, as part of a security operations (SecOps) team, can perform most of the key incident response steps within Microsoft 365 Defender. Here are the steps: --- Preparation of your security posture-- For each incident:- - Step 1: Triage and analysis - - Step 2: Remediation (containment, eradication, and recovery) - - Step 3: Post-incident review --A security incident is defined by National Institute of Standards and Technology (NIST) as "an occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system; or the information the system processes, stores, or transmits; or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies." --Incidents in Microsoft 365 Defender are the logical starting points for analysis and incident response. Analyzing and remediating incidents typically makes up most of a (SecOps) team's tasks and time. --## Next step ---Make sure your organization and Microsoft 365 tenant is [prepared for incident handling](first-incident-prepare.md). --## See also --Incident response guidance for Microsoft 365 Defender: --- [Incidents overview](incidents-overview.md)-- [Investigate incidents](investigate-incidents.md)-- [Manage incidents](manage-incidents.md)--More examples of first incident responses: --- [Phishing email](first-incident-path-phishing.md)-- [Identity-base attack](first-incident-path-identity.md)--[Detailed incident response playbooks](/security/compass/incident-response-playbooks) -- |
| security | First Incident Post | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/first-incident-post.md | - Title: Step 3. Perform a post-incident review of your first incident -description: How to perform a review of your first incident in Microsoft 365 Defender. -keywords: incidents, alerts, investigate, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365 -search.product: eADQiWindows 10XVcnh ---ms.sitesec: library -ms.pagetype: security - - NOCSH ----- - m365-security - - m365solution-firstincident - - highpri - - tier1 -- - MOE150 - - MET150 Previously updated : 04/20/2021---# Step 3. Perform a post-incident review of your first incident ---**Applies to:** -- Microsoft 365 Defender--National Institute of Standards and Technology (NIST) recommends that once all steps have been taken to recover from the attack, organizations must review the incident to learn from it and improve security posture or processes. Assessing the different aspects of incident-handling becomes important in preparing for the next incident. --Microsoft 365 Defender can help in performing post-incident activities by providing an organization with alerts that align with [MITRE ATT&CK Framework](https://attack.mitre.org/). All Microsoft Defender solutions label attacks in accordance with an ATT&CK tactic or technique. --By mapping alerts to this industry framework, you can: --- Conduct an analysis of gaps in security coverage.-- Determine adversary and campaign attribution.-- Perform trend analysis.-- Identify skill gaps in attack method awareness.-- Create a Power Automate Playbook for faster remediation.--Post-incident review activity can also result in fine-tuning your security configuration and security team's processes to streamline your organization's response capabilities. --## Next step --See these additional investigation paths: --- [Phishing email](first-incident-path-phishing.md)-- [Identity-based attack](first-incident-path-identity.md)---## See also --- [Incidents overview](incidents-overview.md)-- [Investigate incidents](investigate-incidents.md)-- [Manage incidents](manage-incidents.md) |
| security | First Incident Prepare | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/first-incident-prepare.md | - Title: Prepare your security posture for your first incident -description: Set up your Microsoft 365 tenant's security posture for your first incident in Microsoft 365 Defender. -keywords: incidents, alerts, investigate, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365 -search.product: eADQiWindows 10XVcnh ---ms.sitesec: library -ms.pagetype: security - - NOCSH ----- - m365-security - - m365solution-firstincident - - highpri - - tier1 -- - MOE150 - - MET150 Previously updated : 04/20/2021---# Prepare your security posture for your first incident ---**Applies to:** -- Microsoft 365 Defender--Preparing for incident handling involves setting up sufficient protection of an organization's network from different kinds of security incidents. To reduce the risk of security incidents, National Institute of Standards and Technology (NIST) recommends several security practices including risk assessments, hardening host security, configuring networks securely, and preventing malware. --Microsoft 365 Defender can help address several aspects of incident prevention: --- Implementing a [Zero Trust](/security/zero-trust/) framework-- Determining your security posture by assigning a score with [Microsoft Secure Score](microsoft-secure-score.md)-- Preventing threats through vulnerability assessments in [Defender Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)-- Understanding the latest security threats so you can prepare for them with [threat analytics](threat-analytics.md)--## Step 1. Implement Zero Trust --[Zero Trust](/security/zero-trust/) is an integrated security philosophy and end-to-end strategy that considers the complex nature of any modern environment, including the mobile workforce and the users, devices, applications and data, wherever they may be located. By providing a single pane of glass to manage all detections in a consistent way, Microsoft 365 Defender can make it easier for your security operations team to implement the [guiding principles](/security/zero-trust/#guiding-principles-of-zero-trust) of Zero Trust. --Components of Microsoft 365 Defender can display violations of rules that have been implemented to establish Conditional Access policies for Zero Trust by integrating data from Microsoft Defender for Endpoint or other mobile security vendors as an information source for device compliance policies and implementation of device-based Conditional Access policies. --Device risk directly influences what resources will be accessible by the user of that device. The denial of access to resources based on certain criteria is the main theme of Zero Trust and Microsoft 365 Defender provides information needed to determine the trust level criteria. For example, Microsoft 365 Defender can provide the software version level of a device through the Microsoft Defender Vulnerability Management, formerly known as Threat & Vulnerability Management page while Conditional Access policies restrict devices that have outdated or vulnerable versions. --Automation is a crucial part of implementing and maintaining a Zero Trust environment while also reducing the number of alerts that would potentially lead to incident response (IR) events. Components of Microsoft 365 Defender can be automated such as [remediation actions](m365d-autoir.md) (known as investigations for an incident in the Microsoft 365 Defender portal), notification actions, and even the creation of support tickets such as in [ServiceNow](https://microsoft.service-now.com/sp/). --## Step 2. Determine your organization's security posture --Next, organizations can use the [Microsoft Secure Score](microsoft-secure-score.md) in Microsoft 365 Defender to determine your current security posture and consider recommendations on how to improve it. The higher the score is, the more security recommendations and improvement actions have been taken by the organization. Secure Score recommendations can be taken across different products and allow organizations to raise their scores even higher. ---## Step 3. Assess your organization's vulnerability exposure --Preventing incidents can help streamline security operations efforts to focus on on-going critical and important security incidents. Software vulnerabilities are often a preventable entry point for attacks that can lead to data theft, data loss, or disruption of business operations. If no attacks are on-going, security operations must strive to achieve and maintain an acceptable level of [vulnerability exposure](../defender-endpoint/tvm-exposure-score.md) in their organization. --To check your software patching progress, visit the [Microsoft Defender Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md) page in Defender for Endpoint, which you can access from Microsoft 365 Defender through the **More resources** tab. ---## 4. Understand emerging threats --Use [threat analytics](threat-analytics.md) in the Microsoft 365 Defender portal to keep up-to-date with the current security threat landscape. Expert Microsoft security researchers create reports that describe the latest cyber-threats in detail so you can understand how they might affect your Microsoft 365 subscription, devices, and users. These reports can include: --- Active threat actors and their campaigns-- Popular and new attack techniques-- Critical vulnerabilities-- Common attack surfaces-- Prevalent malware--Threat analytics also looks at your configuration and alerts to determine how at-risk you are and if there are active alerts applicable to a report. --You can implement the recommendations of an emerging threat to strengthen your security posture and minimize your attack surface area. --Make time in your schedule to regularly check the [Threat Analytics](threat-analytics.md) section of the Microsoft 365 Defender portal. See the [example security operations for Microsoft 365 Defender](incidents-overview.md#example-security-operations-for-microsoft-365-defender) for more information. --## Next step --Learn how to [triage and analyze incidents](first-incident-analyze.md). --## See also --- [Incidents overview](incidents-overview.md)-- [Investigate incidents](investigate-incidents.md)-- [Manage incidents](manage-incidents.md) |
| security | First Incident Remediate | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/first-incident-remediate.md | - Title: Step 2. Remediate your first incident -description: How to get started in remediating your first incident in Microsoft 365 Defender. -keywords: incidents, alerts, attack story, investigate, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365, incident response, cyber-attack -search.product: eADQiWindows 10XVcnh ---ms.sitesec: library -ms.pagetype: security - - NOCSH ----- - m365-security - - m365solution-firstincident - - highpri - - tier1 -- - MOE150 - - MET150 Previously updated : 04/20/2021---# Step 2. Remediate your first incident ---**Applies to:** -- Microsoft 365 Defender--Microsoft 365 Defender not only provides detection and analysis capabilities but also provides containment and eradication of malware. Containment includes steps to reduce the impact of the attack while eradication ensures all traces of attacker activity are removed from the network. Microsoft 365 Defender offers several remediation actions that can be configured to [auto-remediate](m365d-autoir.md) depending on the operating system of affected devices and the attack type. --Microsoft 365 Defender offers several remediation actions that analysts can manually initiate. Actions are separated into two categories, Actions on devices and actions on files. Some actions can be used to immediately stop the threat while other actions assist in further forensic analysis. --## Actions on devices --- **Isolate the device** - This activity immediately blocks all network traffic (internet and internal) to minimize the spread of malware and allow analysts to continue analysis without a malicious actor being able to continue an attack. The only connection allowed is to the Microsoft Defender for Identity service cloud so Microsoft Defender for Identity can continue to monitor the device. -- **Restrict app execution** - To restrict an application from running, a code integrity policy is applied that only allows files to run if they're signed by a Microsoft-issued certificate. This method of restriction can help prevent an attacker from controlling compromised devices and performing further malicious activities.-- **Run Antivirus scan** - A Microsoft Defender Antivirus scan can run alongside other antivirus solutions, whether Defender Antivirus is the active antivirus solution or not. If another antivirus vendor product is the primary endpoint protection solution, you can run Defender Antivirus in Passive mode.-- **Initiate automated investigation** - You can start a new general purpose automated investigation on the device. While an investigation is running, any other alert generated from the device will be added to an ongoing automated investigation until that investigation is completed. In addition, if the same threat is seen on other devices, those devices are added to the investigation.-- **Initiate live response** - Live response is a capability that gives you instantaneous access to a device by using a remote shell connection. This gives you the ability to do in-depth investigative work and take immediate response actions to promptly contain identified threats in real time. Live response is designed to enhance investigations by enabling you to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.-- **Collect investigation package** - As part of the investigation or response process, you can collect an investigation package from a device. By collecting the investigation package, you can identify the current state of the device and further understand the tools and techniques used by the attacker. -- **Ask Defender Experts** (available in both Actions on devices and files) - You can consult a Microsoft Defender expert for more insights regarding potentially compromised devices or devices that are already compromised. Microsoft Defender experts can be engaged directly from within Microsoft 365 Defender for a timely and accurate response.--> [!NOTE] -> You can take actions on devices straight from the graph within the attack story. --## Actions on files --- **Stop and quarantine file** - This action includes stopping running processes, quarantining files, and deleting persistent data, such as any registry keys. This action takes effect on devices with Windows 11 or Windows 10, version 1703 or later, where the file was observed in the last 30 days. -- **Add indicators to block or allow file** - Prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. This operation will prevent the file from being read, written, or executed on devices in your organization.-- **Download or collect file** ΓÇô This action allows analysts to download a file in a password protected .zip archive file for further analysis by the organization.-- **Deep analysis** ΓÇô This action executes a file in a secure, fully instrumented cloud environment. Deep analysis results show the file's activities, observed behaviors, and associated artifacts, such as dropped files, registry modifications, and communication with IP addresses. --Continuing the example in [Detect, triage, and analyze incidents](first-incident-analyze.md#analyze-your-first-incident), an analyst can remediate this incident with these actions: --1. Immediately reset the user account password -2. Isolate the device in Microsoft 365 Defender until deep analysis is complete -3. Ensure the malicious file was quarantined from SharePoint -4. Check which endpoints were affected by malware -5. Rebuild systems -6. Check for similar Microsoft Defender for Cloud Apps alerts for other users -7. Create a custom indicator in Microsoft Defender for Endpoint to block a Tor IP address -8. Create a governance action in Microsoft Defender for Cloud Apps for this type of alert such as those shown in the following image: -- :::image type="content" source="../../media/first-incident-remediate/first-incident-mcas-governance.png" alt-text="Governance actions in the Microsoft Defender for Cloud Apps portal" lightbox="../../media/first-incident-remediate/first-incident-mcas-governance.png"::: --Most of the remediation actions can be applied and tracked in Microsoft 365 Defender. --## Using Playbooks --In addition, automated remediation can be created using playbooks. Currently, Microsoft has [Playbook templates on GitHub](https://github.com/microsoft/Microsoft-Cloud-App-Security/tree/master/Playbooks) that provide playbooks for the following scenarios: --- Remove sensitive file sharing after requesting user validation-- Auto-triage infrequent country/region alerts-- Request for manager action before disabling an account-- Disable malicious inbox rules--Playbooks use Power Automate to create custom robotic process automation flows to automate certain activities once specific criteria have been triggered. Organizations can create playbooks either from existing templates or from scratch. --Here's an example. - - -Playbooks can also be created during [post-incident review](first-incident-post.md) to create remediation actions from resolved incidents. --## Next step --Learn how to [perform a post-incident review of an incident](first-incident-post.md). --## See also --- [Incidents overview](incidents-overview.md)-- [Investigate incidents](investigate-incidents.md)-- [Manage incidents](manage-incidents.md) |
| security | Respond First Incident 365 Defender | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/respond-first-incident-365-defender.md | + + Title: Responding to your first incident in Microsoft 365 Defender +description: The basics of responding to your first incident in Microsoft 365 Defender. +keywords: incidents, alerts, investigate, correlation, attack, devices, users, identities, identity, mailbox, email, 365, microsoft, m365, incident response, cyber-attack, self-study, ramp up, ramp-up, onboard, incident responder +search.product: eADQiWindows 10XVcnh +++ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: + - NOCSH +++ms.localizationpriority: medium ++audience: ITPro ++ - m365-security + - m365solution-firstincident + - highpri + - tier1 ++search.appverid: + - MOE150 + - MET150 Last updated : 08/21/2023+++# Responding to your first incident in Microsoft 365 Defender +++**Applies to:** ++- Microsoft 365 Defender ++This guide lists Microsoft resources for new Microsoft 365 Defender users to confidently perform [day-to-day incident response tasks](integrate-microsoft-365-defender-secops-services.md) while using the portal. The intended results of using this guide are: ++- You'll quickly learn to use Microsoft 365 Defender to respond to incidents and alerts. +- YouΓÇÖll discover the portal's features to aid incident investigation and remediation through the videos and tutorials. ++Microsoft 365 Defender enables you to see relevant threat events across all assets (devices, identities, mailboxes, cloud apps, and more). The portal consolidates signals from the [Defender protection suite](microsoft-365-defender.md#microsoft-365-defender-protection), [Microsoft Sentinel](microsoft-365-defender-integration-with-azure-sentinel.md), and other [integrated security information and event management (SIEM) solutions](configure-siem-defender.md). Correlated attack information with full context in a single pane of glass enables you to successfully defend and protect your organization. ++This guide has three main sections: ++- Understanding incidents: accessing, triaging, and managing incidents within the portal +- [Analyzing attacks](respond-first-incident-analyze.md): a collection of videos and tutorials on how to investigate specific attacks using the portal's features. +- [Remediating attacks](respond-first-incident-remediate.md): lists the automated and manual actions that are available within the portal to remediate threats. This section includes links to videos and tutorials. ++## Understanding incidents ++An [incident](incidents-overview.md) is a chain of processes created, commands, and actions that might not have coincided. An incident provides a holistic picture and context of suspicious or malicious activity. A single incident gives you an attackΓÇÖs complete context instead of triaging hundreds of alerts from multiple services. ++Microsoft 365 Defender has many features that you can use to respond to an incident. You can navigate the incidents by selecting **View all incidents** in the Active incidents card on the Home page or through **Incidents & alerts** on the left navigation pane. ++*Figure 1. Active incidents card on the Microsoft 365 Defender home page* ++*Figure 2. Incident queue* ++Each incident contains automatically correlated [alerts](investigate-alerts.md) from [different detection sources](microsoft-365-defender.md#microsoft-365-defender-protection) and might involve various endpoints, identities, or cloud apps. ++## Incident triage ++Incident prioritization varies per responder, security team, and organization. [Incident response plans](/security/operations/incident-response-planning) and security teams' direction can mandate incident priority. ++Microsoft 365 Defender has various indicators like incident severity, types of users, or threat types to triage and prioritize incidents. You can use any combination of these indicators readily available through the [incident queue](incident-queue.md) filters. ++An example of determining incident priority is combining the following factors for an incident: ++- The incident has a high severity. +- The automation investigation state failed. +- There are 5 impacted assets where two of the assets are tagged with highly confidential data sensitivity. +- The incident status is new. +- The incident is unassigned to any team member for investigation. ++You might assign a high priority to the incident using the information above. You can begin your incident investigation once a priority is determined. ++> [!NOTE] +> Microsoft 365 Defender automatically determines filters like severity, investigation states, impacted assets, and incident statuses. The information is based on your organizationΓÇÖs network activities contextualized with threat intelligence feeds and the automated remediation actions applied. ++## Manage incidents ++You can contribute to [incident management](manage-incidents.md) efficiency by providing essential information in incidents and alerts. When you add information to the following filters from when you triage and analyze each incident, you provide further context to that incident that other responders can take advantage of: ++- [Classifying incidents and alerts](manage-incidents.md#specify-the-classification) +- Naming incidents +- Adding tags +- Providing comments ++Learn how to classify incidents and alerts through this video: ++> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4LHJq] +++## Next steps ++- [Analyze your first incident](respond-first-incident-analyze.md) +- [Remediate your first incident](respond-first-incident-remediate.md) +- Watch demos and the portal's new developments in action in the [Microsoft 365 Defender Virtual Ninja Training](https://adoption.microsoft.com/en-us/ninja-show/) ++## See also ++- [Integrate Microsoft 365 Defender into your security operations](integrate-microsoft-365-defender-secops-plan.md) +- [Respond to common attacks using incident response playbooks](/security/operations/incident-response-playbooks) +- Learn the portal's features and functions through the [Microsoft 365 Defender Ninja training](https://techcommunity.microsoft.com/t5/microsoft-365-defender/become-a-microsoft-365-defender-ninja/ba-p/1789376) + |
| security | Respond First Incident Analyze | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/respond-first-incident-analyze.md | + + Title: Analyze your first incident in Microsoft 365 Defender +description: Investigation essentials in analysis of your first incident in Microsoft 365 Defender. +keywords: incidents, alerts, attack story, investigate, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365, incident response, cyber-attack, incident analysis, threat analysis, threat investigation, incident investigation +search.product: eADQiWindows 10XVcnh +++ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: + - NOCSH +++ms.localizationpriority: medium ++audience: ITPro ++ - m365-security + - m365solution-firstincident + - highpri + - tier1 ++search.appverid: + - MOE150 + - MET150 Last updated : 08/21/2023+++# Analyze your first incident in Microsoft 365 Defender +++**Applies to:** ++- Microsoft 365 Defender ++Understanding the context that surrounds [incidents](incidents-overview.md) is essential in analyzing attacks. Combining your expertise and experience with Microsoft 365 Defender's features and capabilities ensure faster resolution of incidents and your organization’s safety from cyber attacks. ++Today's threats on data security - [business email compromise (BEC)](https://www.microsoft.com/security/business/security-101/what-is-business-email-compromise-bec), malware like backdoors and [ransomware](/security/ransomware), organizational breaches, and [nation-state attacks](https://www.microsoft.com/security/business/security-insider/) – require quick, intelligent, and decisive action from incident responders. Tools like [Microsoft 365 Defender](microsoft-365-defender.md) allow response teams to detect, triage, and investigate incidents through its single-pane-of-glass experience and find the information needed to make these timely decisions. ++## Investigation tasks ++Investigations usually involve responders viewing several apps while simultaneously checking various threat intelligence sources. Sometimes investigations are extended to hunting down other threats. Documenting facts and solutions in an attack investigation is an additional important task that provides history and context for other investigators’ use or for later investigations. These investigation tasks are simplified when using Microsoft 365 Defender through the following: ++- **Pivoting** – the portal aggregates important attack information contextualized across the Defender workloads enabled in your organization. The portal consolidates all information across a single attack’s components (file, URL, mailbox, a user account, or device), showing relationships and timeline of activities. With all the information available in a page, the portal allows incident responders to pivot across related entities and events to find the information they need to make decisions. ++- **Hunting** – threat hunters can find known and possible threats within an organization through the portal's [advanced hunting](advanced-hunting-overview.md) capability using Kusto queries. If you're new to Kusto, use the [guided mode](advanced-hunting-modes.md) to hunt for threats. ++- **Insight** – where applicable, incident responders can view actions to previously detected event and alerts to aid present investigations. Additional insights are also automatically added to events and alerts through Microsoft’s own threat intelligence efforts and from sources like the [MITRE ATT&CK®](https://attack.mitre.org/) framework and [VirusTotal](https://www.virustotal.com/gui/home/upload). ++- **Collaboration** – security operations teams can view each team members’ decisions and actions on past and present incidents and alerts through portal features like comments, tagging, flagging, and assignment. Further collaboration with Microsoft’s managed detection and response service through [Defender Experts for XDR](dex-xdr-overview.md) and [Defender Experts for Hunting](defender-experts-for-hunting.md) are also available when an organization requires an augmented response. ++## Attack overview ++The [attack story](investigate-incidents.md#attack-story) provides incident responders a full, contextualized overview what happened in an attack. Responders can view all related alerts and events, including the automated remediation actions taken by Microsoft 365 Defender to mitigate an attack. ++From the attack story, you can dive deeper into the details of an attack by exploring the tabs available on the [incident page](investigate-incidents.md). You can quickly remediate common attacks like phishing, password spray, and malicious app compromise through [incident response playbooks](/security/operations/incident-response-playbooks) accessible within the portal. These playbooks contain detection, response, and mitigation guidance that support incident investigations. ++This video of [how to investigate an attack in Microsoft 365 Defender](https://youtu.be/PW_4PWul5MY) and how to use the portal's features in your investigation walks you through the attack story and the incident page. ++## Investigating threats ++Complex threats like [adversary-in-the-middle attacks](https://www.microsoft.com/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/) and ransomware often require manual investigation. An incident responder tackling these complicated attacks looks for the following crucial information: ++- Presence of malware or suspicious use of tools and apps +- Clues about any communication channels or entry points used by any malicious or suspicious entity +- Clues pointing to possible identity compromise +- Identifying what the impact is on the organization’s data and security posture ++The following sections contain tutorials and videos of Microsoft 365 Defender features that aid incident response teams in investigating various complex attacks. ++### Ransomware investigations ++Ransomware continues to be a significant threat to organizations. Microsoft has the following resources to help you investigate and respond to ransomware attacks: ++- **Guides**: [From detection to protection: Microsoft's guide to combating ransomware attacks](/security/ransowmare) +- **Tutorial**: [Ransomware investigation playbook](/security/operations/incident-response-playbook-dart-ransomware-approach) +- **Video**: [Investigating ransomware attacks in Microsoft 365 Defender (part 1)](https://youtu.be/eLCrGe4-Zzc) +- **Video**: [Investigating ransomware attacks in Microsoft 365 Defender (part 2)](https://youtu.be/q1s7lm3O9Sc) ++### Email-based attacks analysis ++Identifying and tracking modified, created, or stolen identities are essential to investigating phishing and BEC attacks. Use the following resources when investigating these attacks: ++- **Tutorial**: [Investigate malicious email](//microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered) +- **Tutorial**: [Investigate users](investigate-users.md) +- **Tutorial**: [Investigate a user account](//microsoft-365/security/defender-endpoint/investigate-user) +- **Blog**: [Total Identity Compromise: Microsoft Incident Response lessons on securing Active Directory +Identity compromise can also be investigated using Defender for Identity signals.](https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/total-identity-compromise-microsoft-incident-response-lessons-on/ba-p/3753391) +- **Tutorial**: [Example of a phishing email attack](first-incident-path-phishing.md) +- **Tutorial**: [Example of an identity-based attack](first-incident-path-identity.md) ++The following videos discuss how to investigate phishing and BEC attacks in Microsoft 365 Defender: ++- **Video**: [Investigating BEC and AiTM phishing in Microsoft 365 Defender](https://youtu.be/h9YEr9XwALU) +- **Video**: Defending against spearphishing and phishing using Defender for Office 365 ++> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE5bzVE] ++Investigate an identity compromise and know what you can do to contain an attack through this video: ++- [Investigating identity threats using Defender for Identity](https://youtu.be/RSVmgcQLv38?t=533) ++### Malware analysis ++A malicious file's information and capabilities are key to investigating malware. Microsoft 365 Defender, in most cases, can detonate the file to show critical data including hash, metadata, prevalence within the organization, and file capabilities based on MITRE ATT&CK® techniques. This removes the need to do black box testing or static analysis of files. You can view file information from the incident graph, or by viewing an alert process tree, an artifact timeline, or a device timeline. ++The following resources provide details on how to use the portal’s capabilities in investigating files: ++- **Tutorial**: [Investigate files](/microsoft-365/security/defender-endpoint/investigate-files) +- **Video**: [Investigating malware in Microsoft 365 Defender](https://youtu.be/TTqFlnlwch0) ++### Risky apps analysis and cloud-based threats prevention ++Malicious actors can exploit cloud-based apps. Apps can inadvertently leak sensitive information through abuse or misuse. Incident responders investigating and protecting apps in cloud environments can use the following resources where Defender for Cloud Apps is deployed in their organizations: ++- **Tutorial**: [Investigate malicious and compromised apps](/security/operations/incident-response-playbook-compromised-malicious-app) +- **Tutorial**: [Investigate risky OAuth apps](/defender-cloud-apps/investigate-risky-oauth) +- **Tutorial**: [Protect cloud apps](/defender-cloud-apps/tutorial-ueba#phase-1-connect-to-the-apps-you-want-to-protect) +- **Tutorial**: Protect apps in real time ++Discover how you can protect your cloud apps in real time with this video of the Defender for Cloud Apps workload: ++- **Video**: Protecting cloud apps and related files through Defender for Cloud Apps ++> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE5d0tz] ++### Breach analysis ++Nation-state attacks, attacks against critical infrastructure, and organizational breaches often require an attacker to establish communication points once they are in a network. Incident responders look for clues by identifying suspicious traffic or exchanges between a source and a destination. Microsoft has the following tutorials for investigating communication components: ++- [Investigate domains and URLs](/microsoft-365/security/defender-endpoint/investigate-domain) +- [Investigate an IP address](/microsoft-365/security/defender-endpoint/investigate-ip) +- [Investigate connection events that occur behind forward proxies](/microsoft-365/security/defender-endpoint/investigate-behind-proxy) +- [Investigate suspicious user and device activities through Defender for Identity](/defender-for-identity/investigate-assets) +- [Identify and investigate lateral movement paths in Defender for Identity](/defender-for-identity/understand-lateral-movement-paths) +- [Investigate devices in the Defender for Endpoint devices list](/microsoft-365/security/defender-endpoint/investigate-machines) ++Attackers often use vulnerabilities to gain access to an organization. Some ransomware attacks initially take advantage of unpatched vulnerabilities like the [Log4Shell vulnerability](/microsoft-365/security/defender-vulnerability-management/tvm-manage-log4shell-guidance). The following resources help incident responders identify vulnerabilities and vulnerable devices in their organization through the Defender for Vulnerability Management service: ++- **Tutorial**: [Identify vulnerabilities in your organization](/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses) +- **Tutorial**: [Hunt for exposed devices](/microsoft-365/security/defender-vulnerability-management/tvm-hunt-exposed-devices) +- **Tutorial**: [Assess your organization’s risk through the Exposure score](/microsoft-365/security/defender-vulnerability-management/tvm-exposure-score) +- **Video**: Threat and vulnerability management via Defender Vulnerability Management ++> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4XTiJ] ++Breaches also happen through various devices like phones and tablets that connect to your organization’s network. Incident responders can further investigate these devices within the portal. The following video talks about the top threats from mobile devices and how you can investigate these: ++- Mobile threat defense in Microsoft 365 Defender ++> [!VIDEO https://www.microsoft.com/videoplayer/embed/RW10icV] ++## Resources for threat intelligence and hunting ++Microsoft 365 Defender's built-in threat intelligence capabilities and hunting aid incident response teams in performing proactive protection against emerging threats and attacks. You have direct access to the latest information on emerging threats and attacks through the portal's [Threat analytics](threat-analytics.md). +++Use the intelligence in Threat analytics to deep dive into new threats with the following video: ++> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWwJfU] ++Proactively hunt for threats within the organization using the portal's built-in [advanced hunting](advanced-hunting-overview.md) capability. +++The following resources provide more information on how to use advanced hunting: ++- [Learn the Kusto query language](advanced-hunting-query-language.md) +- [Build hunting queries using the guided mode](advanced-hunting-query-builder.md) +- [Hunt for threats across entities](advanced-hunting-query-emails-devices.md) ++Extend your threat intelligence with the latest security research and changes from Microsoft security research teams: ++- [Microsoft Security blog](https://www.microsoft.com/security/blog/topic/threat-intelligence/?sort-by=newest-oldest&date=any) +- [Microsoft threat actor information](/microsoft-365/security/intelligence/microsoft-threat-actor-naming) ++Collaborate with Microsoft's experts for incident response and threat hunting to enhance your security operations teams' capabilities. Know more about our experts and how to engage them in the following resources: ++- [Defender Experts for XDR](dex-xdr-overview.md) +- [Threat hunting with Defender Experts for Hunting](defender-experts-for-hunting.md) ++## Next step ++- [Remediate your first incident](respond-first-incident-remediate.md) +- Explore the portal's features through video demos in the [Microsoft 365 Defender Virtual Ninja Training](https://adoption.microsoft.com/en-us/ninja-show/) ++## See also ++- [Understand incidents](respond-first-incident-365-defender.md) +- [Investigate incidents](investigate-incidents.md) +- [Investigate alerts](investigate-alerts.md) +- Learn the portal's features and functions through the [Microsoft 365 Defender Ninja training](https://techcommunity.microsoft.com/t5/microsoft-365-defender/become-a-microsoft-365-defender-ninja/ba-p/1789376) + |
| security | Respond First Incident Remediate | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/respond-first-incident-remediate.md | + + Title: Remediate your first incident in Microsoft 365 Defender +description: How to get started in remediating your first incident in Microsoft 365 Defender. +keywords: incidents, alerts, attack story, investigate, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365, incident response, cyber-attack, incident response, remediation, remediate attack, remediate incident +search.product: eADQiWindows 10XVcnh +++ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +f1.keywords: + - NOCSH +++ms.localizationpriority: medium ++audience: ITPro ++ - m365-security + - m365solution-firstincident + - highpri + - tier1 ++search.appverid: + - MOE150 + - MET150 Last updated : 08/21/2023+++# Remediate your first incident in Microsoft 365 Defender +++**Applies to:** ++- Microsoft 365 Defender ++Microsoft 365 Defender provides detection and analysis capabilities to ensure containment and eradication of threats. Containment includes steps to reduce the impact of the attack while eradication ensures all traces of attacker activity are removed from the network. ++Remediation in Microsoft 365 Defender can be automated or through manual actions taken by incident responders. Remediation actions can be taken on devices, files, and identities. ++## Automatic remediation ++Microsoft 365 Defender leverages its threat intelligence and the signals within your network to combat the most disruptive attacks. Ransomware, business email compromise (BEC), and adversary-in-the-middle (AiTM) phishing are some of the most complex attacks that can be contained immediately through [automatic attack disruption](automatic-attack-disruption.md) capability. Once an attack has been disrupted, incident responders can take over and fully investigate an attack and apply the required remediation. ++Learn how automatic attack disruption helps in incident response: ++> [!VIDEO https://www.microsoft.com/videoplayer/embed/RW10OoF] ++Meanwhile, Microsoft 365 DefenderΓÇÖs [automated investigation and response](m365d-autoir.md) capabilities can automatically investigate and apply remediation actions to malicious and suspicious items. These capabilities scale investigation and resolution to threats, freeing incident responders to focus their efforts on high-impact attacks. ++You can [configure](m365d-configure-auto-investigation-response.md) and [manage](m365d-autoir-actions.md) automated investigation and response capabilities. You can also view all past and pending actions through the [Action center](m365d-action-center.md). ++> [!NOTE] +> You can undo automatic actions after review. ++To speed up some of your investigation tasks, you can [triage alerts with Power Automate](investigate-alerts.md#use-power-automate-to-triage-alerts). In addition, automated remediation can be created using automation and playbooks. Microsoft has [playbook templates on GitHub](https://github.com/microsoft/Microsoft-Cloud-App-Security/tree/master/Playbooks) for the following scenarios: ++- Remove sensitive file sharing after requesting user validation +- Auto-triage infrequent country alerts +- Request for manager action before disabling an account +- Disable malicious inbox rules ++Playbooks use Power Automate to create custom robotic process automation flows to automate certain activities once specific criteria have been triggered. Organizations can create playbooks either from existing templates or from scratch. Playbooks can also be created during post-incident review to create remediation actions from resolved incidents. ++Learn how Power Automate can help you automate your incident response through this video: ++> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWFIRn] ++## Manual remediation ++While responding to an attack, security teams can leverage the portal's manual remediation actions to stop attacks from further incurring damage. Some actions can immediately stop a threat, while others assist in further forensic analysis. You can apply these actions to any entity depending on the Defender workloads deployed within your organization. ++### Actions on devices ++- [**Isolate the device**](/microsoft-365/security/defender-endpoint/respond-machine-alerts#isolate-devices-from-the-network) - isolates an affected device by disconnecting the device from the network. The device remains connected to the Defender for Endpoint service for continued monitoring. +- [**Restrict app execution**](/microsoft-365/security/defender-endpoint/respond-machine-alerts#restrict-app-execution) - restricts an application by applying a code integrity policy that only allows files to run if they're signed by a Microsoft-issued certificate. +- [**Run Antivirus scan**](/microsoft-365/security/defender-endpoint/respond-machine-alerts#run-microsoft-defender-antivirus-scan-on-devices) - initiates a Defender Antivirus scan remotely for a device. The scan can run alongside other antivirus solutions, whether Defender Antivirus is the active antivirus solution or not. +- [**Collect investigation package**](/microsoft-365/security/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices) - you can collect an investigation package from a device as part of the investigation or response process. By collecting the investigation package, you can identify the current state of the device and further understand the tools and techniques used by the attacker. +- [**Initiate automated investigation**](/microsoft-365/security/defender-endpoint/respond-machine-alerts#initiate-automated-investigation) - starts a new general purpose automated investigation on the device. While an investigation is running, any other alert generated from the device will be added to an ongoing automated investigation until that investigation is completed. In addition, if the same threat is seen on other devices, those devices are added to the investigation. +- [**Initiate live response**](/microsoft-365/security/defender-endpoint/respond-machine-alerts#initiate-live-response-session) - gives you instantaneous access to a device by using a remote shell connection so you can do in-depth investigative work and take immediate response actions to promptly contain identified threats in real time. Live response is designed to enhance investigations by enabling you to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats. + +- [**Ask Defender Experts**](/microsoft-365/security/defender-endpoint/respond-machine-alerts#consult-a-threat-expert) - you can consult a Microsoft Defender expert for more insights regarding potentially compromised or already compromised devices. Microsoft Defender experts can be engaged directly from within the portal for a timely and accurate response. This action is available for both devices and files. ++Other actions on devices are available through the following tutorial: ++- [Response actions on a device enabled through Defender for Endpoint](/microsoft-365/security/defender-endpoint/respond-machine-alerts) ++> [!NOTE] +> You can take actions on devices straight from the graph within the attack story. ++### Actions on files ++- [**Stop and quarantine file**](/microsoft-365/security/defender-endpoint/respond-file-alerts#stop-and-quarantine-files-in-your-network) - includes stopping running processes, quarantining files, and deleting persistent data like registry keys. +- [**Add indicators to block or allow file**](/microsoft-365/security/defender-endpoint/respond-file-alerts#add-indicator-to-block-or-allow-a-file) - prevents an attack from spreading further by banning potentially malicious files or suspected malware. This operation prevents the file from being read, written, or executed on devices in your organization. +- [**Download or collect file**](/microsoft-365/security/defender-endpoint/respond-file-alerts#download-or-collect-file) ΓÇô allows analysts to download a file in a password protected .zip archive file for further analysis by the organization. +- [**Deep analysis**](/microsoft-365/security/defender-endpoint/respond-file-alerts#deep-analysis) ΓÇô executes a file in a secure, fully instrumented cloud environment. Deep analysis results show the file's activities, observed behaviors, and associated artifacts, such as dropped files, registry modifications, and communication with IP addresses. ++## Remediating other attacks ++> [!NOTE] +> These tutorials apply when other Defender workloads are enabled in your environment. ++The following tutorials enumerate steps and actions that you can apply when investigating entities or responding to specific threats: ++- [Responding to a compromised email account via Defender for Office 365](/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account.md) +- [Remediating vulnerabilities with Defender for Vulnerability Management](/microsoft-365/security/defender-vulnerability-management/tvm-remediation.md) +- [Remediation actions for user accounts via Defender for Identity](/defender-for-identity/remediation-actions) +- [Applying policies to control apps with Defender for Cloud Apps](/defender-cloud-apps/control-cloud-apps-with-policies) ++## Next steps ++- [Simulate attacks through the attack simulation training](eval-defender-investigate-respond-simulate-attack.md) +- Explore Microsoft 365 Defender through the [Virtual Ninja training](https://adoption.microsoft.com/ninja-show/) ++## See also ++- [Investigate incidents](investigate-incidents.md) +- Learn the portal's features and functions through the [Microsoft 365 Defender Ninja training](https://techcommunity.microsoft.com/t5/microsoft-365-defender/become-a-microsoft-365-defender-ninja/ba-p/1789376) + |
| security | Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md | You can also get product updates and important notifications through the [messag ## August 2023 +- Guides to responding to your first incident for new users are now live. [Understand incidents](respond-first-incident-365-defender.md) and learn to triage and prioritize, [analyze your first incident](respond-first-incident-analyze.md) using tutorials and videos, and [remediate attacks](respond-first-incident-remediate.md) by understanding actions available in the portal. - (Preview) [Asset rule management - Dynamic rules for devices](./configure-asset-rules.md) is now in public preview. Dynamic rules can help manage device context by assigning tags and device values automatically based on certain criteria. - (Preview) The [DeviceInfo](advanced-hunting-deviceinfo-table.md) table in advanced hunting now also includes the columns `DeviceManualTags` and `DeviceDynamicTags` in public preview to surface both manually and dynamically assigned tags related to the device you are investigating. ## July 2023+ - (GA) The [Attack story](investigate-incidents.md#attack-story) in incidents is now generally available. The attack story provides the full story of the attack and allows incident response teams to view the details and apply remediation. - A new URL and domain page is now available in Microsoft 365 Defender. The updated URL and domain page provides a single place to view all the information about a URL or a domain, including its reputation, the users who clicked it, the devices that accessed it, and emails where the URL or domain was seen. For details, see [Investigate URLs in Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/investigate-domain). |
| security | Detect And Remediate Illicit Consent Grants | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/detect-and-remediate-illicit-consent-grants.md | ms.localizationpriority: medium search.appverid: - MET150 description: Learn how to recognize and remediate the illicit consent grants attack in Microsoft 365.--- seo-marvel-apr2020++ - seo-marvel-apr2020 + - has-azure-ad-ps-ref appliesto: |
| security | Safe Documents In E5 Plus Security About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-documents-in-e5-plus-security-about.md | + - has-azure-ad-ps-ref search.appverid: - MET150 ms.assetid: |
| security | Assess The Impact Of Security Configuration Changes With Explorer | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/assess-the-impact-of-security-configuration-changes-with-explorer.md | Consider using secure presets [Ensuring you always have the optimal security con You can also manage email authentication issues with spoof intelligence [Spoof intelligence insight](/microsoft-365/security/office-365-security/anti-spoofing-spoof-intelligence) -Learn more about email authentication [Email Authentication in Exchange Online Protection](/microsoft-365/security/office-365-security/email-authentication-abou) +Learn more about email authentication [Email Authentication in Exchange Online Protection](../email-authentication-about.md) |
| security | Connect Microsoft Defender For Office 365 To Microsoft Sentinel | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel.md | You can ingest your Microsoft Defender for Office 365 data (*and* data from the Take advantage of rich security information events management (SIEM) combined with data from other Microsoft 365 sources, synchronization of incidents and alerts, and advanced hunting. -> [!IMPORTANT] -> The Microsoft 365 Defender connector is currently in **PREVIEW**. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.> - ## What you will need - Microsoft Defender for Office 365 Plan 2 or higher. (Included in E5 plans) Take advantage of rich security information events management (SIEM) combined wi 1. [Login to the Azure Portal](https://portal.azure.com) and navigate to **Microsoft Sentinel** \> Pick the relevant workspace to integrate with Microsoft 365 Defender. 1. On the left-hand navigation menu underneath the heading **Configuration** \> choose **Data connectors**.-2. When the page loads, **search for** Microsoft 365 Defender **and select the Microsoft 365 Defender (preview) connector**. +1. When the page loads, **search for** Microsoft 365 Defender **and select the Microsoft 365 Defender connector**. 3. On the right-hand flyout, select **Open Connector Page**. 4. Under the **Configuration** section of the page that loads, select **Connect incidents & alerts**, leaving Turn off all Microsoft incident creation rules for these products ticked. 5. Scroll to **Microsoft Defender for Office 365** in the **Connect events** section of the page. Select **EmailEvents, EmailUrlInfo, EmailAttachmentInfo & EmailPostDeliveryEvents** then **Apply Changes** at the bottom of the page. (Choose tables from other Defender products if helpful and applicable, during this step.) Admins will now be able to see incidents, alerts, and raw data in Microsoft Sent [Connect Microsoft 365 Defender data to Microsoft Sentinel | Microsoft Docs](/azure/sentinel/connect-microsoft-365-defender?tabs=MDE) [Connect Microsoft Teams to Microsoft Sentinel](/microsoftteams/teams-sentinel-guide)+ |
| security | Deploy And Configure The Report Message Add In | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md | Depending on whether you are licensed for Defender for Office 365, you'll also g - The Report Phishing add-in provides the option to report only phishing messages - The Report Message add-in provides the option to report junk, not junk (false positive), and phishing messages+- The built-in Report button in Outlook on the web *[Learn More](/microsoft-365/security/office-365-security/submissions-outlook-report-messages)* ## What you'll need Depending on whether you are licensed for Defender for Office 365, you'll also g Learn more about user reported settings [User reported settings](../submissions-user-reported-messages-custom-mailbox.md) Enable the report message or report phishing add-in [Enable the Microsoft Report Message or Report Phishing add-ins](../submissions-users-report-message-add-in-configure.md)+ |
| security | Ensuring You Always Have The Optimal Security Controls With Preset Security Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies.md | Title: Steps to quickly set up the Standard or Strict preset security policies for Microsoft Defender for Office 365 + Title: Steps to set up the Standard or Strict preset security policies for Microsoft Defender for Office 365 description: Step to setup preset security policies in Microsoft Defender for Office 365 so you have the security recommended by the product. Preset policies set a security profile of either *Standard* or *Strict*. Set these and Microsoft Defender for Office 365 will manage and maintain these security controls for you. search.product: Once you've chosen between the Standard and Strict security preset policies for 1. Select **All Recipients** to apply Defender for Office 365 Protection tenant wide, or select **Specific recipients** to manually add add users, groups, or domains you want to apply the protection policy to. Click the **Next** button. 1. On the **Impersonation Protection** section, add email addresses & domains to protect from impersonation attacks, then add any trusted senders and domains you don't want the impersonation protection to apply to, then press **Next**. 1. Click on the **Confirm** button.-1. Select the **Manage** link in the Strict protection preset. -1. Repeat steps 7-10 again, but for the users strict protection should be applied to. (if applicable) +1. Select the **Manage protection settings** link in the Strict protection preset. +1. Repeat steps 7-10 again, but for these users *strict* protection should be applied. 1. Click on the **Confirm** button. > [!TIP] |
| security | How To Configure Quarantine Permissions With Quarantine Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-configure-quarantine-permissions-with-quarantine-policies.md | Providing security admins and users with a very simple way to manage false posit - Sufficient permissions (Security Administrator role) - 5 minutes to perform the steps below. -## Creating Custom quarantine policies with Request release flow +## Deciding between built-in or custom quarantine policies. Our custom policies give admins the ability to decide what items their users can triage in the ***False positive*** folder with an extended ability of allowing the user to request the *release* of those items from the folder. Once it has been decided the categories of items users can triage or not-triage, 1. Identify the users, groups, or domains that you would like to include in the *full access* category vs. the *limited access* category, versus the *Admin-Only* category. 1. Sign in to the [Microsoft Security portal](https://security.microsoft.com).-1. Select **Email & collaboration** > **Policies & rules**. +1. On the left nav, under **Email & collaboration**, select **Policies & rules**. 1. Select **Threat policies**. 1. Select each of the following: **Anti-spam policies**, **Anti-phishing policy**, **Anti-Malware policy**. 1. Select **Create policy** and choose **Inbound**. Once it has been decided the categories of items users can triage or not-triage, 1. In the **Actions** tab, select **Quarantine message** for categories. You will notice an additional panel for *select quarantine policy*, use that dropdown to select the quarantine policy you created earlier. 1. Move on to the **Review** section and click the **Confirm** button to create the new policy. 1. Repeat these same steps for the other policies: **Anti-phishing policy**, **Anti-Malware policy**, and **Safe Attachment policy**.- > [!TIP] > For more detailed information on what you've learned so far, see [Configure spam filter policies - Office 365](../../office-365-security/anti-spam-policies-configure.md)| [Configure anti-phishing policies in EOP](../../office-365-security/anti-phishing-policies-eop-configure.md) | [Configure anti-malware policies](../../office-365-security/anti-malware-policies-configure.md)| [Set up Safe Attachments policies in Microsoft Defender for Office 365](../../office-365-security/safe-attachments-policies-configure.md) Once it has been decided the categories of items users can triage or not-triage, ## More information Learn more about organization branding and notification settings here [Quarantine policies - Office 365 | Microsoft Docs](../../office-365-security/quarantine-policies.md)+ |
| security | Protect Your C Suite With Priority Account Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/protect-your-c-suite-with-priority-account-protection.md | Priority account protection helps IT and security teams ensure a high quality of 1. Identify the users, groups, or domains you would like to tag as priority accounts. 1. Login to the [Microsoft Security Portal](https://security.microsoft.com/) and navigate to Settings on the left navigation bar. 1. Select Email & collaboration on the page that loads and then click User tags-1. On the User tags page, select the Priority account tag and press Edit tag +1. On the User tags page, select the Priority account tag and press Edit 1. On the flyout that appears, select Add members 1. Search for the users you wish to tag, select one or more users and press Add 1. Review the members you have selected and press Next 1. Press Submit to confirm the changes +## Confirm priority account protection is enabled for tagged users ++1. Login to the [Microsoft Security Portal](https://security.microsoft.com/) and navigate to Settings on the left navigation bar. +1. Select **Priority account protection** +1. Ensure the protection is set to "On" + To learn what priority account tags are see [Manage and monitor priority accounts - Microsoft 365 admin | Microsoft Docs](../../../admin/setup/priority-accounts.md). ## Next Steps If you want to achieve these steps via [Exchange Online PowerShell](/powershell/ - View a list of priority accounts: `Get-User -IsVIP | select Identity` - Add user to list of priority accounts: `Set-User -VIP $true -Identity <Identity>` - Remove user from list of priority accounts: `Set-User -VIP $false -Identity <Identity>`++ |
| security | Reducing Attack Surface In Microsoft Teams | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/reducing-attack-surface-in-microsoft-teams.md | If licensed for Microsoft Defender for Office 365 (free 90-day evaluation availa 6. **Select** a policy, a flyout appears on the left-hand side. 7. Press **Edit protection settings**. 8. Ensure **Safe Links checks a list of known, malicious links when users click links in Microsoft Teams** is checked.-9. Press **Save**. +1. Press **Save**. +1. In organizations with Microsoft Defender for Office 365 Plan 2 or Microsoft 365 Defender, admins can decide whether users can report malicious messages in Microsoft Teams. Learn more here. [User reported message settings in Microsoft Teams](/microsoft-365/security/office-365-security/submissions-teams) ## Restricting channel email messages to approved domains Consider configuring access policies to implement Zero Trust identity and device Learn more about teams access policies: [Recommended Teams policies - Microsoft 365 for enterprise - Office 365 | Microsoft Docs](/microsoft-365/security/office-365-security/teams-access-policies) Security in Microsoft Teams:[Overview of security and compliance - Microsoft Teams | Microsoft Docs](/microsoftteams/security-compliance-overview)+ |
| solutions | Manage Creation Of Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-creation-of-groups.md | audience: Admin ms.localizationpriority: medium++ - has-azure-ad-ps-ref - highpri - M365-subscription-management |
| solutions | Per Group Guest Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/per-group-guest-access.md | + - M365solutions + - has-azure-ad-ps-ref f1.keywords: NOCSH recommendations: false description: "Learn how to prevent guests from being added to a specific group" |
| syntex | Adoption Getstarted | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/adoption-getstarted.md | Title: Get started driving adoption of Microsoft Syntex Previously updated : 09/30/2021 Last updated : 09/30/2022 audience: admin |
| syntex | Adoption Scenarios | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/adoption-scenarios.md | |
| syntex | Create A Classifier | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/create-a-classifier.md | |
| syntex | Create A Content Center | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/create-a-content-center.md | |
| syntex | Create An Extractor | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/create-an-extractor.md | |
| syntex | Create Local Model | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/create-local-model.md | |
| syntex | Create Syntex Model | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/create-syntex-model.md | |
| syntex | Discover Other Trained Models | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/discover-other-trained-models.md | |
| syntex | Syntex Pay As You Go Services | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/syntex-pay-as-you-go-services.md | When you use Microsoft Syntex [pay-as-you-go](syntex-azure-billing.md), services |Unstructured document processing|The number of pages processed for Word, PDF, or TIFF files; the number of sheets for Excel files; the number of slides for PowerPoint files; or the number of files for other file types. Each of these counts as one transaction. You won't be charged for model training. You'll be charged for processing whether or not there's a positive classification, or any entities extracted.<br><br>Processing occurs on document upload and on subsequent updates. Processing is counted for each model applied. For example, if you have two models applied to a library and you upload or update a five-page document in that library, the total pages processed is 10.|$0.05/transaction| |Content assembly |The number of documents (word or PDF) created using Syntex templates. Each processed document counts as one transaction.<br><br>If you have an existing Syntex per-user license, you will not be charged for generating documents manually but will be charged for automated document generation using Power Automate. |$0.15/transaction | |Image tagging |The number of images processed. Each processed image counts as one transaction. You wonΓÇÖt be charged if you only enable pay-as-you-go billing for image tagging. You'll be charged only when you [enable image tagging on a document library](image-tagging.md). |$0.001/transaction |-|Optical character recognition |The number of pages processed for images (JPEG, JPG, PNG, or BMP); the number of pages processed for PDF, TIF, or TIFF; or the number of embedded images in Teams chats and email messages. Each of these counts as one transaction. Processing occurs every time the file is edited. |$0.001/transaction| +|Optical character recognition (Preview) |The number of pages processed for images (JPEG, JPG, PNG, or BMP); the number of pages processed for PDF, TIF, or TIFF; or the number of embedded images in Teams chats and email messages. Each of these counts as one transaction. Processing occurs every time the file is edited. |$0.001/transaction| ## Related articles |
| syntex | Use Content Center Site | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/use-content-center-site.md | |
| syntex | Use Contracts Management Site | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/use-contracts-management-site.md | |