+ - If they get single sign-on (SSO) into the web app from the device joined account.

+ - If they selected **Stay signed in** at the time of sign-in. For more info on hiding this option for your organization, see [Add branding to your organization's sign-in page](/azure/active-directory/fundamentals/customize-branding).

+ - If they're on a managed device (one that is compliant or joined to a domain) and using a supported browser like Microsoft Edge or Google Chrome (with the [Windows Accounts extension](https://chrome.google.com/webstore/detail/windows-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji)).

+## Trigger idle session timeout only on unmanaged devices

+By default, the idle session timeout feature triggers on all device types if the other conditions are met. For this feature to trigger only on an unmanaged device, an eligible Azure AD Premium P1 or P2 subscription is required. You'll also need to add a Conditional Access policy in the Azure AD admin center.

+ Title: Top 10 ways to secure your business data - Best practices for small and medium-sized businesses

+# Top 10 ways to secure your data - Best practices for small and medium-sized businesses

+**Applies to**

+- Microsoft 365 Business Basic

+- Microsoft 365 Business Standard

+- Microsoft 365 Business Premium

+Microsoft 365 for business plans include security capabilities, such as antiphishing, antispam, and antimalware protection. Microsoft 365 Business Premium includes more capabilities, such as device management, advanced threat protection, and information protection. This article describes steps you can take to secure your business data, and [compares capabilities across Microsoft 365 for business plans](#comparing-microsoft-365-for-business-plans).

+1. **Use multi-factor authentication**. [Multi-factor authentication](multi-factor-authentication-microsoft-365.md) (MFA), also known as two-step verification, requires people to use a code or authentication app on their phone to sign into Microsoft 365, and is a critical first step to protecting your business data. Using MFA can prevent hackers from taking over if they know your password. See [security defaults and MFA](../../business-premium/m365bp-conditional-access.md).

+2. **Protect your administrator accounts**. Administrator accounts (also called admins) have elevated privileges, making these accounts more susceptible to cyberattacks. See [Protect your administrator accounts](../../business-premium/m365bp-protect-admin-accounts.md).

+3. **Use preset security policies**. Your subscription includes [preset security policies](../../security/office-365-security/preset-security-policies.md) that use recommended settings for anti-spam, anti-malware, and anti-phishing protection. See [Protect against malware and other cyberthreats](../../business-premium/m365bp-increase-protection.md).

+4. **Protect all devices**. Every device is a possible attack avenue into your network and must be configured properly, even those devices that are personally owned but used for work. See the following articles:

+ - [Help users set up MFA on their devices](https://support.microsoft.com/office/set-up-your-microsoft-365-sign-in-for-multi-factor-authentication-ace1d096-61e5-449b-a875-58eb3d74de14)

+ - [Protect unmanaged Windows and Mac computers](../../business-premium/m365bp-protect-pcs-macs.md)

+ - [Set up managed devices](../../business-premium/m365bp-managed-devices-setup.md) (requires Microsoft 365 Business Premium or Microsoft Defender for Business)

+5. **Train everyone on email best practices**. Email can contain malicious attacks cloaked as harmless communications. Email systems are especially vulnerable, because email is handled by everyone in the organization, and safety relies on humans making consistently good decisions with those communications. Train everyone to know what to watch for spam or junk mail, phishing attempts, spoofing, and malware in their email. See [Protect yourself against phishing and other attacks](../../business-premium/m365bp-avoid-phishing-and-attacks.md).

+6. **Use Microsoft Teams for collaboration and sharing**. The best way to collaborate and share securely is to use Microsoft Teams. With Microsoft Teams, all your files and communications are in a protected environment and aren't being stored in unsafe ways outside of it. See the following articles:

+ - [Use Microsoft Teams for collaboration](../../business-premium/create-teams-for-collaboration.md)

+ - [Set up meetings with Microsoft Teams](../../business-premium/set-up-meetings.md)

+ - [Share files and videos in a safe environment](../../business-premium/share-files-and-videos.md)

+7. **Set sharing settings for SharePoint and OneDrive files and folders**. Your default sharing levels for SharePoint and OneDrive might be set to a more permissive level than you should use. We recommend reviewing and if necessary, changing the default settings to better protect your business. See [Set sharing settings for SharePoint and OneDrive files and folders](../../business-premium/m365bp-increase-protection.md#set-sharing-settings-for-sharepoint-and-onedrive-files-and-folders).

+8. **Use Microsoft 365 Apps on devices**. Outlook and Microsoft 365 Apps (also referred to as Office apps) enable people to work productively and more securely across devices. Whether you're using the web or desktop version of an app, you can start a document on one device, and pick it up later on another device. Instead of sending files as email attachments, you can share links to files that are stored in SharePoint or OneDrive. See [Install Office apps on all devices](../../business-premium/m365bp-install-office-apps.md).

+9. **Manage calendar sharing for your business**. You can help people in your organization share their calendars appropriately for better collaboration. You can manage what level of detail they can share, such as by limiting the details that are shared to free/busy times only. See [Manage calendar sharing](../../business-premium/m365bp-increase-protection.md#manage-calendar-sharing).

+10. **Maintain your environment**. After your initial setup and configuration of Microsoft 365 for business is complete, your organization needs a maintenance and operations plan. As employees come and go, you'll need to add or remove users, reset passwords, and maybe even reset devices to factory settings. See [Maintain your environment](../../business-premium/m365bp-maintain-environment.md).

+## Comparing Microsoft 365 for business plans

+Microsoft 365 for business plans include Microsoft Exchange, Microsoft Teams, SharePoint, and OneDrive for secure email, collaboration, and file storage. These plans also include antiphishing, antimalware, and antispam protection. With Microsoft 365 Business Premium, you get more capabilities, such as device management, advanced threat protection, and information protection.

+The following table compares capabilities in Microsoft 365 for business plans.

+| Capability | [Microsoft 365 Business Basic](../setup/setup-business-basic.md) | [Microsoft 365 Business Standard](../setup/setup-business-standard.md) | [Microsoft 365 Business Premium](../../business-premium/index.md) |

+|:|:--:|:--:|:--:|

+| **Outlook and Web/mobile versions of Office apps** <br/>Word, Excel, and PowerPoint |  |  | |

+| **Desktop versions of Office apps**<br/>Word, Excel, PowerPoint, Publisher, and Access ^{[[See note 1](#fn1)]} | |  |  |

+| **Secure communication, collaboration, and file storage**<br/>Microsoft Teams, Exchange, OneDrive, and SharePoint |  |  |  |

+| **Antispam, antiphishing, and antimalware protection** for email <br/>[Exchange Online Protection](../../security/office-365-security/exchange-online-protection-overview.md) |  |  |  |

+| **Mobile device management** and mobile app management <br/>[Microsoft Intune](/mem/intune/fundamentals/what-is-intune) | See note ^[[2](#fn2)] | See note ^[[2](#fn2)] |  |

+| **Advanced device security** with next-generation protection, firewall, attack surface reduction, automated investigation and response, and more <br/>[Defender for Business](../../security/defender-business/mdb-overview.md) | See note ^[[3](#fn3)] | See note ^[[3](#fn3)] |  |

+| **Advanced protection for email and documents** with advanced anti-phishing, Safe Links, Safe Attachments, and real-time detections<br/>[Microsoft Defender for Office 365 Plan 1](../../security/office-365-security/defender-for-office-365.md) | See note ^[[4](#fn4)] | See note ^[[4](#fn4)] |  |

+| **Information protection** capabilities to discover, classify, protect, and govern sensitive information <br/>[Azure Information Protection](/azure/information-protection/what-is-information-protection) | | |  |

+(<a id="fn1">1</a>) Microsoft Publisher and Microsoft Access run on Windows laptops and desktops only.

+(<a id="fn2">2</a>) Microsoft Intune is included with certain Microsoft 365 plans. Basic Mobility and Security is part of the Microsoft 365 Business Basic and Standard. [Choose between Basic Mobility and Security or Intune](../basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md).

+(<a id="fn3">3</a>) Defender for Business is included in Microsoft 365 Business Premium. It can also be purchased as an add-on for Microsoft 365 Business Basic or Microsoft 365 Business Standard. See [Get Defender for Business](/microsoft-365/security/defender-business/get-defender-business).

+(<a id="fn4">4</a>) Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium. It can also be purchased as an add-on for Microsoft 365 Business Basic or Microsoft 365 Business Standard. See [Defender for Office 365 Plan 1 and Plan 2](../../security/office-365-security/overview.md#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet).

+> For more information about what each plan includes, see [Reimagine productivity with Microsoft 365 and Microsoft Teams](https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products-b?ef_id=8c2a86ec9ea514a008c6e419e036519c:G:s&OCID=AIDcmmwf9kwzdj_SEM_8c2a86ec9ea514a008c6e419e036519c:G:s&lnkd=Bing_O365SMB_Brand&msclkid=8c2a86ec9ea514a008c6e419e036519c).

+## See also

+- [What is Defender for Business?](../../security/defender-business/mdb-overview.md)

+- [Microsoft 365 Business PremiumΓÇöcybersecurity for small business](/microsoft-365/business-premium/)

+- [Compare security features in Microsoft 365 plans for small and medium-sized businesses](../../security/defender-business/compare-mdb-m365-plans.md) (for more details about Defender for Business and Microsoft 365 Business Premium)

+- [Compare Microsoft endpoint security plans](../../security/defender-endpoint/defender-endpoint-plan-1-2.md) (for securing and managing devices)

+Here's a list of applicable roles that you can use. To learn more about them, see [Roles in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#roles-in-the-security--compliance-center)

+Here's a list of applicable role groups that you can use. To learn more about the, see [Role groups in the Security & Compliance Center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md#role-groups-in-the-security--compliance-center)

+Transport Layer Security (TLS), and SSL that came before TLS, are cryptographic protocols that secure communication over a network by using security certificates to encrypt a connection between computers. TLS supersedes Secure Sockets Layer (SSL) and is often referred to as SSL 3.1. Exchange Online uses TLS to encrypt the connections between Exchange servers and the connections between Exchange servers and other servers such as your on-premises Exchange servers or your recipients' mail servers. Once the connection is encrypted, all data sent through that connection is sent through the encrypted channel. However, if you forward a message that was sent through a TLS-encrypted connection to a recipient organization that doesn't support TLS encryption, that message isn't necessarily encrypted. TLS doesn't encrypt the message, just the connection.

+Access log can be enabled using [Exchange Online PowerShell V2 module](/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps). The *-EnablePortalTrackingLogs* parameter of Set-IrmConfiguration specifies whether to enable the audit logs of accessing the encrypted message portal. Valid values are:

+|[PDF support](#pdf-support)| Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Under review | Under review |

+Be aware that some label options can extend configuration settings to site owners, that are otherwise restricted to administrators. When you configure and publish the label settings for external sharing options and the authentication context, a site owner can now set and change these options for a site by applying or changing the sensitivity label for a team or site. Don't configure these specific label settings if you don't want site owners to be able to make these changes.

+ > You can create placeholders for text, and also placeholders for text within cells in a table. However, images, smart art, complete tables, and bulleted lists are currently not supported.

+>- You can create placeholders for text, and also placeholders for text within cells in a table. However, images, smart art, complete tables, and bulleted lists are currently not supported.

+| Configure Microsoft Edge | A Microsoft Edge browser policy for Windows 10 or later with preconfigured settings to stay protected from phishing scams and malicious software. This policy also allows Microsoft Edge to safely save and monitor passwords and suggest strong passwords when needed. |

+ \* Either Granular Delegated Admin Privileges (GDAP) plus an indirect reseller relationship or a Delegated Admin Privileges (DAP) relationship is required to onboard customers to Lighthouse. If DAP and GDAP coexist in a customer tenant, GDAP permissions take precedence for MSP technicians in GDAP-enabled security groups. Coming soon, customers with GDAP-only relationships (without indirect reseller relationships) will be able to onboard to Lighthouse.

+The person who performs this integration should be a Moodle administrator and a Microsoft 365 tenant administrator.

+ Paste the values as follows:

+ | On Moodle | On Microsoft LTI registration portal |

+ | | |

+ | Platform ID | Issuer ID URL |

+ | Client ID | Client ID |

+ | Deployment ID | Deployment ID |

+ | Public keyset URL | Keyset URL |

+ | Access token URL | Access token URL |

+ | Authentication request URL | Platform authentication URL |

+ >[!NOTE]

+ > Make sure that the public keyset URL isn't restricted by your network settings for requests originating from the Microsoft LMS Gateway.

+ Select **Next**.

+ Title: About the Microsoft Defender Vulnerability Management public preview trial

+description: Learn about the Microsoft Defender Vulnerability Management trial

+keywords: defender vulnerability management

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+f1.keywords:

+- NOCSH

+ms.localizationpriority: medium

+audience: ITPro

+ms.technology: m365d

+# About the Microsoft Defender Vulnerability Management public preview trial

+**Applies to:**

+- [Microsoft Defender Vulnerability Management](../defender-vulnerability-management/index.yml)

+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)

+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)

+Microsoft Defender Vulnerability Management is a new service that provides advanced vulnerability management capabilities to minimize your organization's cyber risk. Get real-time asset discovery, continuous risk-based assessment and prioritization, and built in remediation tools.

+It includes the existing vulnerability management capabilities in Microsoft Defender for Endpoint and new capabilities to further provide enhanced tools so your teams can intelligently assess, prioritize, and seamlessly remediate the biggest risks to your organization.

+## How to sign up for the Defender Vulnerability Management public preview trial

+> [!NOTE]

+> The sign up process outlined below is only relevant to customers who have access to the [Microsoft Defender 365 portal](https://security.microsoft.com/homepage).

+>

+> If you don't have access to the Microsoft Defender 365 portal learn more about how you can sign up to the [Microsoft Defender Vulnerability Management Standalone public preview trial](../defender-vulnerability-management/get-defender-vulnerability-management.md#try-defender-vulnerability-management-standalone).

+To sign up for the Defender Vulnerability Management trial, you can go directly to the [Microsoft 365 trials hub](https://security.microsoft.com/trialHorizontalHub) page or by selecting **Trials** on the left navigation from the [Microsoft Defender 365 portal](https://security.microsoft.com/homepage).

+Once you've reached the [Microsoft 365 trials hub](https://security.microsoft.com/trialHorizontalHub), sign up depends on whether you already have Microsoft Defender for Endpoint Plan 2 or not:

+- If you have Defender for Endpoint Plan 2, find the **Defender Vulnerability Management add-on** card and select **Try now**.

+- If you don't have have Defender for Endpoint Plan 1 or Plan 2, or Microsoft 365 E3, choose the **Defender Vulnerability Management** card and select **Try now**.

+2. Review the information about what's included in the trial, then select **Begin trial**.

+Your trial will be effective immediately for 120 days. It can take up to 6 hours for all vulnerability management features to appear in your left navigation. Sign out and sign back in to see the updates.

+> [!NOTE]

+> This is a public preview trial. Details on your purchase options for this new offering will be made available once the offering is generally available.

+## Required roles for starting the trial

+As a Global Administrator, you can start the trial or you can allow to users start the trial on behalf of your organization by enabling this option:

+1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > **User owned apps and services**

+2. Check **Let users start trials on behalf of your organization**

+3. Select **Save**

+> [!NOTE]

+> If you don't want users in your organization to be able to start trials, as a Global Administrator you must disable this option once you've activated the trial.

+>

+> Only a Global Administrator can end the trial.

+It can take a few hours for the changes to take effect. Once it does, return to the trial setup page and select **Begin trial**.

+## Licensing

+As part of the trial setup, the new Defender Vulnerability Management trial licenses will be applied to users automatically. Therefore, no assignment is needed (_The trial can automatically apply up to 1,000,000 licenses_). The licenses are active for 120 days.

+## Getting started, extending, and ending the trial

+### Getting started

+You can start using Defender Vulnerability Management features as soon as you see them in the Microsoft 365 Defender portal. Nothing is created automatically and users won't be affected. When you navigate to each solution, you may be guided to make extra setup configurations to start using features.

+### Extending the trial

+You can extend the trial within the last 15 days of the trial period. You're limited to a maximum of two trial periods. If you don't extend by the time your trial period ends, you'll need to wait at least 30 days before signing up for a second trial.

+### Ending the trial

+Admins can disable the trial anytime by selecting **Trials** on the left navigation, going to the **Defender Vulnerability Management** trial card and selecting **End trial**.

+Unless stated otherwise for the solution your trial data will be maintained for time, usually 180 days, before being permanently deleted. You may continue to access the data gathered during the trial until that time.

+## Terms and conditions

+See the [terms and conditions](/legal/microsoft-365/microsoft-365-trial) for Microsoft 365 trials.

+## Learn more about Defender Vulnerability Management

+Wondering what you can experience in your free trial? The Defender Vulnerability Management trial includes:

+- **[Security baselines assessment](tvm-security-baselines.md)**: When the trial ends security baseline profiles may be stored for a short additional time before being deleted.

+- **[Blocking vulnerable applications (beta)](tvm-block-vuln-apps.md)**: When the trial ends blocked applications will be immediately unblocked whereas baseline profiles may be stored for a short additional time before being deleted.

+- **[Browser extensions assessment](tvm-browser-extensions.md)**

+- **[Digital certificates assessment](tvm-certificate-inventory.md)**

+- **[Network shares analysis](tvm-network-share-assessment.md)**

+ Title: Trial playbook - Microsoft Defender Vulnerability Management (public preview)

+description: Learn how Microsoft Defender Vulnerability Management can help you protect all your users and data.

+keywords: vulnerability management, threat and vulnerability management, Microsoft Defender for Endpoint TVM, Microsoft Defender for Endpoint-TVM, vulnerability management, vulnerability assessment, threat and vulnerability scanning, secure configuration assessment, Microsoft Defender for Endpoint, Microsoft Defender Vulnerability Management, endpoint vulnerabilities, next generation

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+ms.localizationpriority: medium

+audience: ITPro

+ms.technology: mde

+# Trial playbook: Microsoft Defender Vulnerability Management

+## Welcome to the Microsoft Defender Vulnerability Management trial playbook

+This playbook is a simple guide to help you make the most of your free trial. Using the suggested steps in this playbook from the Microsoft Security team, you'll learn how vulnerability management can help you protect all your users and data.

+## What is Microsoft Defender Vulnerability Management?

+Reducing cyber risk requires a comprehensive risk-based vulnerability management program to identify, assess, remediate, and track important vulnerabilities across your most critical assets.

+Microsoft Defender Vulnerability Management is a new service that proactively provides continuous real-time discovery and assessment of vulnerabilities, context-aware threat & business prioritization, and built-in remediation processes. It includes all Defender Vulnerability Management capabilities in Microsoft Defender for Endpoint and new enhanced capabilities so your teams can further intelligently assess, prioritize, and seamlessly remediate the biggest risks to your organization.

+Watch the following video to learn more about Defender Vulnerability Management:

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Y1FX]

+## Let's get started

+### Step 1: Set-up

+> [!NOTE]

+> Users need to have the global admin role defined in Azure AD to onboard the trial.

+1. Check [permissions and pre-requisites.](tvm-prerequisites.md)

+2. The Microsoft Defender Vulnerability Management preview trial can be accessed in several ways:

+ Via the [Microsoft 365 Defender portal](https://security.microsoft.com) under Trials.

+ :::image type="content" source="../../medivm-trialshub.png" alt-text="Screenshot of Microsoft Defender Vulnerability Management trial hub landing page.":::

+ Via the [Microsoft Admin Center](https://admin.microsoft.com/#/catalog) (global admins only).

+3. Sign up for the trial depends on whether you already have Microsoft Defender for Endpoint Plan 2 or not.

+ - If you have Defender for Endpoint Plan 2, choose [Defender Vulnerability Management Add-on](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-the-defender-vulnerability-management-add-on-public-preview-trial-for-defender-for-endpoint-plan-2-customers).

+ - If you don't have Defender for Endpoint Plan 1 or Plan 2, or Microsoft 365 E3, choose [Defender Vulnerability Management Standalone](/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management#try-defender-vulnerability-management-standalone).

+4. When you're ready to get started, visit the [Microsoft 365 Defender portal](https://security.microsoft.com) to start using the Defender Vulnerability Management trial.

+> [!NOTE]

+> This is a public preview trial. Details on your purchase options for this new offering will be made available once the offering is generally available.

+> [!NOTE]

+> Once you activate the trial it can take up to 6 hours for the new features to become available in the portal.

+Now that you have set up your trial, it's time to try key capabilities.

+### Step 2: Know what to protect in a single view

+Built-in and agentless scanners continuously monitor and detect risk even when devices aren't connected to the corporate network. Expanded asset coverage consolidates software applications, digital certificates, network shares, and browser extensions into a single inventory view.

+1. [**Device inventory**](../defender-endpoint/machines-view-overview.md) - The device inventory shows a list of the devices in your network. By default, the list displays devices seen in the last 30 days. At a glance, you'll see information such as domains, risk levels, OS platform, associated CVEs, and other details for easy identification of devices most at risk.

+2. Discover and assess your organization's software in a single, consolidated inventory view:

+ - [**Software application inventory**](tvm-software-inventory.md) - the software inventory in Defender Vulnerability Management is a list of known applications in your organization. The view includes vulnerability and misconfiguration insights across installed software with prioritized impact scores and details such as OS platforms, vendors, number of weaknesses, threats, and an entity-level view of exposed devices.

+ - [**Browser extension assessments**](tvm-browser-extensions.md) - the browser extensions page displays a list of the extensions installed across different browsers in your organization. Extensions usually need different permissions to run properly. Defender Vulnerability Management provides detailed information on the permissions requested by each extension and identifies those with the highest associated risk levels, the devices with the extension turned on, installed versions, and more.

+ - [**Certificate inventory**](tvm-certificate-inventory.md) - the certificate inventory allows you to discover, assess, and manage digital certificates installed across your organization in a single view. This can help you:

+ - Identify certificates that are about to expire so you can update them and prevent service disruption.

+ - Detect potential vulnerabilities due to the use of weak signature algorithm (for example, SHA-1-RSA), short key size (for example, RSA 512 bit), or weak signature hash algorithm (for example, MD5).

+ - Ensure compliance with regulatory guidelines and organizational policy.

+3. [Assign device value](tvm-assign-device-value.md) - defining a device's value helps you differentiate between asset priorities. The device value is used to incorporate the risk appetite of an individual asset into the Defender Vulnerability Management exposure score calculation. Devices assigned as "high value" will receive more weight. Device value options:

+ - Low

+ - Normal (Default)

+ - High

+ You can also use the [set device value API](/microsoft-365/security/defender-endpoint/set-device-value).

+### Step 3: Track and mitigate remediation activities

+1. [**Request remediation**](tvm-remediation.md#request-remediation) - vulnerability management capabilities bridge the gap between Security and IT administrators through the remediation request workflow. Security admins like you can request for the IT Administrator to remediate a vulnerability from the **Recommendation** pages to [Intune](/mem/intune/).

+2. [**View your remediation activities**](tvm-remediation.md#view-your-remediation-activities) - when you submit a remediation request from the Security recommendations page, it kicks-off a remediation activity. A security task is created that can be tracked on a **Remediation** page, and a remediation ticket is created in Microsoft Intune.

+3. [**Block vulnerable applications**](tvm-block-vuln-apps.md) - Remediating vulnerabilities takes time and can be dependent on the responsibilities and resources of the IT team. Security admins can temporarily reduce the risk of a vulnerability by taking immediate action to block all currently known vulnerable versions of an application or warn users with customizable messages before opening vulnerable app versions until the remediation request is completed. The block option gives IT teams time to patch the application without security admins worrying that the vulnerabilities will be exploited in the meantime.

+ - [How to block vulnerable applications](tvm-block-vuln-apps.md#how-to-block-vulnerable-applications)

+ - [View remediation activities](tvm-block-vuln-apps.md#view-remediation-activities)

+ - [View blocked applications](tvm-block-vuln-apps.md#view-blocked-applications)

+ - [Unblock applications](tvm-block-vuln-apps.md#unblock-applications)

+4. Use enhanced assessment capabilities such as [Network shares analysis](tvm-network-share-assessment.md) to protect vulnerable network shares. As network shares can be easily accessed by network users, small common weaknesses can make them vulnerable. These types of misconfigurations are commonly used in the wild by attackers for lateral movement, reconnaissance, data exfiltration, and more. That's why we built a new category of configuration assessments in Defender Vulnerability Management that identify the common weaknesses that expose your endpoints to attack vectors in Windows network shares. This helps you:

+ - Disallow offline access to shares

+ - Remove shares from the root folder

+ - Remove share write permission set to 'Everyone'

+ - Set folder enumeration for shares

+

+5. View and monitor your organization's devices using a [**Vulnerable devices report**](tvm-vulnerable-devices-report.md) that shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.

+### Step 4: Set up security baseline assessments

+Instead of running point-in-time compliance scans, security baselines assessment helps you to continuously and proactively monitor your organization's compliance against industry security benchmarks in real time. A security baseline profile is a customized profile that you can create to assess and monitor endpoints in your organization against industry security benchmarks (CIS, NIST, MS). When you create a security baseline profile, you're creating a template that consists of multiple device configuration settings and a base benchmark to compare against.

+Security baselines provide support for Center for Internet Security (CIS) benchmarks for Windows 10, Windows 11, and Windows Server 2008 R2 and above, as well as Security Technical Implementation Guides (STIG) benchmarks for Windows 10 and Windows Server 2019.

+1. Get started with [security baselines assessment](tvm-security-baselines.md#get-started-with-security-baselines-assessment)

+2. Review [security baseline profile assessment results](tvm-security-baselines.md#review-security-baseline-profile-assessment-results)

+3. [Use advanced hunting](tvm-security-baselines.md#use-advanced-hunting)

+### Step 5: Create meaningful reports to get in-depth insights using APIs and Advanced Hunting

+Defender Vulnerability Management APIs can help drive clarity in your organization with customized views into your security posture and automation of vulnerability management workflows. Alleviate your security team's workload with data collection, risk score analysis, and integrations with your other organizational processes and solutions. For more information, see:

+- [Export assessment methods and properties per device](../defender-endpoint/get-assessment-methods-properties.md)

+- [Defender Vulnerability Management APIs blog](https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/new-threat-amp-vulnerability-management-apis-create-reports/ba-p/2445813)

+Advanced hunting enables flexible access to Defender Vulnerability Management raw data, which allows you to proactively inspect entities for known and potential threats.

+For more information, see [Hunt for exposed devices](../defender-endpoint/advanced-hunting-overview.md).

+## Additional resources

+- Compare offerings: [Microsoft Defender Vulnerability Management](defender-vulnerability-management-capabilities.md)

+- [Defender Vulnerability Management documentation](../defender-vulnerability-management/index.yml)

+- Datasheet: [Microsoft Defender Vulnerability Management: Reduce cyber risk with continuous vulnerability discovery and assessment, risk-based prioritization, and remediation](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4XR02)

+> Email messages that contain these blocked URLs are blocked as *high confidence phishing*.

+ - When a user reports a phishing simulation message using the [Report Message or the Report Phishing add-ins](enable-the-report-message-add-in.md), the system will not generate an alert, investigation, or incident. The links or files will not be detonated, but the message will appear on the **User reported messages** tab of the **Submissions** page.

+3. In the **Edit SecOps mailboxes** flyout that opens, enter an existing Exchange Online mailbox that you want to designate as SecOps mailbox by doing one of the following steps:

+4. When you're finished, click **Add**, and then click **Close**.

+The SecOps mailbox entries that you configured are displayed on the **SecOps mailbox** tab.

+## Use the Microsoft 365 Defender portal to modify or remove SecOps mailboxes in the advanced delivery policy

+1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Advanced delivery** in the **Rules** section. To go directly to the **Advanced delivery** page, use <https://security.microsoft.com/advanceddelivery>.

+2. On the **Advanced delivery** page, verify that the **SecOps mailbox** tab is selected, and then click  **Edit**.

+3. In the **Edit SecOps mailboxes** flyout that opens, you add or remove mailboxes as described in the previous section.

+ To remove all mailboxes, click remove  next to each value until there are no more mailboxes selected.

+4. When you're finished, click **Save** and then click **Close**.

+The SecOps mailbox entries that you configured are displayed on the **SecOps mailbox** tab. If you removed all SecOps mailbox entries, the list will be empty.

+3. In the **Edit third-party phishing simulation** flyout that opens, configure the following settings:

+ > You can optionally include **Simulation URLs to allow** to ensure that URLs in simulation messages are not blocked.

+ >

+ > You can specify up to 10 entries for each field.

+ >

+4. When you're finished, click **Add**, and then click **Close**.

+The third-party phishing simulation entries that you configured are displayed on the **Phishing simulation** tab.

+## Use the Microsoft 365 Defender portal to modify or remove third-party phishing simulations in the advanced delivery policy

+1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Email & Collaboration** \> **Policies & Rules** \> **Threat policies** \> **Advanced delivery** in the **Rules** section. To go directly to the **Advanced delivery** page, use <https://security.microsoft.com/advanceddelivery>.

+2. On the **Advanced delivery** page, select the **Phishing simulation** tab, and then click  **Edit**.

+3. In the **Edit third-party phishing simulation** flyout that opens, you add or remove entries for **Domain**, **Sending IP**, and **Simulation URLs** as described in the previous section.

+ To remove all entries, click remove  next to each value until there are no more domains, IPs, or URLs selected.

+4. When you're finished, click **Save** and then click **Close**.

+In addition to the two scenarios that the advanced delivery policy can help you with, there are other scenarios where you might need to bypass filtering:

+- **URLs**: Email messages that contain these blocked URLs are blocked as *high confidence phishing*.

+ Title: How-to deploy and configure the report message add-in

+description: The steps to deploy and configure Microsoft's phish reporting add-in(s) aimed at security administrators.

+Services that modify message content in transit before delivery to your organization can invalidate DKIM email signatures and affect authentication of the message. When these intermediary services perform such actions, they can use ARC to provide details of the original authentication before the modifications occurred. Your organization can then trust these details to help with authenticating the message.