| Category | Microsoft Docs article | Related commit history on GitHub | Change details |
|---|---|---|---|
| business-premium | M365bp Mdb Maintain Environment | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-mdb-maintain-environment.md | audience: Admin Previously updated : 08/24/2023 Last updated : 08/25/2023 ms.localizationpriority: medium - M365-Campaigns description: "Keep your systems, devices, user accounts, and security policies u After you have set up and configured [Microsoft 365 Business Premium](index.md) or [Microsoft Defender for Business](../security/defender-business/mdb-overview.md) (standalone), your next step is to prepare a plan for maintenance and operations. It's important to keep your systems, devices, user accounts, and security policies up to date to help protect against cyberattacks. You can use this article as a guide to prepare your plan. -There are two main categories of tasks to perform, as listed in the following table: --| Task type | Sections | +There are two main categories of tasks to perform, as listed in the following table:| Task type | Sections | ||| | **[Security tasks](#security-tasks)** | [Daily security tasks](#daily-security-tasks) <br/>[Weekly security tasks](#weekly-security-tasks)<br/>[Monthly security tasks](#monthly-security-tasks)<br/>[Security tasks to perform as needed](#security-tasks-to-perform-as-needed) | | **[General admin tasks](#general-admin-tasks)** | [Admin center tasks](#admin-center-tasks)<br/>[Users, groups, and passwords](#users-groups-and-passwords)<br/>[Email and calendars](#email-and-calendars)<br/>[Devices](#devices)<br/>[Devices](#devices)<br/>[Subscriptions and billing](#subscriptions-and-billing) | ## Security tasks -Security tasks are typically performed by security administrators and security operators. [Learn more about admin roles](../admin/add-users/about-admin-roles.md) and [assign security roles and permissions](../security/defender-business/mdb-roles-permissions.md). +Security tasks are typically performed by security administrators and security operators. ++- [Learn more about admin roles](../admin/add-users/about-admin-roles.md) +- [Assign security roles and permissions](../security/defender-business/mdb-roles-permissions.md) ### Daily security tasks Security tasks are typically performed by security administrators and security o | **Learn about new incidents or alerts** | As threats are detected and alerts are triggered, incidents are created. Your company's security team can view and manage incidents in the Microsoft 365 Defender portal.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation menu, select **Incidents**. Incidents are displayed on the page with associated alerts.<br/><br/>2. Select an alert to open its flyout pane, where you can learn more about the alert.<br/><br/>3. In the flyout, you can see the alert title, view a list of assets (such as endpoints or user accounts) that were affected, take available actions, and use links to view more information and even open the details page for the selected alert. | | **Run a scan or automated investigation** | Your security team can initiate a scan or an automated investigation on a device that has a high risk level or detected threats. Depending on the results of the scan or automated investigation, [remediation actions](#remediation-actions-for-devices) can occur automatically or upon approval.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Assets** > **Devices**.<br/><br/>2. Select a device to open its flyout panel, and review the information that is displayed.<br/>- Select the ellipsis (...) to open the actions menu.<br/>- Select an action, such as **Run antivirus scan** or **Initiate Automated Investigation**. | + ### Weekly security tasks Security tasks are typically performed by security administrators and security o | **Monitor and improve your Secure Score** | Microsoft Secure Score is a measurement of your organization's security posture. Higher numbers indicate that fewer improvement actions are needed. By using Secure Score, you can: <br/>- Report on the current state of your organization's security posture.<br/>- Improve your security posture by providing discoverability, visibility, guidance, and control.<br/>- Compare with benchmarks and establish key performance indicators (KPIs).<br/><br/>To check your score, follow these steps:<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane choose **Secure score**. <br/><br/>2. Review and make decisions about the remediations and actions in order to improve your overall Microsoft secure score. | | **Improve your Secure Score for devices** | Improve your security configuration by remediating issues using the security recommendations list. As you do so, your Microsoft Secure Score for Devices improves and your organization becomes more resilient against cybersecurity threats and vulnerabilities going forward. It's always worth the time it takes to review and improve your score.<br/><br/>To check your secure score, follow these steps: <br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane select **Secure score**.<br/><br/>2. From the **Microsoft Secure Score for Devices** card in the Defender Vulnerability Management dashboard, select one of the categories. A list of recommendations related to that category displays, along with recommendations.<br/><br/>3.Select an item on the list to display details related to the recommendation.<br/><br/>4. Select **Remediation options**.<br/><br/>5. Read the description to understand the context of the issue and what to do next. Choose a due date, add notes, and select **Export all remediation activity data to CSV** so you can attach it to an email for follow-up. A confirmation message tells you the remediation task has been created.<br/><br/>6. Send a follow-up email to your IT Administrator and allow for the time that you've allotted for the remediation to propagate in the system.<br/><br/>7. Return to the Microsoft Secure Score for Devices card on the dashboard. The number of security controls recommendations has decreased as a result of your actions.<br/><br/>8. Select **Security controls** to go back to the Security recommendations page. The item that you addressed isn't listed there anymore, which results in your Microsoft secure score improving. | + ### Monthly security tasks Security tasks are typically performed by security administrators and security o | **Run a simulation tutorial** | It's always a good idea to increase the security preparedness for you and your team through training. You can access simulation tutorials in the Microsoft 365 Defender portal. The tutorials cover several types of cyber threats. To get started, follow these steps:<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Tutorials**.<<br/><br/>2. Read the walk-through for a tutorial you're interested in running, and then download the file, or copy the script needed to run the simulation according to the instructions. | | **Explore the Learning hub** | Use the Learning hub to increase your knowledge of cybersecurity threats and how to address them. We recommend exploring the resources that are offered, especially in the Microsoft 365 Defender and Endpoints sections.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, choose **Learning hub**.<br/><br/>2. Select an area, such as **Microsoft 365 Defender** or **Endpoints**.<br/><br/>3. Select an item to learn more about each concept. <br/><br/>Some resources in the Learning hub might cover functionality that isn't included in Defender for Business. For example, advanced hunting capabilities are included in enterprise subscriptions, such as Defender for Endpoint Plan 2 or Microsoft 365 Defender, but not in Defender for Business. [Compare security features in Microsoft 365 plans for small and medium-sized businesses](../security/defender-business/compare-mdb-m365-plans.md). | + ### Security tasks to perform as needed Security tasks are typically performed by security administrators and security o | **Onboard or offboard devices** | As devices are replaced or retired, new devices are purchased, or your business needs change, you can onboard or offboard devices from Defender for Business. <br/><br/>See the following articles: <br/>- [Onboard devices to Microsoft Defender for Business](../security/defender-business/mdb-onboard-devices.md) <br/>- [Offboard a device from Microsoft Defender for Business](../security/defender-business/mdb-offboard-devices.md) | | **Remediate an item** | Defender for Business includes several [remediation actions](#remediation-actions-for-devices). Some actions are taken automatically, and others await approval by your security team.<br/><br/>1. In the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)), in the navigation pane, go to **Assets** > **Devices**.<br/><br/>2. Select a device, such as one with a high risk level or exposure level. A flyout pane opens and displays more information about alerts and incidents generated for that item.<br/><br/>3. On the flyout, view the information that is displayed. Select the ellipsis (...) to open a menu that lists available actions.<br/><br/>4. Select an available action. For example, you might choose **Run antivirus scan**, which will cause Microsoft Defender Antivirus to start a quick scan on the device. Or, you could select **Initiate Automated Investigation** to trigger an automated investigation on the device. | + ### Remediation actions for devices |
| enterprise | Additional Office365 Ip Addresses And Urls | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls.md | Apart from DNS, these instances are all optional for most customers unless you n |20|**[Azure AD Connect](/azure/active-directory/hybrid/)** with 21 ViaNet in China to sync on-premises user accounts to Azure AD.|\*.digicert.com:80 <BR> \*.entrust.net:80 <BR> \*.chinacloudapi.cn:443 <br> secure.aadcdn.partner.microsoftonline-p.cn:443 <br> \*.partner.microsoftonline.cn:443 <p> Also see [Troubleshoot ingress with Azure AD connectivity issues](https://docs.azure.cn/zh-cn/active-directory/hybrid/tshoot-connect-connectivity).|Outbound server-only traffic| |21|**Microsoft Stream** (needs the Azure AD user token). <br> Office 365 Worldwide (including GCC)|\*.cloudapp.net <br> \*.api.microsoftstream.com <br> \*.notification.api.microsoftstream.com <br> amp.azure.net <br> api.microsoftstream.com <br> az416426.vo.msecnd.net <br> s0.assets-yammer.com <br> vortex.data.microsoft.com <br> web.microsoftstream.com <br> TCP port 443|Inbound server traffic| |22|Use **MFA server** for multi-factor authentication requests, both new installations of the server and setting it up with Active Directory Domain Services (AD DS).|See [Getting started with the Azure AD multi-factor authentication Server](/azure/active-directory/authentication/howto-mfaserver-deploy#plan-your-deployment).|Outbound server-only traffic|-|23|**Microsoft Graph Change Notifications** <p> Developers can use [change notifications](/graph/webhooks?context=graph%2fapi%2f1.0&view=graph-rest-1.0&preserve-view=true) to subscribe to events in the Microsoft Graph.|Public Cloud: 52.159.23.209, 52.159.17.84, 13.78.204.0, 52.147.213.251, 52.147.213.181, 20.127.53.125, 70.37.95.92, 70.37.95.11, 70.37.92.195, 20.9.36.45, 20.9.35.166, 20.9.36.128, 20.96.21.67, 20.69.245.215, 104.46.117.15, 137.135.11.161, 137.135.11.116, 20.253.156.113, 52.159.107.50, 52.159.107.4, 52.159.124.33, 20.98.68.182, 20.98.68.57, 20.98.68.200, 20.171.81.121, 20.25.189.138, 20.171.82.192, 52.142.114.29, 52.142.115.31, 20.223.139.245, 51.124.75.43, 51.124.73.177, 104.40.209.182, 20.199.102.157, 20.199.102.73, 20.216.150.67, 20.91.212.211, 20.91.212.136, 20.91.213.57, 20.44.210.83, 20.44.210.146, 20.212.153.162, 40.80.232.177, 40.80.232.118, 52.231.196.24, 20.48.12.75, 20.48.11.201, 20.89.108.161, 104.215.13.23, 104.215.6.169, 20.89.240.165 <br> <p> Microsoft Cloud for US Government: 52.244.33.45, 52.244.35.174, 52.243.157.104, 52.243.157.105, 52.182.25.254, 52.182.25.110, 52.181.25.67, 52.181.25.66, 52.244.111.156, 52.244.111.170, 52.243.147.249, 52.243.148.19, 52.182.32.51, 52.182.32.143, 52.181.24.199, 52.181.24.220 <p> Microsoft Cloud China operated by 21Vianet: 42.159.72.35, 42.159.72.47, 42.159.180.55, 42.159.180.56, 40.125.138.23, 40.125.136.69, 40.72.155.199, 40.72.155.216 <br> TCP port 443 <p> Note: Developers can specify different ports when creating the subscriptions.|Inbound server traffic| +|23|**Microsoft Graph Change Notifications** <p> Developers can use [change notifications](/graph/webhooks?context=graph%2fapi%2f1.0&view=graph-rest-1.0&preserve-view=true) to subscribe to events in the Microsoft Graph.|Public Cloud:<br>52.159.23.209, 52.159.17.84, 13.78.204.0, 52.148.24.136, 52.148.27.39, 52.147.213.251, 52.147.213.181, 20.127.53.125, 40.76.162.99, 40.76.162.42, 70.37.95.92, 70.37.95.11, 70.37.92.195, 70.37.93.191, 70.37.90.219, 20.9.36.45, 20.9.35.166, 20.9.36.128, 20.9.37.73, 20.9.37.76, 20.96.21.67, 20.69.245.215, 104.46.117.15, 20.96.21.98, 20.96.21.115, 137.135.11.161, 137.135.11.116, 20.253.156.113, 137.135.11.222, 137.135.11.250, 52.159.107.50, 52.159.107.4, 52.159.124.33, 52.159.109.205, 52.159.102.72, 20.98.68.182, 20.98.68.57, 20.98.68.200, 20.98.68.203, 20.98.68.218, 20.171.81.121, 20.25.189.138, 20.171.82.192, 20.171.83.146, 20.171.83.157, 52.142.114.29, 52.142.115.31, 20.223.139.245, 51.104.159.213, 51.104.159.181, 51.124.75.43, 51.124.73.177, 104.40.209.182, 51.138.90.7, 51.138.90.52, 20.199.102.157, 20.199.102.73, 20.216.150.67, 20.111.9.46, 20.111.9.77, 13.87.81.123, 13.87.81.35, 20.90.99.1, 13.87.81.133, 13.87.81.141, 20.91.212.211, 20.91.212.136, 20.91.213.57, 20.91.208.88, 20.91.209.147, 20.44.210.83, 20.44.210.146, 20.212.153.162, 52.148.115.48, 52.148.114.238, 40.80.232.177, 40.80.232.118, 52.231.196.24, 40.80.233.14, 40.80.239.196, 20.48.12.75, 20.48.11.201, 20.89.108.161, 20.48.14.35, 20.48.15.147, 104.215.13.23, 104.215.6.169, 20.89.240.165, 104.215.18.55, 104.215.12.254 <br> <br> Microsoft Cloud for US Government: <br>52.244.33.45, 52.244.35.174, 52.243.157.104, 52.243.157.105, 52.182.25.254, 52.182.25.110, 52.181.25.67, 52.181.25.66, 52.244.111.156, 52.244.111.170, 52.243.147.249, 52.243.148.19, 52.182.32.51, 52.182.32.143, 52.181.24.199, 52.181.24.220 <br> <br> Microsoft Cloud China operated by 21Vianet:<br> 42.159.72.35, 42.159.72.47, 42.159.180.55, 42.159.180.56, 40.125.138.23, 40.125.136.69, 40.72.155.199, 40.72.155.216 <br> <br> TCP port 443 <p> Note: Developers can specify different ports when creating the subscriptions.|Inbound server traffic| |24|**Network Connection Status Indicator**<p>Used by Windows 10 and 11 to determine if the computer is connected to the internet (does not apply to non-Windows clients). When this URL cannot be reached, Windows assumes it is not connected to the Internet and M365 Apps for Enterprise will not try to verify activation status, causing connections to Exchange and other services to fail.|www.msftconnecttest.com <br> <p> Also see [Manage connection endpoints for Windows 11 Enterprise](/windows/privacy/manage-windows-11-endpoints) and [Manage connection endpoints for Windows 10 Enterprise, version 21H2](/windows/privacy/manage-windows-21h2-endpoints).|Outbound server-only traffic| |25|**Teams Notifications on Mobile Devices**<p>Used by Android and Apple mobile devices to receive push notifications to the Teams client for incoming calls and other Teams services. When these ports are blocked, all push notifications to mobile devices fail.|For specific ports, see [FCM ports and your firewall in the Google Firebase documentation](https://firebase.google.com/docs/cloud-messaging/concept-options#messaging-ports-and-your-firewall) and [If your Apple devices aren't getting Apple push notifications](https://support.apple.com/en-us/HT203609).|Outbound server-only traffic| |
| enterprise | Administering Exchange Online Multi Geo | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/administering-exchange-online-multi-geo.md | +- seo-marvel-mar2020 +- has-azure-ad-ps-ref +- azure-ad-ref-level-one-done ms.localizationpriority: medium description: Learn how to administer Exchange Online multi-geo settings in your Microsoft 365 environment with PowerShell. |
| enterprise | Plan Multi Tenant Org Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/plan-multi-tenant-org-overview.md | For the best experience in multi-tenant organizations, users need [the new Micro - Set their status for each account and organization individually. - User profile card shows organization name and email address -To control which users can use the new Teams desktop client, use the Teams update policies. For more information, see [Deploy the new Teams using policies](/microsoftteams/new-teams-deploy-using.-policies) +To control which users can use the new Teams desktop client, use the Teams update policies. For more information, see [Deploy the new Teams using policies](/microsoftteams/new-teams-deploy-using-policies) ## Trusted organizations in external access The following are limitations of the multi-tenant organizations in Microsoft 365 If you want to add more than five tenants or 100,000 users per tenant, contact Microsoft support. +For additional limitations, see [Known issues for multi-tenant organizations](/azure/active-directory/multi-tenant-organizations/multi-tenant-organization-known-issues). + ## Set up or join a multi-tenant organization To set up a new multi-tenant organization where your tenant is the owner, see [Set up a multi-tenant organization in Microsoft 365](set-up-multi-tenant-org.md). To join an existing multi-tenant organization as a member tenant, see [Join or l ## Related topics -[Configure a multi-tenant organization using Microsoft Graph API](/azure/active-directory/multi-tenant-organizations/configure-graph) +[Configure cross-tenant synchronization using PowerShell or Microsoft Graph API](/azure/active-directory/multi-tenant-organizations/cross-tenant-synchronization-configure-graph) [Synchronize users in multi-tenant organizations in Microsoft 365](sync-users-multi-tenant-orgs.md) |
| frontline | Sms Notifications Usage Report | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/sms-notifications-usage-report.md | appliesto: - Microsoft Teams - Microsoft 365 for frontline workers Previously updated : 3/23/2023 Last updated : 08/25/2023 # Microsoft Teams SMS notifications usage report  **This feature requires [Teams Premium](/microsoftteams/teams-add-on-licensing/licensing-enhance-teams).** -The SMS notifications usage report in the Microsoft Teams admin center gives you an overview of SMS notifications usage in your organization. +The SMS notifications usage report in the Microsoft Teams admin center gives you an overview of SMS notifications usage for virtual appointments in your organization. It provides usage data for SMS notifications sent in the Virtual Appointments app and in Teams Electronic Health Record (EHR)-integrated appointments. -You can track key data for confirmation and reminder text messages sent to external attendees in virtual appointments scheduled by your staff. The report provides information such as date and time sent, notification type, delivery status, and distribution details. +You can track key data for confirmation and reminder text messages sent to external attendees in virtual appointments scheduled by your staff. The report provides information such as date and time sent, notification type, distribution details, and delivery status. To access the report, you must be a Global admin, Teams admin, Global reader, or Report reader. To access the report, you must be a Global admin, Teams admin, Global reader, or 1. In the left navigation of the Teams admin center, choose **Analytics & reports** > **Usage reports**. On the **View reports** tab, under **Report**, select **SMS notifications usage**. 2. Under **Date range**, select a date range of 7 days, 30 days, or 90 days. Then, choose **Run report**. - The report contains the following information: - - |Tab |Description | - ||| - |**[Distribution](#distribution)** |Shows a breakdown of the number of SMS notifications sent in Bookings appointments and in Teams Electronic Health Record (EHR)-integrated appointments.| - ## Interpret the report -Here's what you'll see on each tab of the report. --### Distribution +On the **Distribution** tab, you'll see a chart that provides an overview of SMS notifications usage, by month, for the date range that you selected. The table shows distribution details for each SMS notification that was sent. |Callout |Description | |--|-| |**1** |Each report has a date for when the report was generated. The reports usually reflect a 24 to 48-hour latency from time of activity. |-|**2** |The X axis is the selected date range for the report, by month. The Y axis is the number of SMS notifications.<br>Hover over the dot on a given date to see the number of SMS notifications sent on that date.| -|**3** |You can filter what you see on the chart by selecting an item. For example, select **SMS sent in EHR** or **SMS sent in Bookings** to see only the info related to each one. Changing this selection doesnΓÇÖt change the information in the table.| -|**4** |The table gives you detailed information about each SMS notification that was sent during the selected date range. <ul><li>**Sent time (UTC)** is the date and time when the notification was sent.</li> <li>**Sent from** indicates the source of the notification.</li> <li>**SMS notification type** shows whether the notification is an appointment reminder or confirmation.</li> <li>**Product type** indicates whether the virtual appointment was scheduled through Bookings or the Teams EHR connector.</li> <li>**Status** shows the delivery status.</li></ul> | +|**2** |The X axis is the selected date range for the report, by month. The Y axis is the number of SMS notifications.<br>Hover over the dot on a given month to see the number of SMS notifications sent during that time period.| +|**3** |You can filter what you see on the chart by selecting an item. For example, select **SMS sent in EHR** or **SMS sent in Virtual Appointments** to see only the info related to each one. Changing this selection doesnΓÇÖt change the information in the table.| +|**4** |The table gives you detailed information about each SMS notification that was sent during the selected date range. <ul><li>**Sent time (UTC)** is the date and time when the notification was sent.</li> <li>**Sent from** indicates the source of the notification (toll-free number or sender service).</li> <li>**SMS notification type** shows whether the notification is an appointment reminder or confirmation.</li> <li>**Product type** indicates the product used to schedule the appointment.</li> <li>**Status** shows the delivery status. To learn more, see [Delivery status descriptions](#delivery-status-descriptions).</li></ul> | ++### Delivery status descriptions ++Here are the delivery status values that you may see in the report and what they mean. ++|Status |Description | +||| +|Sent|Notification delivered to the recipientΓÇÖs phone.| +|Not Delivered ΓÇô Blocked by recipient|Recipient doesn't want to receive messages and opted out.| +|Not Delivered ΓÇô Invalid phone number|The number has an invalid format for the destination| +|Not Delivered - Phone number doesn't exist|The number has a valid prefix and format but doesn't exist or isn't allocated.| +|Not Delivered - Blocked phone number|The number is reported as a spam number and is in the vendor's blocklist.| +|Not Delivered - Unreachable phone number|Recipient's phone is switched off or out of the coverage area.| +|Not Delivered - Spam detected|Keyword-based filter detected spam.| +|Not Delivered - Recipient blocked|Recipient's number is blocked from receiving SMS messages from any sender.| +|Not Delivered - Other error|Other internal server errors.| ## Related articles |
| lighthouse | M365 Lighthouse Tenants Page Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-tenants-page-overview.md | The Tenant overview section provides information about the customer tenant from | Tenant information | Description| |--||-| Roles | The roles assigned to you in the tenant. Roles determine which tasks you can complete for customers, and what data you can view.| -| Headquarters | Where the tenant is located.| -| Industry |The organization's industry.| -| Customer domain |The organization's domain.| -| Website |The organization's website. You may edit this field if no data is provided.| +| Tenant Domain |The organization's domain.| +| Tenant ID|The organizations's tenant ID.| +| Lighthouse management | The management status of the customer tenant in Lighthouse (Active, Limited, or Inactive) | +| Your permissions | The roles assigned to you in the tenant. Roles determine which tasks you can complete for customers, and what data you can view.| | Total users |The number of users assigned in the tenant. You may select this number to open the Users page for that tenant.| | Total devices|The number of devices enrolled in the tenant. You may select this number to open the Devices page for that tenant.| -#### Contacts section +#### Customer overview -The Contacts section provides information for key contacts within the tenants you manage, such as: +The Customer overview section provides the following information for key contacts within the tenants you manage: ++- Headquarter location +- Industry +- Customer domain +- Company website ++#### Customer contacts ++The Customer contacts section provides the following information for key contacts within the tenants you manage: - Name - Title The **Notes** column shows information for the tenant, such as engagement prefer To edit details, add notes, or delete an existing contact, select the contact name from the list. In the **Edit contact** pane, edit or delete the contact. To add another contact, select **+Add contact**. +#### Deployment and User progress section ++These sections provide a graphical view of the progress for deployment and user progress. + #### Microsoft 365 services usage section Lighthouse provides insights into Microsoft 365 services usage, including how many users within a customer tenant are licensed and actively using each service. The **Active users & devices** column indicates the number of users or devices that have signed in to the service at least once in the past 28 days. The **Change in activity** column indicates change in active users and devices since last month. The **Microsoft 365 services usage** section contains two sub-sections: - **Microsoft 365 Lighthouse-enabled - **Additional Microsoft 365 -### Deployment Plan tab +### Deployment plan tab ++The Deployment plans tab provides status on a customer tenant's deployment plan. The deployment steps in the list are based on the baseline applied to the tenant. To see deployment step details, select a deployment step from the list. -The Deployment Plans tab provides status on a customer tenant's deployment plan. The deployment steps in the list are based on the baseline applied to the tenant. To see deployment step details, select a deployment step from the list. +The Deployment plan tab also includes the following options: -The Deployment Plan tab also includes the following options: +- **Refresh:** Select to retrieve the most current deployment step data. +- **Search:** Enter keywords to quickly locate a specific deployment step in the list. ++### Deployment progress by user tab -- **Export:** Select to export deployment step data to an Excel comma-separated values (.csv) file.+This tab provides deployment status of each user for tasks that support user progress reporting. You can select a user to see more details. Deployment progress is only available for licensed tasks. User progress is only reported for tasks that are **Compliant**, **Not compliant**, or **Dismissed**. ++The Deployment progress by user tab also includes the following options: ++- **Export:** Select to export tenant data to an Excel comma-separated values (.csv) file. - **Refresh:** Select to retrieve the most current deployment step data. - **Search:** Enter keywords to quickly locate a specific deployment step in the list. |
| loop | Loop Compliance Summary | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-compliance-summary.md | Because Loop components are stored as files in OneDrive, there are many capabili - [Sensitivity Labeling](/microsoft-365/compliance/information-protection) (Microsoft Information Protection) at the File-level - End-user ability to see [Data Loss Prevention (DLP)](/microsoft-365/compliance/dlp-learn-about-dlp) policy tips-- Graph API to convert Loop content into HTML for export - [Conditional Access](/azure/active-directory/conditional-access/overview) ## Summary of compliance capabilities for content created in Loop workspaces Content created in a Loop workspace is stored in Syntex repository services. You Syntex repository services has many of the same compliance capabilities as the rest of SharePoint and OneDrive. However, the capabilities below are **not available** yet for content created in Loop workspaces. While we continue to improve rapidly in this area, if you require any of these capabilities, Microsoft recommends proactively disabling Loop workspaces using the instructions here: [Manage Loop workspaces in Syntex repository services](/microsoft-365/loop/loop-workspaces-configuration): - [Intune Device Management Support](/mem/intune/remote-actions/device-management)-- Graph API to convert Loop content into HTML for export - Tenant admin experience: Restoring a deleted workspace - End-user ability to see or set [Retention Labels](/microsoft-365/compliance/retention-policies-sharepoint) - [Sensitivity Labeling](/microsoft-365/compliance/information-protection) (Microsoft Information Protection) at the File-level and Container-level |
| loop | Loop Components Teams | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-components-teams.md | The .loop files can only be opened as links in your browser, such as Office.com, Loop components created in Teams, Outlook, and Word for the web, are discoverable and have eDiscovery workflow support using the Microsoft Purview tool. Currently, these files are stored in the creatorΓÇÖs OneDrive and are available for search and collection, and render in review for both eDiscovery (Standard) and eDiscovery (Premium). The HTML offline export format is supported on eDiscovery (Premium). You can also download and re-upload the files to any OneDrive to view them in their native format. -A third-party graph export API solution is also available for Loop components that supports both raw export and an HTML offline format. +A [graph export API](/graph/api/driveitem-get-content-format) solution is also available for Loop components that supports both raw export and an HTML offline format. ## If Loop is disabled from the admin switch, what will the user experience be? |
| loop | Loop Workspaces Storage Permission | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/loop/loop-workspaces-storage-permission.md | Loop workspaces don't use Microsoft 365 groups for access management, instead th Loop content (pages and components) created in the Loop app are discoverable and have eDiscovery workflow support using the Microsoft Purview tool. As mentioned above, these files are stored in [Syntex repository services](https://devblogs.microsoft.com/microsoft365dev/introducing-syntex-repository-services-microsoft-365-superpowers-for-your-app/) and are available for search and collection, and render in review for both eDiscovery (Standard) and eDiscovery (Premium). The HTML offline export format is supported on eDiscovery (Premium). You can also download and re-upload the files to any OneDrive to view them in their native format. -A graph export API solution is also available for Loop pages and components that supports both raw export and an HTML offline format. +A [graph export API](/graph/api/driveitem-get-content-format) solution is also available for Loop pages and components that support both raw export and an HTML offline format. ## Storage management after user departure |
| security | Linux Preferences | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-preferences.md | Specifies the enforcement preference of antivirus engine. There are three values - Real-time protection is turned off. - [Passive (`passive`)](microsoft-defender-antivirus-compatibility.md#passive-mode-or-edr-block-mode): Runs the antivirus engine in passive mode. In this: - Real-time protection is turned off: Threats are not remediated by Microsoft Defender Antivirus.- - On-demand scanning is turned on: Still use the scan capabilites on the endpoint. + - On-demand scanning is turned on: Still use the scan capabilities on the endpoint. - Automatic threat remediation is turned off: No files will be moved and security admin is expected to take required action. - Security intelligence updates are turned on: Alerts will be available on security admins tenant. Determines whether module load events are monitored using eBPF and scanned. |**Possible values**|disabled (default) <p> enabled| |**Comments**|Available in Defender for Endpoint version 101.68.80 or higher.| -#### Network protection configurations +#### Report AV Suspicious Events to EDR ++Determines whether suspicious events from Antivirus are reported to EDR. ++|Description|Value| +||| +|**Key**|sendLowfiEvents| +|**Data type**|String| +|**Possible values**|disabled (default) <p> enabled| +|**Comments**|Available in Defender for Endpoint version 101.23062.0010 or higher.| ++### Network protection configurations The following settings can be used to configure advanced Network Protection inspection features to control what traffic gets inspected by Network Protection. The following settings can be used to configure advanced Network Protection insp |**Data type**|Dictionary (nested preference)| |**Comments**|See the following sections for a description of the dictionary contents.| -##### Configure ICMP inspection +#### Configure ICMP inspection Determines whether ICMP events are monitored and scanned. >[!NOTE] |
| security | Professional Services | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/professional-services.md | Managed security services that assist organizations to detect threats early and |[Managed Security Services for Microsoft Defender Suite](https://go.microsoft.com/fwlink/?linkid=2202476)|Dell Technologies|Dell Technologies is a Global services delivery company with a distributed Security Operations Center that is available 24 by 7 to serve customers with security monitoring and management. They help onboard customers and improve their security posture and offload the burden of hiring and managing a full security team while reaping the benefits of 24 hour detection and response.| |[CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202385)|CSIS|Provides 24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when, and how security incidents have taken place.| |[MDR for Endpoints](https://go.microsoft.com/fwlink/?linkid=2202676)|NTT Ltd.|MDR for Endpoints helps increase your cyber resilience with Managed Detection and Response (MDR) service. Combines 24/7 human & machine expertise, best-of-breed technologies, and global threat intelligence to detect and disrupt hard-to-find attacks, making it more secure.|-|[BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| +|[BlueVoyant MDR for Microsoft 365 Defender](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| |[White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)|White Hat IT Security|White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts.| |[eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202582)|eSentire|MDR you can trust that provides 24/7 threat investigations and responses via Microsoft 365 Defender suite.| |[Aujas Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202672)|Aujas Cybersecurity|Managed security services that assist organizations to detect threats early and help minimize the impact of a breach.| Managed security services that assist organizations to detect threats early and |[Nedscaper Managed XDR](https://go.microsoft.com/fwlink/?linkid=2202478)|Nedscaper|Nedscaper Manager XDR (MDR) is a Managed Detect and Respond SaaS solution, which provides 24/7 Threat Protection, continues Vulnerability Management and combined Threat Intelligence built on Azure. The Microsoft (365 & Azure) Defender products, plus any non-Microsoft / 3P Security solution, is connected to Microsoft Sentinel as the core platform for the Security analysts.| |[dinext. pi-SOC](https://go.microsoft.com/fwlink/?linkid=2202581)|dinext AG|Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, dinext AG accompanies customers holistically on their way to a modern security environment.| |[Synergy Advisors Teams App](https://go.microsoft.com/fwlink/?linkid=2202392)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Azure Active Directory while ensuring identity governance, and compliance.|-|[Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| -|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| +|[Managed Microsoft XDR](https://go.cyberproof.com/hubfs/CyberProof_Managed%20XDR%20for%20Microsoft_2022_06.pdf)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| +|[SecureShield365](https://patriotconsultingtech.com/)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| |[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895)|Open Systems|Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24x7 protection while reducing attack surfaces and MTTR.| |[Kroll](https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder)|Kroll|Kroll provides proprietary data, technology and insights to help our clients stay ahead of complex demands related to risk, governance and growth. Our solutions deliver a powerful competitive advantage, enabling faster, smarter and more sustainable decisions. With 5,000 experts around the world, we create value and impact for our clients and communities.| Respond to security incidents quickly, effectively and at scale with complete in |Service name|Vendor|Description| |||| |[Microsoft Incident Response](https://go.microsoft.com/fwlink/?linkid=2203105)|Microsoft|The Cybersecurity Incident Response service is an effective way to respond to incidents due to the activities of today's adversaries and sophisticated criminal organizations. This service seeks to determine whether systems are under targeted exploitation via investigation for signs of advanced implants and anomalous behavior.|-|[Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| -|[Trustwave MDR](https://go.microsoft.com/fwlink/?linkid=2202849)|Trustwave|Trustwave offers a security service (Gartner Leader) for endpoint using Microsoft Defender for Endpoint.| +|[Managed Microsoft XDR](https://go.cyberproof.com/hubfs/CyberProof_Managed%20XDR%20for%20Microsoft_2022_06.pdf)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| +|[Trustwave MDR](https://azuremarketplace.microsoft.com/marketplace/apps/trustwaveholdingsinc1611868326737.tw_mdr_managed_service?tab=Overview)|Trustwave|Trustwave offers a security service (Gartner Leader) for endpoint using Microsoft Defender for Endpoint.| |[Active Remediation](https://go.microsoft.com/fwlink/?linkid=)|Red Canary|Red Canary security experts respond to remediate threats on your endpoints, 24x7. Requires Red Canary MDR for Microsoft.| |[Onevinn DFIR](https://go.microsoft.com/fwlink/?linkid=2202584)|Onevinn|Onevinn DFIR, Digital Defense and Incident Response team, when you're having a breach and you need urgent assistance to gain back control of your IT Environment.| |[Cloud Security Operations Center](https://go.microsoft.com/fwlink/?linkid=2202671)|glueckkanja-gab AG|Monitors your Microsoft Security Solutions 24/7, respond to threats on your behalf and work closely with your IT to continuously improve your security posture.| Respond to security incidents quickly, effectively and at scale with complete in |[Managed Security Services for Microsoft Defender Suite](https://go.microsoft.com/fwlink/?linkid=2202476)|Dell Technologies|Dell Technologies is a Global services delivery company with a distributed Security Operations Center that is available 24/7 to serve customers with security monitoring and management. They help onboard customers and improve their security posture and offload the burden of hiring and managing a full security team while reaping the benefits of 24 hour detection and response.| |[CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202385)|CSIS|24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when, and how security incidents have taken place.| |[MDR for Endpoints](https://go.microsoft.com/fwlink/?linkid=2202676)|NTT Ltd.|Increase your cyber resilience with Managed Detection and Response (MDR) service. Combining 24/7 human & machine expertise, best-of-breed technologies, and global threat intelligence to detect and disrupt hard-to-find attacks, making you more secure.|-|[BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| +|[BlueVoyant MDR for Microsoft 365 Defender](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| |[White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)|White Hat IT Security|White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts.| |[eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202582)|eSentire|MDR you can trust that provides 24/7 threat investigations and responses via Microsoft 365 Defender suite.| |[Aujas Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202672)|Aujas Cybersecurity|Managed security services that assist organizations to detect threats early and help minimize the impact of a breach.| Respond to security incidents quickly, effectively and at scale with complete in |[Taegis XDR](https://go.microsoft.com/fwlink/?linkid=2202848)|Secureworks|Taegis™ ManagedXDR is Secureworks® 24x7 managed detection and response service, which helps you detect advanced threats and take the right action. Included threat hunting and incident response capabilities help you scale your security operations as Secureworks uses threat data collected across thousands of customers to improve your security posture. Secureworks' combination of proprietary security analytics software, SecOps expertise, incident response and threat hunting experience, threat intelligence capabilities, and 20-year history of service excellence helps reduce risk to your business.| |[Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)|The Collective|The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch.| |[dinext. pi-SOC](https://go.microsoft.com/fwlink/?linkid=2202581)|dinext AG|Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, dinext AG accompanies customers holistically on their way to a modern security environment.|-|[Synergy Advisors Teams App](https://go.microsoft.com/fwlink/?linkid=2202392)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Azure Active Directory while ensuring identity governance, and compliance.| +|[Synergy Advisors Teams App](https://synergyadvisors.biz/e-visor-teams-app/)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Azure Active Directory while ensuring identity governance, and compliance.| |[SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677)|Sepago GmbH|SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft 365 Defender solutions and Microsoft Sentinel.They help you to constantly evolve your security landscape with both technical and organizational experience.|-|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| +|[SecureShield365](https://patriotconsultingtech.com/)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| |[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895)|Open Systems|Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24x7 protection while reducing attack surfaces and MTTR.| - ## Protect Protect your organization proactively by evaluating your organization's ability to effectively prevent, detect, and respond to cyber threats before they disrupt your business. Protect your organization proactively by evaluating your organization's ability |[Security Operations & MDR](https://go.microsoft.com/fwlink/?linkid=2202843)|BDO|BDO's Security Operations Center (SOC) provides continuous detection, protection and response for organizations globally. BDO MDR is like having eyes where you don't. It's modern technology and experts make hunting, detecting and responding one less thing to keep up with. Because they have eyes where we don't.| |[DXC Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202580)|DXC|DXC Managed Endpoint Threat Detection and Response gives your organization the capability to successfully detect and respond to threats in your environment. Powered by Microsoft's Defender for Endpoint and DXC Technology security experts with unparalleled knowledge of global threats,| |[Managed Security Services for Microsoft Defender Suite](https://go.microsoft.com/fwlink/?linkid=2202476)|Dell Technologies|Dell Technologies is a Global services delivery company with a distributed Security Operations Center that is available 24 by 7 to serve customers with security monitoring and management. Help onboard customers and improve their security posture and offload the burden of hiring and managing a full security team while reaping the benefits of 24 hour detection and response.|-|[BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| +|[BlueVoyant MDR for Microsoft 365 Defender](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| |[White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)|White Hat IT Security|White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts.| |[eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202582)|eSentire|MDR you can trust that provides 24/7 threat investigations and responses via Microsoft 365 Defender suite.| |[Aujas Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202672)|Aujas Cybersecurity|Managed security services that assist organizations to detect threats early and help minimize the impact of a breach.| Protect your organization proactively by evaluating your organization's ability |[Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)|The Collective|The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch.| |[dinext. pi-SOC](https://go.microsoft.com/fwlink/?linkid=2202581)|dinext AG|Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, dinext AG accompanies customers holistically on their way to a modern security environment.| |[Synergy Advisors Teams App](https://go.microsoft.com/fwlink/?linkid=2202392)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Azure Active Directory while ensuring identity governance, and compliance.|-|[Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| +|[Managed Microsoft XDR](https://go.cyberproof.com/hubfs/CyberProof_Managed%20XDR%20for%20Microsoft_2022_06.pdf)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| |[SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677)|Sepago GmbH|SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft 365 Defender solutions and Microsoft Sentinel. They help you to constantly evolve your security landscape with both technical and organizational experience.|-|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| -|[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895)|Open Systems|Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24x7 protection while reducing attack surfaces and MTTR.| +|[SecureShield365](https://patriotconsultingtech.com/)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| +|[Open Systems MDR+](https://www.ontinue.com/mdr/microsoft-mdr/)|Open Systems|Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24x7 protection while reducing attack surfaces and MTTR.| ## Evolve Evolve your organization's security posture through improved processes and techn |[MDR for Microsoft](https://go.microsoft.com/fwlink/?linkid=2202762)|Red Canary|24x7 managed detection, investigation, and response to threats across your Microsoft environment.| |[Security Operations & MDR](https://go.microsoft.com/fwlink/?linkid=2202843)|BDO|BDO's Security Operations Center (SOC) provides continuous detection, protection and response for organizations globally. BDO MDR is like having eyes where you don't. It's modern technology and experts make hunting, detecting and responding one less thing to keep up with. Because they have eyes where we don't.| |[DXC Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202580)|DXC|DXC Managed Endpoint Threat Detection and Response gives your organization the capability to successfully detect and respond to threats in your environment. Powered by Microsoft's Defender for Endpoint and DXC Technology security experts with unparalleled knowledge of global threats,|-|[BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| +|[BlueVoyant MDR for Microsoft 365 Defender](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| |[White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)|White Hat IT Security|White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts.| |[Taegis XDR](https://go.microsoft.com/fwlink/?linkid=2202848)|Secureworks|Taegis™ ManagedXDR is Secureworks® 24x7 managed detection and response service, which helps you detect advanced threats and take the right action. Included threat hunting and incident response capabilities help you scale your security operations as Secureworks uses threat data collected across thousands of customers to improve your security posture. Secureworks' combination of proprietary security analytics software, SecOps expertise, incident response and threat hunting experience, threat intelligence capabilities, and 20-year history of service excellence helps reduce risk to your business.| |[Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)|The Collective|The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch.| |[dinext. pi-SOC](https://go.microsoft.com/fwlink/?linkid=2202581)|dinext AG|Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, it accompanies customers holistically on their way to a modern security environment.|-|[Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| +|[Managed Microsoft XDR](https://go.cyberproof.com/hubfs/CyberProof_Managed%20XDR%20for%20Microsoft_2022_06.pdf)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| |[SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677)|Sepago GmbH|SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft 365 Defender solutions and Microsoft Sentinel. They help you to constantly evolve your security landscape with both technical and organizational experience.|-|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| -|[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895)|Open Systems|Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24x7 protection while reducing attack surfaces and MTTR.| +|[SecureShield365](https://patriotconsultingtech.com/)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| +|[Open Systems MDR+](https://www.ontinue.com/mdr/microsoft-mdr/)|Open Systems|Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24x7 protection while reducing attack surfaces and MTTR.| ## Educate Mature and maintain your internal team's security capabilities to prevent, detec |[Microsoft 365 Defender Professional Services](https://go.microsoft.com/fwlink/?linkid=2202675)|Netwoven|Consulting and deployment services for the Defender suite| |[Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480)|Wortell|Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell will provide security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models| |[Mandiant MDR for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202388)|Mandiant, Inc.|Mandiant Managed Defense protects your business with a managed detection and response (MDR) service fueled by dedicated and frontline IR experts who protect against motivated adversaries with a combination of up-to-the-minute threat intelligence, data science and real-world expertise. Managed Defense helps customers optimize investments in Microsoft technology, maximize resources and accelerate investigations.|-|[BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| +|[BlueVoyant MDR for Microsoft 365 Defender](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more.| |[White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)|White Hat IT Security|White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts.| |[Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)|The Collective|The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch.| |[Synergy Advisors Teams App](https://go.microsoft.com/fwlink/?linkid=2202392)|Synergy Advisors LLC|E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Azure Active Directory while ensuring identity governance, and compliance.|-|[Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| -|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| +|[Managed Microsoft XDR](https://go.cyberproof.com/hubfs/CyberProof_Managed%20XDR%20for%20Microsoft_2022_06.pdf)|Quorum Cyber|Quorum Cyber's Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security.| +|[SecureShield365](https://patriotconsultingtech.com/)|Patriot Consulting|SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.| ## Related topics |
| security | Message Headers Eop Mdo | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/message-headers-eop-mdo.md | The individual fields and values are described in the following table. |`CAT:`|The category of protection policy, applied to the message: <ul><li>`BULK`: Bulk</li><li>`DIMP`: Domain Impersonation</li><li>`GIMP`: [Mailbox intelligence based impersonation](anti-phishing-policies-about.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>`HPHSH` or `HPHISH`: High confidence phishing</li><li>`HSPM`: High confidence spam</li><li>`MALW`: Malware</li><li>`PHSH`: Phishing</li><li>`SPM`: Spam</li><li>`SPOOF`: Spoofing</li><li>`UIMP`: User Impersonation</li><li>`AMP`: Anti-malware</li><li>`SAP`: Safe attachments</li><li>`FTBP`: Anti-malware filetype policy</li><li>`OSPM`: Outbound spam</li><li>`INTOS`: Intra-Org phish action</li></ul> <br/> An inbound message might be flagged by multiple forms of protection and multiple detection scans. Policies have different priorities, and the policy with the highest priority is applied first. For more information, see [What policy applies when multiple protection methods and detection scans run on your email](how-policies-and-protections-are-combined.md).| |`CIP:[IP address]`|The connecting IP address. You can use this IP address in the IP Allow List or the IP Block List. For more information, see [Configure connection filtering](connection-filter-policies-configure.md).| |`CTRY`|The source country/region as determined by the connecting IP address, which might not be the same as the originating sending IP address.|+|`DIR`|The Directionality of the message: <ul><li>`INB`: Inbound message.</li><li>`OUT`: Outbound message.</li><li>`INT`: Internal message.</li></ul>| |`H:[helostring]`|The HELO or EHLO string of the connecting email server.| |`IPV:CAL`|The message skipped spam filtering because the source IP address was in the IP Allow List. For more information, see [Configure connection filtering](connection-filter-policies-configure.md).| |`IPV:NLI`|The IP address wasn't found on any IP reputation list.| The individual fields and values are described in the following table. |`SFV:SFE`|Filtering was skipped and the message was allowed because it was sent from an address in a user's Safe Senders list. <p> For more information about how admins can manage a user's Safe Senders list, see [Configure junk email settings on Exchange Online mailboxes](configure-junk-email-settings-on-exo-mailboxes.md).| |`SFV:SKA`|The message skipped spam filtering and was delivered to the Inbox because the sender was in the allowed senders list or allowed domains list in an anti-spam policy. For more information, see [Configure anti-spam policies](anti-spam-policies-configure.md).| |`SFV:SKB`|The message was marked as spam because it matched a sender in the blocked senders list or blocked domains list in an anti-spam policy. For more information, see [Configure anti-spam policies](anti-spam-policies-configure.md).|-|`SFV:SKI`|The message was marked based on content of the intra-organizational message. For example, the message was marked as SCL 1 for nonspam or SCL 5 to 9 for spam.| |`SFV:SKN`|The message was marked as nonspam before processing by spam filtering. For example, the message was marked as SCL -1 or **Bypass spam filtering** by a mail flow rule.| |`SFV:SKQ`|The message was released from the quarantine and was sent to the intended recipients.| |`SFV:SKS`|The message was marked as spam before processing by spam filtering. For example, the message was marked as SCL 5 to 9 by a mail flow rule.| |
| security | Safe Documents In E5 Plus Security About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-documents-in-e5-plus-security-about.md | + - azure-ad-ref-level-one-done search.appverid: - MET150 ms.assetid: For detailed syntax and parameter information, see [Set-AtpPolicyForO365](/power If you want to selectively allow or block access to the Safe Documents feature, follow these steps: 1. Turn on Safe Documents in the Microsoft 365 Defender portal or Exchange Online PowerShell as previously described in this article.-2. Use Azure AD PowerShell to disable Safe Documents for specific users as described in [Disable specific Microsoft 365 services for specific users for a specific licensing plan](/microsoft-365/enterprise/disable-access-to-services-with-microsoft-365-powershell#disable-specific-microsoft-365-services-for-specific-users-for-a-specific-licensing-plan). +2. Use Microsoft Graph PowerShell to disable Safe Documents for specific users as described in [Disable specific Microsoft 365 services for specific users for a specific licensing plan](/microsoft-365/enterprise/disable-access-to-services-with-microsoft-365-powershell#disable-specific-microsoft-365-services-for-specific-users-for-a-specific-licensing-plan). The name of the service plan to disable in PowerShell is **SAFEDOCS**. |
| syntex | Ocr Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/ocr-overview.md | Title: Overview of optical character recognition in Microsoft Syntex + Title: Overview of optical character recognition in Microsoft Syntex (Preview) ms.localizationpriority: medium description: Learn about optical character recognition in Microsoft Syntex. -# Overview of optical character recognition in Microsoft Syntex +# Overview of optical character recognition in Microsoft Syntex (Preview) The optical character recognition (OCR) service in Microsoft Syntex lets you extract printed or handwritten text from images, such as posters, drawings, and product labels, as well as from documents like articles, reports, forms, and invoices. The OCR service supports more than [150 languages](/azure/cognitive-services/lan ### Supported locations and solutions +The OCR service supports multiple solutions, as shown in the following table. For details about compliance solutions, see [Supported locations and solutions in Microsoft Purview](/purview/ocr-learn-about#supported-locations-and-solutions). + |Location |Supported solution | |||-|Exchange |Text is available in end-user search and search-driven scenarios. | -|SharePoint sites |Text is available in end-user search and search-driven scenarios. | -|OneDrive accounts |Text is available in end-user search and search-driven scenarios. | +|Exchange |Text is available for end-user search and search-driven solutions.<br>Text is available for [compliance solutions](/purview/ocr-learn-about#supported-locations-and-solutions). | +|SharePoint sites |Text is available for end-user search and search-driven solutions.<br>Text is available for [compliance solutions](/en-us/purview/ocr-learn-about#supported-locations-and-solutions). | +|OneDrive accounts |Text is available for end-user search and search-driven solutions.<br>Text is available for [compliance solutions](/purview/ocr-learn-about#supported-locations-and-solutions). | +|Teams chat and channel message |Text is available for [compliance solutions](/purview/ocr-learn-about#supported-locations-and-solutions). | +|Devices | Text is available for [compliance solutions](/purview/ocr-learn-about#supported-locations-and-solutions). | ### File limitations |
| syntex | Ocr | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/ocr.md | Title: Set up and manage optical character recognition in Microsoft Syntex + Title: Set up and manage optical character recognition in Microsoft Syntex (Preview) ms.localizationpriority: medium description: Learn how to set up and manage optical character recognition in Microsoft Syntex. -# Set up and manage optical character recognition in Microsoft Syntex +# Set up and manage optical character recognition in Microsoft Syntex (Preview) The optical character recognition (OCR) service for Microsoft Syntex is set up in the Microsoft 365 admin center. |