Updates from: 08/27/2021 03:19:39
Category Microsoft Docs article Related commit history on GitHub Change details
README https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/README.md
Contributors who only make infrequent or small updates can edit the file directl
2. Go to the page you want to edit on docs.microsoft.com. 3. On the right-hand side of the page, click **Edit** (pencil icon).
- ![Edit button on docs.microsoft.com](microsoft-365/media/quick-update-edit.png)
+ ![Edit button on docs.microsoft.com.](microsoft-365/media/quick-update-edit.png)
4. The corresponding topic file on GitHub opens, where you need to click the **Edit this file** pencil icon.
- ![Edit button on github.com](microsoft-365/media/quick-update-github.png)
+ ![Edit button on github.com.](microsoft-365/media/quick-update-github.png)
5. The topic opens in a line-numbered editing page where you can make changes to the file. Files in GitHub are written and edited using Markdown language. For help on using Markdown, see [Mastering Markdown](https://guides.github.com/features/mastering-markdown/). Select the **Preview changes** tab to view your changes as you go.
Contributors who only make infrequent or small updates can edit the file directl
When you're ready, click the green **Propose file change** button.
- ![Propose file change section](microsoft-365/media/propose-file-change.png)
+ ![Propose file change section.](microsoft-365/media/propose-file-change.png)
7. On the **Comparing changes** page that appears, click the green **Create pull request** button.
- ![Comparing changes page](microsoft-365/media/comparing-changes-page.png)
+ ![Comparing changes page.](microsoft-365/media/comparing-changes-page.png)
8. On the **Open a pull request** page that appears, click the green **Create pull request** button.
- ![Open a pull request page](microsoft-365/media/open-a-pull-request-page.png)
+ ![Open a pull request page.](microsoft-365/media/open-a-pull-request-page.png)
> [!NOTE] > Your permissions in the repo determine what you see in the last several steps. People with no special privileges will see the **Propose file change** section and subsequent confirmation pages as described. People with permissions to create and approve their own pull requests will see a similar **Commit changes** section with extra options for creating a new branch and fewer confirmation pages.<br/><br/>The point is: click any green buttons that are presented to you until there are no more.
admin Activity Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/activity-reports.md
Reports are available for the last 7 days, 30 days, 90 days, and 180 days. Data
::: moniker-end
-2. Click on the **View more** button from the at-a-glance activity card for a service (such as email or OneDrive) to see the report detail page. In there different reports for the service are provided in tabs. <br/>![The Usage dashboard](../../media/4c0f966d-9d2b-4a6f-a106-a6e2b9a2de07.png)
+2. Click on the **View more** button from the at-a-glance activity card for a service (such as email or OneDrive) to see the report detail page. In there different reports for the service are provided in tabs. <br/>![The Usage dashboard.](../../media/4c0f966d-9d2b-4a6f-a106-a6e2b9a2de07.png)
## Who can see reports
If you want to hide user level information when you're generating your reports,
Your user list will look like this:
-![Reports - anonymized user list](../../media/2ed99bce-4978-4ee3-9ea2-4a8db26eef02.png)
+![Reports - anonymized user list.](../../media/2ed99bce-4978-4ee3-9ea2-4a8db26eef02.png)
It'll take a few minutes for these changes to take effect on the reports in the reports dashboard. This setting also applies to the reports API.
admin Browser Usage Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/browser-usage-report.md
The Microsoft 365 **Reports** dashboard shows you an activity overview across th
## Interpret the Microsoft browser usage report
-![Microsoft browser usage report](../../media/95557c88-24ee-417d-a828-96ba00b17aaf.png)
+![Microsoft browser usage report.](../../media/95557c88-24ee-417d-a828-96ba00b17aaf.png)
|Item|Description| |:--|:--|
admin Email Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/email-activity-ww.md
For example, you can get a high level view of email traffic within your organiza
You can get a view into your user's email activity by looking at the **Activity** and **Users** charts.
-![Email activity report](../../media/5eb1d9e9-8106-4843-acb7-c0238c0da816.png)
+![Email activity report.](../../media/5eb1d9e9-8106-4843-acb7-c0238c0da816.png)
|Item|Description| |:--|:--|
You can get a view into your user's email activity by looking at the **Activity*
|5. <br/> | On the **Activity** chart, the Y axis is the count of activity of the type email sent, email received, email read, meeting created, and meeting interacted. <br/> On the **Users** activity chart, the Y axis is the user's performing activity of the type email sent, email received, email read, meeting created, or meeting interacted. <br/> The X axis on both charts is the selected date range for this specific report. <br/> | |6. <br/> |You can filter the series you see on the chart by selecting an item in the legend. <br/> | |7. <br/> | The table shows you a breakdown of the email activities at the per-user level. This shows all users that have an Exchange product assigned to them and their email activities. <br/> <br/> **Username** is the email address of the user. <br/> **Display name** is the full name if the user. <br/> **Deleted** refers to the user whose current state is deleted, but was active during some part of the reporting period of the report. <br/> **Deleted date** is the date the user was deleted. <br/> **Last activity date** refers to the last time the user performed a read or send email activity. <br/> **Send actions** is the number of times an email send action was recorded for the user. <br/> **Receive actions** is the number of times an email received action was recorded for the user. <br/> **Read actions** is the number of times an email read action was recorded for the user. <br/> **Meeting created actions** is the number of times a meeting request send action was recorded for the user. <br/> **Meeting interacted actions** is the number of times a meeting request accept, tentative, decline, or cancel action was recorded for the user. <br/> **Product assigned** is the products that are assigned to this user. <br/> If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **How do I hide user level details?** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |
-|8. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Email activity report - choose columns](../../media/80ffa0ad-61c5-4a6f-8a1d-5f6730ff7da9.png)|
+|8. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Email activity report - choose columns.](../../media/80ffa0ad-61c5-4a6f-8a1d-5f6730ff7da9.png)|
|9. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. <br/> | |||
admin Email Apps Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/email-apps-usage-ww.md
The Microsoft 365 **Reports** dashboard shows you the activity overview across t
You can get a view into email apps activity by looking at the **Users** and **Clients** charts.
-![Email clients used](../../media/d78af7db-2b41-4d37-8b6e-bc7e47edd1dd.png)
+![Email clients used.](../../media/d78af7db-2b41-4d37-8b6e-bc7e47edd1dd.png)
|Item|Description| |:--|:--|
You can get a view into email apps activity by looking at the **Users** and **Cl
|6. <br/> | On the **Users** chart, the Y axis is the total count of unique users that connected to an app on any day of the reporting period. <br/> On the **Users** chart, the X axis is number of unique users that used the app for that reporting period. <br/> On the **Apps** chart, the Y axis is the total count of unique users who used a specific app during the reporting period. <br/> On the **Apps** chart, the X axis is the list of apps in your organization. <br/> On the **Versions** chart, the Y axis is the total count of unique users using a specific version of Outlook desktop. If the report can't resolve the version number of Outlook, the quantity will show as **Undetermined**. <br/> On the **Versions** chart, the X axis is the list of apps in your organization. <br/> | |7. <br/> |You can filter the series you see on the chart by selecting an item in the legend. <br/> | |8. <br/> | You might not see all the items in the list below in the columns until you add them.<br/> **Username** is the name of the email app's owner. <br/> **Last activity date** is the latest date the user read or sent an email message. <br/> **Mac mail**, **Mac Outlook** and **Outlook**, **Outlook mobile** and **Outlook on the web** are examples of email apps you may have in your organization. <br/> If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **How do I hide user level details?** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |
-|9. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Email apps usage report - choose columns](../../media/041bd6ff-27e8-409d-9608-282edcfa2316.png)|
+|9. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Email apps usage report - choose columns.](../../media/041bd6ff-27e8-409d-9608-282edcfa2316.png)|
|10. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. <br/> | |||
admin Forms Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/forms-activity-ww.md
For example, you can understand the activity of every user licensed to use Micro
You can view the activities in the Forms report by choosing the **Activity** tab.<br/>![Microsoft 365 reports - Microsoft Forms activity report.](../../media/275fb0a1-b9d9-4233-8aaf-e7df73cc705f.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![Forms activity report - choose columns](../../media/0c9b0b69-5dc7-43ea-8e2c-54407b6ce2ab.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![Forms activity report - choose columns.](../../media/0c9b0b69-5dc7-43ea-8e2c-54407b6ce2ab.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Forms Pro Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/forms-pro-activity-ww.md
For example, you can understand the activity of every user licensed to use Micro
You can view the activities in the Dynamics 365 Customer Voice report by choosing the **Activity** tab.<br/>![Microsoft 365 reports - Microsoft Dynamics 365 Customer Voice activity report.](../../media/a7e57d18-1ac8-4d4b-bd70-83361505dc3e.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![Dynamics 365 Customer Voice activity report - choose columns](../../media/5ab66f4b-32eb-4c9b-9683-1157ae9e2c0a.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![Dynamics 365 Customer Voice activity report - choose columns.](../../media/5ab66f4b-32eb-4c9b-9683-1157ae9e2c0a.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Mailbox Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/mailbox-usage.md
The **Mailbox usage report** provides information about users with a user mailbo
You can get a view into your organization's **Mailbox usage** by looking at the **Mailbox**, **Storage** and **Quota** charts.
-![Mailbox usage report](../../media/9f610e91-cbc1-4e59-b824-7b1ddd84b738.png)
+![Mailbox usage report.](../../media/9f610e91-cbc1-4e59-b824-7b1ddd84b738.png)
|Item|Description| |:--|:--|
You can get a view into your organization's **Mailbox usage** by looking at the
|6. <br/> | On the **Mailbox** chart, the Y axis is the count of user mailboxes. <br/> On the **Storage** chart, the Y axis is the amount of storage being used by user mailboxes in your organization. <br/> On the **Quota** chart, the Y axis is the number of user mailboxes in each storage quota. <br/> The X axis on the Mailbox and Storage charts is the selected date range for this specific report. <br/> The X axis on the Quota charts is the quota category. <br/> | |7. <br/> |You can filter charts you see by selecting an item in the legend. <br/> | |8. <br/> | The table shows you a breakdown of mailbox usage at the per-user level. You can add additional columns to the table. <br/> **User name** is the email address of the user. <br/> **Display Name** is the full name if the user. <br/> **Deleted** refers to the mailbox whose current state is deleted, but was active during some part of the reporting period of the report. <br/> **Deleted date** is the date the mailbox was deleted. <br/> **Create date** is the date the mailbox was created. <br/> **Last activity date** refers to the date the mailbox had an email send or read activity. <br/> **Item count** refers to the total number of items in the mailbox. <br/> **Storage used (MB)** refers to the total storage used. <br/> **Deleted Item Count** refers to the total number of deleted items in the mailbox. <br/> **Deleted Item Size (MB)** refers to the total size of all deleted items in the mailbox. <br/> **Issue warning quota (MB)** refers to the storage limit when the mailbox owner will receive a warning that it's about to hit the storage quota. <br/> **Prohibit send quota (MB)** refers to the storage limit when the mailbox can no longer send emails. <br/> **Prohibit send receive quota (MB)** refers to the storage limit when the mailbox can no longer send or receive emails. <br/> If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **Hide user details in the reports** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |
-|9. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Mailbox usage report - choose columns](../../media/ea3d0b18-6ac6-41b0-9bb9-4844f040ea75.png)|
+|9. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Mailbox usage report - choose columns.](../../media/ea3d0b18-6ac6-41b0-9bb9-4844f040ea75.png)|
|10. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. <br/> | |||
admin Microsoft Office Activations Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-office-activations-ww.md
The Office Activation report gives you a view of which users have activated thei
You can view the activations in the Office 365 report by choosing the **Activations** tab.<br/>![Microsoft 365 reports - Microsoft Office 365 activation.](../../media/e1df82a2-3336-4b38-b66c-b286c44b82ee.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![Office 365 activations report - choose columns](../../media/d11a0efa-a067-4440-a4f3-71b618a90301.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![Office 365 activations report - choose columns.](../../media/d11a0efa-a067-4440-a4f3-71b618a90301.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Microsoft Teams Device Usage Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-device-usage-preview.md
The Microsoft 365 **Reports** dashboard shows you the activity overview across t
You can view the device use in the Teams report by choosing the **Device usage** tab.<br/>![Microsoft 365 reports - Microsoft Teams device usage.](../../media/e46c7f7c-8371-4a20-ae82-b20df64b0205.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![Teams user device report - choose columns](../../media/3358d5d9-931b-4d30-931f-450b2f5717da.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![Teams user device report - choose columns.](../../media/3358d5d9-931b-4d30-931f-450b2f5717da.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Microsoft Teams Device Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-device-usage.md
The Microsoft 365 **Reports** dashboard shows you the activity overview across t
You can get a view into Microsoft Teams app usage by looking at the **Users** and **Distribution** charts.
-![Microsoft 365 reports - Microsoft Teams app usage](../../media/de35c4de-76b4-4109-a806-66774665499b.png)
+![Microsoft 365 reports - Microsoft Teams app usage.](../../media/de35c4de-76b4-4109-a806-66774665499b.png)
|Item|Description| |:--|:--|
You can get a view into Microsoft Teams app usage by looking at the **Users** an
|5. <br/> | On the **Users** chart, the Y axis is the number of users per app. <br/> On the **Distribution** chart, the Y axis is the number of users using the specified app. <br/> The X axis on the charts is the selected date range for the specific report. <br/> | |6. <br/> |You can filter the series you see on the chart by selecting an item in the legend. For example, on the **Users** chart, select **Windows**, **Mac**, **Calls**, **Web**, **Android phone**, or **Windows phone** to see only the info related to each one. Changing this selection doesn't change the info in the grid table. <br/> ![You can filter Microsoft Teams app usage charts by selecting the app type.](../../media/64ee1cb1-ca80-4964-8234-7fc671135c3d.png)| |7. <br/> | The list of groups shown is determined by the set of all groups that existed (weren't deleted) across the widest (180-day) reporting time frame. The activity count will vary according to the date selection. <br/> NOTE: You might not see all the items in the list below in the columns until you add them.<br/> **Username** is the email address of the user. You can display the actual email address or make this field anonymous. <br/> **Last Activity Date (UTC)** refers to the last date that the user participated in a Microsoft Teams activity in an app. <br/> **Deleted** indicates if the team is deleted. If the team is deleted, but had activity in the reporting period, it will show up in the grid with deleted set to true. <br/> **Deleted date** is the date that the team was deleted. <br/> **Windows** is checked if the user was active in the Windows app during the specified time period. <br/> **Mac** is checked if the user was active in a Mac app during the specified time period. <br/> **Web** is checked if the user was active in a web app during the specified time period. <br/> **iOS** is checked if the user was active in an iOS app during the specified time period. <br/> **Android phone** is checked if the user was active in an Android phone app during the specified time period. <br/> **Windows phone** is checked if the user was active in a Windows Phone app during the specified time period. <br/> If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **How do I hide user level details?** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |
-|8. <br/> |Select **Columns** to add or remove columns from the report. <br/> ![Teams uapp usage report - choose columns](../../media/333f3077-696d-4829-b0a7-1046b3822222.png)|
+|8. <br/> |Select **Columns** to add or remove columns from the report. <br/> ![Teams uapp usage report - choose columns.](../../media/333f3077-696d-4829-b0a7-1046b3822222.png)|
|9. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. <br/> | |||
admin Microsoft Teams User Activity Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-user-activity-preview.md
The Microsoft 365 **Reports** dashboard shows you the activity overview across t
You can view the user activity in the Teams report by choosing the **User activity** tab. <br/>![Microsoft 365 reports - Microsoft Teams user activity.](../../media/1011877f-3cf0-4417-9447-91d0b2312aab.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![Teams user activity report - choose columns](../../media/6d3c013e-2c5e-4d66-bb41-998aa4bd1c20.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![Teams user activity report - choose columns.](../../media/6d3c013e-2c5e-4d66-bb41-998aa4bd1c20.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. The exported format for **audio time**, **video time**, and **screen share time** follows ISO8601 duration format.
admin Microsoft Teams User Activity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-user-activity.md
You can get a view into Microsoft Teams user activity by looking at the **Activi
|4. <br/> |The **Activity** view shows you the number of Microsoft Teams activities by activity type. The activity types are number of teams chat messages, private chat messages, calls, or meetings. <br/> | |5. <br/> |The **Users** view shows you the number of users by activity type. The activity types are number of teams chat messages, private chat messages, calls, or meetings. <br/> | |6. <br/> | On the **Activity** chart, the Y-axis is the count of specified activity. <br/> On the **Files** chart, the Y-axis is the number of users participating in teams chats, private chats, calls, or meetings. <br/> The X-axis on the charts is the selected date range for the specific report. <br/> |
-|7. <br/> |You can filter the series you see on the chart by selecting an item in the legend. For example, on the **Activity** chart, select **Channel messages**, **Chat messages**, **Calls**, or **Meetings** to see only the info related to each one. Changing this selection doesn't change the info in the grid table. <br/> ![Filter the Microsoft Teams activity charts](../../media/c819c4ea-6e9a-4411-a0dd-9f800d64ce38.png)|
+|7. <br/> |You can filter the series you see on the chart by selecting an item in the legend. For example, on the **Activity** chart, select **Channel messages**, **Chat messages**, **Calls**, or **Meetings** to see only the info related to each one. Changing this selection doesn't change the info in the grid table. <br/> ![Filter the Microsoft Teams activity charts.](../../media/c819c4ea-6e9a-4411-a0dd-9f800d64ce38.png)|
|8. <br/> | The list of groups shown is determined by the set of all groups that existed (weren't deleted) across the widest (180-day) reporting time frame. The activity count will vary according to the date selection. <br/> NOTE: You might not see all the items in the list below in the columns until you add them.<br/>**Username** is the email address of the user. You can display the actual email address or make this field anonymous. <br/> **Last Activity Date (UTC)** refers to the last date that the user participated in a Microsoft Teams activity. <br/> **Channel messages** is the number of unique messages that the user posted in a team chat during the specified time period. <br/> **Chat messages** is the number of unique messages that the user posted in a private chat during the specified time period. <br/> **Calls** is the number of calls that the user participated in during the specified time period. <br/> **Meetings** is the number of online meetings that the user participated in during the specified time period. <br/> **Other activity** is the number of other team activities by the user. <br/> **Deleted** indicates if the team is deleted. If the team is deleted, but had activity in the reporting period, it will show up in the grid with deleted set to true. <br/> **Deleted date** is the date that the team was deleted. <br/> **Product assigned** is the list of products that are assigned to the user. <br/> If your organization's policies prevent you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **How do I hide user level details?** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |
-|9. <br/> |Select **Columns** to add or remove columns from the report. <br/> ![Teams user activity report - choose columns](../../media/eb5fbcee-e371-4d36-a0c6-fa54732311ec.png)|
+|9. <br/> |Select **Columns** to add or remove columns from the report. <br/> ![Teams user activity report - choose columns.](../../media/eb5fbcee-e371-4d36-a0c6-fa54732311ec.png)|
|10. <br/> |You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data. <br/> | |||
admin Microsoft365 Apps Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww.md
The Microsoft 365 **Reports** dashboard shows you the activity overview across t
You can get a view into your user's Microsoft 365 Apps activity by looking at the **Users** and **Platform** charts. > [!div class="mx-imgBorder"]
-> ![Microsoft 365 Apps usage report](../../media/0bcf67e6-a6e4-4109-a215-369f9f20ad84.png)
+> ![Microsoft 365 Apps usage report.](../../media/0bcf67e6-a6e4-4109-a215-369f9f20ad84.png)
|Item|Description| |:--|:--|
admin Office 365 Groups Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/office-365-groups-ww.md
You can view the activations in the Office 365 report by choosing the **Groups a
Select **Choose columns** to add or remove columns from the report. You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Onedrive For Business Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/onedrive-for-business-activity-ww.md
For example, you can understand the activity of every user licensed to use OneDr
You can view the activities in the OneDrive report by choosing the **Activity** tab.<br/>![Microsoft 365 reports - Microsoft OneDrive activity report.](../../media/c89df0b0-2611-4acf-9ef7-17cedf7977be.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![OneDrive activity report - choose columns](../../media/252f311f-ffde-4e5a-9158-2b822bf86964.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![OneDrive activity report - choose columns.](../../media/252f311f-ffde-4e5a-9158-2b822bf86964.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Onedrive For Business Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww.md
For example, the OneDrive card on the dashboard gives you a high-level view of t
You can view the usage in the OneDrive report by choosing the **Usage** tab.<br/>![Microsoft 365 reports - Microsoft OneDrive usage report.](../../media/3cdaf2fb-1817-479b-a0e1-2afa228690cf.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![OneDrive usage report - choose columns](../../media/9ee80f25-cfe3-411d-8e31-08f1507d18c1.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![OneDrive usage report - choose columns.](../../media/9ee80f25-cfe3-411d-8e31-08f1507d18c1.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Sharepoint Activity Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-activity-ww.md
For example, you can understand the activity of every user licensed to use Share
You can view the activities in the SharePoint report by choosing the **Activity** tab.<br/>![Microsoft 365 reports - Microsoft SharePoint activity report.](../../media/5a0a96f-0e4f-4fb9-8baa-3262275b3d1f.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![SharePoint activity report - choose columns](../../media/3c396cd1-9701-4712-8eaa-eb7bba702aa8.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![SharePoint activity report - choose columns.](../../media/3c396cd1-9701-4712-8eaa-eb7bba702aa8.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Sharepoint Site Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
Microsoft 365 Reports in the admin center is not supported for GCC High and DoD
You can view the site usage in the SharePoint report by choosing the **Site usage** tab.<br/>![Microsoft 365 reports - Microsoft SharePoint site usage report.](../../media/d1cb6200-e81c-460b-9d05-53f4bd7cf5ee.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![SharePoint site usage report - choose columns](../../media/71ac3195-c494-40c1-9346-a858125ef6df.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![SharePoint site usage report - choose columns.](../../media/71ac3195-c494-40c1-9346-a858125ef6df.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Yammer Activity Report Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/yammer-activity-report-ww.md
As Microsoft 365 admin, the **Reports** dashboard shows you data on the usage of
You can view the activities in the Yammer report by choosing the **Activity** tab.<br/>![Microsoft 365 reports - Microsoft Yammer activity report.](../../media/9b251183-c2b3-430c-ab2d-58bf11e7e3ae.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![Yammer activity report - choose columns](../../media/7ef6351d-f7e9-4504-913d-2c2df9062bf6.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![Yammer activity report - choose columns.](../../media/7ef6351d-f7e9-4504-913d-2c2df9062bf6.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Yammer Device Usage Report Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/yammer-device-usage-report-ww.md
The Yammer device usage reports give you information about which devices your us
You can view the usage in the OneDrive report by choosing the **Device usage** tab.<br/>![Microsoft 365 reports - Microsoft Yammer device usage report.](../../media/e21af4c0-0ad2-4485-8ab1-2f82d7dfa90e.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![Yammer device usage report - choose columns](../../media/fc1fc8db-e197-4878-85c7-7ba0d67b9379.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![Yammer device usage report - choose columns.](../../media/fc1fc8db-e197-4878-85c7-7ba0d67b9379.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin Yammer Groups Activity Report Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/yammer-groups-activity-report-ww.md
The Microsoft 365 **Reports** dashboard shows you the activity overview across t
You can view the groups activities in the Yammer report by choosing the **Groups activity** tab.<br/>![Microsoft 365 reports - Microsoft Yammer groups activity report.](../../media/3afdafe5-9269-402e-8264-c7695ceb227d.png)
-Select **Choose columns** to add or remove columns from the report. <br/> ![Yammer groups activity report - choose columns](../../media/54744932-34fe-48c3-9779-1d10c3f05be1.png)
+Select **Choose columns** to add or remove columns from the report. <br/> ![Yammer groups activity report - choose columns.](../../media/54744932-34fe-48c3-9779-1d10c3f05be1.png)
You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
admin About Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/about-admin-roles.md
The <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">
## Before you begin
-Looking for the full list of detailed Azure AD role descriptions you can manage in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>? Check out Administrator role permissions in Azure Active Directory. [Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles).
+Looking for the full list of detailed Azure AD role descriptions you can manage in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>? Check out Administrator role permissions in Azure Active Directory. [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference).
Looking for the full list of detailed Intune role descriptions you can manage in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>? Check out [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
If you get a message in the admin center telling you that you don't have permiss
In the Microsoft 365 admin center, you can go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2097861" target="_blank">**Role assignments**</a>, and then select any role to open its detail pane. Select the **Permissions** tab to view the detailed list of what admins assigned that role have permissions to do. Select the **Assigned** or **Assigned admins** tab to add users to roles.
-You'll probably only need to assign the following roles in your organization. By default, we first show roles that most organizations use. If you can't find a role, go to the bottom of the list and select **Show all by Category**. (For detailed information, including the cmdlets associated with a role, see [Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles).)
+You'll probably only need to assign the following roles in your organization. By default, we first show roles that most organizations use. If you can't find a role, go to the bottom of the list and select **Show all by Category**. (For detailed information, including the cmdlets associated with a role, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference).)
|Admin role |Who should be assigned this role? | |||
admin Admin Roles Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/admin-roles-page.md
description: "Admin roles map to business functions and provide permissions to d
On the Roles page, you can give users permissions to do tasks in the admin centers. This helps your organization spread tasks to the appropriate people and helps keep your data secure.
-![A figure that shows admin roles](../../media/roles-main-page.png)
+![A figure that shows admin roles.](../../media/roles-main-page.png)
> [!TIP]
-> Looking for the detailed role descriptions? Check out [Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles) and [About admin roles](/microsoft-365/admin/add-users/about-admin-roles).
+> Looking for the detailed role descriptions? Check out [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) and [About admin roles](/microsoft-365/admin/add-users/about-admin-roles).
## About the admin roles page You can export the admin list as well as search and filter by role.
-![Filter or import admin roles](../../media/admin-role-page-options.png)
+![Filter or import admin roles.](../../media/admin-role-page-options.png)
- Use Export admin list to get a full list of all the admin users in your organization. The list is stored in an Excel .csv file.
This isn't an exhaustive list of all the permissions that these roles have. Sele
### Exchange admin
-Assign the Exchange admin role to users who need to view and manage your user's email mailboxes, Microsoft 365 groups and Exchange Online. They can also open and manage service requests to Microsoft support. [Learn more](/microsoft-365/admin/add-users/about-exchange-online-admin-role)
+Assign the Exchange admin role to users who need to view and manage your user's email mailboxes, Microsoft 365 groups and Exchange Online. They can also open and manage support requests to Microsoft support. [Learn more](/microsoft-365/admin/add-users/about-exchange-online-admin-role)
### Global admin
-Assign the global admin role to users who need global access to most management features and data across Microsoft online services. Giving too many users global access is a security risk and we recommend that you have between 2 and 4 Global admins. Only global admins can reset passwords for all user and add and manage domains. They can also open and manage service requests to Microsoft support . The person who signed up for Microsoft online services automatically becomes a global admin. [Learn more](/microsoft-365/admin/add-users/about-admin-roles#roles-available-in-the-microsoft-365-admin-center)
+Assign the global admin role to users who need global access to most management features and data across Microsoft online services. Giving too many users global access is a security risk and we recommend that you have between 2 and 4 Global admins. Only global admins can reset passwords for all user and add and manage domains. They can also open and manage support requests to Microsoft support . The person who signed up for Microsoft online services automatically becomes a global admin. [Learn more](/microsoft-365/admin/add-users/about-admin-roles#roles-available-in-the-microsoft-365-admin-center)
### Global reader
Assign the global reader admin role to user's who need to view admin features an
### Helpdesk admin
-Assign the Helpdesk admin role to users who want to reset passwords, force users to sign out for any security issues. They can also open and manage service requests to Microsoft support. The Helpdesk admin can only help non-admin users and users assigned these roles: Directory reader, Guest inviter, Helpdesk admin, Message center reader, and Reports reader. [Learn more](/microsoft-365/admin/add-users/about-admin-roles#roles-available-in-the-microsoft-365-admin-center)
+Assign the Helpdesk admin role to users who want to reset passwords, force users to sign out for any security issues. They can also open and manage support requests to Microsoft support. The Helpdesk admin can only help non-admin users and users assigned these roles: Directory reader, Guest inviter, Helpdesk admin, Message center reader, and Reports reader. [Learn more](/microsoft-365/admin/add-users/about-admin-roles#roles-available-in-the-microsoft-365-admin-center)
### Service admin
-Assign the service admin role to users who need to create service requests for Azure, Microsoft 365, and Office 365 services. [Learn more](/microsoft-365/admin/add-users/about-admin-roles#roles-available-in-the-microsoft-365-admin-center)
+Assign the service admin role to users who need to create support requests for Azure, Microsoft 365, and Office 365 services. [Learn more](/microsoft-365/admin/add-users/about-admin-roles#roles-available-in-the-microsoft-365-admin-center)
### SharePoint admin
-When you purchase a Microsoft 365 subscription, a team site is automatically created, and the global admin is set as the primary site collection administrator. Assign the SharePoint admin role to users who you want to access to the SharePoint admin center. Users with the SharePoint admin role can create and manage site collections, designate site collection administrators and manage user profiles. Users with the SharePoint admin role can also manage Microsoft 365 groups and open service requests through Microsoft support. [Learn more](/sharepoint/sharepoint-admin-role)
+When you purchase a Microsoft 365 subscription, a team site is automatically created, and the global admin is set as the primary site collection administrator. Assign the SharePoint admin role to users who you want to access to the SharePoint admin center. Users with the SharePoint admin role can create and manage site collections, designate site collection administrators and manage user profiles. Users with the SharePoint admin role can also manage Microsoft 365 groups and open support requests through Microsoft support. [Learn more](/sharepoint/sharepoint-admin-role)
### Teams service admin
-Assign the Teams admin role to users who you want to access and manage the Teams & Skype admin center. Users with the Teams admin role can also manage Microsoft 365 groups and open service requests through Microsoft support. [Learn more](/MicrosoftTeams/using-admin-roles)
+Assign the Teams admin role to users who you want to access and manage the Teams & Skype admin center. Users with the Teams admin role can also manage Microsoft 365 groups and open support requests through Microsoft support. [Learn more](/MicrosoftTeams/using-admin-roles)
### User admin
-Assign the user admin role to users who you want to access and manage user password resets and manage users and groups. They can also open and manage service requests to Microsoft support. [Learn more](/microsoft-365/admin/add-users/about-admin-roles#roles-available-in-the-microsoft-365-admin-center)
+Assign the user admin role to users who you want to access and manage user password resets and manage users and groups. They can also open and manage support requests to Microsoft support. [Learn more](/microsoft-365/admin/add-users/about-admin-roles#roles-available-in-the-microsoft-365-admin-center)
## Compare roles
In the admin center:
- Select up to 3 roles and choose **Compare roles** to see the permissions each role has.
-![A figure that shows a comparison of admin roles](../../media/compare-roles-list.png)
+![A figure that shows a comparison of admin roles.](../../media/compare-roles-list.png)
## Related content [About Microsoft 365 admin roles](about-admin-roles.md) (article)\
-[Assign admin roles](assign-admin-roles.md) (article)
+[Assign admin roles](assign-admin-roles.md) (article)
admin Assign Admin Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/assign-admin-roles.md
You can check admin role permissions in 2 different ways:
## Related content [About Microsoft 365 admin roles](about-admin-roles.md) (article)\
-[Administrator role permissions in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles) (article)\
+[Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) (article)\
[Assign roles to user accounts with PowerShell](../../enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell.md) (article)\ [Authorize or remove partner relationships](../misc/add-partner.md) (article)
admin Remove Former Employee Step 4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-4.md
To save the email messages, calendar, tasks, and contacts of the former employee
3. Select **Open &amp; Export** \> **Import/Export**.
- ![Import/Export command in the Backstage view](../../media/6013919e-d8ce-4902-b7b4-78ff4260a2f8.jpg)
+ ![Import/Export command in the Backstage view.](../../media/6013919e-d8ce-4902-b7b4-78ff4260a2f8.jpg)
4. Select **Export to a file**, and then select **Next**.
- ![Export to a file option in the Import and Export Wizard](../../media/458466a0-366b-4fbf-a2db-1919412c6527.jpg)
+ ![Export to a file option in the Import and Export Wizard.](../../media/458466a0-366b-4fbf-a2db-1919412c6527.jpg)
5. Select **Outlook Data File (.pst)**, and then select **Next**.
To save the email messages, calendar, tasks, and contacts of the former employee
> [!NOTE] > You can export one account at a time. If you want to export multiple accounts, after one account is exported, repeat these steps.
- ![Export Outlook Data File dialog box with top folder selected and Include subfolders checked](../../media/ce36616f-d76d-4ce2-b517-8ac4874e0971.jpg)
+ ![Export Outlook Data File dialog box with top folder selected and Include subfolders checked.](../../media/ce36616f-d76d-4ce2-b517-8ac4874e0971.jpg)
7. Select **Next**.
To give access to the email messages, calendar, tasks, and contacts of the forme
2. Select **Import from another program or file**, and then select **Next**.
- ![Import and Export Wizard](../../media/15cdd674-cd7b-492c-8e93-992cfa890f26.jpg)
+ ![Import and Export Wizard.](../../media/15cdd674-cd7b-492c-8e93-992cfa890f26.jpg)
3. Select **Outlook Data File (.pst)**, and select **Next**.
admin Remove Former Employee Step 5 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/remove-former-employee-step-5.md
If your former employee had an organization phone, you can use the Exchange admi
1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>. 2. In the Exchange admin center, navigate to **Recipients** \> **Mailboxes**. 3. Select the user, and under **Mobile Devices**, select **View details**.
-4. On the **Mobile Device Details** page, under **Mobile devices**, select the mobile device, select **Wipe Data**![Wipe Device](../../media/1c113a36-53cb-4974-884f-3ecd9535506e.png), and then select **Block**.
+4. On the **Mobile Device Details** page, under **Mobile devices**, select the mobile device, select **Wipe Data**![Wipe Device.](../../media/1c113a36-53cb-4974-884f-3ecd9535506e.png), and then select **Block**.
5. Select **Save**. > [!TIP] > Be sure you remove or disable the user from your on-premises Blackberry Enterprise Service. You should also disable any Blackberry devices for the user. Refer to the Blackberry Business Cloud Services Administration Guide if you need specific steps on how to disable the user.
admin What Is Help https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/admin-overview/what-is-help.md
If you're an admin, <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339"
Help is integrated throughout the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">admin center</a>, so it's right there when you need it. At the top of many pages, you'll find inline help text that provides an informational overview of the task at hand, as well as links to articles that let you quickly find official documentation for more in-depth learning.
-![Groups page showing inline help and links to articles](../../media/integrated-help.png)
+![Groups page showing inline help and links to articles.](../../media/integrated-help.png)
## Modern self-help powered by AI
To open our modern self-help experience thatΓÇÖs powered by artificial intellige
Or, for those times when you don't quite know how to get something done in your specific situation, use the Support Assistant. Currently, this experience is available only in English. To turn on Support Assistant, just use the toggle at the top of the **Need Help** pane. The Support Assistant provides a conversational interface to help you. After you enter your query, the chatbot asks clarifying questions to get you to the right answer for your specific situation. Think of it as your virtual helper to discover solutions and complete tasks.
-![Modern self-help](../../media/help-options.png)
+![Modern self-help.](../../media/help-options.png)
Of course, sometimes questions are best answered by humans. If our modern self-help doesn't have the answer, you always have the option to contact our support agents.
admin Capabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/capabilities.md
The supported apps for the different types of mobile devices in the following ta
The following diagram shows what happens when a user with a new device signs in to an app that supports access control with Basic Mobility and Security. The user is blocked from accessing Microsoft 365 resources in the app until they enroll their device. > [!NOTE] > Policies and access rules created in Basic Mobility and Security for Microsoft 365 Business Standard will override Exchange ActiveSync mobile device mailbox policies and device access rules created in the Exchange admin center. After a device is enrolled in Basic Mobility and Security for Microsoft 365 Business Standard, any Exchange ActiveSync mobile device mailbox policy or device access rule applied to the device will be ignored. To learn more about Exchange ActiveSync, seeΓÇ»[Exchange ActiveSync in Exchange Online](/exchange/clients-and-mobile-in-exchange-online/exchange-activesync/exchange-activesync).
The settings that can block users from accessing Microsoft 365 resources are in
For example, the following diagram shows what happens when a user with an enrolled device isnΓÇÖt compliant with a security setting in a mobile device management policy that applies to their device. The user signs in to an app that supports access control with Basic Mobility and Security. They are blocked from accessing Microsoft 365 resources in the app until their device complies with the security setting. The following sections list the policy settings you can use to help secure and manage mobile devices that connect to your Microsoft 365 organization resources.
admin Create Device Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/create-device-security-policies.md
Before you can start, make sure you have activated and set up Basic Mobility and
2. Select **Create a policy**.
- :::image type="content" source="../../media/basic-mobility-security/bms-4-policy.png" alt-text="Basic Mobility and Security policy settings":::
+ :::image type="content" source="../../media/basic-mobility-security/bms-4-policy.png" alt-text="Basic Mobility and Security policy settings.":::
3. On the **Policy settings** page, specify the requirements you want applied to mobile devices in your organization.
To help secure your organization information, you should block app access to Mic
2. Select **Manage organization-wide device access settings**. 3. To block unsupported devices, choose **Block** under **If a device isn't supported by Basic Mobility and Security for Microsoft 365**, and then select **Save**.
- :::image type="content" source="../../media/basic-mobility-security/bms-5-block-access.png" alt-text="Basic Mobility and Security block access option":::
+ :::image type="content" source="../../media/basic-mobility-security/bms-5-block-access.png" alt-text="Basic Mobility and Security block access option.":::
## Step 5: Choose security groups to be excluded from conditional access checks
If you want to exclude some people from conditional access checks on their mobil
2. Select **Manage organization-wide device access settings**.
- :::image type="content" source="../../media/basic-mobility-security/bms-4-policy.png" alt-text="Basic Mobility and Security create a policy option":::
+ :::image type="content" source="../../media/basic-mobility-security/bms-4-policy.png" alt-text="Basic Mobility and Security create a policy option.":::
3. Select **Add** to add the security group that has users you want to exclude from having blocked access to Microsoft 365. When a user has been added to this list, they can access Microsoft 365 email when they are using an unsupported device.
If you want to exclude some people from conditional access checks on their mobil
6. On the **Organization-wide device access settings** panel, choose **Save**.
- :::image type="content" source="../../media/basic-mobility-security/bms-8-allow-access.png" alt-text="Basic Mobility and Security allow access option":::
+ :::image type="content" source="../../media/basic-mobility-security/bms-8-allow-access.png" alt-text="Basic Mobility and Security allow access option.":::
## What is the impact of security policies on different device types?
admin Get Details About Managed Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/get-details-about-managed-devices.md
Here's a breakdown for the device details available to you.
|Device is enrolled in Basic Mobility and Security. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md)|The value of the *isManaged* parameter is:<br/>**True**= device is enrolled.<br/>**False**= device is not enrolled. | |Device is compliant with your device security policies. For more info, see [Create device security policies](create-device-security-policies.md)|The value of the *isCompliant* parameter is:<br/>**True** = device is compliant with policies.<br/>**False** = device is not compliant with policies.| > [!NOTE] > The commands and scripts in this article also return details about any devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune).
admin Manage Device Access Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-device-access-settings.md
Use these steps:
4. SelectΓÇ»**Block**.
- :::image type="content" source="../../media/basic-mobility-security/bms-5-block-access.png" alt-text="Basic Mobility and Security block access checkbox":::
+ :::image type="content" source="../../media/basic-mobility-security/bms-5-block-access.png" alt-text="Basic Mobility and Security block access checkbox.":::
5. SelectΓÇ»**Save**.
admin Manage Enrolled Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/manage-enrolled-devices.md
To get to the device management panel, follow these steps:
2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results.
- :::image type="content" source="../../media/basic-mobility-security/bms-6-mobile-device-management-option.png" alt-text="Mobile device management option":::
+ :::image type="content" source="../../media/basic-mobility-security/bms-6-mobile-device-management-option.png" alt-text="Mobile device management option.":::
3. SelectΓÇ» **Let's get started**.
admin Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/overview.md
description: "Use Basic Mobility and Security to set device security policies an
You can manage and secure mobile devices when they're connected to your Microsoft 365 organization by using Basic Mobility and Security. Mobile devices like smartphones and tablets that are used to access work email, calendar, contacts, and documents play a big part in making sure that employees get their work done anytime, from anywhere. So itΓÇÖs critical that you help protect your organization's information when people use devices. You can use Basic Mobility and Security to set device security policies and access rules, and to wipe mobile devices if theyΓÇÖre lost or stolen. ## What types of devices can you manage?
Here's a summary of the steps:
**Step 3:** Create device policies and apply them to groups of users. When you do this, your users get an enrollment message on their device, and when they've completed enrollment, their devices are restricted by the policies you've set up for them. For more info, see [Enroll your mobile device using Basic Mobility and Security](enroll-your-mobile-device.md). ## Device management tasks
admin Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/set-up.md
The next step is to create and deploy device security policies to help protect y
3. Go toΓÇ»**Device policies**.
- :::image type="content" source="../../media/basic-mobility-security/bms-4-policy.png" alt-text="Basic Security and Mobility policy settings":::
+ :::image type="content" source="../../media/basic-mobility-security/bms-4-policy.png" alt-text="Basic Security and Mobility policy settings.":::
4. Create and deploy device security policies appropriate for your organization following the steps inΓÇ»[Create device security policies in Basic Mobility and Security](create-device-security-policies.md).
admin Wipe Mobile Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/basic-mobility-security/wipe-mobile-device.md
Mobile devices can store sensitive organizational information and provide access
2. Type Mobile Device Management into the search field, and select **Mobile Device Management** from the list of results.
- :::image type="content" source="../../media/basic-mobility-security/bms-6-mobile-device-management-option.png" alt-text="Basic Mobility and Secruity mobile device management option":::
+ :::image type="content" source="../../media/basic-mobility-security/bms-6-mobile-device-management-option.png" alt-text="Basic Mobility and Secruity mobile device management option.":::
3. Select **Manage devices**.
admin Explain Groups Knowledge Worker https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/explain-groups-knowledge-worker.md
Because groups can be created in several ways, we recommend training your users
- If your organization heavily uses SharePoint or is migrating from SharePoint on-premises, instruct your users to create SharePoint team sites for collaboration. - If your organization has deployed Teams, instruct your users to create a team when they need a collaboration space.
-[ ![image desc](../../media/03.png) ](../../media/03.png#lightbox)
+[ ![image desc.](../../media/03.png) ](../../media/03.png#lightbox)
If you train your users to always use the group creation method that most aligns with their way of working when they need a space to collaborate with others, you can help avoid confusion and duplication of resources. As users become more experienced, they will understand better the collection of services that come with a group and that different creation methods lead to the same result.
admin App Protection Settings For Android And Ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/devices/app-protection-settings-for-android-and-ios.md
This article applies to Microsoft 365 Business Premium.
You can always use the **Reset default settings** link to return to the default setting.
- ![Screenshot of Create a policy with Application management for Android selected](../../media/eabbe06d-ac0a-4f3a-8630-68c808b1e662.png)
+ ![Screenshot of Create a policy with Application management for Android selected.](../../media/eabbe06d-ac0a-4f3a-8630-68c808b1e662.png)
6. Next decide **Who will get these settings?** If you don't want to use the default **All Users** security group, choose **Change**, choose the security groups that get these settings \> **Select**.
admin Protection Settings For Windows 10 Pcs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/devices/protection-settings-for-windows-10-pcs.md
View a video on how to secure Windows 10 devices with Microsoft 365 Business Pre
You can always use the **Reset default settings** link to return to the default setting.
- ![Add policy pane with Windows 10 Device configuration selected](../../media/fa9e2dc2-7eae-4c96-af34-765a1f641ecf.png)
+ ![Add policy pane with Windows 10 Device configuration selected.](../../media/fa9e2dc2-7eae-4c96-af34-765a1f641ecf.png)
6. Next decide **Who will get these settings?** If you don't want to use the default **All users** security group, Choose **Change**, search for the security group who will get these settings \> **Select**. 7. Finally, choose **Done** to save the policy, and assign it to devices.
admin View Policies And Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/devices/view-policies-and-devices.md
This article applies to Microsoft 365 Business Premium.
On this page, you can create, edit, change target group, or delete a policy.
- ![Screenshot of the Policies page](../../media/devicepolicies.png)
+ ![Screenshot of the Policies page.](../../media/devicepolicies.png)
## View and manage devices
This article applies to Microsoft 365 Business Premium.
On this page, you can select one or more devices and remove company data. For Windows 10 devices that you have set device protections settings for, you can also choose to reset the device to factory settings.
- ![Manage devices page](../../media/devicesmanage.png)
+ ![Manage devices page.](../../media/devicesmanage.png)
admin Access Email From A Mobile Device https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/access-email-from-a-mobile-device.md
The Outlook for Android and Outlook for iOS mobile apps are designed for your wo
Your organization requires that you use the Outlook for Android or Outlook for iOS mobile apps to access company email, calendar, and contacts. Your data will start syncing once you download and install Outlook for Android or Outlook for iOS.
-![Example email to use Outlook to sync email](../../media/798d942a-4181-4dcb-8039-cd9f2edd9723.png)
+![Example email to use Outlook to sync email.](../../media/798d942a-4181-4dcb-8039-cd9f2edd9723.png)
Check out [Optimize the Outlook mobile app for your iOS or Android phone](https://support.microsoft.com/office/de075b19-b73c-4d8a-841b-459982c7e890) for more Outlook features. And go to [Outlook for iOS and Android Help Center](https://support.microsoft.com/office/cd84214e-a5ac-4e95-9ea3-e07f78d0cde6) if you run into any issues.
admin Add User Or Contact To Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/add-user-or-contact-to-distribution-list.md
As the admin of an organization, you may need to add one of your users or contac
4. On the **View Members** page, select **Add members**, and select the user or contact you want to add to the distribution group.
- ![Add members to distribution group](../../media/f79f59f8-1606-43fe-bae6-df74f5b6259d.png)
+ ![Add members to distribution group.](../../media/f79f59f8-1606-43fe-bae6-df74f5b6259d.png)
5. Select **Save** and then **Close**.
admin Create A Shared Mailbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-a-shared-mailbox.md
Before creating a shared mailbox, be sure to read [About shared mailboxes](about
5. Under **Next steps**, select **Add members to this mailbox**. Members are the people who will be able to view the incoming mail to this shared mailbox, and the outgoing replies.
- ![Select Add Members](../../media/a2a72e3d-6170-40fe-a94f-0af8fbef8ab2.png)
+ ![Select Add Members.](../../media/a2a72e3d-6170-40fe-a94f-0af8fbef8ab2.png)
6. Select the **+Add members** button. Put a check mark next to the people who you want to use this shared mailbox, and select **Save**.
- ![Assign members to the shared mailbox](../../media/e6c58953-f6d7-4f0b-97ba-308516bf2a94.png)
+ ![Assign members to the shared mailbox.](../../media/e6c58953-f6d7-4f0b-97ba-308516bf2a94.png)
7. Select **Close**.
You can use the following permissions with a shared mailbox:
### Use the EAC to edit shared mailbox delegation
-1. In the EAC, go to **Recipients** \> **Shared**. Select the shared mailbox, and then select **Edit** ![Edit icon](../../media/ITPro-EAC-EditIcon.png).
+1. In the EAC, go to **Recipients** \> **Shared**. Select the shared mailbox, and then select **Edit** ![Edit icon.](../../media/ITPro-EAC-EditIcon.png).
2. Select **Mailbox delegation**.
-3. To grant or remove Full Access and Send As permissions, select **Add** ![Add Icon](../../media/ITPro-EAC-AddIcon.png) or **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif) and then select the users you want to grant permissions to.
+3. To grant or remove Full Access and Send As permissions, select **Add** ![Add Icon.](../../media/ITPro-EAC-AddIcon.png) or **Remove** ![Remove icon](../../media/ITPro-EAC-RemoveIcon.gif) and then select the users you want to grant permissions to.
> [!NOTE] > The Full Access permission allows a user to open the mailbox as well as create and modify items in it. The Send As permission allows anyone other than the mailbox owner to send email from this shared mailbox. Both permissions are required for successful shared mailbox operation.
But what if an admin simply resets the password of the shared mailbox user accou
1. In the list of user accounts, find the account for the shared mailbox (for example, change the filter to **Unlicensed users**).
-1. Select the user to open their properties pane, and then select the **Block this user** icon ![Screen shot of the Block this user icon](../../media/block-user-icon.png).
+1. Select the user to open their properties pane, and then select the **Block this user** icon ![Screen shot of the Block this user icon.](../../media/block-user-icon.png).
**Note**: If the account is already blocked, **Sign in blocked** will appear at the top and the icon will read **Unblock this user**.
admin Create Edit Or Delete A Security Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/create-edit-or-delete-a-security-group.md
There are also [Groups in Exchange Online and SharePoint Online](#groups-in-exch
## Groups in Exchange Online and SharePoint Online
-If you want to create groups of users so you can send email to them all at the same time, you can do that in the Exchange admin center by going to **Admin** \> **Exchange** \> **Recipients** \> **Groups**. Next, select **New**![Add](../../media/328ffb57-5f31-430a-b653-4a6b8e76d338.png), and select the kind of group you want to create:
+If you want to create groups of users so you can send email to them all at the same time, you can do that in the Exchange admin center by going to **Admin** \> **Exchange** \> **Recipients** \> **Groups**. Next, select **New**![Add.](../../media/328ffb57-5f31-430a-b653-4a6b8e76d338.png), and select the kind of group you want to create:
- **Distribution group**: Used to distribute messages to a group of users. It's also called a *mail-enabled distribution group*, or, a *distribution list*. For more information, see [Manage distribution groups](/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups).
admin Centralized Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/centralized-deployment-of-add-ins.md
Centralized Deployment supports assignments to individual users, groups, and eve
Take a look at the following example where Sandra, Sheila, and the Sales Department group are assigned to an add-in. Because the West Coast Sales Department is a nested group, Bert and Fred aren't assigned to an add-in.
-![Diagram of sales department](../../media/683094bb-1160-4cce-810d-26ef7264c592.png)
+![Diagram of sales department.](../../media/683094bb-1160-4cce-810d-26ef7264c592.png)
### Find out if a group contains nested groups The easiest way to detect if a group contains nested groups is to view the group contact card within Outlook. If you enter the group name within the **To** field of an email and then select the group name when it resolves, it will show you if it contains users or nested groups. In the example below, the **Members** tab of the Outlook contact card for the Test Group shows no users and only two sub groups.
-![Members tab of Outlook contact card](../../media/d9db88c4-d752-426c-a480-b11a5b3adcd6.png)
+![Members tab of Outlook contact card.](../../media/d9db88c4-d752-426c-a480-b11a5b3adcd6.png)
You can do the opposite query by resolving the group to see if it's a member of any group. In the example below, you can see under the **Membership** tab of the Outlook contact card that Sub Group 1 is a member of the Test Group.
-![Membership tab of the Outlook contact card](../../media/a9f9b6ab-9c19-4822-9e3d-414ca068c42f.png)
+![Membership tab of the Outlook contact card.](../../media/a9f9b6ab-9c19-4822-9e3d-414ca068c42f.png)
Alternately, you can use the Azure Active Directory Graph API to run queries to find the list of groups within a group. For more information, see [Operations on groups | Graph API reference](/previous-versions/azure/ad/graph/api/groups-operations).
admin Customize The App Launcher https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/customize-the-app-launcher.md
In Microsoft 365, you can quickly and easily get to your email, calendars, docum
You can add your own custom tiles to the app launcher that point to SharePoint sites, external sites, legacy apps, and more. The custom tile appears under the app launcher's **All** apps, but you can pin it to the **Home** apps and instruct your users to do the same. This makes it easy to find the relevant sites, apps, and resources to do your job. In the below example, a custom tile called "Contoso Portal" is used to access an organization's SharePoint intranet site.
-![App launcher](../../media/7acc06cc-ac7a-4c6e-8ea7-81570a5bdbab.png)
+![App launcher.](../../media/7acc06cc-ac7a-4c6e-8ea7-81570a5bdbab.png)
## Add a custom tile to the app launcher
admin Manage Addins In The Admin Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-addins-in-the-admin-center.md
After you deploy an add-in, your end users can start using it in their Office ap
If the add-in supports add-in commands, the commands appear on the Office ribbon. In the following example, the command **Search Citation** appears for the **Citations** add-in.
-![Office ribbon with Search Citations](../../media/553b0c0a-65e9-4746-b3b0-8c1b81715a86.png)
+![Office ribbon with Search Citations.](../../media/553b0c0a-65e9-4746-b3b0-8c1b81715a86.png)
If the deployed add-in doesn't support add-in commands or if you want to view all deployed add-ins, you can view them via **My Add-ins**.
If the deployed add-in doesn't support add-in commands or if you want to view al
3. Double-click the add-in you deployed earlier (in this example, **Citations**).
- ![Admin Managed tab of the Office Add-ins page](../../media/fd36ba81-9882-40f0-9fce-74f991aa97d5.png)
+ ![Admin Managed tab of the Office Add-ins page.](../../media/fd36ba81-9882-40f0-9fce-74f991aa97d5.png)
### In Outlook 1. On the **Home** ribbon, select **Get Add-ins**.
- ![Store button in Outlook](../../media/getaddinsicon.png)
+ ![Store button in Outlook.](../../media/getaddinsicon.png)
2. Select **Admin-managed** in the left nav.
admin Manage Industry News https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-industry-news.md
You have the option to send your users a daily Industry Updates email with headl
Signed-in users who go to the Bing homepage see your industry's news feed under the personalized info for your organization.  They can also see company, industry, and internal news or personalized work information on their Microsoft Edge new tab page. ## News settings
admin Message Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/message-center.md
Use the **Service**, **Tag**, and **Message state** drop-down menus to select a
You can select any column heading, except **Service** and **Tag**, to sort messages in ascending or descending order. ::: moniker-end
Use the **Views** drop-down menu to select a filtered view of messages.
You can select any column heading to sort messages in ascending or descending order. For example, in this illustration the messages are sorted on the **Act by** date.
-![Message center view sorted by Admin impact tag](../../media/message-center-filter-act-by.png)
+![Message center view sorted by Admin impact tag.](../../media/message-center-filter-act-by.png)
::: moniker-end
admin Pin Apps To App Launcher https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/pin-apps-to-app-launcher.md
description: "As a global admin you can pin up to three apps to your users' app
# Pin apps to your users' app launcher
-You can use controls in the Azure Active Directory portal to pin up to three apps to Office.com and the app launcher for all the users in your organization. You can also organize groups of applications. Any app you add can later be unpinned by the user at any time. To pin an app for your users, you must be a Cloud application administrator, or Application administrator in Azure Active Directory, or a Global administrator in Office 365. For more information about admin roles, see [admin roles in Azure Active Directory](/azure/active-directory/users-groups-roles/directory-assign-admin-roles) and [admin roles in Microsoft 365](../add-users/about-admin-roles.md).
+You can use controls in the Azure Active Directory portal to pin up to three apps to Office.com and the app launcher for all the users in your organization. You can also organize groups of applications. Any app you add can later be unpinned by the user at any time. To pin an app for your users, you must be a Cloud application administrator, or Application administrator in Azure Active Directory, or a Global administrator in Office 365. For more information about admin roles, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) and [admin roles in Microsoft 365](../add-users/about-admin-roles.md).
For more information about the app launcher and Office.com, see [meet the app launcher](https://support.microsoft.com/office/79f12104-6fed-442f-96a0-eb089a3f476a) and [updates to office.com and the-Office 365 app launcher](https://techcommunity.microsoft.com/t5/office-365-blog/updates-to-office-com-and-the-office-365-app-launcher/ba-p/1150503) blog article.
admin Release Options In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/release-options-in-office-365.md
With Microsoft 365, you receive new product updates and features as they become
Any new release is first tested and validated by the feature team, then by the entire Microsoft 365 feature team, followed by all of Microsoft. After internal testing and validation, the next step is a **Targeted release** (formerly known as First release) to customers who opt in. At each release ring, Microsoft collects feedback and further validates quality by monitoring key usage metrics. This series of progressive validation is in place to make sure the worldwide-release is as robust as possible. The releases are pictured in the following figure.
-![Release validation rings for Microsoft 365](../../media/73611ed3-2d8c-4e7b-8074-9f03b239f9ed.png)
+![Release validation rings for Microsoft 365.](../../media/73611ed3-2d8c-4e7b-8074-9f03b239f9ed.png)
For significant updates, customers are initially notified by the [Microsoft 365 Roadmap](https://products.office.com/business/office-365-roadmap). As an update gets closer to rolling out, it is communicated through your [Microsoft 365 Message center](https://admin.microsoft.com/Adminportal/Home?source=applauncher#/MessageCenter).
admin Room And Equipment Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/room-and-equipment-mailboxes.md
To use room or equipment mailboxes, open Outlook from your computer or sign in t
2. On the **Home** tab, choose **New Items** \> **Meeting**.<br/>![To schedule a meeting, on the Home tab, in the New group, choose New Items, and then Meeting.](../../media/ffd575a8-1036-4d67-b839-73941fc60276.png)<br/>Or, from your Calendar, just select **New Meeting**.
-3. In the To field, type the name of the conference room or equipment you want to reserve, in addition to any attendees you'd like to invite.<br/>Or, select **To** then double-click the conference room or equipment from the list. Then select **OK**.<br/>![Reserve room mailbox in Outlook](../../media/4588c806-9fb9-46c9-b2d8-34caa943e28e.png)
+3. In the To field, type the name of the conference room or equipment you want to reserve, in addition to any attendees you'd like to invite.<br/>Or, select **To** then double-click the conference room or equipment from the list. Then select **OK**.<br/>![Reserve room mailbox in Outlook.](../../media/4588c806-9fb9-46c9-b2d8-34caa943e28e.png)
4. In the **Subject** line, type the purpose of the reservation or meeting. 5. Change the **Location** value or leave as is.
-6. Change the **Start time** and **End time**. Or, select **All day event**. To make the meeting or reservation repeat, select **Recurrence** at the top.<br/>![Reserve meeting time](../../media/4b72a0a6-4da2-449e-909e-85ea79f78e2c.png)
+6. Change the **Start time** and **End time**. Or, select **All day event**. To make the meeting or reservation repeat, select **Recurrence** at the top.<br/>![Reserve meeting time.](../../media/4b72a0a6-4da2-449e-909e-85ea79f78e2c.png)
7. Type a message describing the purpose and attach any files if needed. 8. To allow others to join online or call in to the meeting, select **Skype Meeting**.
-9. To make sure the room, equipment, and people you've invited are available, select **Scheduling Assistant** at the top. Then select an available time in the calendar.<br/> ![Check if room equipment available](../../media/eb0097c6-4263-4b63-bfca-f7c03ad99b4f.png)<br/>TIP: In the scheduling calendar, blue means the room or equipment is reserved, or busy. Select the white, or free, area on the calendar.
+9. To make sure the room, equipment, and people you've invited are available, select **Scheduling Assistant** at the top. Then select an available time in the calendar.<br/> ![Check if room equipment available.](../../media/eb0097c6-4263-4b63-bfca-f7c03ad99b4f.png)<br/>TIP: In the scheduling calendar, blue means the room or equipment is reserved, or busy. Select the white, or free, area on the calendar.
10. When finished, select **Send**.
To set up a room or equipment mailbox, go to the <a href="https://go.microsoft.c
2. Select **Add**.
-3. Fill out the room or equipment fields:<br/>![Add a room mailbox in Microsoft 365](../../media/114d49e3-976e-40ef-b0af-2b0f5c85f15e.png)<br/>
+3. Fill out the room or equipment fields:<br/>![Add a room mailbox in Microsoft 365.](../../media/114d49e3-976e-40ef-b0af-2b0f5c85f15e.png)<br/>
- **Room** or **Equipment**: the type of mailbox you'd like to create.
admin Search In The Mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/search-in-the-mac.md
Search for supported app level settings related to your organization, the servic
You can find quick links to your domains, and then the link will take you to that domain's overview page. ## Documentation
admin Send Email As Distribution List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/send-email-as-distribution-list.md
Before you perform these steps, make sure you've been added to a Microsoft 365 d
3. Select **Reply**.
-4. At the bottom of the message, select **More** \> **Show from**.<br/> ![Select More and then choose Show From](../../media/534f13b7-9f15-48ea-8835-ea2ed1863ece.png)
+4. At the bottom of the message, select **More** \> **Show from**.<br/> ![Select More and then choose Show From.](../../media/534f13b7-9f15-48ea-8835-ea2ed1863ece.png)
-5. Right-click on the From address - such as `Ina@weewalter.me` - and choose **Remove**.<br/> ![Remove the FROM alias](../../media/9b8d8e8f-dc46-499c-89bd-0a480603bf1f.png)
+5. Right-click on the From address - such as `Ina@weewalter.me` - and choose **Remove**.<br/> ![Remove the FROM alias.](../../media/9b8d8e8f-dc46-499c-89bd-0a480603bf1f.png)
-6. Then type the distribution list address such as support@contoso.com, and send the message. The next time you reply from the distribution list, its address will appear as an option in the **From** list.<br/>![Alias of the shared mailbox appears](../../media/f7632a9a-9cab-446c-9e37-23ef50c5b975.png)
+6. Then type the distribution list address such as support@contoso.com, and send the message. The next time you reply from the distribution list, its address will appear as an option in the **From** list.<br/>![Alias of the shared mailbox appears.](../../media/f7632a9a-9cab-446c-9e37-23ef50c5b975.png)
## Outlook
admin Test And Deploy Microsoft 365 Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps.md
The deployment of add-in is currently supported to the majority of groups suppor
In the following example, Sandra, Sheila, and the Sales Department group are assigned to an add-in. Because the West Coast Sales Department is a nested group, Bert and Fred aren't assigned to an add-in.
-![Diagram of sales department](../../media/683094bb-1160-4cce-810d-26ef7264c592.png)
+![Diagram of sales department.](../../media/683094bb-1160-4cce-810d-26ef7264c592.png)
### Find out if a group contains nested groups The easiest way to detect if a group contains nested groups is to view the group contact card within Outlook. If you enter the group name within the **To** field of an email and then select the group name when it resolves, it will show you if it contains users or nested groups. In the example below, the **Members** tab of the Outlook contact card for the Test Group shows no users and only two sub groups.
-![Members tab of Outlook contact card](../../media/d9db88c4-d752-426c-a480-b11a5b3adcd6.png)
+![Members tab of Outlook contact card.](../../media/d9db88c4-d752-426c-a480-b11a5b3adcd6.png)
You can do the opposite query by resolving the group to see if it's a member of any group. In the example below, you can see under the <b>Membership</b> tab of the Outlook contact card that Sub Group 1 is a member of the Test Group.
-![Membership tab of the Outlook contact card](../../media/a9f9b6ab-9c19-4822-9e3d-414ca068c42f.png)
+![Membership tab of the Outlook contact card.](../../media/a9f9b6ab-9c19-4822-9e3d-414ca068c42f.png)
Note that you can use the Azure Active Directory Graph API to run queries to find the list of groups within a group. For more information, seeΓÇ»[Operations on groups | Graph API reference](/previous-versions/azure/ad/graph/api/groups-operations).
admin Upgrade Distribution Lists https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/upgrade-distribution-lists.md
You must be a global admin or Exchange admin to upgrade a distribution list grou
1. Go to the Classic <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>.
-2. In the Classic Exchange admin center, go to **Recipients** \> **Groups**.<br/>You'll see a notice indicating you have distribution lists (also called **distribution groups**) that are eligible to be upgraded to Microsoft 365 Groups.<br/> ![Select the Get started button](../../media/8cf838b4-2644-401f-a366-08c1eea183eb.png)
+2. In the Classic Exchange admin center, go to **Recipients** \> **Groups**.<br/>You'll see a notice indicating you have distribution lists (also called **distribution groups**) that are eligible to be upgraded to Microsoft 365 Groups.<br/> ![Select the Get started button.](../../media/8cf838b4-2644-401f-a366-08c1eea183eb.png)
-3. Select one or more distribution lists (also called a **distribution group**) from the **groups** page.<br/>![Select a distribution group](../../media/2c303433-d60b-4100-a6ae-5809b03a8cdb.png)
+3. Select one or more distribution lists (also called a **distribution group**) from the **groups** page.<br/>![Select a distribution group.](../../media/2c303433-d60b-4100-a6ae-5809b03a8cdb.png)
-4. Select the upgrade icon.<br/>![Upgrade to Microsoft 365 Groups icon](../../media/1e28cb3d-bff3-4be3-8329-1902d2d54720.png)
+4. Select the upgrade icon.<br/>![Upgrade to Microsoft 365 Groups icon.](../../media/1e28cb3d-bff3-4be3-8329-1902d2d54720.png)
5. On the information dialog, select **Yes** to confirm the upgrade. The process begins immediately. Depending on the size and number of DLs you're upgrading, the process can take minutes or hours.<br/>If the distribution list can't be upgraded, a dialog appears saying so. See [Which distribution lists cannot be upgraded?](#which-distribution-lists-cant-be-upgraded).
admin Icann Verification Of Contact Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/icann-verification-of-contact-information.md
For validation, an email is sent to the registrant's address.
The email will look like this:
-![Email example](../../media/8bf27c08-510c-4d49-b152-8d047d038f1f.jpg)
+![Email example.](../../media/8bf27c08-510c-4d49-b152-8d047d038f1f.jpg)
admin Power Bi In Your Organization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/power-bi-in-your-organization.md
If a tenant was created by Microsoft, you can claim and manage that tenant by fo
4. Select the app launcher icon in the upper-left and choose **Admin**.
- ![App launcher with the Admin app highlighted](../../media/4eea9dbc-591b-48be-9916-322d41c6525b.png)
+ ![App launcher with the Admin app highlighted.](../../media/4eea9dbc-591b-48be-9916-322d41c6525b.png)
5. Read the instructions on the **Become the admin** page and then select **Yes, I want to be the admin**.
admin Prepare For Office Client Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/prepare-for-office-client-deployment.md
Automatic installation works best if the end user's computer is on Windows 10 Bu
To determine if you have the Click-to-Run version of Office, in any Office app go to **File** \> **Account** ( **Office Account** in Outlook). If you see **Office Updates** as shown in the following figure, then the installation was done by using Click-to-Run.
-![Screenshot of Office updates in Office app Account](../../media/e3439380-fa43-4ed6-ae5d-64851c297df5.png)
+![Screenshot of Office updates in Office app Account.](../../media/e3439380-fa43-4ed6-ae5d-64851c297df5.png)
**Who benefits from having this feature**
admin Set Up Outlook To Read Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/set-up-outlook-to-read-email.md
Read [full article](https://support.microsoft.com/office/6e27792a-9267-4aa4-8bb6
After you sign in to Microsoft 365, select **Outlook**.
-![The Microsoft 365 home page with the Outlook app highlighted](../../media/3ceee838-9d85-4af3-95a6-fbcee11036f4.png)
+![The Microsoft 365 home page with the Outlook app highlighted.](../../media/3ceee838-9d85-4af3-95a6-fbcee11036f4.png)
Can't find the app you're looking for? From the app launcher, select **All apps** to see an alphabetical list of the Microsoft 365 apps available to you. From there, you can search for a specific app.
admin Content Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/productivity/content-collaboration.md
We also provide you with information that helps you gain visibility into how you
### Creating files in OneDrive or SharePoint 1. **Header:** Highlights the percentage of people active on Microsoft 365 Office applications who create files on OneDrive or SharePoint. 2. **Body:** Provides information about the value of content creation in OneDrive and SharePoint.
admin Multi Factor Authentication Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365.md
You can also use Conditional Access policies for more advanced capabilities, suc
You configure Conditional Access policies from the **Security** pane for Azure AD in the Azure portal.
-![Picture of menu option for Conditional Access](../../media/multi-factor-authentication-microsoft-365/conditional-access-mfa.png)
+![Picture of menu option for Conditional Access.](../../media/multi-factor-authentication-microsoft-365/conditional-access-mfa.png)
You can use Conditional Access policies with:
You should be using either security defaults or Conditional Access policies to r
You enable MFA for individual user accounts from the <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a> pane of the Microsoft 365 admin center.
-![Picture of Multi factor authentication option on Active users page](../../media/multi-factor-authentication-microsoft-365/per-user-mfa.png)
+![Picture of Multi factor authentication option on Active users page.](../../media/multi-factor-authentication-microsoft-365/per-user-mfa.png)
After being enabled, the next time the user signs in, they will be prompted to register for MFA and to choose and test the additional verification method.
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
Microsoft recommends that you complete the tasks listed in the following table t
|*Number*|Task|Microsoft 365 Business Standard|Microsoft 365 Business Premium| |||||
-|1|[Set up multi-factor authentication](secure-your-business-data.md#setup)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
-|2|[Train your users](secure-your-business-data.md#train)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
-|3|[Use dedicated admin accounts](secure-your-business-data.md#admin)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
-|4|[Raise the level of protection against malware in mail](secure-your-business-data.md#malware)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
-|5|[Protect against ransomware](secure-your-business-data.md#ransomware)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
-|6|[Stop auto-forwarding for email](secure-your-business-data.md#forwarding)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
-|7|[Use Office Message Encryption](secure-your-business-data.md#encryption)||![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
-|8|[Protect your email from phishing attacks](secure-your-business-data.md#phishing)||![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
+|1|[Set up multi-factor authentication](secure-your-business-data.md#setup)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
+|2|[Train your users](secure-your-business-data.md#train)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
+|3|[Use dedicated admin accounts](secure-your-business-data.md#admin)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
+|4|[Raise the level of protection against malware in mail](secure-your-business-data.md#malware)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
+|5|[Protect against ransomware](secure-your-business-data.md#ransomware)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
+|6|[Stop auto-forwarding for email](secure-your-business-data.md#forwarding)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
+|7|[Use Office Message Encryption](secure-your-business-data.md#encryption)||![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
+|8|[Protect your email from phishing attacks](secure-your-business-data.md#phishing)||![Included.](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
|9|[Protect against malicious attachments and files with Safe Attachments](secure-your-business-data.md#atp)||![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)| |10|[Protect against phishing attacks with Safe Links](secure-your-business-data.md#phishingatp)||![Included](../../media/d238e041-6854-4a78-9141-049224df0795.png)|
If you have Microsoft Business Premium, the quickest way to setup security and b
Before you begin, check your [Microsoft 365 Secure Score](../../security/defender/microsoft-secure-score.md) in the Microsoft 365 security center. From a centralized dashboard, you can monitor and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure. You are given points for configuring recommended security features, performing security-related tasks (such as viewing reports), or addressing recommendations with a third-party application or software. With additional insights and more visibility into a broader set of Microsoft products and services, you can feel confident reporting about your organization's security health.
-![Screenshot of Microsoft Secure Score](../../media/secure-score.png)
+![Screenshot of Microsoft Secure Score.](../../media/secure-score.png)
## 1: Set up multi-factor authentication <a name="setup"> </a>
Your organization might have configured additional options that apply a label to
In Outlook for PC, select **Options** in the email, and then choose **Permissions**.
-![Email message encryption in Outlook](../../media/08e90a7e-a2d2-41a4-bae9-0a46b4ce639a.png)
+![Email message encryption in Outlook.](../../media/08e90a7e-a2d2-41a4-bae9-0a46b4ce639a.png)
In Outlook.com, select **Protect** in the email. The default protection is **Do not forward**. To change this to encrypt, select **Change Permissions** \> **Encrypt**.
-![Email message encryption in Outlook.com](../../media/329ccf50-f6b1-4fb8-b249-60b907a82b7e.png)
+![Email message encryption in Outlook.com.](../../media/329ccf50-f6b1-4fb8-b249-60b907a82b7e.png)
### To receive encrypted email
If you've configured one or more custom domains for your Microsoft 365 environme
We recommend that you get started with this protection by creating a policy to protect your most important users and your custom domain.
-![Creating an anti-phishing policy in Microsoft Defender for Office 365](../../media/security-and-compliance-center.png)
+![Creating an anti-phishing policy in Microsoft Defender for Office 365.](../../media/security-and-compliance-center.png)
To create an anti-phishing policy in Defender for Office 365, view a [short training video](../../business-video/setup-anti-phishing.md), or complete the following steps:
admin Security Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-guide.md
description: "Learn about security threats your business faces and easy ways you
The links for PowerPoint and PDF below can be downloaded and printed in tabloid format (also known as ledger, 11 x 17, or A3).
-![Image for secure your small business info graphic](../media/smbthreatprotectioninfographic-thumbnail.png)
+![Image for secure your small business info graphic.](../media/smbthreatprotectioninfographic-thumbnail.png)
[PDF](downloads/smbthreatprotection-infographic.pdf) | [PowerPoint](downloads/smbthreatprotection-infographic.pptx)
admin Services In China https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/services-in-china/services-in-china.md
Microsoft does not operate the service itself. 21Vianet operates, provides and m
Scan this QR code to follow us on WeChat and get the latest updates for Office 365 operated by 21Vianet.
-![Scan this QR code to follow us on WeChat](../../media/9bbbdf3b-b3ab-4355-82a0-37a84d70735b.png)
+![Scan this QR code to follow us on WeChat.](../../media/9bbbdf3b-b3ab-4355-82a0-37a84d70735b.png)
**About services in Office 365 operated by 21Vianet**
admin Business Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/business-set-up.md
You can add users in the wizard, but you can also [add users later](../add-users
Any users you add in the wizard get automatically assigned a Microsoft 365 Business Premium license.
-![Screenshot of the Add new users page in the wizard](../../media/addnewuserspage.png)
+![Screenshot of the Add new users page in the wizard.](../../media/addnewuserspage.png)
1. If your Microsoft 365 Business Premium subscription has existing users (for example, if you used Azure AD Connect), you get an option to assign licenses to them now. Go ahead and add licenses to them as well.
admin Configure Focused Inbox https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/configure-focused-inbox.md
This example turns Focused Inbox **Off** for Tim Matthews in the Contoso organiz
1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>.
-2. Navigate to **mail flow** \> **Rules**. Select ![EAC Add icon](../../media/795e5bdd-48bb-433f-8e07-3c7a19f8eca2.gif) and then select **Create a new rule...**.
+2. Navigate to **mail flow** \> **Rules**. Select ![EAC Add icon.](../../media/795e5bdd-48bb-433f-8e07-3c7a19f8eca2.gif) and then select **Create a new rule...**.
3. After you're done creating the new rule, select **Save** to start the rule. The following image shows an example where all messages From "Payroll Department" are to be delivered to the Focused Inbox.
- ![focusedinbox payroll](../../media/focusedinbox-transport-rule.PNG)
+ ![focusedinbox payroll.](../../media/focusedinbox-transport-rule.PNG)
> [!NOTE] > The message header value text in this example is, **X-MS-Exchange-Organization-BypassFocusedInbox**.
admin Create Signatures And Disclaimers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/create-signatures-and-disclaimers.md
Go to the admin center at <a href="https://go.microsoft.com/fwlink/p/?linkid=850
::: moniker-end
-1. Select the app launcher ![The app launcher icon](../../media/7502f4ec-3c9a-435d-a7b4-b9cda85189a7.png), and then select **Admin**.
+1. Select the app launcher ![The app launcher icon.](../../media/7502f4ec-3c9a-435d-a7b4-b9cda85189a7.png), and then select **Admin**.
Can't find the app you're looking for? From the app launcher, select **All apps** to see an alphabetical list of the apps available to you. From there, you can search for a specific app.
admin Get Started Windows 365 Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/get-started-windows-365-business.md
This article is for people who plan to buy and set up Windows 365 Business for t
> [!NOTE] > Before starting, make sure that your [Azure AD device settings](/azure/active-directory/devices/device-management-azure-portal#configure-device-settings) for **Users may join devices to Azure AD** are set to **All**.
- ![Users may join devices to Azure AD settings](../../media/deschutes/azure-device-settings.png)
+ ![Users may join devices to Azure AD settings.](../../media/deschutes/azure-device-settings.png)
## Prerequisites There are no licensing prerequisites to set up Windows 365 Business.
Whether you purchased your subscriptions through the Windows 365 products site,
You can assign different Windows 365 Business license types to a user, based on the users business need. See [Windows 365 Business sizing options](windows-365-business-sizing.md) for guidance on which license type might be suitable for your users. > [!IMPORTANT]
-> The first time a Windows 365 license is assigned on your tenant, a system account called **Windows 365 BPRT Permanent User** is automatically created in Azure Active Directory. Do not delete this account or make any changes to it (such as changing the name or UPN). If the system account is deleted, the setup might fail. This system account ensures a smooth set up process, and doesn't have any write capabilities or access to your tenant beyond the scoped service capabilities of Windows 365 Business. If you delete this user, file a ticket through Support Central.
+> The first time a Windows 365 license is assigned on your tenant, a system account called **Windows 365 BPRT Permanent User** is automatically created in Azure Active Directory. Do not delete this account or make any changes to it (such as changing the name or UPN). If the system account is deleted, the setup might fail. This system account ensures a smooth set up process, and doesn't have any write capabilities or access to your tenant beyond the scoped service capabilities of Windows 365 Business. If you delete this user, follow these [troubleshooting steps](/microsoft-365/admin/setup/troubleshoot-windows-365-business?#step-2-verify-that-the-windows-365-bprt-permanent-user-system-account-is-active).
## Get your users started with Cloud PC
Users can navigate to **https://windows365.microsoft.com** to access their Cloud
On their Windows 365 home page, users see the Cloud PCs they have access to in the **Your Cloud PCs** section.
-![Windows 365 home](../../media/deschutes/cloudpc-home.png)
+![Windows 365 home.](../../media/deschutes/cloudpc-home.png)
Users can select **Open in browser** to open their Cloud PC.
Users can select **Open in browser** to open their Cloud PC.
While on the Windows 365 home page, users can perform actions on their Cloud PCs by selecting the gear icon on a Cloud PC card.
-![Card menu](../../media/deschutes/cloudpc-gear.png)
+![Card menu.](../../media/deschutes/cloudpc-gear.png)
- **Restart**: Restarts the Cloud PC.
To set up their Remote Desktop client, users follow these steps:
1. On the **Windows 365 home page**, select the **Microsoft Remote Desktop apps** icon (under the home icon). 2. On the **Microsoft Remote Desktop apps** page, download and install the Remote Desktop app you need.
- ![Remote desktop clients](../../media/deschutes/remote-desktop-apps.png)
+ ![Remote desktop clients.](../../media/deschutes/remote-desktop-apps.png)
For a list of clients by operating system, seeΓÇ»[Remote Desktop clients](/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients).
admin Manage Windows Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/manage-windows-devices.md
At this point you should be able to see the policy **Enable automatic MDM enroll
[Synchronize domain users to Microsoft 365](manage-domain-users.md) (article)\ [Create a group in the admin center](../create-groups/create-groups.md) (article)\
-[Tutorial: Configure hybrid Azure Active Directory join for managed domains](/azure/active-directory/devices/hybrid-azuread-join-managed-domains.md) (article)
+[Tutorial: Configure hybrid Azure Active Directory join for managed domains](/azure/active-directory/devices/hybrid-azuread-join-managed-domains) (article)
admin Migrate Email And Contacts Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/migrate-email-and-contacts-admin.md
If you just want contacts, follow these steps:
To start the process, open Outlook and choose **File** \> **Open &amp; Export** \> **Import/Export**.
-![File menu in Outlook 2016](../../media/2f1c39a5-177e-4052-9dd8-90c0d140be2c.png)![Open &amp; Export command in Outlook 2016](../../media/eecab6df-c372-45b1-8a8a-2f6d7af0dd68.png)![Import/Export button in Outlook 2016](../../media/ed90ae47-20db-4be1-b0c0-826008432c6e.png)
+![File menu in Outlook 2016.](../../media/2f1c39a5-177e-4052-9dd8-90c0d140be2c.png)![Open &amp; Export command in Outlook 2016](../../media/eecab6df-c372-45b1-8a8a-2f6d7af0dd68.png)![Import/Export button in Outlook 2016](../../media/ed90ae47-20db-4be1-b0c0-826008432c6e.png)
## See other email accounts in Outlook
admin O365 Setup Wizard And Setup Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/o365-setup-wizard-and-setup-page.md
The setup wizard provides a guided walkthrough for setting up the basic Microsof
To set up your account, go to the [admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339), select **Setup** in the left navigation pane, and then select **Guided setup** on the **Setup** page.
-![Start the Microsoft 365 Apps for business setup wizard](../../media/o365b-guided-setup.png)
+![Start the Microsoft 365 Apps for business setup wizard.](../../media/o365b-guided-setup.png)
The setup wizard guides you through the following steps:
To access the **Setup** page in the [admin center](https://go.microsoft.com/fwli
You'll see the complete list of setup tasks arranged in logical categories, including those that you completed in the setup wizard.
-![Microsoft 365 for business Setup page](../../media/o365b-setup-page.png)
+![Microsoft 365 for business Setup page.](../../media/o365b-setup-page.png)
Choose **View** for any task to get at-a-glance information, such as task description, user impact, prerequisites, effort to implement, and security and adoption statistics to help you understand consequences and impact before proceeding.
For access to comprehensive articles about the features you're setting up, selec
When you're ready to complete a task, select **Get started** to walk through the configuration process. Once you complete a task, the **Get started** button changes to a **Manage** button, allowing you to manage the task, as needed.
-![Task view showing at-a-glance information](../../media/o365b-at-a-glance.png)
+![Task view showing at-a-glance information.](../../media/o365b-at-a-glance.png)
admin Secure Win 10 Pcs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/secure-win-10-pcs.md
After you have [set up](business-set-up.md) Microsoft 365 Business Premium, it i
On the top of the page, choose **Get started**.
-4. On the **Secure your Windows 10 computers** pane, select the options you want to turn on. For more information about the settings, see [Secure Windows 10 devices](/misc/secure-windows-10-devices.md) (article)\
+4. On the **Secure your Windows 10 computers** pane, select the options you want to turn on. For more information about the settings, see [Secure Windows 10 devices](../misc/secure-windows-10-devices.md) (article)\
). For most organizations, the options here offer a good level of security, however, if your organization has more complex security needs, you can also use pre-defined security baselines to secure your Windows 10 devices. For more information, see [security baselines for Windows 10 devices](/mem/intune/protect/security-baselines).
admin Set Up File Storage And Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-file-storage-and-sharing.md
If you found this video helpful, check out the [complete training series for sma
Both OneDrive and team sites provide anywhere access for you and your employees.
-![A diagram that shows how Microsoft 365 products can use OneDrive or Team sites](../../media/7493131e-665f-4dbd-9a60-f5612aea7e42.png)
+![A diagram that shows how Microsoft 365 products can use OneDrive or Team sites.](../../media/7493131e-665f-4dbd-9a60-f5612aea7e42.png)
Here are recommendations for what to store in each location when you use OneDrive and team sites together:<br/>
Here's how each person on your team can set up OneDrive and share files.
3. In OneDrive, team members can store their own business-related files. You can share either individual files, or a whole folder. Pick a file or folder, right-click, and then choose **Share**.
- ![Sharing a folder](../../media/e8df9df3-aea5-404d-a320-92d7826c260c.png)
+ ![Sharing a folder.](../../media/e8df9df3-aea5-404d-a320-92d7826c260c.png)
4. On the **Send Link** page, leave the default selection **Anyone with the link can view and edit**.
Here's how each person on your team can set up OneDrive and share files.
5. When you're done entering who you want to share with, select **Send**. The email is immediately sent to the people you invite.
- ![Share a link, showing list of names](../../media/e85625ea-7655-43f3-8623-72db68d0ea39.png)
+ ![Share a link, showing list of names.](../../media/e85625ea-7655-43f3-8623-72db68d0ea39.png)
6. Here's what the email looks like.
- ![Email with link to share OneDrive folder](../../media/750c92e1-f14f-404c-a6a3-2095e26c680c.png)
+ ![Email with link to share OneDrive folder.](../../media/750c92e1-f14f-404c-a6a3-2095e26c680c.png)
### Upload files to a team site for online collaboration
Here's how to synchronize files on your team site with your desktop:
4. If you then get a **Set up OneDrive** prompt, sign in with your work or school account.
- ![OneDrive setup screen](../../media/82cbb1ac-2ac5-42bd-82de-ba710bf46145.png)
+ ![OneDrive setup screen.](../../media/82cbb1ac-2ac5-42bd-82de-ba710bf46145.png)
5. If you haven't yet synced your OneDrive, you might see a **This is your OneDrive folder** screen. Check the path under **Your OneDrive folder is here**. Choose **Change Location** if you want to use a different path, and then select **Next**.
- ![Change your local folder at this screen](../../media/6395485a-e729-4a9a-8e7d-b35e662435da.png)
+ ![Change your local folder at this screen.](../../media/6395485a-e729-4a9a-8e7d-b35e662435da.png)
6. The files in your team sites will appear in the left pane of File Explorer under the name of your organization. The files in OneDrive will appear under "OneDrive - \<Name of Organization\>"
- ![See what's been sync'd in your local folder](../../media/93e2ca9f-4b5b-4930-a94d-ebc5b95aca84.png)
+ ![See what's been sync'd in your local folder.](../../media/93e2ca9f-4b5b-4930-a94d-ebc5b95aca84.png)
7. Test the synchronization by opening a file in the team's folder on your computer. Make a change, and then choose **Save**.
admin Set Up Mobile Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-mobile-devices.md
If you found this video helpful, check out the [complete training series for sma
Go to **App store**, and in the search field type in Microsoft Outlook.
-![Go to the iPhone App Store](../../media/886913de-76e5-4883-8ed0-4eb3ec06188f.png)
+![Go to the iPhone App Store.](../../media/886913de-76e5-4883-8ed0-4eb3ec06188f.png)
Tap the cloud icon to install Outlook.
-![Tap the cloud icon to install Outlook](../../media/665e1620-948a-4ab8-b914-dca49530142c.png)
+![Tap the cloud icon to install Outlook.](../../media/665e1620-948a-4ab8-b914-dca49530142c.png)
When the installation is done, tap the **Open** button to open Outlook and then tap **Get Started**.
-![Screenshot of Outlook with Get Started button](../../media/005bedec-ae50-4d75-b3bb-e7cef9e2561c.png)
+![Screenshot of Outlook with Get Started button.](../../media/005bedec-ae50-4d75-b3bb-e7cef9e2561c.png)
Enter your work email address on the **Add Email Account** screen \> **Add Account**, and then enter your Microsoft 365 for business credentials \> **Sign in**.
-![Sign in to your work account](../../media/3cef1fb5-7bec-4d3d-8542-872b731ce19f.png)
+![Sign in to your work account.](../../media/3cef1fb5-7bec-4d3d-8542-872b731ce19f.png)
If your organization is protecting files in apps, you'll see a dialog stating that your organization is now protecting the data in the app and you need to restart the app to continue to use it. Tap **OK** and close Outlook.
-![Screenshot that shows your organization is now protecting your Outlook app](../../media/fb4c1c84-b1e9-42e1-8070-c13dcf79fb09.png)
+![Screenshot that shows your organization is now protecting your Outlook app.](../../media/fb4c1c84-b1e9-42e1-8070-c13dcf79fb09.png)
Locate Outlook on the iPhone, and restart it. When prompted, enter a PIN and verify it. Outlook on your iPhone is now ready to be used.
-![Set a PIN to access your organization's data](../../media/64f2630b-3164-47a4-9dd6-ca0c29ed5fb3.png)
+![Set a PIN to access your organization's data.](../../media/64f2630b-3164-47a4-9dd6-ca0c29ed5fb3.png)
## [Android](#tab/Android)
If you found this video helpful, check out the [complete training series for sma
To begin setup on your Android phone, go to the Play Store.
-![On the Android home screen, tap Play Store](../../media/93df88e7-c778-40e1-b35e-868ca6e97f6c.png)
+![On the Android home screen, tap Play Store.](../../media/93df88e7-c778-40e1-b35e-868ca6e97f6c.png)
Enter Microsoft Outlook in the Google Play search box and tap **Install**. Once Outlook is done installing, tap **Open**.
-![Tap Open to open Outlook app](../../media/8b4c5937-8875-4b5a-a5b6-b8c6c9cd6240.png)
+![Tap Open to open Outlook app.](../../media/8b4c5937-8875-4b5a-a5b6-b8c6c9cd6240.png)
In the Outlook app, tap **Get Started**, then add your Microsoft 365 for business email account \> **Continue**, and sign in with your organization credentials.
-![Sign in to your organizational account in Outlook](../../media/18f67c66-4bab-4b99-94bd-080839312e29.png)
+![Sign in to your organizational account in Outlook.](../../media/18f67c66-4bab-4b99-94bd-080839312e29.png)
In the dialog that states you must install the Intune Company Portal app, tap **Go to store**.
-![Tap on Go to store to get Intune Company Portal app](../../media/a702d712-5622-45dd-a511-b1adaee63071.png)
+![Tap on Go to store to get Intune Company Portal app.](../../media/a702d712-5622-45dd-a511-b1adaee63071.png)
In Play Store, install Intune Company Portal.
-![Screenshot that shows the install button for Intune Company Portal in Google Play Store](../../media/5e0408f2-3f37-44dd-80ed-13ca2ac6df0c.png)
+![Screenshot that shows the install button for Intune Company Portal in Google Play Store.](../../media/5e0408f2-3f37-44dd-80ed-13ca2ac6df0c.png)
Open Outlook again, and enter and confirm a PIN. Your Outlook app is now ready for use.
-![Set PIN for Outlook app in Android](../../media/edb91afb-f1ed-451a-bc6b-8ccba664e055.png)
+![Set PIN for Outlook app in Android.](../../media/edb91afb-f1ed-451a-bc6b-8ccba664e055.png)
## Related content
admin Set Up Windows Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/set-up-windows-devices.md
For a brand new device running Windows 10 Pro Creators Update, or for a device t
1. Go through Windows 10 device setup until you get to the **How would you like to set up?** page.
- ![On the How would you like to set up page, choose Set up for an organization](../../media/1b0b2dba-00bb-4a99-a729-441479220cb7.png)
+ ![On the How would you like to set up page, choose Set up for an organization.](../../media/1b0b2dba-00bb-4a99-a729-441479220cb7.png)
2. Here, choose **Set up for an organization** and then enter your username and password for Microsoft 365 Business Premium.
For a brand new device running Windows 10 Pro Creators Update, or for a device t
1. In your user's Windows PC, that is running Windows 10 Pro, version 1703 (Creators Update) (see [pre-requisites](../security-and-compliance/pre-requisites-for-data-protection.md)), click the Windows logo, and then the Settings icon.
- ![In the Start menu, click Windows Settings icon](../../media/74e1ce9a-1554-4761-beb9-330b176e9b9d.png)
+ ![In the Start menu, click Windows Settings icon.](../../media/74e1ce9a-1554-4761-beb9-330b176e9b9d.png)
2. In **Settings**, go to **Accounts**.
- ![In Windows Settings, go to Accounts](../../media/472fd688-d111-4788-9fbb-56a00fbdc24d.png)
+ ![In Windows Settings, go to Accounts.](../../media/472fd688-d111-4788-9fbb-56a00fbdc24d.png)
3. On **Your info** page, click **Access work or school** \> **Connect**.
- ![Choose Connect under Access work or school](../../media/af3a4e3f-f9b9-4969-b3e2-4ef99308090c.png)
+ ![Choose Connect under Access work or school.](../../media/af3a4e3f-f9b9-4969-b3e2-4ef99308090c.png)
4. On the **Set up a work or school account** dialog, under **Alternate actions**, choose **Join this device to Azure Active Directory**.
- ![Click Join this device to Azure Active Directory](../../media/fb709a1b-05a9-4750-9cb9-e097f4412cba.png)
+ ![Click Join this device to Azure Active Directory.](../../media/fb709a1b-05a9-4750-9cb9-e097f4412cba.png)
5. On the **Let's get you signed in** page, enter your work or school account \> **Next**. On the **Enter password** page, enter your password \> **Sign in**.
- ![Enter your work or school email on the Let's get you signed in page](../../media/f70eb148-b1d2-4ba3-be38-7317eaf0321a.png)
+ ![Enter your work or school email on the Let's get you signed in page.](../../media/f70eb148-b1d2-4ba3-be38-7317eaf0321a.png)
6. On the **Make sure this is your organization** page, verify that the information is correct, and choose **Join**. On the **You're all set!** page, chosse **Done**.
- ![On the Make sure this is your organization screen, choose Join](../../media/c749c0a2-5191-4347-a451-c062682aa1fb.png)
+ ![On the Make sure this is your organization screen, choose Join.](../../media/c749c0a2-5191-4347-a451-c062682aa1fb.png)
If you uploaded files to OneDrive for Business, sync them back down. If you used a third-party tool to migrate profile and files, also sync those to the new profile.
On the **Sync status** page, choose **Sync** to get the latest mobile device man
To start using the Microsoft 365 Business Premium account, go to the Windows **Start** button, right-click your current account picture, and then **Switch account**. Sign in by using your organization email and password.
-![Click Info button to view synchronization status](../../media/818f7043-adbf-402a-844a-59d50034911d.png)
+![Click Info button to view synchronization status.](../../media/818f7043-adbf-402a-844a-59d50034911d.png)
## Verify the PC is upgraded to Windows 10 Business
admin Troubleshoot Windows 365 Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/troubleshoot-windows-365-business.md
Make sure **Users may join devices to Azure AD** is set to **All**.
## Step 2. Verify that the Windows 365 BPRT Permanent User system account is active
-The first time a Windows 365 license is assigned in your organization, a system account called **Windows 365 BPRT Permanent User** is automatically created in Azure AD. Do not delete this account or make any changes to it (such as changing the name or UPN). If the system account is deleted, the setup will fail. This system account ensures a smooth setup process and doesn't have any write capabilities or access to your organization beyond the scoped service capabilities of Windows 365 Business. If you delete this system account, you must open a new support request to have it restored.
+The first time a Windows 365 license is assigned in your organization, a system account called **Windows 365 BPRT Permanent User** is automatically created in Azure AD.
+Do not delete this account or make any changes to it (such as changing the name or UPN). If the system account is modified or deleted, the setup will fail. This system account ensures a smooth setup process and doesn't have any write capabilities or access to your organization beyond the scoped service capabilities of Windows 365 Business. If you delete or modify this system account you must login to windows365.microsoft.com with any account that has a Windows 365 Business license and wait 12 hours for the token to refresh.
To make sure the Windows 365 BPRT Permanent User system account is active in Azure AD, use the following steps.
To make sure the Windows 365 BPRT Permanent User system account is active in Azu
2. In the left nav, under **Manage**, select **Users**. 3. In the search box, type **Windows 365 BPRT Permanent User**, then press **Enter**. 4. If the Windows 365 BPRT Permanent User system account is present, go to [Step 3. Verify that device-based MFA is turned off](#step-3-verify-that-device-based-mfa-is-turned-off).
-5. If the Windows 365 BPRT Permanent User system account is missing, in the left nav, select **New support request** to open a support ticket. After the support ticket is closed, go directly to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs).
+5. If the Windows 365 BPRT Permanent User system account is missing or if any changes were made to it, login to windows365.microsoft.com with any account that has a Windows 365 Business license assigned. A new Windows 365 BPRT Permanent User will be generated in 12 hours. After the token has regenerated, go directly to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs).
## Step 3. Verify that device-based MFA is turned off
If you donΓÇÖt plan to use Microsoft Intune for your Cloud PC management, you mu
> [!IMPORTANT] > If youΓÇÖre not the MDM administrator, donΓÇÖt use either of the following procedures without first consulting with your IT admin. Only follow these procedures if Cloud PCs arenΓÇÖt being set up. Any configuration changes could impact your management environment. If you need help, [contact Intune support](/mem/get-support).
-#### Option 1. Use the Azure AD portal to turn off automatic Intune enrollment
+#### Use the Azure AD portal to turn off automatic Intune enrollment
1. In the Azure portal, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=516942" target="_blank">Azure Active Directory Overview</a> page. 2. In the left nav, under **Manage**, select **Mobility (MDM and MAM)**, then select **Microsoft Intune**.
-3. On the **Configure** page, next to MDM user scope, select **None**, then select **Save**.
+3. On the **Configure** page, you will see one of two things. If you have an Azure AD Premium subscription, select **None** next to MDM user scope, then select **Save**. If you do not have an Azure AD Premium subscription, select **Disable**.
4. In the left nav, under **Manage**, select **Mobility (MDM and MAM)**, select **Microsoft Intune Enrollment**, then repeat step 3. 5. Go to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs).
-#### Option 2: Use Microsoft Graph to turn off automatic Intune enrollment
-
-If you canΓÇÖt use the Microsoft Azure admin portal to configure **Mobility (MDM and MAM)** as instructed in [Option 1. Use the Azure AD portal to turn off automatic Intune enrollment](#option-1-use-the-azure-ad-portal-to-turn-off-automatic-intune-enrollment), you see a warning that says, "Automatic MDM enrollment is available only for Azure AD Premium subscribers." In this case, you must use Microsoft Graph to turn off MDM policies in your environment.
-
-1. Go to Graph Explorer at <a href="https://go.microsoft.com/fwlink/p/?linkid=2170005">https://developer.microsoft.com/graph/graph-explorer</a>.
-2. Under **Graph Explorer**, select **Sign in to Graph Explorer**, and sign in with your Global admin account.
-3. If you see the **Permissions requested** dialog box, select **Accept**.
-4. Next to your account name, select the **More actions** button (the three dots), then select **Select permissions**.
-5. In the **Permissions** pane, expand **Policy**, select **Policy.Read.All** and **Policy.ReadWrite.MobilityManagement**, then select **Consent**.
-6. If you see the **Permissions requested** dialog box, select the **Consent on behalf of your organization** check box, then select **Accept**.
-7. Expand **Policy** again, verify that the **Status** column for **Policy.Read.All** and **Policy.ReadWrite.MobilityManagement** says **Consented**, then close the **Permissions** pane.
-8. From the first drop-down list, select **GET**.
-9. In the text box, enter the following string, then select **Run query**:
- `https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies`
- This query retrieves the list of device management policies in your organization.
- The results in the **Response preview** pane should look similar to the following code snippet:
-
- ```
- {
- "@odata.context": "https://graph.microsoft.com/beta/$metadata#mobilityManagementPolicies",
- "value": [
- {
- "id": "0000000a-0000-0000-c000-000000000000",
- "appliesTo": "all",
- "complianceUrl": null,
- "description": "Device Management Policy for Microsoft Intune",
- "discoveryUrl": null,
- "displayName": "Microsoft Intune",
- "isValid": true,
- "termsOfUseUrl": null
- },
- {
- "id": "d4ebce55-015a-49b5-a083-c84d1797ae8c",
- "appliesTo": "none",
- "complianceUrl": "https://portal.manage.microsoft.com/?portalAction",
- "description": "Device Management Policy for Microsoft Intune Enrollment",
- "discoveryUrl": "https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc",
- "displayName": "Microsoft Intune Enrollment",
- "isValid": true,
- "termsOfUseUrl": "https://portal.manage.microsoft.com/TermsofUse.aspx"
- }
- ]
- }
- ```
-10. If the `"appliesTo"` value is **none** for all listed policies, go to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs). Otherwise, continue to step 11.
-11. In the first drop-down list, select **PATCH**.
-12. In the text box, enter the following string:
- `https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/0000000a-0000-0000-c000-000000000000`
-13. In the **Request body** section, enter the following code snippet, then select **Run query**:
- ```
- {
- "appliesTo": "none"
- }
- ```
-14. In text box, enter the following string:
- `https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies/d4ebce55-015a-49b5-a083-c84d1797ae8c`
-15. In the **Request body** section, leave the code snippet you entered in step 13, then select **Run query**.
-16. In the first drop-down list, select **GET**.
-17. Clear any text in the **Request body** section.
-18. In the text box, enter the following string, then select **Run query**:
- `https://graph.microsoft.com/beta/policies/mobileDeviceManagementPolicies`
-
- The results in the **Response view** pane should look similar to the following code snippet.
- ```
- {
- "@odata.context": "https://graph.microsoft.com/beta/$metadata#mobilityManagementPolicies",
- "value": [
- {
- "id": "0000000a-0000-0000-c000-000000000000",
- "appliesTo": "none",
- "complianceUrl": "https://portal.manage.microsoft.com/?portalAction=Compliance",
- "description": "Device Management Policy for Microsoft Intune",
- "discoveryUrl": "https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svcΓÇ¥,
- "displayName": "Microsoft Intune",
- "isValid": true,
- "termsOfUseUrl": "https://portal.manage.microsoft.com/TermsofUse.aspx"
- },
- {
- "id": "d4ebce55-015a-49b5-a083-c84d1797ae8c",
- "appliesTo": "none",
- "complianceUrl": "https://portal.manage.microsoft.com/?portalAction",
- "description": "Device Management Policy for Microsoft Intune Enrollment",
- "discoveryUrl": "https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc",
- "displayName": "Microsoft Intune Enrollment",
- "isValid": true,
- "termsOfUseUrl": "https://portal.manage.microsoft.com/TermsofUse.aspx"
- }
- ]
- }
- ```
-
- The `"appliesTo"` values for all policies are now set to **none**. This query verifies that the scope has successfully changed for device management policies in your organization.
-19. Go to [Step 6. Reset your Cloud PCs](#step-6-reset-your-cloud-pcs).
## Step 6. Reset your Cloud PCs
admin China Prc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/support/china-prc.md
English: 24 hours a day, 7 days a week
Alternative Phone Number: 400 920 0365 (Mobile) ## Follow us on WeChat
-![WeChat QR code](../../media/4d8fe09c-1a11-4cd8-be4c-75add8dccddd.jpg)
+![WeChat QR code.](../../media/4d8fe09c-1a11-4cd8-be4c-75add8dccddd.jpg)
## Contact support for Office 365 operated by 21Vianet only ## Phone number
admin Connect To Gcc Data With Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/connect-to-gcc-data-with-usage-analytics.md
To initially configure Microsoft 365 Usage Analytics:
2. On the **Usage Reports** page, in the Microsoft 365 Usage Analytics section, select **Get Started**. 3. Under **Enable Power BI for usage analytics**, select **Make organizational usage data available to Microsoft usage analytics for Power BI**, and then select **Save**.
- ![Make your tenant data available](../../media/usage-analytics/make-data-available.png)
+ ![Make your tenant data available.](../../media/usage-analytics/make-data-available.png)
To initially configure Microsoft 365 Usage Analytics:
4. When your organizations data is ready, refreshing the page will show a message stating that your data is now available, and will also provide your **tenant ID** number. You will need to use the tenant ID in a later step when you attempt to connect to your tenant data.
- ![Tenant ID](../../media/usage-analytics/tenant-id-gcc.png)
+ ![Tenant ID.](../../media/usage-analytics/tenant-id-gcc.png)
> [!IMPORTANT] > When your data is available, do not select **Go to Power BI**, which will take you to the Power BI Marketplace. The template app for this report required by GCC tenants is not available in the Power BI Marketplace.
Microsoft 365 GCC users can download and use the Microsoft 365 Usage Analytics r
1. After downloading the [Power BI template](https://download.microsoft.com/download/7/8/2/782ba8a7-8d89-4958-a315-dab04c3b620c/Microsoft%20365%20Usage%20Analytics.pbit), open it using Power BI Desktop. 2. When prompted for a **TenantID**, enter the tenant ID you received when you prepared your organizationΓÇÖs data for this report in step 1. Then select **Load**. It will take several minutes for your data to load.
- ![Enter tenant ID](../../media/usage-analytics/add-tenant-id.png)
+ ![Enter tenant ID.](../../media/usage-analytics/add-tenant-id.png)
3. When loading completes, your report will display, and you will see an executive summary of your data.
- ![Executive Summary](../../media/usage-analytics/exec-summary.png)
+ ![Executive Summary.](../../media/usage-analytics/exec-summary.png)
4. Save your changes to the report.
admin Customize Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/customize-reports.md
This example shows how to modify the **Activation** tab within the **Activation/
1. Within the **Activation/Licensing** report, select the **Activation** tab.
-2. Enter the edit mode by choosing the **Edit** button on the top through the ![The more page button in Power BI](../../media/d8da3c19-3f2d-4bf6-811e-faa804f74770.png) button.
+2. Enter the edit mode by choosing the **Edit** button on the top through the ![The more page button in Power BI.](../../media/d8da3c19-3f2d-4bf6-811e-faa804f74770.png) button.
- ![Click Edit report on the top right navigation](../../media/e2c16663-1fbd-4d7f-887c-0cbb891d3b3d.png)
+ ![Click Edit report on the top right navigation.](../../media/e2c16663-1fbd-4d7f-887c-0cbb891d3b3d.png)
3. On the top right, choose **Duplicate this page**.
- ![Choose Duplicate this page](../../media/b2d18dcd-6b82-4ce7-ab79-1b24e3721309.png)
+ ![Choose Duplicate this page.](../../media/b2d18dcd-6b82-4ce7-ab79-1b24e3721309.png)
4. In the bottom right, choose any of the bar-charts showing the count of users activating based on the OS such as Android, iOS, Mac, etc. 5. In the **Visualizations** area to the right, in order to remove **Mac Count** from the visual, select the **X** next to it.
- ![Remove Mac Count](../../media/ce3d8358-df57-4f64-bd25-ac5be7fc8713.png)
+ ![Remove Mac Count.](../../media/ce3d8358-df57-4f64-bd25-ac5be7fc8713.png)
### Create a new visual
The following example shows how to create a new visual to track new Yammer users
1. Go to the **Product Usage** report using the left nav and select the **Yammer** tab.
-2. Switch to edit mode by choosing ![The more page button in Power BI](../../media/d8da3c19-3f2d-4bf6-811e-faa804f74770.png) and **Edit**.
+2. Switch to edit mode by choosing ![The more page button in Power BI.](../../media/d8da3c19-3f2d-4bf6-811e-faa804f74770.png) and **Edit**.
-3. At the bottom of the page, select the ![The add page button in Power BI](../../media/d3b8c117-17d4-4f53-b078-8fefc2155b24.png) to create a new page.
+3. At the bottom of the page, select the ![The add page button in Power BI.](../../media/d3b8c117-17d4-4f53-b078-8fefc2155b24.png) to create a new page.
4. In the **Visualizations** area to the right, choose the **Stacked bar chart** (top row, first from left).
- ![Select Bar Chart](../../media/214c3fed-6eae-43e6-83fb-708a2d74406e.png)
+ ![Select Bar Chart.](../../media/214c3fed-6eae-43e6-83fb-708a2d74406e.png)
5. Select the bottom right of that visualization and drag to make it larger.
The following example shows how to create a new visual to track new Yammer users
7. Drag **MonthName** to the fields area, directly below the **Axis** heading in the **Visualizations** area.
- ![Drag Month Name](../../media/bff99987-8c4b-4618-89fd-47df557b0ed7.png)
+ ![Drag Month Name.](../../media/bff99987-8c4b-4618-89fd-47df557b0ed7.png)
8. In the **Fields** area to the right, expand the **TenantProductUsage** table.
The following example shows how to create a new visual to track new Yammer users
11. In the **Filter Type** area that appears, select the **Yammer** check box.
- ![Select Yammer checkbox](../../media/82e99730-0de9-42da-928a-76aab0c3e609.png)
+ ![Select Yammer checkbox.](../../media/82e99730-0de9-42da-928a-76aab0c3e609.png)
-12. Just below the list of visualizations, choose the **Format** icon ![Format icon in Power BI Visualizaions](../../media/ee0602f3-3df5-4930-b862-db1d90ae4ae2.png).
+12. Just below the list of visualizations, choose the **Format** icon ![Format icon in Power BI Visualizaions.](../../media/ee0602f3-3df5-4930-b862-db1d90ae4ae2.png).
13. Expand Title and change the **Title Text** value to **First-Time Yammer Users by Month**.
You can start by connecting directly to the ODATA reporting APIs from Microsoft
**NOTE:** The reporting APIs are in preview and are subject to change until they go into production.
- ![OData feed URL for Power BI desktop](../../media/c0ef967e-a454-4eba-bc8e-61e113170053.png)
+ ![OData feed URL for Power BI desktop.](../../media/c0ef967e-a454-4eba-bc8e-61e113170053.png)
3. Enter your Microsoft 365 (organization or school) admin credentials to authenticate to Microsoft 365 when prompted.
You can start by connecting directly to the ODATA reporting APIs from Microsoft
This will download the data into your Power BI Desktop. Save this file and then you can start creating the reports you need.
- ![ODATA values available in the reporting API](../../media/545b4d17-dbbd-4cfc-b75a-a8b27283d438.png)
+ ![ODATA values available in the reporting API.](../../media/545b4d17-dbbd-4cfc-b75a-a8b27283d438.png)
### Use the Microsoft 365 usage analytics template
You can download the Power BI template file from the [Microsoft Download Center]
2. Enter your tenant id value in the dialog.
- ![Enter your tenant ID to open the pbit file](../../media/071ed0bf-8b9d-49c6-81fc-fd4c6cc85bd3.png)
+ ![Enter your tenant ID to open the pbit file.](../../media/071ed0bf-8b9d-49c6-81fc-fd4c6cc85bd3.png)
3. Enter your admin credentials to authenticate to Microsoft 365 when prompted.
admin Enable Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/enable-usage-analytics.md
To start the template app, you have to be either a **global administrator**, **r
3. In the **Apps** tab, type Microsoft 365 in the search box and then select **Microsoft 365 usage analytics** \> **Get it now**.
- [![Select Get it now](../../media/78102250-9874-4a32-8365-436f13560b52.png)](https://app.powerbi.com/groups/me/getapps/services/cia_microsoft365.microsoft-365-usage-analytics)
+ [![Select Get it now.](../../media/78102250-9874-4a32-8365-436f13560b52.png)](https://app.powerbi.com/groups/me/getapps/services/cia_microsoft365.microsoft-365-usage-analytics)
4. Once the app is installed. Select the tile to open it.
To start the template app, you have to be either a **global administrator**, **r
7. On the next screen, select **OAuth2** as the **Authentication method** \> **Sign in**. If you choose any other authentication method, the connection to the template app will fail.
- ![Choose Microsoft account as authentication method](../../media/ab6f0463-c3f7-4088-a605-67c699fa86adnew.png)
+ ![Choose Microsoft account as authentication method.](../../media/ab6f0463-c3f7-4088-a605-67c699fa86adnew.png)
8. After the template app is instantiated the Microsoft 365 usage analytics dashboard will be available in Power BI on the web. The initial loading of the dashboard will take between 2 to 30 minutes.
admin Navigate And Utilize Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/navigate-and-utilize-reports.md
To get started with your reports, here are some tips:
- Use the navigation tabs on the left or on a related metric on the **Executive Summary** page to navigate to each top-level report.
- ![Shows the navigation tabs on the left](../../media/navigate-usage-analytics1.png)
+ ![Shows the navigation tabs on the left.](../../media/navigate-usage-analytics1.png)
- Use the navigation tabs at the top of each top-level report to navigate to different reports within that level.
- ![Shows the navigation tabs at the top of each report](../../media/navigate-usage-analytics2.png)
+ ![Shows the navigation tabs at the top of each report.](../../media/navigate-usage-analytics2.png)
- Many reports contain a slicer where you can filter on the product, AAD attribute, or activity that you want to view. These can be either single-select or multi-select.
- ![Shows a slicer](../../media/navigate-usage-analytics3.png)
+ ![Shows a slicer.](../../media/navigate-usage-analytics3.png)
- ![Shows a slicer](../../media/navigate-usage-analytics4.png)
+ ![Shows a slicer.](../../media/navigate-usage-analytics4.png)
- Hover over data points to view a callout that contains details.
- ![Shows hover example](../../media/navigate-usage-analytics6.png)
+ ![Shows hover example.](../../media/navigate-usage-analytics6.png)
The user who has instantiated the template app will have the ability to customize the report to their needs. To customize the template app: - Select **Edit report** at the top of the report.
- ![Shows Edit report](../../media/navigate-usage-analytics7.png)
+ ![Shows Edit report.](../../media/navigate-usage-analytics7.png)
- Create your own visuals by using the underlying [datasets](usage-analytics-data-model.md). - Use Power BI Desktop to bring in your own data sources.
-To share your reports, just select the share button ![Power BI Share icon](../../media/dbb0569d-2013-4f9d-ab9d-d01b09631b92.png) at the top of the page.
+To share your reports, just select the share button ![Power BI Share icon.](../../media/dbb0569d-2013-4f9d-ab9d-d01b09631b92.png) at the top of the page.
To learn how to customize the reports, see [Customizing the reports in Microsoft 365 usage analytics](customize-reports.md).
admin Usage Analytics Data Model https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/usage-analytics-data-model.md
This table contains data about each user who had an activity in any of the servi
|ODB_FileSynched <br/> |Number of files this user synchronized on any OneDrive for Business. <br/> | |ODB_FileSharedInternally <br/> |Number of files this user shared internally from any OneDrive for Business, or with users within groups (that might include external users). <br/> | |ODB_FileSharedExternally <br/> |Number of files this user shared externally from any OneDrive for Business. <br/> |
-|ODB_AccessByOwner <br/> |Number of files the user interacted with that reside on their own OneDrive for Business. <br/> |
-|ODB_AccessOthers <br/> |Number of files this user interacted with which reside on another user's OneDrive for Business. <br/> |
-|SPO_GroupFileViewedModified <br/> |Number of files with this user interacted on any group site. <br/> |
+|ODB_AccessedByOwner <br/> |Number of sites the user interacted with that reside on their own OneDrive for Business. <br/> |
+|ODB_AccessedByOthers <br/> |Number of sites this user interacted with which reside on another user's OneDrive for Business. <br/> |
+|SPO_GroupFileViewedModified <br/> |Number of files this user interacted with on any group site. <br/> |
|SPO_GroupFileSynched <br/> |Number of files this user synchronized on any group site. <br/> | |SPO_GroupFileSharedInternally <br/> |The count of files that have been shared with users within the organization, or with users within groups (that might include external users). <br/> | |SPO_GroupFileSharedExternally <br/> |Number of files this user shared externally from any group site. <br/> |
This table provides data about how Microsoft 365 Groups is used across the organ
|YAM_LikedActivities <br/> |Number of Yammer like activities. <br/> | |YAM_PostedActivties <br/> |Number of Yammer post activities. <br/> | |YAM_ReadActivites <br/> |Number of Yammer read activities. <br/> |
-
+
+### Data table - Tenant Office Licenses
+
+This table provides month-over-month summary data about the license assignment for users.
+
+|**Column name**|**Column description**|
+|:--|:--|
+|LicenseName <br/> |Name of the license. <br/> |
+|AssignedCount <br/> |Number of assigned licenses. <br/> |
+|Timeframe <br/> |Month value. <br/> |
+ ### Data table - Tenant Office Activation The table provides data about the number of Office subscription activations across the service plans, for example, Microsoft 365 Apps for enterprises, Visio, Project. It also provides data about number of activations per device (Android/iOS/Mac/PC).
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
Priority accounts are only available to organizations that meet both of the foll
- Office 365 E3 or Microsoft 365 E3, or Office 365 E5 or Microsoft 365 E5. - At least 10,000 licenses and at least 50 monthly active Exchange Online users.
-![Setup page for the feature: Monitor your most important accounts](../media/MAC-WN-PriorityAccounts.png)
+![Setup page for the feature: Monitor your most important accounts.](../media/MAC-WN-PriorityAccounts.png)
There are two ways to get started:
There has been a lot of work done in the subscriptions management to make the pa
Domain management can be complicated, and we've released a new feature to make that easier. Go to Settings > Domains and then select a domain to get more information about your domain and the domain's health. ### Docs, training, and videos (July 2020)
Just this month, we released a new site on docs.microsoft.com called the [Micros
Well, we did it! We've taken the second step towards a unified roles experience and you can now manage Intune roles in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. You can also leverage features such as the ability to search for roles and view role permissions. This means you donΓÇÖt need two separate tools to manage roles for Microsoft 365 and Intune. When you sign into the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, youΓÇÖll see that there are two pivots on the Roles page, one for Azure AD and one for Intune.
-![Roles page with the Intune pivot selected](../media/MAC-WN-IntuneRoles.png)
+![Roles page with the Intune pivot selected.](../media/MAC-WN-IntuneRoles.png)
### Sync Message Center posts to Planner
We received a lot of feedback from admins about the how hard it is to assign lic
With the uptick in Teams usage, some orgs will get a pinned dashboard card that makes turning Teams on more discoverable. The card also has links to training and docs to help your org transition to remote work. Just go to the **Home** page to see the new card.
-![Microsoft Teams home page card](../media/MAC-WN-TeamsCard.PNG)
+![Microsoft Teams home page card.](../media/MAC-WN-TeamsCard.PNG)
### Customize your organization's SharePoint mobile app theme
We received a lot of feedback from partners and admins about the challenges of m
![Screen capture: top of the Home page showing organization profile name with the switcher icon.](../media/MAC-Organization-switcher.png) 2. In the organization switcher, select the org you want to manage.
-![Screen capture: My organizations tenant switcher with Consolidated Messenger tenant highlighted](../media/MAC-OrgSwitcherSelected.png)
+![Screen capture: My organizations tenant switcher with Consolidated Messenger tenant highlighted.](../media/MAC-OrgSwitcherSelected.png)
That's literally it!!!
bookings Add Questions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/add-questions.md
For more information about how to personalize and customize your booking page, s
In this example, phone number and customer notes have been turned off and we created two new custom questions to ask.
- ![Image of custom questions screen](../media/bookings-questions-custom-fields.png)
+ ![Image of custom questions screen.](../media/bookings-questions-custom-fields.png)
1. To make the question required, select the **Required** checkbox. Your customer won't be able to complete the booking until they've answered the required questions.
Bookings will save all of your custom questions in a master list so that you can
In this example, you can see that the questions that were added for the first service are available for this service. Any questions you create for this service will be available for all services.
- ![Image of questions that appear for multiple services](../media/bookings-questions-services.png)
+ ![Image of questions that appear for multiple services.](../media/bookings-questions-services.png)
If your booking page is already published, you don't need to do anything else. Customers will see the questions the next time they book with you. If your booking page isn't published yet, go to the **booking page** from Outlook on the web, and then select **Save and publish**.
If your booking page is already published, you don't need to do anything else. C
When your customers book an appointment with you, the basic customer information questions will show in the **Add your details** section. Any customized questions you add will be in the **Provide additional information** section.
-![Image of what customers see when questions are enabled](../media/bookings-questions-customer.png)
+![Image of what customers see when questions are enabled.](../media/bookings-questions-customer.png)
## Staff experience When your customers book an appointment with you, your staff will see the questions and the customer's answers on the booking calendar. To see it, go to **Bookings** \> **Calendar** and then open an appointment.
-![Image of what staff see when questions are enabled](../media/bookings-questions-staff.png)
+![Image of what staff see when questions are enabled.](../media/bookings-questions-staff.png)
bookings Add Staff https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/add-staff.md
Although Bookings is a feature of Microsoft 365, not all of your staff members a
6. Select **Notify all staff via email when a booking assigned to them is created or changed** to enable staff emails. The following is an example email:
- :::image type="content" source="media/bookings-notify-all-email.jpg" alt-text="A notification email from Bookings":::
+ :::image type="content" source="media/bookings-notify-all-email.jpg" alt-text="A notification email from Bookings.":::
7. Select **Events on Office 365 calendar affect availability** if you want the free/busy information from staff membersΓÇÖ calendars to impact availability for bookings services through Bookings. For example, if a staff member has a team meeting or a personal appointment scheduled for 3pm on a Wednesday, Bookings will show that staff member as unavailable to be booked in that time slot. That time will appear as busy or tentative in the Bookings calendar view, as shown in the below example.
- :::image type="content" source="media/bookings-busy-tentative-view.jpg" alt-text="A view of a Bookings calendar":::
+ :::image type="content" source="media/bookings-busy-tentative-view.jpg" alt-text="A view of a Bookings calendar.":::
> [!IMPORTANT] > We highly recommend leaving this setting on (it is turned on by default) to avoid double-bookings and to optimize the availability of your staff members.
bookings Create A Manual Booking https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/create-a-manual-booking.md
Bookings can be scheduled and staffed in two different ways. The first way is by
1. In Microsoft 365, select the App launcher, and then select **Bookings**.
- ![Image of Bookings in App launcher](../media/bookings-applauncher.png)
+ ![Image of Bookings in App launcher.](../media/bookings-applauncher.png)
1. In the navigation pane, select **Calendar** \> **New booking**.
- ![Image of New booking UI](../media/bookings-newbooking.png)
+ ![Image of New booking UI.](../media/bookings-newbooking.png)
1. Select the service to be provided. See [Define your service offerings in Microsoft Bookings](define-service-offerings.md) for service setup instructions.
Bookings can be scheduled and staffed in two different ways. The first way is by
1. Select the staff member to provide the service. The list of staff members shown is based on what you set up on the services page.
- ![Image of staff list UI](../media/bookings-staff-list.png)
+ ![Image of staff list UI.](../media/bookings-staff-list.png)
1. Enter the service details, including date, time, location, and other relevant information. Once you enter a valid email address for the customer, the **Save** button will change to **Send**, and you'll see a note telling you that a confirmation will be sent to the customer. The customer confirmation includes an attachment for them to add to their calendar. Selected staff members will also receive meeting invitations with the appointment information so they can add it to their personal calendars.
bookings Customize Booking Page https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/customize-booking-page.md
The section below gives you information about setting up your bookings page and
The internal Booking Page looks like this:
- :::image type="content" source="media/bookings-Self-Service_2.jpg" alt-text="The Bookings Page":::
+ :::image type="content" source="media/bookings-Self-Service_2.jpg" alt-text="The Bookings Page.":::
- **Booking page access control: Require a Microsoft 365 account from my organization to book** Selecting this option will only allow those within your organization to view your page or book any services. Access to the page is authorized via credential checks to ensure the visitor belongs to an account within the tenant.
The section below gives you information about setting up your bookings page and
Once you publish your booking page, customers will see your booking page where they can book appointments with you. The customer facing booking page looks like this: ## Publish the booking page
bookings Define Service Offerings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/define-service-offerings.md
You can also add customized information and URLs to the email confirmation and r
- A link to a Teams or Skype meeting, unique to the booking, will be added to the calendar event on both the staff's and the customers' calendars, along with dial-in information. - The link to join the meeting will be added to all confirmation and reminder emails, as shown in the following example:
- :::image type="content" source="media/bookings-teams-meeting-link.jpg" alt-text="Example of link to join Teams meeting in Bookings":::
+ :::image type="content" source="media/bookings-teams-meeting-link.jpg" alt-text="Example of link to join Teams meeting in Bookings.":::
> [!NOTE] > Teams meetings can be joined via the Teams mobile app, the Teams desktop app, in a Web browser, or via the phone dial-in. We strongly recommend enabling Teams as the default online meeting service for your tenant, for the best experience booking virtual appointments.
You can also add customized information and URLs to the email confirmation and r
- **Cancel booking** This cancels the booking and removes it from the staff's calendar. - **New booking** This option brings the user to the Self-Service page with all services and staff listed, for scheduling a new booking.
- :::image type="content" source="media/bookings-manage-booking-button.jpg" alt-text="The Manage Bookings button in Bookings":::
+ :::image type="content" source="media/bookings-manage-booking-button.jpg" alt-text="The Manage Bookings button in Bookings.":::
We only recommend leaving this setting enabled if you are comfortable with customers accessing the Self-Service page.
You can also add customized information and URLs to the email confirmation and r
9. **Maximum attendees per event** This setting allows you to create services that require the ability for multiple people to book the same appointment time and the same staff (such as a fitness class). The appointment time slot for the selected service, staff, and time will be available to book until the maximum number of attendees, specified by you, has been reached. Current appointment capacity and attendees can be viewed in the Calendar tab in the Bookings Web app.
- :::image type="content" source="media/bookings-maximum-attendees.jpg" alt-text="Example of setting maximum attendees in Bookings":::
+ :::image type="content" source="media/bookings-maximum-attendees.jpg" alt-text="Example of setting maximum attendees in Bookings.":::
10. **Default price** This is the price that will display on the Self-Service page. If **Price not set** is selected, then no price or reference to cost or pricing will appear.
You can also add customized information and URLs to the email confirmation and r
- The default confirmation and reminder emails include basic information about the appointment, such as the customer/client name, staff member's name, the service or appointment booked, and the time of the appointment. For online meetings, a link to join will also be included. The ability to manage the booking can also be included, if this setting is enabled (as described above in step 8).
- :::image type="content" source="media/bookings-remind-confirm.jpg" alt-text="A confirmation email from Bookings":::
+ :::image type="content" source="media/bookings-remind-confirm.jpg" alt-text="A confirmation email from Bookings.":::
- Optionally, you can include any additional text you would like here, such as information about rescheduling or what customers should bring for the appointment. The following is an example of customized text added to the original confirmation email, seen in the **Additional information for Email Confirmation** field:
- :::image type="content" source="media/bookings-additional-info.jpg" alt-text="Additional information in a Bookings email":::
+ :::image type="content" source="media/bookings-additional-info.jpg" alt-text="Additional information in a Bookings email.":::
14. **Enable text message notifications for your customer** If selected, SMS messages are sent to the customer, but only if they opt-in. - Opt-in box on the manual booking and Self-Service Page:
- :::image type="content" source="media/bookings-opt-In-boc.jpg" alt-text="The opt-in box in Bookings":::
+ :::image type="content" source="media/bookings-opt-In-boc.jpg" alt-text="The opt-in box in Bookings.":::
- Text message notifications will look like the following (note that SMS notifications are currently only available in North America):
- :::image type="content" source="media/bookings-text-notifications.jpg" alt-text="A text notification from Bookings":::
+ :::image type="content" source="media/bookings-text-notifications.jpg" alt-text="A text notification from Bookings.":::
15. **Publishing options** Choose whether to have this service appear as bookable on the Self-Service page, or to make the service bookable only on the Calendar tab within the Bookings Web app.
bookings Delete Calendar https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/delete-calendar.md
The booking calendar is where all relevant information about that booking calend
1. In the Admin center, select **Users**.
- ![Image of Users UI in Microsoft 365 admin center](../media/bookings-admin-center-users.png)
+ ![Image of Users UI in Microsoft 365 admin center.](../media/bookings-admin-center-users.png)
1. On the **Active Users** page, choose the names of the users that you want to delete, and then select **Delete user**.
- ![Image of Delete User UI in Microsoft 365 admin center](../media/bookings-delete-user.png)
+ ![Image of Delete User UI in Microsoft 365 admin center.](../media/bookings-delete-user.png)
## Delete a booking calendar using Exchange Online PowerShell
bookings Employee Hours https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/employee-hours.md
Watch this video or follow the steps below to set an employee's working hours.
1. In the navigation pane, select **Staff**, and then select the staff member whose hours you want to set.
- ![Image of Bookings staff screen with name highlighted](../media/bookings-staff-name-highlight.png)
+ ![Image of Bookings staff screen with name highlighted.](../media/bookings-staff-name-highlight.png)
1. Under Working hours, clear the **Use business hours** checkbox. 1. Use the dropdowns to select start and end times for each day. Times are available in 15-minute increments.
- ![Image of Bookings staff working hours screen](../media/bookings-staff-hours.png)
+ ![Image of Bookings staff working hours screen.](../media/bookings-staff-hours.png)
1. Click **+** to add start- and end-time selectors.
When you schedule a day off for an employee, that employee will appear unavailab
1. On the working hours screen, select the **x** next to the day that the employee will have off.
- ![Image of Bookings staff working hours screen with mouse over x button](../media/bookings-staff-time-off.png)
+ ![Image of Bookings staff working hours screen with mouse over x button.](../media/bookings-staff-time-off.png)
1. If you want to schedule a day that was previously marked as a day off, select the **+** sign next to the day you want to schedule.
bookings Enter Business Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/enter-business-information.md
In Microsoft Bookings, the Business Information page within the web app contains
The information you provide here will be displayed on the page customers and clients use to book appointments (known as the booking page) and in messages and reminders sent to them by Bookings. An example of this information on the booking page is highlighted below.
- ![Image of Business Information page example in Microsoft Bookings](../media/bookings-business-info.png)
+ ![Image of Business Information page example in Microsoft Bookings.](../media/bookings-business-info.png)
> [!NOTE] > To get started, see [Get access to Microsoft Bookings](get-access.md). To turn Bookings on or off, see [Turn Bookings on or off for your organization](turn-bookings-on-or-off.md).
For example, you have staff meetings every Thursday from 1 o'clock to 2:30 and w
1. Select **+** to create a new row for Thursday.
- ![Image of Business hours UI](../media/bookings-split-shift.png)
+ ![Image of Business hours UI.](../media/bookings-split-shift.png)
1. In the new row, select 2:30 p.m. for the start time and 6:00 p.m. for the end time.
- ![Image of Business hours UI with hours added](../media/bookings-split-shift-hours.png)
+ ![Image of Business hours UI with hours added.](../media/bookings-split-shift-hours.png)
1. Select Save.
If you haven't already uploaded your business logo to the Bookings app, you can
1. Select **Upload photo**.
- ![Image of upload photo button](../media/bookings-upload-photo.png)
+ ![Image of upload photo button.](../media/bookings-upload-photo.png)
1. Select **Save**.
bookings Get Bookings App https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/get-bookings-app.md
Before getting started, you need to set up Bookings on the web.
1. Can't find the app you're looking for? From the app launcher, select All apps to see an alphabetical list of the Microsoft 365 apps available to you. From there, you can search for a specific app
- ![Image of app launcher](../media/bookings-all-apps-launcher.png)
+ ![Image of app launcher.](../media/bookings-all-apps-launcher.png)
2. Got to [the Office home page](https://office.com) and from the app launcher, select **Bookings**.
bookings Schedule Closures Time Off Vacation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/schedule-closures-time-off-vacation.md
Watch this video or follow the steps below to schedule business closures or empl
1. In the navigation pane, select **Calendar** \> **Time off**.
- ![Image of Bookings calendar view and time off button](../media/bookings-calendar-timeoff.png)
+ ![Image of Bookings calendar view and time off button.](../media/bookings-calendar-timeoff.png)
1. Fill in the details, including a title, start and end date and times, location, and additional notes.
Watch this video or follow the steps below to schedule business closures or empl
When a customer attempts to schedule service on a day the office is closed, they'll see a message on the booking page.
- ![Image of example message that customer sees when trying to book during time off](../media/bookings-timeoff-message.png)
+ ![Image of example message that customer sees when trying to book during time off.](../media/bookings-timeoff-message.png)
## Schedule employee time off 1. In Microsoft 365, select the app launcher, and then select **Bookings**.
- ![Image of app launcher](../media/bookings-applauncher.png)
+ ![Image of app launcher.](../media/bookings-applauncher.png)
1. In the navigation pane, select **Calendar** \> **Time off**.
- ![Image of Bookings calendar view and time off button](../media/bookings-calendar-timeoff.png)
+ ![Image of Bookings calendar view and time off button.](../media/bookings-calendar-timeoff.png)
1. Fill in the details, including a title, start and end date and times, location, and additional notes. If the employee will be gone for a full day or for several days, select **All day event**.
bookings Set Buffer Time https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/set-buffer-time.md
Buffer time defaults are set on the **Service details** page in Bookings. Like a
The buffer time setting can be found just below the **Default duration** pickers on the **Service details** page. Before it can be set for a given service, you must enable the buffer time setting by selecting the buffer time toggle. This causes the **Before** and **After** drop-downs to appear, which are used to pick the default amount of time to hold before and after each booking, as shown here:
- ![Image of Bookings with buffer time enabled](../media/bookings-buffertime.png)
+ ![Image of Bookings with buffer time enabled.](../media/bookings-buffertime.png)
## Buffer time and appointment timing
To avoid confusion about when customers expect to meet with you, Bookings shows
Note that the event itself (on the left in the image below) shows lighter shading for the buffer time and darker shading for the actual customer appointment. The appointment call-out (which is opened when you select the event) specifically states that the appointment is from 9:00AM to 10:00AM with Katie Jordan and includes 15 minutes of buffer time before the appointment and 0 minutes after the appointment. Confirmations and reminders to staff similarly reference specific buffer and appointment time while the customer would only get confirmations and reminders that reference a 9:00AM to 10:00AM appointment time.
- ![Image of Bookings appointment call-out with buffer time showing](../media/bookings-buffertime-callout.png)
+ ![Image of Bookings appointment call-out with buffer time showing.](../media/bookings-buffertime-callout.png)
## Buffer time and availability
bookings Set Language Time Zones https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/set-language-time-zones.md
To set the language and time zone for the booking calendar:
1. Log into Microsoft 365 and select the Outlook tile on the landing page (as shown in the screenshot below) or in the Microsoft 365 App Launcher.
- ![Image of Outlook tile on Microsoft 365 landing page](../media/bookings-outlook-tile.png)
+ ![Image of Outlook tile on Microsoft 365 landing page.](../media/bookings-outlook-tile.png)
1. After Outlook opens, select the **gear icon** in the upper, right-hand corner of the screen to open your personal and account settings, then search for ΓÇ£time zoneΓÇ¥ in the **Settings** panel search box. The panel will update to show your current personal language and time zone settings for this account. As noted above, this setting also controls the language and time zone of the booking calendar.
To set the language and time zone for the booking calendar:
1. In the navigation pane, select **Booking page** and select **Change language and time zone settings**.
- ![Screenshot: Change language and time zone settings link](../media/bookings-region-language-timezone-settings.png)
+ ![Screenshot: Change language and time zone settings link.](../media/bookings-region-language-timezone-settings.png)
1. Select your language and current time zone and choose OK.
- ![Screenshot: Language and time zone settings](../media/bookings-region-timezone-settings.png)
+ ![Screenshot: Language and time zone settings.](../media/bookings-region-timezone-settings.png)
business-video Get Help Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/get-help-support.md
To view feature availability across Office 365 plans, see [Office 365 Service De
Scan this QR code to follow us on WeChat and get the latest updates for Office 365 operated by 21Vianet.
-![QR Code for updates for Office 365 operated by 21Vianet](../media/4d8fe09c-1a11-4cd8-be4c-75add8dccddd.jpg)
+![QR Code for updates for Office 365 operated by 21Vianet.](../media/4d8fe09c-1a11-4cd8-be4c-75add8dccddd.jpg)
::: moniker-end
business-video Overview File Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-file-sharing.md
description: "Overview of how to share your business files."
You need to share files with clients, customers, partners, suppliers, and other people in your business. How do you share files so that everyone can find, open, and edit them?
-|![Securely share](../media/securely-share-file.png)<br/>[Share a file with someone outside of your company](#share-a-file-with-someone-outside-of-your-company)|![Collaborate with a client](../media/share-and-collab-with-partner.png) <br/>[Share and collaborate with a client or business partner](#share-and-collaborate-with-a-client-or-business-partner) | ![Share inside your org](../media/share-inside-your-org.png) <br/>[Share inside your business](#share-inside-your-business) |
+|![Securely share.](../media/securely-share-file.png)<br/>[Share a file with someone outside of your company](#share-a-file-with-someone-outside-of-your-company)|![Collaborate with a client](../media/share-and-collab-with-partner.png) <br/>[Share and collaborate with a client or business partner](#share-and-collaborate-with-a-client-or-business-partner) | ![Share inside your org](../media/share-inside-your-org.png) <br/>[Share inside your business](#share-inside-your-business) |
|--|--|--| Download an infographic to get a quick overview of ways to share your business files.
business-video Overview M365 Security https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/overview-m365-security.md
description: "Learn about the security features included with Microsoft 365 for
Microsoft 365 Business Premium provides threat protection, data protection, and device management features to help you protect your company from online threats and unauthorized access, as well as protect and manage company data on your phones, tablets, and computers.
-|![Threat protection](../media/m365-business-security-threat-protection.png)<br/>[Threat protection](#threat-protection)|![Collaborate with a client](../media/m365-business-security-data-protection.png) <br/>[Data protection](#data-protection) | ![Device management](../media/m365-business-security-device-management.png) <br/>[Device management](#device-management) |
+|![Threat protection.](../media/m365-business-security-threat-protection.png)<br/>[Threat protection](#threat-protection)|![Collaborate with a client](../media/m365-business-security-data-protection.png) <br/>[Data protection](#data-protection) | ![Device management](../media/m365-business-security-device-management.png) <br/>[Device management](#device-management) |
|--|--|--| ## Threat protection
campaigns Create Communications Site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/create-communications-site.md
Include the following elements in your Communications site:
4. Add events to an **Events web part** so everyone can see what's coming up. 5. Add photos that people can use or share to an **Image gallery web part**.
-![Diagram of a SharePoint Communications page with space for common elements that a campaign would need](../media/m365-democracy-comms-site.png)
+![Diagram of a SharePoint Communications page with space for common elements that a campaign would need.](../media/m365-democracy-comms-site.png)
## Infographic: Create a Communications Site infographic The following links for PowerPoint and PDF can be downloaded and printed in tabloid format (also known as ledger, 11 x 17, or A3).
-[![Image for communications site infographic](../media/M365-Campaigns-CreateCommunicationSite-358-201.png)](downloads/M365CampaignsCreateCommunicationSite.pdf)
+[![Image for communications site infographic.](../media/M365-Campaigns-CreateCommunicationSite-358-201.png)](downloads/M365CampaignsCreateCommunicationSite.pdf)
[PDF](downloads/M365CampaignsCreateCommunicationSite.pdf) | [PowerPoint](downloads/M365CampaignsCreateCommunicationSite.pptx)
campaigns Create Teams For Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/create-teams-for-collaboration.md
For example, a business, legal firm, or healthcare practice could create the fol
1. **Individual teams:** Set up teams for smaller groups to collaborate about their day to day work. 1. **An external communications team or teams:** Coordinate with your vendors, partners, or clients without allowing them into anything sensitive. Set up different channels for specific groups.
-![Diagram of a Microsoft Teams window with three separate teams to allow for secure communication and collaboration within a business](../media/m365-democracy-teams-business-collab.png)
+![Diagram of a Microsoft Teams window with three separate teams to allow for secure communication and collaboration within a business.](../media/m365-democracy-teams-business-collab.png)
And campaigns could create the following teams to communicate and collaborate securely:
And campaigns could create the following teams to communicate and collaborate se
2. **A general campaign team:** This is for everyone to use for day to day communications and work. Individuals, groups, or committees can set up channels in this team to do their work. For example, the event planning people can set up a channel to chat and coordinate logistics for campaign events. 3. **A partners team:** Coordinate with your vendors, partners, or volunteers without allowing them into anything sensitive.
-![Diagram of a Microsoft Teams window with three separate teams to allow for secure communication and collaboration within a campaign](../media/m365-democracy-teams-collab.png)
+![Diagram of a Microsoft Teams window with three separate teams to allow for secure communication and collaboration within a campaign.](../media/m365-democracy-teams-collab.png)
When you create a team, here's what else gets created:
campaigns Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/index.md
description: "Microsoft 365 Business Premium security and collaboration recommen
If you have Microsoft 365 Business Premium, the guidance in this library is the quickest way to setup security and begin collaborating safely. In our current world, keeping data and communications secure is a priority, particularly for medical and legal practices, political campaigns, and many other smaller businesses. This solution provides a set of recommendations designed to help protect you and your data. This library includes help for setting up and using this recommended environment, no matter your business type.
-![Microsoft 365 Business Premium protects your productivity tools, collaboration tools, file storage, email, devices, and identity](../media/M365-WhatIsIt-SecurityFocus.png#lightbox)
+![Microsoft 365 Business Premium protects your productivity tools, collaboration tools, file storage, email, devices, and identity.](../media/M365-WhatIsIt-SecurityFocus.png#lightbox)
This configuration includes the following guidance for productivity, collaboration, file storage, email, devices, and identity to protect your business:
After you set up your secure Microsoft 365 environment, you can use the followin
| Create teams for collaboration | Set up online meetings | | - | - |
-| ![a SharePoint communication site](../media/sm-m365-democracy-teams-collab.png) | ![an online meeting](../media/m365-democracy-teams-meetings.png) |
+| ![a SharePoint communication site.](../media/sm-m365-democracy-teams-collab.png) | ![an online meeting](../media/m365-democracy-teams-meetings.png) |
| Collaborate with teams for key staff, all staff, and partners or vendors.<br>[Create your team](create-teams-for-collaboration.md) | Schedule a meeting with audio, video, and sharing with Microsoft Teams.<br>[Set up a meeting](set-up-meetings.md) | | Encrypt or label your sensitive email | Create a communications site | | - | - |
-| ![Encrypted and labeled email](../media/sm-m365-campaign-email-encrypt.png) | ![a SharePoint communications site](../media/sm-m365-democracy-comms-site.png) |
+| ![Encrypted and labeled email.](../media/sm-m365-campaign-email-encrypt.png) | ![a SharePoint communications site](../media/sm-m365-democracy-comms-site.png) |
| Use encryption and sensitivity labels to protect email that contains confidential or sensitive information.<br>[Send encrypted email](send-encrypted-email.md) | Share events, message, images, and more with your team in an internal communications site created with SharePoint.<br>[Create your site](create-communications-site.md) | | Share files and videos | | - |
-| ![sharing a file in Microsoft Teams](../media/m365-democracy-teams-sharefiles.png) |
+| ![sharing a file in Microsoft Teams.](../media/m365-democracy-teams-sharefiles.png) |
| Save your files and videos to the cloud so they're available <br>to all of the appropriate people.<br>[Start sharing](share-files-and-videos.md) |
campaigns M365 Campaigns Increase Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-increase-protection.md
You can use activity alerts to track admin and user activities and detect malwar
The following figure shows the default policies that are included with Microsoft 365.
-![Default alert policies included with Microsoft 365](../media/alertpolicies.png)
+![Default alert policies included with Microsoft 365.](../media/alertpolicies.png)
## Disable or manage calendar sharing
campaigns M365 Campaigns Phishing And Attacks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-phishing-and-attacks.md
Help your customers trust your communications by adding a digital signature to p
Download this infographic with tips for you and the members of your campaign team:
-[![The help protect your campaign info graphic](../media/M365-Campaigns-WhatCanUsersDoToSecure-358x201.png)](downloads/M365CampaignsWhatCanUsersDoToSecure.pdf)
+[![The help protect your campaign info graphic.](../media/M365-Campaigns-WhatCanUsersDoToSecure-358x201.png)](downloads/M365CampaignsWhatCanUsersDoToSecure.pdf)
[PDF](downloads/M365CampaignsWhatCanUsersDoToSecure.pdf) | [PowerPoint](https://github.com/MicrosoftDocs/microsoft-365-docs-pr/raw/live/m365-democracy/microsoft-365/campaigns/downloads/M365CampaignsWhatCanUsersDoToSecure.pptx)
campaigns M365 Campaigns Protect Admin Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-protect-admin-accounts.md
To create additional admin accounts:
1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=837890" target="_blank">admin center</a> and then choose **Users** \> **Active users** in the left nav.
- ![Choose Users and then Active users in the left nav](../media/Activeusers.png)
+ ![Choose Users and then Active users in the left nav.](../media/Activeusers.png)
2. On the **Active users** page, select **Add a user** at the top of the page, and on the **New user** panel, enter the name and other information. 3. Expand the **Roles** section, and choose **Global administrator** to give this user global admin access. You can also choose **Customized administrator** and choose any of the roles that are displayed. Enter an alternate email in the **Alternative email address** text box. You can use this address to recover your password information if you get locked out. For Global admins, a billing statement will also be sent to this address.
- ![Choose the administrator role](../media/adminroles.png)
+ ![Choose the administrator role.](../media/adminroles.png)
4. In the **Product licenses** section, move the selector for **Microsoft 365 Business** to **Off** and the **Create user without product license** to **On**.
- ![Choose the product license](../media/productlicense.png)
+ ![Choose the product license.](../media/productlicense.png)
## Create an emergency admin account
campaigns M365 Campaigns Protect Campaign Infographic https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-protect-campaign-infographic.md
description: "What you can do to help protect your campaign from digital attacks
The following links for PowerPoint and PDF can be downloaded and printed in tabloid format (also known as ledger, 11 x 17, or A3).
-[![Image for secure your help protect your campaign info graphic](../media/M365-Campaigns-WhatCanUsersDoToSecure-358x201.png)](downloads/M365CampaignsWhatCanUsersDoToSecure.pdf)
+[![Image for secure your help protect your campaign info graphic.](../media/M365-Campaigns-WhatCanUsersDoToSecure-358x201.png)](downloads/M365CampaignsWhatCanUsersDoToSecure.pdf)
[PDF](downloads/M365CampaignsWhatCanUsersDoToSecure.pdf) | [PowerPoint](https://github.com/MicrosoftDocs/microsoft-365-docs-pr/raw/live/m365-democracy/microsoft-365/campaigns/downloads/M365CampaignsWhatCanUsersDoToSecure.pptx)
campaigns M365 Campaigns Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-users.md
description: "Learn how these security recommendations for Microsoft 365 Busines
The security recommendations for Microsoft 365 in this solution make it much harder for hackers to gain access to your environment. The tradeoff is that your users will need to be aware of how to work within this more secure environment. We understand a little extra patience is required, but it's worth it to keep your organization protected.
-![Illustration that sums up key points from below for iPhones, Android devices, Macs, Windows 10, sharing, and key staff](../media/M365-democracy-Users_900px.png)
+![Illustration that sums up key points from below for iPhones, Android devices, Macs, Windows 10, sharing, and key staff.](../media/M365-democracy-Users_900px.png)
## Use secure email practices
campaigns Microsoft 365 Campaigns Setup Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/microsoft-365-campaigns-setup-overview.md
This article describes the process of setting up Microsoft 365. Anybody with Mic
The following diagram describes how admins set up Microsoft 365.
-![Steps to set up Microsoft 365](../media/M365-democracy-SetUpProcess.png)
+![Steps to set up Microsoft 365.](../media/M365-democracy-SetUpProcess.png)
For campaigns that qualify for special pricing, get started by [requesting an invite from Microsoft](https://m365forcampaigns.microsoft.com/), then [signing up for Microsoft 365 for Campaigns](m365-campaigns-sign-up.md). To complete setup, [run the setup wizard](../business/set-up.md?toc=/microsoft-365/campaigns/toc.json) to configure the core settings.
For all organizations, bump up security protection by: [protecting admin account
Users will need to take a few minutes to set up devices to work with this environment. For your key users (those who are the highest value targets for hackers), you can set up and pre-configure new devices. This helps them to get started when they sign in with their Microsoft 365 credentials.
-![User device setup process](../media/m365-democracy-user-device-setup.png)
+![User device setup process.](../media/m365-democracy-user-device-setup.png)
To set up user devices:
campaigns Send Encrypted Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/send-encrypted-email.md
Before you send email with confidential or sensitive information, consider turni
- **Encryption:** You can encrypt your email to protect the privacy of the information in the email. When you encrypt an email message, it's converted from readable plain text into scrambled cypher text. Only the recipient who has the private key that matches the public key used to encrypt the message can decipher the message for reading. Any recipient without the corresponding private key, however, sees indecipherable text. Your admin can define rules to automatically encrypt messages that meet certain criteria. For instance, your admin can create a rule that encrypts all messages sent outside your organization or all messages that mention specific words or phrases. Any encryption rules will be applied automatically. - **Sensitivity labels:** Your campaign can also set up sensitivity labels that you can apply to your files and email to keep them compliant with your campaign's information protection policies. When you set a label, the label persists with your email, even when it's sent - for example, by appearing as a header to your message.
-![Diagram of an email with callouts for labels and encryption](../media/m365-campaign-email-encrypt.png)
+![Diagram of an email with callouts for labels and encryption.](../media/m365-campaign-email-encrypt.png)
## Set it up
campaigns Set Up Meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/set-up-meetings.md
description: "Set up online meetings with Microsoft Teams."
Meetings in Microsoft Teams include audio, video, and sharing. And because they're online, you'll always have a meeting space (without needing a room or projector!), even if your staff is geographically distributed or working remotely. Microsoft Teams meetings are a great way to come together with your staff both inside and outside of your organization. You don’t need to be a member of your organization or even have an account to join a meeting. You can schedule and run online meetings using Microsoft Teams. During a meeting, you can share your screen, share files, assign tasks, and more. Political campaigns can include staff, volunteers, and guests outside your organization in the meeting. Small firms or practices can meet with their staff, or meet with clients or partners over Microsoft Teams.
-[![An illustration of two users in a meeting](../media/HostOnlineMeeting-thumb-358x201.png)](https://go.microsoft.com/fwlink/?linkid=2078712)
+[![An illustration of two users in a meeting.](../media/HostOnlineMeeting-thumb-358x201.png)](https://go.microsoft.com/fwlink/?linkid=2078712)
Download an infographic in [PDF](https://go.microsoft.com/fwlink/?linkid=2078712) or [PowerPoint](https://go.microsoft.com/fwlink/?linkid=2079515) to get a quick overview of how to join or host an online meeting with Microsoft Teams.
campaigns Share Files And Videos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/share-files-and-videos.md
description: "Share files and videos inside your campaign with Microsoft Teams a
When you need to control who can view and who can edit your files, you need to store the files in a secure location, where you can make sure permissions are applied appropriately. You can use Microsoft Teams to store your files, and then share the files either inside or outside of your firm, practice, or campaign by using Microsoft Teams or by sending SharePoint links. Sending a link rather than an email attachment means that you know who is viewing and modifying the files, and they can't be viewed or modified without your permission.
-![Diagram of a Microsoft Teams window, showing Files tab and Get link on the menu](../media/m365-democracy-teams-sharefiles.png)
+![Diagram of a Microsoft Teams window, showing Files tab and Get link on the menu.](../media/m365-democracy-teams-sharefiles.png)
With your files in Microsoft Teams and SharePoint, you can also work on the files together and review each other's changes. Use Microsoft Teams to share files inside of a firm, practice, or campaign. If you need to share externally with people outside your organization, you can add them as guests to a team or send them a secure SharePoint link.
To create and share videos, follow these steps.
Download an infographic in [PDF](https://go.microsoft.com/fwlink/?linkid=2079435) or [PowerPoint](https://go.microsoft.com/fwlink/?linkid=2079438) to get a quick overview of ways to share your files.
-[![An illustration of sharing files with different users](../media/ShareYourfiles-thumb-358x201.png)](https://go.microsoft.com/fwlink/?linkid=2079435)
+[![An illustration of sharing files with different users.](../media/ShareYourfiles-thumb-358x201.png)](https://go.microsoft.com/fwlink/?linkid=2079435)
commerce Add Storage Space https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/add-storage-space.md
You must be a Global or SharePoint admin to do the tasks in this article. For mo
2. In the upper right of the page, see the amount of storage used across all sites, and the total storage for your subscription. If your organization has configured Multi-Geo in Office 365, the bar also shows the amount of storage used across all geo locations.
- ![Storage bar on the Active sites page](/sharepoint/sharepointonline/media/active-sites-storage-bar.png)
+ ![Storage bar on the Active sites page.](/sharepoint/sharepointonline/media/active-sites-storage-bar.png)
> [!NOTE] > The storage used doesn't include changes made within the last 24-48 hours.
commerce Understand Proposal Workflow https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/understand-proposal-workflow.md
you automatically become the billing account owner, provided you:
- Are the person named in the proposal\ OR-- Are already an [Azure Active Directory global admin](/azure/active-directory/users-groups-roles/directory-assign-admin-roles) for your
+- Are already an [Azure Active Directory global admin](/azure/active-directory/roles/permissions-reference#global-administrator) for your
organization ## What is the overall workflow?
compliance Acknowledge Hold Notification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/acknowledge-hold-notification.md
Based on the configuration of your legal hold notification, your custodians may
In addition to the email notifications, each custodian will have access to a unique Compliance Portal. Through the portal, each custodian can view, access, and acknowledge their active hold notifications.
-![Compliance Portal for a custodian](../media/CustodianPortal.jpg)
+![Compliance Portal for a custodian.](../media/CustodianPortal.jpg)
compliance Add Custodians To Case https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/add-custodians-to-case.md
You can add and manage custodians in Advanced eDiscovery cases in four steps:
4. Review the custodians and complete the process.
- [ ![Sources tab in Advanced eDiscovery case](../media/AeD-Sources-Tab.png) ](../media/AeD-Sources-Tab.png#lightbox)
+ [ ![Sources tab in Advanced eDiscovery case.](../media/AeD-Sources-Tab.png) ](../media/AeD-Sources-Tab.png#lightbox)
## Make sure you have the necessary permissions
To deselect the primary mailbox and OneDrive account for a custodian:
2. Select **Clear** next to **Mailbox** or **OneDrive** to remove a custodian's mailbox or OneDrive account from being associated as a data location for this custodian.
- ![Configure locations to associate to a custodian](../media/ConfigureCustodianLocations.png)
+ ![Configure locations to associate to a custodian.](../media/ConfigureCustodianLocations.png)
To associate other mailboxes, sites, Teams, or Yammer groups to a specific custodian:
Before you actually add the custodians to the case, you can review the list of c
The new custodians are added to the case and displayed on the **Data sources** tab.
- [ ![Custodians listed on the Data sources tab](../media/DataSourcesTab.png) ](../media/DataSourcesTab.png#lightbox)
+ [ ![Custodians listed on the Data sources tab.](../media/DataSourcesTab.png) ](../media/DataSourcesTab.png#lightbox)
compliance Add Data To Review Set From Another Review Set https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/add-data-to-review-set-from-another-review-set.md
Before you start, you'll need to create a review set to add the data to. A new
You can add content from one review set to another one by selecting specific documents in the source review set or by selecting all items returned by review set query. If you're adding selected items, select the items, select **Action**, and then select **Add to another review set**.
-![Add to another review set in the Action menu](../media/64f2a4d4-eba3-4ab3-a3ba-d519feea3142.png)
+![Add to another review set in the Action menu.](../media/64f2a4d4-eba3-4ab3-a3ba-d519feea3142.png)
## Step 2: Specify options for adding to another review set In the **Add to another review set options** flyout page, choose the review set you want to add the items to. Choose whether to add **All search results** or **Selected items**. **Additional information** provides options to include all metadata from the items and whether to include the tags (by selecting the **Labels** check box) from the source review set when the documents are added to the new review set.
-![Options for adding data to another review set](../media/6440ee44-68fd-44d7-b43a-3a477345525c.png)
+![Options for adding data to another review set.](../media/6440ee44-68fd-44d7-b43a-3a477345525c.png)
After you click **Ok**, a new job (named **Adding data to another review set**) is created to add the content to another review set. You can go to the **Jobs** tab and monitor the progress of this job. For more information, see [Manage jobs](managing-jobs-ediscovery20.md).
compliance Add Data To Review Set https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/add-data-to-review-set.md
To add data to a review set, click a search on the **Searches** tab, and then cl
You can add to an existing review set or create a new review set. If adding to a new review set, specify the name and then click **Add** to display the flyout page.
-![Select a review set and configure collection options](../media/AeD_AddToReviewSet.png)
+![Select a review set and configure collection options.](../media/AeD_AddToReviewSet.png)
Adding data to a review set is a long-running process. This process includes gathering items from the original data sources in Microsoft 365 (for example, from mailboxes and sites), copying them to the Azure Storage location (this copying process is also called *ingestion*), and then reindexing the items. You can track the progress on the **Jobs** tab or on the **Searches** tab by monitoring the status in the **Added data to review set** column. After the review set processing is completed, click the **Review sets** tab in the case, and then click the review set to start the process of filtering, reviewing, tagging, and exporting data in the review set.
compliance Add Your Organization Brand To Encrypted Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages.md
Use Windows PowerShell to modify one branding template at a time. If you have Ad
2. Use the Set-OMEConfiguration cmdlet as described in [Set-OMEConfiguration](/powershell/module/exchange/Set-OMEConfiguration) or use the following graphic and table for guidance.
-![Customizable email parts](../media/ome-template-breakout.png)
+![Customizable email parts.](../media/ome-template-breakout.png)
|**To customize this feature of the encryption experience**|**Use these commands**| |:--|:--|
For information on how to create an Exchange mail flow rule that applies encrypt
3. In the Microsoft 365 admin center, choose **Admin centers** \> **Exchange**.
-4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
+4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
5. In **Name**, type a name for the rule, such as Branding for sales department.
compliance Advanced Audit https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-audit.md
For information about audit records for MailItemsAccessed activities, see [Use A
To search for MailItemsAccessed audit records, you can search for the **Accessed mailbox items** activity in the **Exchange mailbox activities** drop-down list in the [audit log search tool](search-the-audit-log-in-security-and-compliance.md) in the Microsoft 365 compliance center.
-![Searching for MailItemsAccessed actions in the audit log search tool](../media/AdvAudit_MailItemsAccessed.png)
+![Searching for MailItemsAccessed actions in the audit log search tool.](../media/AdvAudit_MailItemsAccessed.png)
You can also run the [Search-UnifiedAuditLog -Operations MailItemsAccessed](/powershell/module/exchange/search-unifiedauditlog) or [Search-MailboxAuditLog -Operations MailItemsAccessed](/powershell/module/exchange/search-mailboxauditlog) commands in Exchange Online PowerShell.
Investigators can use the Send event to identify email sent from a compromised a
To search for Send audit records, you can search for the **Sent message** activity in the **Exchange mailbox activities** drop-down list in the [audit log search tool](search-the-audit-log-in-security-and-compliance.md) in the Microsoft 365 compliance center.
-![Searching for Sent message actions in the audit log search tool](../media/AdvAudit_SentMessage.png)
+![Searching for Sent message actions in the audit log search tool.](../media/AdvAudit_SentMessage.png)
You can also run the [Search-UnifiedAuditLog -Operations Send](/powershell/module/exchange/search-unifiedauditlog) or [Search-MailboxAuditLog -Operations Send](/powershell/module/exchange/search-mailboxauditlog) commands in Exchange Online PowerShell.
Investigators can use the SearchQueryInitiatedExchange event to determine if an
To search for SearchQueryInitiatedExchange audit records, you can search for the **Performed email search** activity in the **Search activities** drop-down list in the [audit log search tool](search-the-audit-log-in-security-and-compliance.md) in the compliance center.
-![Searching for Performed email search actions in the audit log search tool](../media/AdvAudit_SearchExchange.png)
+![Searching for Performed email search actions in the audit log search tool.](../media/AdvAudit_SearchExchange.png)
You can also run the [Search-UnifiedAuditLog -Operations SearchQueryInitiatedExchange](/powershell/module/exchange/search-unifiedauditlog) in Exchange Online PowerShell.
Investigators can use the SearchQueryInitiatedSharePoint event to determine if a
To search for SearchQueryInitiatedSharePoint audit records, you can search for the **Performed SharePoint search** activity in the **Search activities** drop-down list in the [audit log search tool](search-the-audit-log-in-security-and-compliance.md) in the compliance center.
-![Searching for Performed SharePoint search actions in the audit log search tool](../media/AdvAudit_SearchSharePoint.png)
+![Searching for Performed SharePoint search actions in the audit log search tool.](../media/AdvAudit_SearchSharePoint.png)
You can also run the [Search-UnifiedAuditLog -Operations SearchQueryInitiatedSharePoint](/powershell/module/exchange/search-unifiedauditlog) in Exchange Online PowerShell.
compliance Advanced Ediscovery Dashboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-ediscovery-dashboard.md
For some cases in Advanced eDiscovery, you may have a large volume of documents
4. In the **Individual results** dropdown list, click **Search profile view**.
- ![DashbordPivot](../media/dashboardpivot.png)
+ ![DashbordPivot.](../media/dashboardpivot.png)
The **Search profile view** page is displayed; the first time you display this page, three default widgets are displayed.
- ![Dashboard](../media/dashboardonly.png)
+ ![Dashboard.](../media/dashboardonly.png)
5. Click the **New widget** and then select one of the following items:
- ![New widget dropdown list](../media/NewWidgetDropdownBox.png)
+ ![New widget dropdown list.](../media/NewWidgetDropdownBox.png)
- **Choose from library:** Displays a default library of widgets. You click a widget and then click **Add** to add it to the widgets on the **Search profile view** page.
For some cases in Advanced eDiscovery, you may have a large volume of documents
6. To create a custom widget, do the following on the **Add widget** flyout page:
- ![Create Widget](../media/addwidget.png)
+ ![Create Widget.](../media/addwidget.png)
a. Type a name for the widget, which is displayed in the widget title bar. Naming a widget is required, but it's helpful to identify the widget data.
For some cases in Advanced eDiscovery, you may have a large volume of documents
1. Click **...** in the widget title bar, and then click **Apply condition**.
- ![Dashboard](../media/searchprofilehome.png)
+ ![Dashboard.](../media/searchprofilehome.png)
2. On the flyout page, click an element on the widget key or widget chart to create a filter.
- ![CreateFilter](../media/applyconditionfilter.png)
+ ![CreateFilter.](../media/applyconditionfilter.png)
3. Repeat steps 1-2 for other widgets multiple widgets. 4. When you're done, click **Save as query** to save your conditions as a new search query for the review set.
- ![Query](../media/savequery.png)
+ ![Query.](../media/savequery.png)
5. Close the **Search profile view** to return to the search results view.
compliance Advanced Ediscovery Large Cases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/advanced-ediscovery-large-cases.md
To create a large case:
The **New eDiscovery case** flyout page is displayed. The **Case format** section provides the option to create a large case. Choose this case type if you need to collect a large amount of content in a short period of time.
- ![Large case option on the New eDiscovery case page](..\media\AeDLargeCases1.png)
+ ![Large case option on the New eDiscovery case page.](..\media\AeDLargeCases1.png)
4. After naming the case, select the **Large case** option, and then click **Save** to create the large case.
Here's a list of other benefits of large cases in Advanced eDiscovery workflow.
Additionally, the new large case format includes an updated user interface that displays the total size of each review set in the case. Review set sizes are displayed in a column on the **Review sets** tab and in a flyout pane that persists of every tab in the case.
-![Large case statistics in Advanced eDiscovery user interface](..\media\LargeCaseUI.png)
+![Large case statistics in Advanced eDiscovery user interface.](..\media\LargeCaseUI.png)
## Known issues
compliance Alert Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/alert-policies.md
Alert policies let you categorize the alerts that are triggered by a policy, app
Here's a quick overview of how alert policies work and the alerts that are triggers when user or admin activity matches the conditions of an alert policy.
-![Overview of how alert policies work](../media/M365ComplianceDefender-AlertPolicies-Overview.png)
+![Overview of how alert policies work.](../media/M365ComplianceDefender-AlertPolicies-Overview.png)
1. An admin in your organization creates, configures, and turns on an alert policy by using the **Alert policies** page in the Microsoft 365 compliance center or the Microsoft 365 Defender portal. You can also create alert policies by using the [New-ProtectionAlert](/powershell/module/exchange/new-protectionalert) cmdlet in Security & Compliance Center PowerShell.
To view and create alert policies:
Go to <https://compliance.microsoft.com> and then select **Policies** > **Alert** > **Alert policies**. Alternatively, you can go directly to <https://compliance.microsoft.com/alertpolicies>.
-![In the compliance center, select Policies,and under Alert, select Alert policies to view and create alert policies](../media/LaunchAlertPoliciesMCC.png)
+![In the compliance center, select Policies,and under Alert, select Alert policies to view and create alert policies.](../media/LaunchAlertPoliciesMCC.png)
### Microsoft 365 Defender portal Go to <https://security.microsoft.com> and under **Email & collaboration** select **Policies & rules** > **Alert policy**. Alternatively, you can go directly to <https://security.microsoft.com/alertpolicies>.
-![In the Defender portal, select Policies & rules under Email & collaboration, and then select Alert policy to view and create alert policies](../media/LaunchAlertPoliciesDefenderPortal.png)
+![In the Defender portal, select Policies & rules under Email & collaboration, and then select Alert policy to view and create alert policies.](../media/LaunchAlertPoliciesDefenderPortal.png)
> [!NOTE] > You have to be assigned the View-Only Manage Alerts role to view alert policies in the compliance center or Defender portal. You have to be assigned the Manage Alerts role to create and edit alert policies. For more information, see [Permissions in the security and compliance center](../security/office-365-security/permissions-in-the-security-and-compliance-center.md).
You can also define user tags as a condition of an alert policy. This results in
- **When the alert is triggered**. You can configure a setting that defines how often an activity can occur before an alert is triggered. This allows you to set up a policy to generate an alert every time an activity matches the policy conditions, when a certain threshold is exceeded, or when the occurrence of the activity the alert is tracking becomes unusual for your organization.
- ![Configure how alerts are triggered, based on when the activity occurs, a threshold, or unusual activity for your organization](../media/howalertsaretriggered.png)
+ ![Configure how alerts are triggered, based on when the activity occurs, a threshold, or unusual activity for your organization.](../media/howalertsaretriggered.png)
If you select the setting based on unusual activity, Microsoft establishes a baseline value that defines the normal frequency for the selected activity. It takes up to seven days to establish this baseline, during which alerts won't be generated. After the baseline is established, an alert is triggered when the frequency of the activity tracked by the alert policy greatly exceeds the baseline value. For auditing-related activities (such as file and folder activities), you can establish a baseline based on a single user or based on all users in your organization; for malware-related activities, you can establish a baseline based on a single malware family, a single recipient, or all messages in your organization.
To view alerts:
Go to <https://compliance.microsoft.com> and then select **Alerts**. Alternatively, you can go directly to <https://compliance.microsoft.com/compliancealerts>.
-![In the Microsoft 365 compliance center, select Alerts](../media/ViewAlertsMCC.png)
+![In the Microsoft 365 compliance center, select Alerts.](../media/ViewAlertsMCC.png)
### Microsoft 365 Defender portal Go to <https://security.microsoft.com> and then select **Incidents & alerts** > **Alerts**. Alternatively, you can go directly to <https://security.microsoft.com/alerts>.
-![In the Microsoft 365 Defender portal, select Incidents & alerts and then select Alerts](../media/ViewAlertsDefenderPortal.png)
+![In the Microsoft 365 Defender portal, select Incidents & alerts and then select Alerts.](../media/ViewAlertsDefenderPortal.png)
You can use the following filters to view a subset of all the alerts on the **Alerts** page.
When events that match the same alert policy occur within the aggregation interv
The following screenshot shows an alert with four aggregated events. The activity list contains information about the four email messages relevant to the alert.
-![Example of alert aggregation](../media/AggregatedAlertExample.png)
+![Example of alert aggregation.](../media/AggregatedAlertExample.png)
Keep the following things in mind about alert aggregation:
To see which category a default alert policy is assigned to, see the table in [D
|:|::|::|::|::|::|::| |Audit Logs||||||| |Case Management|||||||
-|Compliance Administrator|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||![Check mark](../media/checkmark.png)||![Check mark](../media/checkmark.png)|
+|Compliance Administrator|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)||![Check mark.](../media/checkmark.png)||![Check mark.](../media/checkmark.png)|
|Compliance Search||||||| |Device Management||||||| |Disposition Management|||||||
-|DLP Compliance Management||![Check mark](../media/checkmark.png)|||||
+|DLP Compliance Management||![Check mark.](../media/checkmark.png)|||||
|Export||||||| |Hold|||||||
-|Manage Alerts||||||![Check mark](../media/checkmark.png)|
-|Organization Configuration||||||![Check mark](../media/checkmark.png)|
+|Manage Alerts||||||![Check mark.](../media/checkmark.png)|
+|Organization Configuration||||||![Check mark.](../media/checkmark.png)|
|Preview|||||||
-|Record Management|![Check mark](../media/checkmark.png)||||||
-|Retention Management|![Check mark](../media/checkmark.png)||||||
+|Record Management|![Check mark.](../media/checkmark.png)||||||
+|Retention Management|![Check mark.](../media/checkmark.png)||||||
|Review||||||| |RMS Decrypt|||||||
-|Role Management||||![Check mark](../media/checkmark.png)|||
+|Role Management||||![Check mark.](../media/checkmark.png)|||
|Search And Purge|||||||
-|Security Administrator||![Check mark](../media/checkmark.png)||![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|
-|Security Reader||![Check mark](../media/checkmark.png)||![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)
+|Security Administrator||![Check mark.](../media/checkmark.png)||![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|
+|Security Reader||![Check mark.](../media/checkmark.png)||![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)
|Service Assurance View||||||| |Supervisory Review Administrator||||||| |View-Only Audit Logs||||||| |View-Only Device Management|||||||
-|View-Only DLP Compliance Management||![Check mark](../media/checkmark.png)|||||
+|View-Only DLP Compliance Management||![Check mark.](../media/checkmark.png)|||||
|View-Only Manage Alerts||||||![Check mark](../media/checkmark.png)| |View-Only Recipients|||![Check mark](../media/checkmark.png)|||| |View-Only Record Management|![Check mark](../media/checkmark.png)||||||
Organizations that have Microsoft Cloud App Security as part of an Enterprise Mo
To display only Cloud App Security alerts in the compliance center or the Defender portal, use the **Source** filter and select **Cloud App Security**.
-![Use the Source filter to display only Cloud App Security alerts](../media/FilterCASAlerts.png)
+![Use the Source filter to display only Cloud App Security alerts.](../media/FilterCASAlerts.png)
Similar to an alert triggered by an alert policy in the compliance center, you can select a Cloud App Security alert to display a flyout page with details about the alert. The alert includes a link to view the details and manage the alert in the Cloud App Security portal and a link to the corresponding Cloud App Security policy that triggered the alert. See [Monitor alerts in Cloud App Security](/cloud-app-security/monitor-alerts).
-![Alert details contain links to the Cloud App Security portal](../media/CASAlertDetail.png)
+![Alert details contain links to the Cloud App Security portal.](../media/CASAlertDetail.png)
> [!IMPORTANT] > Changing the status of a Cloud App Security alert in the compliance center won't update the resolution status for the same alert in the Cloud App Security portal. For example, if you mark the status of the alert as **Resolved** in the compliance center, the status of the alert in the Cloud App Security portal is unchanged. To resolve or dismiss a Cloud App Security alert, manage the alert in the Cloud App Security portal.
compliance App Governance App Policies Create https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-app-policies-create.md
Publish metadata-based policies
Now that your app policy is created, you should monitor it on the **Policies** page to ensure it is registering an expected number of active alerts and total alerts during testing.
-![The MAPG policies summary page in the Microsoft 365 Compliance Center with a highlighted policy](..\media\manage-app-protection-governance\mapg-cc-policies-policy.png)
+![The MAPG policies summary page in the Microsoft 365 Compliance Center with a highlighted policy.](..\media\manage-app-protection-governance\mapg-cc-policies-policy.png)
If the number of alerts is an unexpectedly low value, edit the settings of the app policy to ensure you've configured it correctly before setting its status.
Here is an example of a process for creating a new policy, testing it, and then
3. If the behavior is not expected, edit the policy apps, conditions, and action settings as needed and go back to step 2. 4. If the behavior is expected, edit the policy and change its status to **Active**.
-![The create app policy workflow](../media/manage-app-protection-governance/mapg-create-new-policy-process.png)
+![The create app policy workflow.](../media/manage-app-protection-governance/mapg-create-new-policy-process.png)
## Next step
compliance App Governance App Policies Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-app-policies-get-started.md
App policies for Microsoft app governance are the way that you can implement mor
To see the list of current app policies, go to **Microsoft 365 Compliance Center > App governance > Policies**.
-![The MAPG policies summary page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-policies.png)
+![The MAPG policies summary page in the Microsoft 365 Compliance Center.](..\media\manage-app-protection-governance\mapg-cc-policies.png)
## WhatΓÇÖs available on the app policies dashboard
compliance App Governance App Policies Manage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-app-policies-manage.md
Here's an example of a process for managing an existing policy:
1. If the behavior is not expected, go back to step 1. 1. If the behavior is expected, edit the policy and change its status to active (if needed).
-![The manage app policy workflow](../media/manage-app-protection-governance/mapg-manage-policy-process.png)
+![The manage app policy workflow.](../media/manage-app-protection-governance/mapg-manage-policy-process.png)
## Editing an app policy configuration
compliance App Governance Detect Remediate Detect Threats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-detect-remediate-detect-threats.md
description: "Remediate app threats."
You remediate app threats to your Microsoft 365 tenant through the **Alerts** page of the Microsoft app governance section of the Microsoft 365 Compliance center.
-![The app governance alerts summary page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-alerts.png)
+![The app governance alerts summary page in the Microsoft 365 Compliance Center.](..\media\manage-app-protection-governance\mapg-cc-alerts.png)
The **Alerts** page by default lists new threat alerts generated by app governance and policy-based alerts generated by active app policies. You can view the details of a specific alert by selecting it, which opens an alert pane with additional alert information and the ability to change its status.
-![The app governance alert detail page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-alerts-alert.png)
+![The app governance alert detail page in the Microsoft 365 Compliance Center.](..\media\manage-app-protection-governance\mapg-cc-alerts-alert.png)
From this pane, you can get this additional information:
compliance App Governance Detect Remediate Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-detect-remediate-get-started.md
Microsoft app governance collects threat alerts that are generated by built-in a
The first place to view app alerts is the app governance dashboard at [https://aka.ms/appgovernance](https://aka.ms/appgovernance).
-![The app governance overview page in the Microsoft 365 Compliance Center with the Detection and policy alerts section highlighted](..\media\manage-app-protection-governance\mapg-cc-overview-alerts.png)
+![The app governance overview page in the Microsoft 365 Compliance Center with the Detection and policy alerts section highlighted.](..\media\manage-app-protection-governance\mapg-cc-overview-alerts.png)
On this overview page, the **Detection and policy alerts** section lists the latest alerts. You can use this to quickly see the current app alert activity for your tenant.
To see all of the alerts, select the **Alerts** tab.
The **Alerts** page lists all of the app governance-based alerts for your tenant.
-![The app governance alerts summary page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-alerts.png)
+![The app governance alerts summary page in the Microsoft 365 Compliance Center.](..\media\manage-app-protection-governance\mapg-cc-alerts.png)
Each listed alert has the following information:
compliance App Governance Detect Remediate Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-detect-remediate-overview.md
By sharing information across app governance, Azure AD, and Microsoft Cloud App
Here's a summary of the integration.
-![The integration of app governance with Azure AD and Microsoft Cloud App Security](..\media\manage-app-protection-governance\mapg-integration.png)
+![The integration of app governance with Azure AD and Microsoft Cloud App Security.](..\media\manage-app-protection-governance\mapg-integration.png)
Additionally, app governance sends its alerts as signals to Microsoft Cloud App Security and Microsoft 365 Defender for more detailed analysis of app-based security incidents.
compliance App Governance Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-get-started.md
For existing Microsoft 365 customers:
1. Navigate to the [sign up page for the free trial](https://admin.microsoft.com/Commerce/Trial.aspx?OfferId=20be85b6-b196-402c-82b4-36b4e72862dc). 1. Complete the steps to add app governance. Sign-up is simple, as shown in the following graphic. ## Step 3: Add integration with MCAS
Here are the capabilities for each role.
| Role | Read the dashboard | Read all apps |Read policies | Create, update, or delete policies | Read alerts | Update alerts | Read settings | Update settings | Read Remediation | Update Remediation | |:-|:--|:-|:-|:-|:-|:-|:-|:-|:-|:-|
-| Application Administrator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) |
+| Application Administrator | ![Check mark.](..\media\checkmark.png) | ![Check mark.](..\media\checkmark.png) | ![Check mark.](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) |
| Cloud Application Administrator | ![Check mark](..\media\checkmark.png) | | | | | | | | | |
-| Company Administrator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) |
-| Compliance Administrator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | |
-| Compliance Data Administrator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | |
-| Compliance Reader | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | | |
-| Global Reader | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | | |
-| Security Administrator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | |
-| Security Operator | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | |
-| Security Reader | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | |
+| Company Administrator | ![Check mark.](..\media\checkmark.png) | ![Check mark.](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) |
+| Compliance Administrator | ![Check mark.](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | |
+| Compliance Data Administrator | ![Check mark.](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | |
+| Compliance Reader | ![Check mark.](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | | |
+| Global Reader | ![Check mark.](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | | |
+| Security Administrator | ![Check mark.](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | |
+| Security Operator | ![Check mark.](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | |
+| Security Reader | ![Check mark.](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | | ![Check mark](..\media\checkmark.png) | |
|||||||||| | | For additional information about each role, see [Administrator role permissions](/azure/active-directory/roles/permissions-reference).
compliance App Governance Manage App Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-manage-app-governance.md
By sharing information across app governance, Azure AD, and Microsoft Cloud App
Here's a summary of the integration.
-![The integration of app governance with Azure AD and Microsoft Cloud App Security](..\media\manage-app-protection-governance\mapg-integration.png)
+![The integration of app governance with Azure AD and Microsoft Cloud App Security.](..\media\manage-app-protection-governance\mapg-integration.png)
Additionally, app governance sends its alerts as signals to Microsoft Cloud App Security and Microsoft 365 Defender, and app governance receives alerts from Microsoft Cloud App Security, to enable more detailed analysis of app-based security incidents.
compliance App Governance Visibility Insights Compliance Posture https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-compliance-posture.md
description: "Determine your app compliance posture."
Microsoft app governance allows you to quickly assess the compliance posture of the third-party apps and their access to data in your Microsoft 365 tenant from the app governance Overview page in the Microsoft 365 Compliance Center.
-![The app governance overview page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-overview.png)
+![The app governance overview page in the Microsoft 365 Compliance Center.](..\media\manage-app-protection-governance\mapg-cc-overview.png)
>[!Note] > Your sign-in account must have one of [these roles](app-governance-get-started.md#administrator-roles) to view any app governance data.
compliance App Governance Visibility Insights Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-get-started.md
description: "Get started with visibility and insights."
The first place to get started is the app governance dashboard at [https://aka.ms/appgovernance](https://aka.ms/appgovernance). Note that your sign-in account must have one of [these app governance administrator roles](app-governance-get-started.md#administrator-roles) to view any app governance data.
-![The app governance overview page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-overview.png)
+![The app governance overview page in the Microsoft 365 Compliance Center.](..\media\manage-app-protection-governance\mapg-cc-overview.png)
You can also access the app governance dashboard from **Office 365 > Microsoft 365 Compliance Center > App governance > Overview page**.
The dashboard contains a summary of the components of the Microsoft 365 app ecos
- **Tenant summary**: The count of key app and alert categories. - **Top alerts**: The 10 most recent active alerts in the tenant - **Data and resources access**: Mouse over each month column in the graph to see the corresponding value.
- - **Data access over the last four months**: Tracks total data accessed by all apps in the tenant through Graph API over the last four calendar months. Currently only includes Mail and File upload/download usage.
- - **Top resources data access over the last four months**: Data usage over the last four calendar months, broken down by resource type. Currently only includes Mail and File upload/download usage
+ - **Data access over the last four months**: Tracks total data accessed by all apps in the tenant through Graph API over the last four calendar months. Currently only includes Mail and File upload/download usage.
+ - **Top resources data access over the last four months**: Data usage over the last four calendar months, broken down by resource type. Currently only includes Mail and File upload/download usage
- **Improve your app protection and governance**: Recommended actions such as creating an app usage or permissions policy. - **Top apps by categories**: The top apps sorted by these categories: - **All categories**: Sorts across all available categories. - **High privilege**: High privilege is an internally determined category based on platform machine learning and signals. - **Overprivileged**: When app governance receives telemetry that indicates that a permission granted to an application has not been used in the last 90 days, that application is overprivileged. App governance must be operating for at least 90 days to determine if any app is overprivileged.
- - **Unverified**: Applications that have not received [publisher certification](https://docs.microsoft.com/azure/active-directory/develop/publisher-verification-overview) are considered unverified.
- - **App only**: [Application permissions](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#permission-types) are used by apps that can run without a signed-in user present. Apps with permissions to access data across the tenant are potentially a higher risk.
+ - **Unverified**: Applications that have not received [publisher certification](/azure/active-directory/develop/publisher-verification-overview) are considered unverified.
+ - **App only**: [Application permissions](/azure/active-directory/develop/v2-permissions-and-consent#permission-types) are used by apps that can run without a signed-in user present. Apps with permissions to access data across the tenant are potentially a higher risk.
- **New apps**: New Microsoft 365 apps that have been registered in the last seven days. ## Next step
compliance App Governance Visibility Insights View Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-view-apps.md
Microsoft app governance allows you to quickly gain deep insights into the Micro
For a summary of apps in your tenant, go to **Microsoft 365 Compliance Center > App governance > Apps**.
-![The MAPG app summary page in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-apps.png)
+![The MAPG app summary page in the Microsoft 365 Compliance Center.](..\media\manage-app-protection-governance\mapg-cc-apps.png)
>[!Note] > Your sign-in account must have one of [these roles](app-governance-get-started.md#administrator-roles) to view any app governance data.
You can also select **Search** to search for an app by name.
For detailed information on a specific app in your tenant, go to **Microsoft 365 Compliance Center > App governance > Apps page > *app name***.
-![The app governance app details pane in the Microsoft 365 Compliance Center](..\media\manage-app-protection-governance\mapg-cc-apps-app.png)
+![The app governance app details pane in the Microsoft 365 Compliance Center.](..\media\manage-app-protection-governance\mapg-cc-apps-app.png)
The app details pane provides additional information on these tabs:
compliance Apply Irm To A List Or Library https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-irm-to-a-list-or-library.md
You can use Information Rights Management (IRM) to help control and protect file
## Apply IRM to a list or library <a name="__toc256598179"> </a>
-![Information Rights Management Settings](../media/1b708102-9c90-42b0-b255-ef0e72d0be88.png)
+![Information Rights Management Settings.](../media/1b708102-9c90-42b0-b255-ef0e72d0be88.png)
1. Go to the list or library for which you want to configure IRM. 2. On the ribbon, select the **Library** tab, and then select **Library Settings**. (If you're working in a list, select the **List** tab, and then select **List Settings**).
- ![SharePoint Library Settings buttons on Ribbon](../media/cdf718fa-d792-40fc-8026-00c3b80b9e05.png)
+ ![SharePoint Library Settings buttons on Ribbon.](../media/cdf718fa-d792-40fc-8026-00c3b80b9e05.png)
3. Under **Permissions and Management**, select **Information Rights Management**. If the Information Rights Management link doesn't appear, IRM might not be enabled for your site. Contact your server administrator to see if you can enable IRM for your site. The **Information Rights Management** link doesn't appear for picture libraries.
compliance Apply Retention Labels Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md
You can apply retention labels to content automatically when that content contai
The processes to automatically apply a retention label based on these conditions:
-![Diagram of roles and tasks for auto-apply labels](../media/32f2f2fd-18a8-43fd-839d-72ad7a43e069.png)
+![Diagram of roles and tasks for auto-apply labels.](../media/32f2f2fd-18a8-43fd-839d-72ad7a43e069.png)
Use the following instructions for the two admin steps.
Additionally, SharePoint items that are in draft or that have never been publish
When you create auto-apply retention label policies for sensitive information, you see the same list of policy templates as when you create a data loss prevention (DLP) policy. Each template is preconfigured to look for specific types of sensitive information. In the following example, the sensitive info types are from the **Privacy** category, and **U.S Personally Identifiable Information (PII) Data** template:
-![Policy templates with sensitive information types](../media/sensitive-info-configuration.png)
+![Policy templates with sensitive information types.](../media/sensitive-info-configuration.png)
To learn more about the sensitivity information types, see [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md). Currently, [exact data matches](create-custom-sensitive-information-types-with-exact-data-match-based-classification.md) and [document fingerprinting](document-fingerprinting.md) are not supported for this scenario.
To consider when using sensitive information types to auto-apply retention label
You can auto-apply labels to content by using a query that contains specific words, phrases, or values of searchable properties. You can refine your query by using search operators such as AND, OR, and NOT.
-![Query editor](../media/new-retention-query-editor.png)
+![Query editor.](../media/new-retention-query-editor.png)
For more information about the query syntax that uses Keyword Query Language (KQL), see [Keyword Query Language (KQL) syntax reference](/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference).
Most of the time, meeting recordings are saved to OneDrive. But for channel meet
When you choose the option for a trainable classifier, you can select one of the built-in classifiers, or a custom classifier. The built-in classifiers include **Resumes**, **SourceCode**, **Targeted Harassment**, **Profanity**, and **Threat**:
-![Choose trainable classifier](../media/retention-label-classifers.png)
+![Choose trainable classifier.](../media/retention-label-classifers.png)
> [!CAUTION] > We are deprecating the **Offensive Language** built-in classifier because it has been producing a high number of false positives. Don't use this built-in classifier and if you are currently using it, you should move your business processes off it. We recommend using the **Targeted Harassment**, **Profanity**, and **Threat** built-in classifiers instead.
To consider when using trainable classifiers to auto-apply retention labels:
When you auto-apply retention labels, it can take up to seven days for the retention labels to be applied to all existing content that matches the conditions.
-![Diagram of when auto-apply labels take effect](../media/b8c00657-477a-4ade-b914-e643ef97a10d.png)
+![Diagram of when auto-apply labels take effect.](../media/b8c00657-477a-4ade-b914-e643ef97a10d.png)
If the expected labels don't appear after seven days, check the **Status** of the auto-apply policy by selecting it from the **Label policies** page in the compliance center. If you see the status of **Off (Error)** and in the details for the locations see a message that it's taking longer than expected to deploy the policy (for SharePoint) or to try redeploying the policy (for OneDrive), try running the [Set-RetentionCompliancePolicy](/powershell/module/exchange/set-retentioncompliancepolicy) PowerShell command to retry the policy distribution:
compliance Apply Sensitivity Label Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
The Azure Information Protection unified labeling client supports automatic labe
The auto-labeling settings for Office apps are available when you [create or edit a sensitivity label](create-sensitivity-labels.md). Make sure **Files & emails** is selected for the label's scope:
-![Sensitivity label scope options for files and emails](../media/filesandemails-scope-options-sensitivity-label.png)
+![Sensitivity label scope options for files and emails.](../media/filesandemails-scope-options-sensitivity-label.png)
As you move through the wizard, you see the **Auto-labeling for files and emails** page where you can choose from a list of sensitive info types or trainable classifiers:
-![Label conditions for auto-labeling in Office apps](../media/sensitivity-labels-conditions.png)
+![Label conditions for auto-labeling in Office apps.](../media/sensitivity-labels-conditions.png)
When this sensitivity label is automatically applied, the user sees a notification in their Office app. For example:
-![Notification that a document had a label applied automatically](../media/sensitivity-labels-msg-doc-was-auto-labeled.PNG)
+![Notification that a document had a label applied automatically.](../media/sensitivity-labels-msg-doc-was-auto-labeled.PNG)
### Configuring sensitive info types for a label When you select the **Sensitive info types** option, you see the same list of sensitive information types as when you create a data loss prevention (DLP) policy. So you can, for example, automatically apply a Highly Confidential label to any content that contains customers' personal information, such as credit card numbers, social security numbers, or passport numbers:
-![Sensitive info types for auto-labeling in Office apps](../media/sensitivity-labels-sensitive-info-types.png)
+![Sensitive info types for auto-labeling in Office apps.](../media/sensitivity-labels-sensitive-info-types.png)
Similarly to when you configure DLP policies, you can then refine your condition by changing the instance count and match accuracy. For example:
-![Options for match accuracy and instance count](../media/sit-confidence-level.png)
+![Options for match accuracy and instance count.](../media/sit-confidence-level.png)
You can learn more about these configuration options from the DLP documentation: [Tuning rules to make them easier or harder to match](data-loss-prevention-policies.md#tuning-rules-to-make-them-easier-or-harder-to-match).
If you use this option, make sure you have published in your tenant at least one
When you select the **Trainable classifiers** option, select one or more of the built-in trainable classifiers from Microsoft. If you've created your own custom trainable classifiers, these are also available to select:
-![Options for trainable classifiers and sensitivity labels](../media/sensitivity-labels-classifers.png)
+![Options for trainable classifiers and sensitivity labels.](../media/sensitivity-labels-classifers.png)
For more information about these classifiers, see [Learn about trainable classifiers](classifier-learn-about.md).
For more information about these classifiers, see [Learn about trainable classif
If you prefer, you can recommend to your users that they apply the label. With this option, your users can accept the classification and any associated protection, or dismiss the recommendation if the label isn't suitable for their content.
-![Option for recommending a sensitivity label to users](../media/Sensitivity-labels-Recommended-label-option.png)
+![Option for recommending a sensitivity label to users.](../media/Sensitivity-labels-Recommended-label-option.png)
Here's an example of a prompt from the Azure Information Protection unified labeling client when you configure a condition to apply a label as a recommended action, with a custom policy tip. You can choose what text is displayed in the policy tip.
-![Prompt to apply a recommended label](../media/Sensitivity-label-Prompt-for-required-label.png)
+![Prompt to apply a recommended label.](../media/Sensitivity-label-Prompt-for-required-label.png)
### When automatic or recommended labels are applied
Finally, you can use simulation mode to provide an approximation of the time nee
2. Select the **Auto-labeling** tab:
- ![Auto-labeling tab](../media/auto-labeling-tab.png)
+ ![Auto-labeling tab.](../media/auto-labeling-tab.png)
> [!NOTE] > If you don't see the **Auto-labeling** tab, this functionality isn't currently available in your region. 3. Select **+ Create auto-labeling policy**. This starts the New policy wizard:
- ![New policy wizard for auto-labeling](../media/auto-labeling-wizard.png)
+ ![New policy wizard for auto-labeling.](../media/auto-labeling-wizard.png)
4. For the page **Choose info you want this label applied to**: Select one of the templates, such as **Financial** or **Privacy**. You can refine your search by using the **Show options for** dropdown. Or, select **Custom policy** if the templates don't meet your requirements. Select **Next**.
Finally, you can use simulation mode to provide an approximation of the time nee
6. For the page **Choose locations where you want to apply the label**: Select and specify locations for Exchange, SharePoint, and OneDrive. If you don't want to keep the default of **All** for your chosen locations, select the link to choose specific instances. Then select **Next**.
- ![Choose locations page auto-labelingwizard](../media/locations-auto-labeling-wizard.png)
+ ![Choose locations page auto-labelingwizard.](../media/locations-auto-labeling-wizard.png)
To specify individual OneDrive accounts: The URL for a user's OneDrive account is in the following format: `https://<tenant name>-my.sharepoint.com/personal/<user_name>_<tenant name>_com`
Finally, you can use simulation mode to provide an approximation of the time nee
12. For the **Decide if you want to test out the policy now or later** page: Select **Run policy in simulation mode** if you're ready to run the auto-labeling policy now, in simulation mode. Otherwise, select **Leave policy turned off**. Select **Next**:
- ![Test out the policy auto-labeling wizard](../media/simulation-mode-auto-labeling-wizard.png)
+ ![Test out the policy auto-labeling wizard.](../media/simulation-mode-auto-labeling-wizard.png)
13. For the **Summary** page: Review the configuration of your auto-labeling policy and make any changes that needed, and complete the wizard.
You can modify your policy directly from this interface:
- For policy in the **Simulation** section, select the **Edit policy** option at the top of the page, from either tab:
- ![Edit auto-labeling policy option](../media/auto-labeling-edit.png)
+ ![Edit auto-labeling policy option.](../media/auto-labeling-edit.png)
When you're ready to run the policy without simulation, select the **Turn on policy** option.
The recent enhancements for auto-labeling policies for OneDrive and SharePoint h
When your tenant has the new enhancements, you'll see the following notification on the **Auto-labeling** tab:
-![Banner to confirm a tenant has the new enhancements](../media/auto-labeling-updatedbanner.png)
+![Banner to confirm a tenant has the new enhancements.](../media/auto-labeling-updatedbanner.png)
> [!NOTE] > If you had any auto-labeling policies that were in simulation mode when your tenant received the new enhancements, you must re-run the simulation. If this scenario applies to you, you'll be prompted to select **Restart Simulation** when you review the simulation. If you don't restart the simulation, it won't complete.
compliance Archive 17A 4 Blackberry Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-blackberry-data.md
After BlackBerry data is stored in user mailboxes, you can apply Microsoft 365 c
The following overview explains the process of using a data connector to archive BlackBerry data in Microsoft 365.
-![Archiving workflow for BlackBerry data from 17a-4](../media/BlackBerryDataParserConnectorWorkflow.png)
+![Archiving workflow for BlackBerry data from 17a-4.](../media/BlackBerryDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the BlackBerry DataParser.
compliance Archive 17A 4 Bloomberg Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-bloomberg-data.md
After Bloomberg data is stored in user mailboxes, you can apply Microsoft 365 co
The following overview explains the process of using a data connector to archive Bloomberg data in Microsoft 365.
-![Archiving workflow for Bloomberg data from 17a-4](../media/BloombergDataParserConnectorWorkflow.png)
+![Archiving workflow for Bloomberg data from 17a-4.](../media/BloombergDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Bloomberg DataParser.
compliance Archive 17A 4 Cisco Jabber Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-cisco-jabber-data.md
After Cisco Jabber data is stored in user mailboxes, you can apply Microsoft 365
The following overview explains the process of using a data connector to archive Cisco Jabber data in Microsoft 365.
-![Archiving workflow for Cisco Jabber data from 17a-4](../media/CiscoJabberDataParserConnectorWorkflow.png)
+![Archiving workflow for Cisco Jabber data from 17a-4.](../media/CiscoJabberDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Cisco Jabber DataParser.
compliance Archive 17A 4 Factset Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-factset-data.md
After FactSet data is stored in user mailboxes, you can apply Microsoft 365 comp
The following overview explains the process of using a data connector to archive FactSet data in Microsoft 365.
-![Archiving workflow for FactSet data from 17a-4](../media/FactSetDataParserConnectorWorkflow.png)
+![Archiving workflow for FactSet data from 17a-4.](../media/FactSetDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the FactSet DataParser.
compliance Archive 17A 4 Fuze Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-fuze-data.md
After Fuze data is stored in user mailboxes, you can apply Microsoft 365 complia
The following overview explains the process of using a data connector to archive Fuze data in Microsoft 365.
-![Archiving workflow for Fuze data from 17a-4](../media/FuzeDataParserConnectorWorkflow.png)
+![Archiving workflow for Fuze data from 17a-4.](../media/FuzeDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Fuze DataParser.
compliance Archive 17A 4 Fxconnect Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-fxconnect-data.md
After FX Connect data is stored in user mailboxes, you can apply Microsoft 365 c
The following overview explains the process of using a data connector to archive FX Connect data in Microsoft 365.
-![Archiving workflow for FX Connect data from 17a-4](../media/FXConnectDataParserConnectorWorkflow.png)
+![Archiving workflow for FX Connect data from 17a-4.](../media/FXConnectDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the FX Connect DataParser.
compliance Archive 17A 4 Ice Im Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-ice-im-data.md
After ICE Connect Chat data is stored in user mailboxes, you can apply Microsoft
The following overview explains the process of using a data connector to archive ICE Connect Chat data in Microsoft 365.
-![Archiving workflow for ICE Connect Chat data from 17a-4](../media/ICEChatDataParserConnectorWorkflow.png)
+![Archiving workflow for ICE Connect Chat data from 17a-4.](../media/ICEChatDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the ICE DataParser.
compliance Archive 17A 4 Investedge Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-investedge-data.md
After InvestEdge data is stored in user mailboxes, you can apply Microsoft 365 c
The following overview explains the process of using a data connector to archive InvestEdge data in Microsoft 365.
-![Archiving workflow for InvestEdge data from 17a-4](../media/InvestEdgeDataParserConnectorWorkflow.png)
+![Archiving workflow for InvestEdge data from 17a-4.](../media/InvestEdgeDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the InvestEdge DataParser.
compliance Archive 17A 4 Liveperson Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-liveperson-data.md
After data is stored in user mailboxes, you can apply Microsoft 365 compliance f
The following overview explains the process of using a data connector to archive LivePerson Conversational Cloud data in Microsoft 365.
-![Archiving workflow for LivePerson Conversational Cloud data from 17a-4](../media/LiveEngageDataParserConnectorWorkflow.png)
+![Archiving workflow for LivePerson Conversational Cloud data from 17a-4.](../media/LiveEngageDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the the LivePerson Conversational Cloud DataParser.
compliance Archive 17A 4 Quip Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-quip-data.md
After Quip data is stored in user mailboxes, you can apply Microsoft 365 complia
The following overview explains the process of using a data connector to archive Quip data in Microsoft 365.
-![Archiving workflow for Quip data from 17a-4](../media/QuipDataParserConnectorWorkflow.png)
+![Archiving workflow for Quip data from 17a-4.](../media/QuipDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Quip DataParser.
compliance Archive 17A 4 Refinitiv Messenger Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-refinitiv-messenger-data.md
After Refinitiv Eikon Messenger data is stored in user mailboxes, you can apply
The following overview explains the process of using a data connector to archive Refinitiv Eikon Messenger data in Microsoft 365.
-![Archiving workflow for Refinitiv Eikon Messenger data from 17a-4](../media/RefinitivMessengerDataParserConnectorWorkflow.png)
+![Archiving workflow for Refinitiv Eikon Messenger data from 17a-4.](../media/RefinitivMessengerDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Refinitiv Eikon Messenger DataParser.
compliance Archive 17A 4 Servicenow Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-servicenow-data.md
After ServiceNow data is stored in user mailboxes, you can apply Microsoft 365 c
The following overview explains the process of using a data connector to archive ServiceNow data in Microsoft 365.
-![Archiving workflow for ServiceNow data from 17a-4](../media/ServiceNowDataParserConnectorWorkflow.png)
+![Archiving workflow for ServiceNow data from 17a-4.](../media/ServiceNowDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the ServiceNow DataParser.
compliance Archive 17A 4 Skype For Business Server Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-skype-for-business-server-data.md
After Skype for Business Server data is stored in user mailboxes, you can apply
The following overview explains the process of using a data connector to archive Skype for Business Server data in Microsoft 365.
-![Archiving workflow for Skype for Business Server data from 17a-4](../media/SkypeServerDataParserConnectorWorkflow.png)
+![Archiving workflow for Skype for Business Server data from 17a-4.](../media/SkypeServerDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Skype for Business Server DataParser.
compliance Archive 17A 4 Slack Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-slack-data.md
After Slack data is stored in user mailboxes, you can apply Microsoft 365 compli
The following overview explains the process of using a data connector to archive Slack data in Microsoft 365.
-![Archiving workflow for Slack data from 17a-4](../media/SlackDataParserConnectorWorkflow.png)
+![Archiving workflow for Slack data from 17a-4.](../media/SlackDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Slack DataParser.
compliance Archive 17A 4 Sql Database Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-sql-database-data.md
After SQL data is stored in user mailboxes, you can apply Microsoft 365 complian
The following overview explains the process of using a data connector to archive SQL data in Microsoft 365.
-![Archiving workflow for SQL data from 17a-4](../media/SQLDatabaseDataParserConnectorWorkflow.png)
+![Archiving workflow for SQL data from 17a-4.](../media/SQLDatabaseDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the SQL DataParser.
compliance Archive 17A 4 Symphony Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-symphony-data.md
After Symphony data is stored in user mailboxes, you can apply Microsoft 365 com
The following overview explains the process of using a data connector to archive Symphony data in Microsoft 365.
-![Archiving workflow for Symphony data from 17a-4](../media/SymphonyDataParserConnectorWorkflow.png)
+![Archiving workflow for Symphony data from 17a-4.](../media/SymphonyDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Symphony DataParser.
compliance Archive 17A 4 Webex Teams Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-webex-teams-data.md
After Cisco Webex data is stored in user mailboxes, you can apply Microsoft 365
The following overview explains the process of using a data connector to archive Cisco Webex data in Microsoft 365.
-![Archiving workflow for Cisco Webex data from 17a-4](../media/WebexTeamsDataParserConnectorWorkflow.png)
+![Archiving workflow for Cisco Webex data from 17a-4.](../media/WebexTeamsDataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Cisco Webex DataParser.
compliance Archive 17A 4 Zoom Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-17a-4-zoom-data.md
After Zoom data is stored in user mailboxes, you can apply Microsoft 365 complia
The following overview explains the process of using a data connector to archive Zoom data in Microsoft 365.
-![Archiving workflow for Zoom data from 17a-4](../mediataParserConnectorWorkflow.png)
+![Archiving workflow for Zoom data from 17a-4.](../mediataParserConnectorWorkflow.png)
1. Your organization works with 17a-4 to set up and configure the Zoom DataParser.
compliance Archive Android Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-android-archiver-data.md
After data from Android mobile phones is stored in user mailboxes, you can apply
The following overview explains the process of using a connector to archive Android mobile data in Microsoft 365.
-![Android Archiver connector workflow](../media/AndroidArchiverConnectorWorkflow.png)
+![Android Archiver connector workflow.](../media/AndroidArchiverConnectorWorkflow.png)
1. Your organization works with TeleMessage to set up an Android Archiver connector. For more information, see [Android Archiver](https://www.telemessage.com/office365-activation-for-android-archiver/).
compliance Archive Att Network Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-att-network-archiver-data.md
After SMS and MMS messages are stored in user mailboxes, you can apply Microsoft
The following overview explains the process of using a connector to archive AT&T Network data in Microsoft 365.
-![ATT Network archiving workflow](../media/ATTNetworkConnectorWorkflow.png)
+![ATT Network archiving workflow.](../media/ATTNetworkConnectorWorkflow.png)
1. Your organization works with TeleMessage to set up an AT&T Network connector. For information, see [AT&T Network Archiver](https://www.telemessage.com/office365-activation-for-atnt-network-archiver/).
compliance Archive Bell Network Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-bell-network-data.md
After the SMS and MMS messages are stored in user mailboxes, you can apply Micro
The following overview explains the process of using a connector to archive Bell Network data in Microsoft 365.
-![Bell Network archiving workflow](../media/BellNetworkConnectorWorkflow.png)
+![Bell Network archiving workflow.](../media/BellNetworkConnectorWorkflow.png)
1. Your organization works with TeleMessage and Bell to set up a Bell Network connector. For more information, see [Bell Network Archiver](https://www.telemessage.com/office365-activation-for-bell-network-archiver).
compliance Archive Bloomberg Message Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-bloomberg-message-data.md
After Bloomberg Message data is stored in user mailboxes, you can apply Microsof
The following overview explains the process of using a connector to archive Bloomberg Message data in Microsoft 365.
-![Bloomberg Message import and archive process](../media/BloombergMessageArchiving.png)
+![Bloomberg Message import and archive process.](../media/BloombergMessageArchiving.png)
1. Your organization works with Bloomberg to set up a Bloomberg SFTP site. You'll also work with Bloomberg to configure Bloomberg Message to copy email messages to the Bloomberg SFTP site.
The first step is to obtain a copy of the PGP and SSH public keys. You use these
5. On the **Add credentials for content source** page, click **I want to use PGP and SSH public keys provided by Microsoft**.
- ![Select the option to use public keys](../media/BloombergMessagePublicKeysOption.png)
+ ![Select the option to use public keys.](../media/BloombergMessagePublicKeysOption.png)
6. Under step 1, click the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer.
- ![Links to download public keys and IP address](../media/BloombergMessagePublicKeyDownloadLinks.png)
+ ![Links to download public keys and IP address.](../media/BloombergMessagePublicKeyDownloadLinks.png)
These files contain the following items that are used to configure the Bloomberg SFTP site in Step 2:
To obtain the IP address:
6. Under step 1, click **Download IP address** to save a copy of the IP address file to your local computer.
- ![Download the IP address](../media/BloombergMessageConnectorIPAddress.png)
+ ![Download the IP address.](../media/BloombergMessageConnectorIPAddress.png)
7. Click **Cancel** to close the wizard. You come back to this wizard in Step 2 to create the connector.
After your Bloomberg SFTP site is configured, the next step is to create a Bloom
5. On the **Add credentials for content source** page, click **I want to use PGP and SSH private keys**.
- ![Select the option to use private keys](../media/BloombergMessagePrivateKeysOption.png)
+ ![Select the option to use private keys.](../media/BloombergMessagePrivateKeysOption.png)
6. Under Step 3, enter the required information in the following boxes and then click **Validate connection**.
compliance Archive Celltrust Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-celltrust-data.md
After CellTrust data is stored in user mailboxes, you can apply Microsoft 365 co
The following overview explains the process of using a connector to archive CellTrust data in Microsoft 365.
-![Archiving workflow for CellTrust data](../media/CellTrustConnectorWorkflow.png)
+![Archiving workflow for CellTrust data.](../media/CellTrustConnectorWorkflow.png)
1. Your organization works with CellTrust to set up and configure a CellTrust site.
compliance Archive Ciscojabberonmssql Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-ciscojabberonmssql-data.md
After Cisco Jabber data is stored in user mailboxes, you can apply Microsoft 365
The following overview explains the process of using a connector to archive Cisco Jabber on MS SQL data in Microsoft 365.
-![Archiving workflow for Cisco Jabber data](../media/CiscoJabberonMSSQLConnectorWorkflow.png)
+![Archiving workflow for Cisco Jabber data.](../media/CiscoJabberonMSSQLConnectorWorkflow.png)
1. Your organization works with Cisco to set up and configure a Cisco Jabber on MS SQL Database.
compliance Archive Ciscojabberonoracle Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-ciscojabberonoracle-data.md
After Cisco Jabber on Oracle data is stored in user mailboxes, you can apply Mic
The following overview explains the process of using a connector to archive the Cisco Jabber on Oracle data in Microsoft 365.
-![Archiving workflow for Cisco Jabber on Oracle data](../media/CiscoJabberOnOracleConnectorWorkflow.png)
+![Archiving workflow for Cisco Jabber on Oracle data.](../media/CiscoJabberOnOracleConnectorWorkflow.png)
1. Your organization works with Cisco Jabber on Oracle to set up and configure a Cisco Jabber on Oracle site.
compliance Archive Ciscojabberonpostgresql Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-ciscojabberonpostgresql-data.md
After Cisco Jabber on PostgreSQL data is stored in user mailboxes, you can apply
The following overview explains the process of using a connector to archive the Cisco Jabber on PostgreSQL data in Microsoft 365.
-![Archiving workflow for Cisco Jabber on PostgreSQL data](../media/CiscoJabberonPostgreSQLConnectorWorkflow.png)
+![Archiving workflow for Cisco Jabber on PostgreSQL data.](../media/CiscoJabberonPostgreSQLConnectorWorkflow.png)
1. Your organization works with Cisco Jabber on PostgreSQL to set up and configure a Cisco Jabber on PostgreSQL site.
compliance Archive Data From Celltrustsl2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-data-from-celltrustsl2.md
After data is imported to user mailboxes in Microsoft 365, you can apply Microso
CellTrust's SL2 platform captures communication data from multiple sources. SL2 data sources are either Person-to-Person (P2P) or Application-to-Person (A2P). The process described in this article pertains only to P2P data sources. For all P2P data sources, at least one party in the collaboration is an SL2 user who is subscribed to the SL2 service. The following overview explains the process of using the CellTrust SL2 Data Connector in Microsoft 365.
-![Archiving workflow for CellTrust SL2 service](../media/CellTrustSL2ConnectorWorkflow.png)
+![Archiving workflow for CellTrust SL2 service.](../media/CellTrustSL2ConnectorWorkflow.png)
1. SL2 users send and receive data to and from SL2 services in Microsoft Azure.
The first step is to create a data connector in the Microsoft 365 compliance cen
2. On the **Overview** tab, click **Filter** and select **By CellTrust**, and then apply the filter.
- ![Configure filter to display CellTrust connectors](../media/DataConnectorsFilter.png)
+ ![Configure filter to display CellTrust connectors.](../media/DataConnectorsFilter.png)
3. Click **CellTrust SL2 (preview**).
The next step is to sign into an administrator account for your CellTrust SL2 do
3. Enable the business units you wish to archive. Selecting the domain will not automatically select the OUs. You must enable each OU separately to archive it.
- ![Enable OUs to archive](../media/EnableCellTrustOUs.png)
+ ![Enable OUs to archive.](../media/EnableCellTrustOUs.png)
4. When you're finished with your selections, close the browser window and return to the wizard page in Microsoft 365 compliance center. After a few seconds, the wizard automatically advances to the next step of mapping users.
compliance Archive Eml Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-eml-data.md
After EML messages are stored in user mailboxes, you can apply Microsoft 365 com
The following overview explains the process of using a connector to archive EML data in Microsoft 365.
-![Archiving workflow for EML data](../media/EMLConnectorWorkflow.png)
+![Archiving workflow for EML data.](../media/EMLConnectorWorkflow.png)
1. Your organization works with the EML source to set up and configure an EML site.
compliance Archive Enterprise Number Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-enterprise-number-data.md
After the TeleMessage Enterprise Number Archiver connector data is stored in use
The following overview explains the process of using a connector to archive Enterprise Network data in Microsoft 365.
-![Enterprise Number archiving workflow](../media/EnterpriseNumberConnectorWorkflow.png)
+![Enterprise Number archiving workflow.](../media/EnterpriseNumberConnectorWorkflow.png)
1. Your organization works with TeleMessage to set up an Enterprise Number Archiver connector. For more details refer to [here](https://www.telemessage.com/office365-activation-for-enterprise-number-archiver/).
compliance Archive Fxconnect Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-fxconnect-data.md
After FX Connect data is stored in user mailboxes, you can apply Microsoft 365 c
The following overview explains the process of using a connector to archive the FX Connect information in Microsoft 365.
-![Archiving workflow for FX Connect data](../media/FXConnectConnectorWorkflow.png)
+![Archiving workflow for FX Connect data.](../media/FXConnectConnectorWorkflow.png)
1. Your organization works with FX Connect to set up and configure an FX Connect site.
compliance Archive Icechat Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-icechat-data.md
After ICE chat data is stored in user mailboxes, you can apply Microsoft 365 com
The following overview explains the process of using a connector to archive ICE chat data in Microsoft 365.
-![ICE Chat archiving workflow](../media/ICEChatConnectorWorkflow.png)
+![ICE Chat archiving workflow.](../media/ICEChatConnectorWorkflow.png)
1. Your organization works with ICE Chat to set up an ICE Chat SFTP site. You'll also work with ICE Chat to configure ICE Chat to copy chat messages to your ICE Chat SFTP site.
The first step is to obtain a copy of the public keys for Pretty Good Privacy (P
5. On the **Add credentials for content source** page, click **I want to use PGP and SSH public keys provided by Microsoft**.
- ![Select the option to use public keys](../media/ICEChatPublicKeysOption.png)
+ ![Select the option to use public keys.](../media/ICEChatPublicKeysOption.png)
6. Under step 1, click the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer.
- ![Links to download public keys and IP address](../media/ICEChatPublicKeyDownloadLinks.png)
+ ![Links to download public keys and IP address.](../media/ICEChatPublicKeyDownloadLinks.png)
These files contain the following items that are used to configure the ICE Chat SFTP site in Step 2:
To obtain the IP address:
5. On the **Add credentials for content source** page, click **I want to use PGP and SSH private keys**.
- ![Select the option to use private keys](../media/ICEChatPrivateKeysOption.png)
+ ![Select the option to use private keys.](../media/ICEChatPrivateKeysOption.png)
6. Under step 1, click **Download IP address** to save a copy of the IP address file to your local computer.
- ![Download the IP address](../media/ICEChatConnectorIPAddress.png)
+ ![Download the IP address.](../media/ICEChatConnectorIPAddress.png)
7. Click **Cancel** to close the wizard. You come back to this wizard in Step 2 to create the connector.
compliance Archive Instant Bloomberg Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-instant-bloomberg-data.md
After Instant Bloomberg data is stored in user mailboxes, you can apply Microsof
The following overview explains the process of using a connector to archive Instant Bloomberg chat data in Microsoft 365.
-![Instant Bloomberg import and archive process](../media/InstantBloombergDataArchiving.png)
+![Instant Bloomberg import and archive process.](../media/InstantBloombergDataArchiving.png)
1. Your organization works with Bloomberg to set up a Bloomberg SFTP site. You'll also work with Bloomberg to configure Instant Bloomberg to copy chat messages to your Bloomberg SFTP site.
The first step is to obtain a copy of the public keys for Pretty Good Privacy (P
5. On the **Add credentials for content source** page, click **I want to use PGP and SSH public keys provided by Microsoft**.
- ![Select the option to use public keys](../media/InstantBloombergPublicKeysOption.png)
+ ![Select the option to use public keys.](../media/InstantBloombergPublicKeysOption.png)
6. Under step 1, click the **Download SSH key**, **Download PGP key**, and **Download IP address** links to save a copy of each file to your local computer.
- ![Links to download public keys and IP address](../media/InstantBloombergPublicKeyDownloadLinks.png)
+ ![Links to download public keys and IP address.](../media/InstantBloombergPublicKeyDownloadLinks.png)
These files contain the following items that are used to configure the Bloomberg SFTP site in Step 2:
To obtain the IP address:
6. Under step 1, click **Download IP address** to save a copy of the IP address file to your local computer.
- ![Download the IP address](../media/InstantBloombergConnectorIPAddress.png)
+ ![Download the IP address.](../media/InstantBloombergConnectorIPAddress.png)
7. Click **Cancel** to close the wizard. You come back to this wizard in Step 2 to create the connector.
After your Bloomberg SFTP site is configured, the next step is to create an Inst
5. On the **Add credentials for content source** page, click **I want to use PGP and SSH private keys**.
- ![Select the option to use private keys](../media/InstantBloombergPrivateKeysOption.png)
+ ![Select the option to use private keys.](../media/InstantBloombergPrivateKeysOption.png)
6. Under Step 3, enter the required information in the following boxes and then click **Validate connection**.
compliance Archive Jive Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-jive-data.md
After Jive data is stored in user mailboxes, you can apply Microsoft 365 complia
The following overview explains the process of using a connector to archive the Jive data in Microsoft 365.
-![Archiving workflow for Jive data](../media/JiveConnectorWorkflow.png)
+![Archiving workflow for Jive data.](../media/JiveConnectorWorkflow.png)
1. Your organization works with Jive to set up and configure a Jive site.
compliance Archive Linkedin Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-linkedin-data.md
After the LinkedIn Company page data is stored in a mailbox, you can apply Micro
The LinkedIn sign-in page is displayed.
- ![LinkedIn sign-in page](../media/LinkedInSigninPage.png)
+ ![LinkedIn sign-in page.](../media/LinkedInSigninPage.png)
5. On the LinkedIn sign in page, enter the email address (or phone number) and password for the LinkedIn account associated with the company page that you want to archive, and then click **Sign in**. A wizard page is displayed with a list of all LinkedIn Company Pages associated with the account that you signed in to. A connector can only be configured for one company page. If your organization has multiple LinkedIn Company Pages, you have to create a connector for each one.
- ![A page with a list of LinkedIn Company Pages is displayed](../media/LinkedInSelectCompanyPage.png)
+ ![A page with a list of LinkedIn Company Pages is displayed.](../media/LinkedInSelectCompanyPage.png)
6. Select the company page that you want to archive items from, and then click **Next**.
compliance Archive Mssqldatabaseimporter Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-mssqldatabaseimporter-data.md
After content from MS SQL Database stored in user mailboxes, you can apply Micro
The following overview explains the process of using a connector to archive MS SQL data in Microsoft 365.
-![Archiving workflow for MS SQL data](../media/MSSQLDatabaseConnectorWorkflow.png)
+![Archiving workflow for MS SQL data.](../media/MSSQLDatabaseConnectorWorkflow.png)
1. Your organization works with an MS SQL Database provider to set up and configure an MS SQL Database site.
compliance Archive O2 Network Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-o2-network-data.md
After SMS messages and voice calls are stored in user mailboxes, you can apply M
The following overview explains the process of using a connector to archive O2 Network data in Microsoft 365.
-![O2 Network archiving workflow](../media/O2NetworkConnectorWorkflow.png)
+![O2 Network archiving workflow.](../media/O2NetworkConnectorWorkflow.png)
1. Your organization works with TeleMessage and O2 to set up an O2 Network connector. For more information, see [O2 Network Archiver](https://www.telemessage.com/office365-activation-for-o2-network-archiver).
compliance Archive Pivot Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-pivot-data.md
After Pivot data is stored in user mailboxes, you can apply Microsoft 365 compli
The following overview explains the process of using a connector to archive the Pivot data in Microsoft 365.
-![Archiving workflow for Pivot data](../media/PivotConnectorWorkflow.png)
+![Archiving workflow for Pivot data.](../media/PivotConnectorWorkflow.png)
1. Your organization works with Pivot to set up and configure a Pivot source site.
compliance Archive Redtailspeak Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-redtailspeak-data.md
After Redtail Speak data is stored in user mailboxes, you can apply Microsoft 36
The following overview explains the process of using a connector to archive the Redtail Speak data in Microsoft 365.
-![Archiving workflow for Redtail Speak data](../media/RedtailSpeakConnectorWorkflow.png)
+![Archiving workflow for Redtail Speak data.](../media/RedtailSpeakConnectorWorkflow.png)
1. Your organization works with Redtail Speak to set up and configure an SMTP gateway where messages are forwarded from Redtail Speak to your organization's SFTP server on a daily basis.
compliance Archive Reutersdealing Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-reutersdealing-data.md
After Reuters Dealing data is stored in user mailboxes, you can apply Microsoft
The following overview explains the process of using a connector to archive the Reuters Dealing data in Microsoft 365.
-![Archiving workflow for Reuters Dealing data](../media/ReuetersDealingConnectorWorkflow.png)
+![Archiving workflow for Reuters Dealing data.](../media/ReuetersDealingConnectorWorkflow.png)
1. Your organization works with Reuters Dealing to set up and configure a Reuters Dealing site.
compliance Archive Reuterseikon Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-reuterseikon-data.md
After Reuters Eikon data is stored in user mailboxes, you can apply Microsoft 36
The following overview explains the process of using a connector to archive Reuters Eikon data in Microsoft 365.
-![Archiving workflow for Reuters Eikon data](../media/ReutersEikonConnectorWorkflow.png)
+![Archiving workflow for Reuters Eikon data.](../media/ReutersEikonConnectorWorkflow.png)
1. Your organization works with Reuters Eikon to set up and configure a Reuters Eikon site.
compliance Archive Reutersfx Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-reutersfx-data.md
After Reuters FX data is stored in user mailboxes, you can apply Microsoft 365 c
The following overview explains the process of using a connector to archive Reuters FX data in Microsoft 365.
-![Archiving workflow for Reuters FX data](../media/ReutersFXConnectorWorkflow.png)
+![Archiving workflow for Reuters FX data.](../media/ReutersFXConnectorWorkflow.png)
1. Your organization works with Reuters FX to set up and configure a Reuters FX site.
compliance Archive Ringcentral Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-ringcentral-data.md
After RingCentral data is stored in user mailboxes, you can apply Microsoft 365
The following overview explains the process of using a connector to archive the RingCentral data in Microsoft 365.
-![Archiving workflow for RingCentral data](../media/RingCentralConnectorWorkflow.png)
+![Archiving workflow for RingCentral data.](../media/RingCentralConnectorWorkflow.png)
1. Your organization works with RingCentral to set up and configure a RingCentral site.
compliance Archive Rogers Network Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-rogers-network-archiver-data.md
After data from the Rogers mobile network is stored in user mailboxes, you can a
The following overview explains the process of using a connector to archive Rogers SMS and MMS data in Microsoft 365.
-![Rogers Network archiving workflow](../media/RogersNetworkConnectorWorkflow.png)
+![Rogers Network archiving workflow.](../media/RogersNetworkConnectorWorkflow.png)
1. Your organization works with TeleMessage to set up a Rogers Network Archiver connector. For more information, see [Activating the TeleMessage Rogers Network Archiver for Microsoft 365](https://www.telemessage.com/microsoft-365-activation-for-the-rogers-network-archiver/).
compliance Archive Salesforcechatter Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-salesforcechatter-data.md
After Salesforce Chatter data is stored in user mailboxes, you can apply Microso
The following overview explains the process of using a connector to archive the Salesforce Chatter data in Microsoft 365.
-![Archiving workflow for Salesforce Chatter data](../media/SalesforceChatterConnectorWorkflow.png)
+![Archiving workflow for Salesforce Chatter data.](../media/SalesforceChatterConnectorWorkflow.png)
1. Your organization works with Salesforce Chatter to set up and configure a Salesforce Chatter site.
compliance Archive Servicenow Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-servicenow-data.md
After ServiceNow data is stored in user mailboxes, you can apply Microsoft 365 c
The following overview explains the process of using a connector to archive the ServiceNow data in Microsoft 365.
-![Archiving workflow for ServiceNow data](../media/ServiceNowConnectorWorkflow.png)
+![Archiving workflow for ServiceNow data.](../media/ServiceNowConnectorWorkflow.png)
1. Your organization works with ServiceNow to set up and configure a ServiceNow site.
compliance Archive Signal Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-signal-archiver-data.md
After Signal Archiver connector data is stored in user mailboxes, you can apply
The following overview explains the process of using a connector to archive  Signal communication data in Microsoft 365.
-![Signal communications archiving workflow](../media/SignalConnectorWorkflow.png)
+![Signal communications archiving workflow.](../media/SignalConnectorWorkflow.png)
1. Your organization works with TeleMessage to set up a Signal Archiver connector. For more information, see [Activating the TeleMessage Signal Archiver for Microsoft 365](https://www.telemessage.com/microsoft-365-activation-for-signal-archiver/).
compliance Archive Skypeforbusiness Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-skypeforbusiness-data.md
After Skype for Business data is stored in user mailboxes, you can apply Microso
The following overview explains the process of using a connector to archive the Skype for Business data in Microsoft 365.
-![Archiving workflow for Skype for Business data](../media/SkypeforBusinessConnectorWorkflow.png)
+![Archiving workflow for Skype for Business data.](../media/SkypeforBusinessConnectorWorkflow.png)
1. Your organization works with Skype for Business to set up and configure a Skype for Business site.
compliance Archive Slack Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-slack-data.md
After Slack eDiscovery data is stored in user mailboxes, you can apply Microsoft
The following overview explains the process of using a connector to archive the Slack information in Microsoft 365.
-![Slack archiving workflow](../media/SlackConnectorWorkflow.png)
+![Slack archiving workflow.](../media/SlackConnectorWorkflow.png)
1. Your organization works with Slack to set up and configure a Slack site.
compliance Archive Symphony Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-symphony-data.md
After Symphony communications are stored in user mailboxes, you can apply Micros
The following overview explains the process of using a data connector to archive Symphony communications in Microsoft 365.
-![Symphony archiving workflow](../media/SymphonyConnectorWorkflow.png)
+![Symphony archiving workflow.](../media/SymphonyConnectorWorkflow.png)
1. Your organization works with Symphony to set up and configure a Symphony site.
compliance Archive Telegram Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-telegram-archiver-data.md
After Telegram Archiver connector data is stored in user mailboxes, you can appl
The following overview explains the process of using a connector to archive  Telegram communications data in Microsoft 365.
-![Telegram communications archiving workflow](../media/TelegramConnectorWorkflow.png)
+![Telegram communications archiving workflow.](../media/TelegramConnectorWorkflow.png)
1. Your organization works with TeleMessage to set up a Telegram Archiver connector. For more information, see [Activating the TeleMessage Telegram Archiver for Microsoft 365](https://www.telemessage.com/microsoft-365-activation-for-telegram-archiver/).
compliance Archive Telus Network Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-telus-network-data.md
After SMS messages are stored in user mailboxes, you can apply Microsoft 365 com
The following overview explains the process of using a connector to archive TELUS Network data in Microsoft 365.
-![TELUS Network archiving workflow](../media/TelusNetworkConnectorWorkflow.png)
+![TELUS Network archiving workflow.](../media/TelusNetworkConnectorWorkflow.png)
1. Your organization works with TeleMessage and TELUS to set up a TELUS Network connector. For more information, see [TELUS Network Archiver](https://www.telemessage.com/office365-activation-for-telus-network-archiver/).
compliance Archive Text Delimited Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-text-delimited-data.md
After text-delimited data is stored in user mailboxes, you can apply Microsoft 3
The following overview explains the process of using a connector to archive text-delimited source information in Microsoft 365.
-![Archiving workflow for text-delimited data](../media/TextDelimitedConnectorWorkflow.png)
+![Archiving workflow for text-delimited data.](../media/TextDelimitedConnectorWorkflow.png)
1. Your organization works with the text-delimited source to set up and configure a text-delimited site.
compliance Archive Verizon Network Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-verizon-network-data.md
After Verizon Network connector data is stored in user mailboxes, you can apply
The following overview explains the process of using a connector to archive Verizon Network data in Microsoft 365.
-![Verizon Network archiving workflow](../media/VerizonNetworkConnectorWorkflow.png)
+![Verizon Network archiving workflow.](../media/VerizonNetworkConnectorWorkflow.png)
1. Your organization works with TeleMessage and Verizon to set up a Verizon Network connector. For more information, see [Verizon Network Archiver](https://www.telemessage.com/office365-activation-for-verizon-network-archiver/).
compliance Archive Webexteams Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-webexteams-data.md
After Webex Teams data is stored in user mailboxes, you can apply Microsoft 365
The following overview explains the process of using a connector to archive Webex Teams data in Microsoft 365.
-![Archiving workflow for Webex Teams data](../media/WebexTeamsConnectorWorkflow.png)
+![Archiving workflow for Webex Teams data.](../media/WebexTeamsConnectorWorkflow.png)
1. Your organization works with Webex Teams to set up and configure a Webex Teams site.
compliance Archive Webpagecapture Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-webpagecapture-data.md
After webpage content is stored in user mailboxes, you can apply Microsoft 365 c
The following overview explains the process of using a connector to archive webpage content in Microsoft 365.
-![Archiving workflow for webpage data](../media/WebPageCaptureConnectorWorkflow.png)
+![Archiving workflow for webpage data.](../media/WebPageCaptureConnectorWorkflow.png)
1. Your organization works with the webpage source to set up and configure a Webpage Capture site.
compliance Archive Wechat Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-wechat-data.md
After WeChat Archiver connector data is stored in user mailboxes, you can apply
The following overview explains the process of using a connector to archive WeChat communications data in Microsoft 365.
-![Archiving workflow for WeChat Archiver data](../media/WeChatConnectorWorkflow.png)
+![Archiving workflow for WeChat Archiver data.](../media/WeChatConnectorWorkflow.png)
1. Your organization works with TeleMessage to set up a WeChat Archiver connector.
compliance Archive Whatsapp Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-whatsapp-data.md
After WhatsApp data is stored in user mailboxes, you can apply Microsoft 365 com
The following overview explains the process of using a connector to archive WhatsApp data in Microsoft 365.
-![WhatsApp archiving workflow](../media/WhatsAppConnectorWorkflow.png)
+![WhatsApp archiving workflow.](../media/WhatsAppConnectorWorkflow.png)
1. Your organization works with TeleMessage to set up a WhatsApp Archiver connector. For more information, see [WhatsApp Archiver](https://www.telemessage.com/office365-activation-for-whatsapp-archiver).
compliance Archive Workplacefromfacebook Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-workplacefromfacebook-data.md
After Workplace data is stored in user mailboxes, you can apply Microsoft 365 co
The following overview explains the process of using a connector to archive Workplace data in Microsoft 365.
-![Archiving workflow for Workplace from Facebook data](../media/WorkplaceConnectorWorkflow.png)
+![Archiving workflow for Workplace from Facebook data.](../media/WorkplaceConnectorWorkflow.png)
1. Your organization works with Workplace from Facebook to set up and configure a Workplace site.
compliance Archive Xip Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-xip-data.md
After XIP source data is stored in user mailboxes, you can apply Microsoft 365 c
The following overview explains the process of using a connector to archive the XIP source data in Microsoft 365.
-![Archiving workflow for XIP source data](../media/XIPConnectorWorkflow.png)
+![Archiving workflow for XIP source data.](../media/XIPConnectorWorkflow.png)
1. Your organization works with the XIP source to set up and configure an XIP site.
compliance Archive Xslt Xml Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-xslt-xml-data.md
After XSLT/XML data is stored in user mailboxes, you can apply Microsoft 365 com
The following overview explains the process of using a connector to archive XSLT/XML source data in Microsoft 365.
-![Archiving workflow for XSLT/XML data](../media/XSLT-XMLConnectorWorkflow.png)
+![Archiving workflow for XSLT/XML data.](../media/XSLT-XMLConnectorWorkflow.png)
1. Your organization works with the XSLT/XML source to set up and configure an XSLT/XML site.
compliance Archive Yieldbroker Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-yieldbroker-data.md
After Yieldbroker is stored in user mailboxes, you can apply Microsoft 365 compl
The following overview explains the process of using a connector to archive the Yieldbroker data in Microsoft 365.
-![Archiving workflow for Yieldbroker data](../media/YieldbrokerConnectorWorkflow.png)
+![Archiving workflow for Yieldbroker data.](../media/YieldbrokerConnectorWorkflow.png)
1. Your organization works with the Yieldbroker to set up and configure a Yieldbroker site.
compliance Archive Zoommeetings Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-zoommeetings-data.md
After Zoom Meetings data is stored in user mailboxes, you can apply Microsoft 36
The following overview explains the process of using a connector to archive Zoom Meetings data in Microsoft 365.
-![Zoom Meetings archiving workflow](../media/ZoomMeetingsConnectorWorkflow.png)
+![Zoom Meetings archiving workflow.](../media/ZoomMeetingsConnectorWorkflow.png)
1. Your organization works with Zoom Meetings to set up and configure a Zoom Meetings site.
compliance Archiving Third Party Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archiving-third-party-data.md
Click the link in the **Third-party data** column to go the step-by-step instruc
|Third-party data |Litigation hold|eDiscovery |Retention settings |Records management |Communication compliance |Insider risk management | |:|:|:|:|:|:|:|
-|[Bloomberg Message](archive-bloomberg-message-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Facebook](archive-facebook-data-with-sample-connector.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
+|[Bloomberg Message](archive-bloomberg-message-data.md) |![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)||
+|[Facebook](archive-facebook-data-with-sample-connector.md) |![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
|[Human resources (HR)](import-hr-data.md) ||||||![Check mark](../media/checkmark.png)
-|[ICE Chat](archive-icechat-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Instant Bloomberg](archive-instant-bloomberg-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[LinkedIn](archive-linkedin-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
+|[ICE Chat](archive-icechat-data.md) |![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Instant Bloomberg](archive-instant-bloomberg-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[LinkedIn](archive-linkedin-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
|[Physical badging](import-physical-badging-data.md) ||||||![Check mark](../media/checkmark.png)|
-|[Twitter](archive-twitter-data-with-sample-connector.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
+|[Twitter](archive-twitter-data-with-sample-connector.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
|||||||| ### Veritas data connectors
Before you can archive third-party data in Microsoft 365, you have to work with
|Third-party data |Litigation hold|eDiscovery |Retention settings |Records management |Communication compliance |Insider risk management | |:|:|:|:|:|:|:|
-|[CellTrust](archive-celltrust-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Cisco Jabber on MS SQL](archive-ciscojabberonmssql-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Cisco Jabber on Oracle](archive-ciscojabberonoracle-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Cisco Jabber on PostgreSQL](archive-ciscojabberonpostgresql-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[EML](archive-eml-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
-|[FX Connect](archive-fxconnect-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Jive](archive-jive-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[MS SQL Database](archive-mssqldatabaseimporter-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
-|[Pivot](archive-pivot-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Redtail Speak](archive-redtailspeak-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Reuters Dealing](archive-reutersdealing-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Reuters Eikon](archive-reuterseikon-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Reuters FX](archive-reutersfx-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[RingCentral](archive-ringcentral-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
+|[CellTrust](archive-celltrust-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Cisco Jabber on MS SQL](archive-ciscojabberonmssql-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Cisco Jabber on Oracle](archive-ciscojabberonoracle-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Cisco Jabber on PostgreSQL](archive-ciscojabberonpostgresql-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[EML](archive-eml-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
+|[FX Connect](archive-fxconnect-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Jive](archive-jive-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[MS SQL Database](archive-mssqldatabaseimporter-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
+|[Pivot](archive-pivot-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Redtail Speak](archive-redtailspeak-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Reuters Dealing](archive-reutersdealing-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Reuters Eikon](archive-reuterseikon-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Reuters FX](archive-reutersfx-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[RingCentral](archive-ringcentral-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
|[Salesforce Chatter](archive-salesforcechatter-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||| |[ServiceNow](archive-servicenow-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||| |[Skype for Business](archive-skypeforbusiness-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
-|[Slack eDiscovery](archive-slack-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Symphony](archive-symphony-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Slack eDiscovery](archive-slack-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Symphony](archive-symphony-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|[Text-delimited](archive-text-delimited-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
-|[Webex Teams](archive-webexteams-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Webex Teams](archive-webexteams-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|[Webpages](archive-webpagecapture-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
-|[Workplace from Facebook](archive-workplacefromfacebook-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[XIP](archive-xip-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Workplace from Facebook](archive-workplacefromfacebook-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[XIP](archive-xip-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|[XSLT/XML](archive-xslt-xml-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
-|[Yieldbroker](archive-yieldbroker-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Zoom Meetings](archive-zoommeetings-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Yieldbroker](archive-yieldbroker-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Zoom Meetings](archive-zoommeetings-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|||||||| ### TeleMessage data connectors
TeleMessage data connectors are also available in GCC environments in the Micros
|Third-party data |Litigation hold|eDiscovery |Retention settings |Records management |Communication compliance |Insider risk management | |:|:|:|:|:|:|:|
-|[Android](archive-android-archiver-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[AT&T Network](archive-att-network-archiver-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Bell Network](archive-bell-network-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Enterprise Number](archive-enterprise-number-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[O2 Network](archive-o2-network-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Rogers Network](archive-rogers-network-archiver-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Signal](archive-signal-archiver-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Telegram](archive-telegram-archiver-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[TELUS Network](archive-telus-network-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Verizon Network](archive-verizon-network-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[WeChat](archive-wechat-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[WhatsApp](archive-whatsapp-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Android](archive-android-archiver-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[AT&T Network](archive-att-network-archiver-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Bell Network](archive-bell-network-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Enterprise Number](archive-enterprise-number-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[O2 Network](archive-o2-network-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Rogers Network](archive-rogers-network-archiver-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Signal](archive-signal-archiver-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Telegram](archive-telegram-archiver-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[TELUS Network](archive-telus-network-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Verizon Network](archive-verizon-network-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[WeChat](archive-wechat-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[WhatsApp](archive-whatsapp-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|||||||| ### 17a-4 data connectors
Before you can archive third-party data in Microsoft 365, you have to work with
|Third-party data |Litigation hold|eDiscovery |Retention settings |Records management |Communication compliance |Insider risk management | |:|:|:|:|:|:|:|
-|[BlackBerry](archive-17a-4-blackberry-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Bloomberg](archive-17a-4-bloomberg-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Cisco Jabber](archive-17a-4-cisco-jabber-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Cisco Webex](archive-17a-4-webex-teams-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[FactSet](archive-17a-4-factset-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Fuze](archive-17a-4-fuze-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[FX Connect](archive-17a-4-fxconnect-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[ICE Chat](archive-17a-4-ice-im-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[InvestEdge](archive-17a-4-investedge-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[LivePerson Conversational Cloud](archive-17a-4-liveperson-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Quip](archive-17a-4-quip-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Refinitiv Eikon Messenger](archive-17a-4-refinitiv-messenger-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[ServiceNow](archive-17a-4-servicenow-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-[Skype for Business Server](archive-17a-4-skype-for-business-server-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Slack](archive-17a-4-slack-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[SQL](archive-17a-4-sql-database-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Symphony](archive-17a-4-symphony-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[Zoom](archive-17a-4-zoom-data.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[BlackBerry](archive-17a-4-blackberry-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Bloomberg](archive-17a-4-bloomberg-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Cisco Jabber](archive-17a-4-cisco-jabber-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Cisco Webex](archive-17a-4-webex-teams-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[FactSet](archive-17a-4-factset-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Fuze](archive-17a-4-fuze-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[FX Connect](archive-17a-4-fxconnect-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[ICE Chat](archive-17a-4-ice-im-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[InvestEdge](archive-17a-4-investedge-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[LivePerson Conversational Cloud](archive-17a-4-liveperson-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Quip](archive-17a-4-quip-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Refinitiv Eikon Messenger](archive-17a-4-refinitiv-messenger-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[ServiceNow](archive-17a-4-servicenow-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+[Skype for Business Server](archive-17a-4-skype-for-business-server-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Slack](archive-17a-4-slack-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[SQL](archive-17a-4-sql-database-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Symphony](archive-17a-4-symphony-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[Zoom](archive-17a-4-zoom-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|||||||| ### CellTrust data connectors
Before you can archive third-party data in Microsoft 365, you have to work with
|Third-party data |Litigation hold|eDiscovery |Retention settings |Records management |Communication compliance |Insider risk management | |:|:|:|:|:|:|:|
-|[CellTrust SL2](archive-data-from-celltrustsl2.md) |![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[CellTrust SL2](archive-data-from-celltrustsl2.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|||||||| ## Overview of compliance solutions that support third-party data
kind:externaldata
You can use this query in the **Keywords** box for a Content search, a search associated with a Core eDiscovery case, or a collection in Advanced eDiscovery.
-![Query to search for third-party data](..\media\SearchThirdPartyData1.png)
+![Query to search for third-party data.](..\media\SearchThirdPartyData1.png)
You can also use the `kind:externaldata` property:value pair to to narrow the scope of searches to third-party data. For example, to search for items imported from any third-party data source that contain the word *contoso* in the **Subject** property of the imported item, use the following query in the **Keywords** box:
subject:contoso AND kind:externaldata
Alternatively, you can use the **Message kind** condition to configure the same query.
-![Use Message kind condition to narrow searches to third-party data](..\media\SearchThirdPartyData2.png)
+![Use Message kind condition to narrow searches to third-party data.](..\media\SearchThirdPartyData2.png)
To search for a specific type of archived third-party data, use the **itemclass** mailbox property in a search query. Use the following property:value format:
compliance Assign Ediscovery Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/assign-ediscovery-permissions.md
The primary eDiscovery-related role group in Microsoft 365 compliance center is
5. On the **eDiscovery Manager** flyout page, do one of the following based on the eDiscovery permissions that you want to assign.
- **To make a user an eDiscovery
+ **To make a user an eDiscovery
- **To make a user an eDiscovery Administrator:** Next to **eDiscovery Administrator**, select **Edit**. On the **Choose eDiscovery Administrator** page, click ![Add Icon](../media/ITPro-EAC-AddIcon.gif) **Add**. Select the user (or users) you want to add as an **eDiscovery Administrator**, and then **Add**. When you're finished adding users, select **Done**. Then, on the **Editing Choose eDiscovery Administrator** wizard page, select **Save** to save the changes to the eDiscovery Administrator membership.
+ **To make a user an eDiscovery Administrator:** Next to **eDiscovery Administrator**, select **Edit**. On the **Choose eDiscovery Administrator** page, click ![Add Icon.](../media/ITPro-EAC-AddIcon.gif) **Add**. Select the user (or users) you want to add as an **eDiscovery Administrator**, and then **Add**. When you're finished adding users, select **Done**. Then, on the **Editing Choose eDiscovery Administrator** wizard page, select **Save** to save the changes to the eDiscovery Administrator membership.
> [!NOTE] > You can also use the **Add-eDiscoveryCaseAdmin** cmdlet to make a user an eDiscovery Administrator. However, the user must be assigned the Case Management role before you can use this cmdlet to make them an eDiscovery Administrator. For more information, see [Add-eDiscoveryCaseAdmin](/powershell/module/exchange/add-ediscoverycaseadmin).
The following table lists the eDiscovery-related RBAC roles in the Microsoft 365
| Role | Compliance Administrator | eDiscovery Manager & Administrator | Organization Management | Reviewer | |:--|:--:|:--:|:--:|:--:|
-|Case Management <br/> |![Check mark](../media/checkmark.png) <br/> |![Check mark](../media/checkmark.png) <br/> |![Check mark](../media/checkmark.png) <br/> | <br/> |
-|Communication <br/> | <br/> |![Check mark](../media/checkmark.png) <br/> | <br/> | <br/> |
-|Compliance Search <br/> |![Check mark](../media/checkmark.png) <br/> |![Check mark](../media/checkmark.png) <br/> |![Check mark](../media/checkmark.png) <br/> | <br/> |
-|Custodian <br/> | <br/> |![Check mark](../media/checkmark.png) <br/> | <br/> | <br/> |
-|Export <br/> | <br/> |![Check mark](../media/checkmark.png) <br/> | <br/> | <br/> |
-|Hold <br/> |![Check mark](../media/checkmark.png) <br/> |![Check mark](../media/checkmark.png) <br/> |![Check mark](../media/checkmark.png) <br/> | <br/> |
-|Preview <br/> | <br/> |![Check mark](../media/checkmark.png) <br/> | <br/> | <br/> |
-|Review <br/> | <br/> |![Check mark](../media/checkmark.png) <br/> | <br/> |![Check mark](../media/checkmark.png) <br/> |
+|Case Management <br/> |![Check mark.](../media/checkmark.png) <br/> |![Check mark.](../media/checkmark.png) <br/> |![Check mark.](../media/checkmark.png) <br/> | <br/> |
+|Communication <br/> | <br/> |![Check mark.](../media/checkmark.png) <br/> | <br/> | <br/> |
+|Compliance Search <br/> |![Check mark.](../media/checkmark.png) <br/> |![Check mark.](../media/checkmark.png) <br/> |![Check mark.](../media/checkmark.png) <br/> | <br/> |
+|Custodian <br/> | <br/> |![Check mark.](../media/checkmark.png) <br/> | <br/> | <br/> |
+|Export <br/> | <br/> |![Check mark.](../media/checkmark.png) <br/> | <br/> | <br/> |
+|Hold <br/> |![Check mark.](../media/checkmark.png) <br/> |![Check mark.](../media/checkmark.png) <br/> |![Check mark.](../media/checkmark.png) <br/> | <br/> |
+|Preview <br/> | <br/> |![Check mark.](../media/checkmark.png) <br/> | <br/> | <br/> |
+|Review <br/> | <br/> |![Check mark.](../media/checkmark.png) <br/> | <br/> |![Check mark](../media/checkmark.png) <br/> |
|RMS Decrypt <br/> ||![Check mark](../media/checkmark.png) <br/> ||| |Search And Purge <br/> | <br/> | <br/> |![Check mark](../media/checkmark.png) <br/> | <br/> | ||||
compliance Attorney Privilege Detection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/attorney-privilege-detection.md
The model produces the following three properties for every document:
These properties (and their corresponding values) are added to the file metadata of the documents in a review set, as shown in the following screenshot:
-![Attorney-client privilege properties shown in file metadata](../media/AeDAttorneyClientPrivilegeMetadata.png)
+![Attorney-client privilege properties shown in file metadata.](../media/AeDAttorneyClientPrivilegeMetadata.png)
These three properties are also searchable within a review set. For more information, see [Query the data in a review set](review-set-search.md).
A person who is an eDiscovery Administrator in your organization (a member of th
2. On the **Advanced eDiscovery** home page, in the **Settings** tile, click **Configure global analytics settings**.
- ![Select "Configure experimental features"](../media/AeDExperimentalFeatures.png)
+ ![Select "Configure experimental features.".](../media/AeDExperimentalFeatures.png)
3. On the **Analytics settings** tab, select **Manage attorney-client privilege setting**.
To upload an attorney list for use by the attorney-client privilege detection mo
The **Attorney-client privilege** page is displayed, and the **Attorney-client privilege detection** toggle is turned on.
- ![Attorney-client privilege flyout page](../media/AeDUploadAttorneyList.png)
+ ![Attorney-client privilege flyout page.](../media/AeDUploadAttorneyList.png)
3. Select **Browse** and then find and select the .csv file that you created in step 1.
One of the primary ways to see the results of attorney-client privilege detectio
2. Under **Tags**, select the pull-down next to **Add group** and then select **Add smart tag group**.
- ![Select "Add smart tag group"](../media/AeDCreateSmartTag.png)
+ ![Select "Add smart tag group.".](../media/AeDCreateSmartTag.png)
3. On the **Choose a model for your smart tag** page, choose **Select** next to **Attorney-client privilege**. A tag group named **Attorney-client privilege** is displayed. It contains two child tags named **Positive** and **Negative**, which correspond to the possible results produced by the model.
- ![Attorney-client privilege smart tag group](../media/AeDAttorneyClientSmartTagGroup.png)
+ ![Attorney-client privilege smart tag group.](../media/AeDAttorneyClientSmartTagGroup.png)
3. Rename the tag group and tags as appropriate for your review. For example, you can rename **Positive** to **Privileged** and **Negative** to **Not privileged**.
If the model determines that a document doesn't contain content that is legal in
For example, the following screenshots show two documents. The first one contains content that is legal in nature and has a participant found in the list of attorneys. The second contains neither and therefore doesn't display any labels.
-![Document with Attorney and Legal content labels](../media/AeDTaggingPanelLegalContentAttorney.png)
+![Document with Attorney and Legal content labels.](../media/AeDTaggingPanelLegalContentAttorney.png)
-![Document without any labels](../media/AeDTaggingPanelNegative.png)
+![Document without any labels.](../media/AeDTaggingPanelNegative.png)
After you review a document to see if it contains privileged content, you can tag the document with the appropriate tag.
compliance Audit Log Retention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/audit-log-retention-policies.md
Advanced Audit in Microsoft 365 provides a default audit log retention policy fo
4. Click **Create audit retention policy**, and then complete the following fields on the flyout page:
- ![New audit retention policy flyout page](../media/CreateAuditLogRetentionPolicy.png)
+ ![New audit retention policy flyout page.](../media/CreateAuditLogRetentionPolicy.png)
1. **Policy name:** The name of the audit log retention policy. This name must be unique in your organization, and it can't be change after the policy is created.
Audit log retention policies are listed on the **Audit retention policies** tab
Audit log retention policies are listed in the dashboard. One advantage of viewing policies in the dashboard is that you can click the **Priority** column to list the policies in the priority in which they are applied. As previously explained, a lower value indicates a higher priority.
-![Priority column in the Audit retention policies dashboard](../media/AuditLogRetentionDashboardPriority.png)
+![Priority column in the Audit retention policies dashboard.](../media/AuditLogRetentionDashboardPriority.png)
You can also select a policy to display its settings on the flyout page.
To edit a policy, select it to display the flyout page. You can modify one or mo
### Delete policies in the dashboard
-To delete a policy, click the **Delete** ![Delete icon](../media/92a9f8e0-d469-48da-addb-69365e7ffb6f.jpg) icon and then confirm that you want to delete the policy. The policy is removed from the dashboard, but it might take up to 30 minutes for the policy to be removed from your organization.
+To delete a policy, click the **Delete** ![Delete icon.](../media/92a9f8e0-d469-48da-addb-69365e7ffb6f.jpg) icon and then confirm that you want to delete the policy. The policy is removed from the dashboard, but it might take up to 30 minutes for the policy to be removed from your organization.
## Create and manage audit log retention policies in PowerShell
compliance Auditing Solutions Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/auditing-solutions-overview.md
Microsoft 365 auditing solutions provide an integrated solution to help organiza
Microsoft 365 provides two auditing solutions: Basic Audit and Advanced Audit.
-![Key capabilities of Basic Audit and Advanced Audit](..\media\AuditingSolutionsComparison.png)
+![Key capabilities of Basic Audit and Advanced Audit.](..\media\AuditingSolutionsComparison.png)
### Basic Audit
Basic Audit provides with you with the ability to log and search for audited act
- **Thousands of searchable audit events**. You can search for a wide-range of audited activities that occur is most of the Microsoft 365 services in your organization. For a partial list of the activities you can search for, see [Audited activities](search-the-audit-log-in-security-and-compliance.md#audited-activities). For a list of the services and features that support audited activities, see [Audit log record type](/office/office-365-management-api/office-365-management-activity-api-schema#auditlogrecordtype). - **Audit search tool in the Microsoft 365 compliance center**. Use the Audit log search tool in the Microsoft 365 compliance center to search for audit records. You can search for specific activities, for activities performed by specific users, and activities that occurred with a date range. Here's a screenshot of the Audit search tool in the compliance center.
- ![Audit log search tool in the Microsoft 365 compliance center](../media/AuditLogSearchToolMCC.png)
+ ![Audit log search tool in the Microsoft 365 compliance center.](../media/AuditLogSearchToolMCC.png)
- **Search-UnifiedAuditLog cmdlet**. You can also use the **Search-UnifiedAuditLog** cmdlet in Exchange Online PowerShell (the underlying cmdlet for the search tool) to search for audit events or to use in a script. For more information, see:
The following table compares the key capabilities available in Basic Audit and A
|Capability|Basic Audit|Advanced Audit| |:|:-|:-|
-|Enabled by default|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Thousands of searchable audit events|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Audit search tool in the Microsoft 365 compliance center|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Search-UnifiedAuditLog cmdlet|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Export audit records to CSV file|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Access to audit logs via Office 365 Management Activity API <sup>1</sup>|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)</sup>|
-|90-day audit log retention|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|1-year audit log retention||![Supported](../media/check-mark.png)|
+|Enabled by default|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Thousands of searchable audit events|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Audit search tool in the Microsoft 365 compliance center|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Search-UnifiedAuditLog cmdlet|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Export audit records to CSV file|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Access to audit logs via Office 365 Management Activity API <sup>1</sup>|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)</sup>|
+|90-day audit log retention|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|1-year audit log retention||![Supported.](../media/check-mark.png)|
|10-year audit log retention <sup>2</sup>||![Supported](../media/check-mark.png)| |Audit log retention policies||![Supported](../media/check-mark.png)| |High-value, crucial events||![Supported](../media/check-mark.png)|
To get started using the auditing solutions in Microsoft 365, see the following
The first step is to set up Basic Audit and then start running audit log searches.
-![Workflow to set up Basic Audit](../media/BasicAuditingWorkflow.png)
+![Workflow to set up Basic Audit.](../media/BasicAuditingWorkflow.png)
1. Verify that your organization has a subscription that supports Basic Audit and if applicable, a subscription that supports Advanced Audit.
For more detailed instructions, see [Set up Basic Audit](set-up-basic-audit.md).
If your organization has a subscription that supports Advanced Audit, perform the following steps to set up and use the additional capabilities in Advanced Audit.
-![Workflow to set up Advanced Audit](../media/AdvancedAuditWorkflow.png)
+![Workflow to set up Advanced Audit.](../media/AdvancedAuditWorkflow.png)
1. Set up Advanced Audit for users. This step consists of the following tasks:
compliance Auditing Troubleshooting Scenarios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/auditing-troubleshooting-scenarios.md
This section describes the basics for creating and running audit log searches. U
The **Audit** page is displayed.
- ![Configure criteria and then select Search to run the search](../media/AuditLogSearchPage1.png)
+ ![Configure criteria and then select Search to run the search.](../media/AuditLogSearchPage1.png)
2. You can configure the following search criteria. Each troubleshooting scenario in this article recommends specific guidance for configuring these fields.
Here's how to configure an audit log search query for this scenario:
After you run the search, select **Filter results** on the search results page. In the box under **Activity** column header, type **Set-Mailbox** so that only audit records related to the **Set-Mailbox** cmdlet are displayed.
-![Filtering the results of an audit log search](../media/emailforwarding1.png)
+![Filtering the results of an audit log search.](../media/emailforwarding1.png)
At this point, you have to look at the details of each audit record to determine if the activity is related to email forwarding. Select the audit record to display the **Details** flyout page, and then select **More information**. The following screenshot and descriptions highlight the information that indicates email forwarding was set on the mailbox.
-![Detailed information from the audit record](../media/emailforwarding2.png)
+![Detailed information from the audit record.](../media/emailforwarding2.png)
a. In the **ObjectId** field, the alias of the mailbox that email forwarding was set on is displayed. This mailbox is also displayed on the **Item** column in the search results page.
After you run the search, you can filter the search results to display the audit
**Example of AffectedItems field for soft-deleted item**
-![Audit record for soft-deleted item](../media/softdeleteditem.png)
+![Audit record for soft-deleted item.](../media/softdeleteditem.png)
**Example of AffectedItems field for hard-deleted item**
-![Audit record for hard-deleted email item](../media/harddeleteditem.png)
+![Audit record for hard-deleted email item.](../media/harddeleteditem.png)
### Recover deleted email items
Here's how to configure an audit log search query for this scenario:
After you run the search, any audit records for this activity are displayed in the search results. Select an audit record to display the **Details** flyout page, and then select **More information**. Information about the inbox rule settings is displayed in the **Parameters** field. The following screenshot and descriptions highlight the information about inbox rules.
-![Audit record for new inbox rule](../media/NewInboxRuleRecord.png)
+![Audit record for new inbox rule.](../media/NewInboxRuleRecord.png)
a. In the **ObjectId** field, the full name of the inbox rule is displayed. This name includes the alias of the user's mailbox (for example, SaraD) and the name of the inbox rule (for example, "Move messages from admin").
This behavior is by design. Azure Active Directory (Azure AD), the directory ser
Here's an example and descriptions of relevant properties in an audit record for a **User logged In** event that is a result of pass-through authentication. Select the audit record to display the **Details** flyout page, and then select **More information**.
-![Example of audit record for successful pass-thru authentication](../media/PassThroughAuth1.png)
+![Example of audit record for successful pass-thru authentication.](../media/PassThroughAuth1.png)
a. This field indicates that the user who attempted to access a resource in your organization wasn't found in your organization's Azure AD.
Here are two examples scenarios that would result in a successful **User logged
- Search the audit log for activities performed by the external user identified in the **User logged in** audit record. Type the UPN for the external user in the **Users** box and use a date range if relevant to your scenario. For example, you can create a search using the following search criteria:
- ![Search for all activities performed by the external user](../media/PassThroughAuth2.png)
+ ![Search for all activities performed by the external user.](../media/PassThroughAuth2.png)
In addition to the **User logged in** activities, other audit records may be returned, such ones that indicate a user in your organization shared resources with the external user and whether the external user accessed, modified, or downloaded a document that was shared with them.
compliance Auto Apply Retention Labels Scenario https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/auto-apply-retention-labels-scenario.md
Our scenario is a manufacturing company that uses SharePoint to store all the do
This metadata forms a base content type called *Production Document* for all the documents.
-![Table of product documentation meta data](../media/SPRetention1.png)
+![Table of product documentation meta data.](../media/SPRetention1.png)
> [!NOTE] > The **Doc Type** and **Status** properties are used by retention policies later in this scenario to classify and auto-apply retention labels.
We might have several content types that represent different types of documents,
In this scenario, we use the Managed Metadata service and the Term Store to create a term set for *Doc Type* and another one for *Product Name*. For each term set, we create a term for each value. It would look like something like this in Term Store for your SharePoint organization:
-![Sample term set for product documentation in Term Store](../media/SPRetention2.png)
+![Sample term set for product documentation in Term Store.](../media/SPRetention2.png)
*Content Type* can be created and published by using the [Content Type Hub](https://support.office.com/article/manage-content-type-publishing-06f39ac0-5576-4b68-abbc-82b68334889b). You can also create and publish a content type by using site provisioning tools, such as the [PnP provisioning framework](/sharepoint/dev/solution-guidance/pnp-provisioning-framework) or [site design JSON schema](/sharepoint/dev/declarative-customization/site-design-json-schema#define-a-new-content-type). Each product has a dedicated SharePoint site that contains one document library that has the right content types enabled. All documents are stored in this document library.
-[ ![Document library for product documentation](../media/SPRetention3.png) ](../media/SPRetention3.png#lightbox)
+[ ![Document library for product documentation.](../media/SPRetention3.png) ](../media/SPRetention3.png#lightbox)
> [!NOTE] > Instead of having a SharePoint site per product, the manufacturing company in this scenario could use a Microsoft Team per product to support collaboration among members of the team, such as through persistent chat, and use the **Files** tab in Teams for document management. In this article we only focus on documents, so, we'll only use a site. Here's a view of the document library for the Spinning Widget product:
-[ ![Spinning Widget document library](../media/SPRetention4.png) ](../media/SPRetention4.png#lightbox)
+[ ![Spinning Widget document library.](../media/SPRetention4.png) ](../media/SPRetention4.png#lightbox)
Now that we have the basic information architecture in place for document management, let's look at the retention and disposal strategy for the documents that use the metadata and how we classify those documents.
Here's the [file plan](file-plan-manager.md) for the Product Specification reten
The following screenshot shows the settings when you create the Product Specification retention label in the Microsoft 365 compliance center. You can create the *Product Cessation* event type when you create the retention label. See the procedure in the following section.
-![Retention settings for the Product Specification label](../media/SPRetention5.png)
+![Retention settings for the Product Specification label.](../media/SPRetention5.png)
> [!NOTE] > To avoid a 5-year wait for document deletion, set the retention duration to ***1 day*** if you're recreating this scenario in a test environment.
The following screenshot shows the settings when you create the Product Specific
1. On the **Define retention settings** page of the Create retention label wizard, after **Start the retention period based on**, select **Create new event type**:
- ![Create a new event type for the Product Specification label dialog box](../media/SPRetention6.png)
+ ![Create a new event type for the Product Specification label dialog box.](../media/SPRetention6.png)
3. On the **Name your event type** page, enter **Product Cessation** and an optional description. Then select **Next**, **Submit**, and **Done**.
The following screenshot shows the settings when you create the Product Specific
Here's what the settings look like for the Product Specification retention label:
- ![Settings for the new Product Specification label](../media/SPRetention7.png)
+ ![Settings for the new Product Specification label.](../media/SPRetention7.png)
6. Select **Create label**, and on the next page when you see the options to publish the label, auto-apply the label, or just save the label: Select **Just save the label for now**, and then select **Done**.
When SharePoint indexes content, it automatically generates crawled properties f
In the SharePoint admin center, open the Search configuration, and select **Manage Search Schema** to view and configure the crawled properties.
-![Crawled properties in search schema](../media/SPRetention8.png)
+![Crawled properties in search schema.](../media/SPRetention8.png)
If we type ***status*** in the **Crawled properties** box and select the green arrow, we should see a result like this:
-![The ows_Status crawled property](../media/SPRetention9.png)
+![The ows_Status crawled property.](../media/SPRetention9.png)
The **ows\_\_Status** property (notice the double underscore) is the one that interests us. It maps to the **Status** property of the Production Document content type. Now, if we type ***ows\_doc*** and select the green arrow, we should see something like this:
-![The ows_Doc_Type crawled property](../media/SPRetention10.png)
+![The ows_Doc_Type crawled property.](../media/SPRetention10.png)
The **ows\_Doc\_x0020\_Type** property is the second property that interests us. It maps to the **Doc Type** property of the Production Document content type.
KQL can't use crawled properties in search queries. It has to use a managed prop
For the KQL query to automatically apply the correct retention label to product document content, we map the crawled properties **ows\_Doc\_x0020\_Type* and *ows\_\_Status** to two refinable managed properties. In our test environment for this scenario, **RefinableString00** and **RefinableString01** aren't being used. We determined this by looking at **Managed Properties** in **Manage Search Schema** in the SharePoint admin center.
-[ ![Managed properties in search schema](../media/SPRetention12.png) ](../media/SPRetention12.png#lightbox)
+[ ![Managed properties in search schema.](../media/SPRetention12.png) ](../media/SPRetention12.png#lightbox)
Notice that the **Mapped Crawled Properties** column in the previous screenshot is empty.
To map the **ows\_Doc\_x0020\_Type** crawled property, follow these steps:
In the **Mapped Crawled Properties** section, you should see something similar to this screenshot:
- [ ![Select Add a mapping in the Mapped crawled properties section](../media/SPRetention13.png) ](../media/SPRetention13.png#lightbox)
+ [ ![Select Add a mapping in the Mapped crawled properties section.](../media/SPRetention13.png) ](../media/SPRetention13.png#lightbox)
5. Scroll to the bottom of the page and select **OK** to save the mapping.
Repeat these steps to map **RefinableString01** and **ows\_\_Status**.
Now you should have two managed properties mapped to the two crawled properties:
-[ ![Managed properties shown mapped to crawled properties](../media/SPRetention14.png) ](../media/SPRetention14.png#lightbox)
+[ ![Managed properties shown mapped to crawled properties.](../media/SPRetention14.png) ](../media/SPRetention14.png#lightbox)
Let's verify that our setup is correct by running an enterprise search. In a browser, go to *https://\<your_tenant>.sharepoint.com/search*. In the search box, type ***RefinableString00:"Product Specification"*** and press enter. This search should return all documents that have a **Product Specification** of ***Doc Type***.
Now that we've verified that the KQL query is working, let's create an auto-appl
3. On the **Choose the type of content you want to apply this label to** page, select **Apply label to content that contains specific words or phrases, or properties**, and then select **Next**.
- [ ![Select Apply label to content that contains specific words or phrases, or properties](../media/SPRetention17.png) ](../media/SPRetention17.png#lightbox)
+ [ ![Select Apply label to content that contains specific words or phrases, or properties.](../media/SPRetention17.png) ](../media/SPRetention17.png#lightbox)
This option lets us provide the same KQL search query that we tested in the previous section. The query returns all Product Specification documents that have a status of *Final*. When we use this same query in the auto-apply label policy, the Product Specification retention label will be automatically applied to all documents that match it. 4. On the **Apply label to content matching this query** page, type **RefinableString00:"Product Specification" AND RefinableString01:Final**, and then select **Next**.
- ![Specify the query in the Keyword query editor box](../media/SPRetention19.png)
+ ![Specify the query in the Keyword query editor box.](../media/SPRetention19.png)
5. On the **Choose locations to apply the policy** page, you select the content locations that you want to apply the policy to. For this scenario, we apply the policy only to SharePoint locations, because all the production documents are stored in SharePoint document libraries. Toggle the status for **Exchange email**, **OneDrive accounts**, and **Microsoft 365 Groups** to **Off**. Make sure that the status for SharePoint sites is set to **On** before you select **Next**:
- ![Choose specific sites to auto-apply labels to](../media/SPRetentionSPlocations.png)
+ ![Choose specific sites to auto-apply labels to.](../media/SPRetentionSPlocations.png)
> [!TIP] > Instead of applying the policy to all SharePoint sites, you can select **Choose site** and add the URLs for specific SharePoint sites.
Now that we've verified that the KQL query is working, let's create an auto-appl
8. Review your settings:
- ![Settings to auto-apply the label](../media/SPRetention18.png)
+ ![Settings to auto-apply the label.](../media/SPRetention18.png)
9. Select **Submit** to create the auto-apply label policy.
After 7 days, use [activity explorer](data-classification-activity-explorer.md)
Also look at the properties of the documents in the Document Library. In the information panel, you can see that the retention label is applied to a selected document.
-[ ![Verify that label was applied by looking at the document properties in the Document Library](../media/SPRetention21.png) ](../media/SPRetention21.png#lightbox)
+[ ![Verify that label was applied by looking at the document properties in the Document Library.](../media/SPRetention21.png) ](../media/SPRetention21.png#lightbox)
Because the retention labels were auto-applied to documents, those documents are protected from deletion because the retention label was configured to declare the documents as *records*. As an example of this protection, we get the following error message when we try to delete one of these documents:
But for this scenario, we'll automatically generate the event from an external p
The following screenshot shows the SharePoint list that will be used the trigger the event:
-[ ![The list that will trigger the retention event](../media/SPRetention23.png) ](../media/SPRetention23.png#lightbox)
+[ ![The list that will trigger the retention event.](../media/SPRetention23.png) ](../media/SPRetention23.png#lightbox)
There are two products currently in production, as indicated by the ***Yes*** in the **In Production** column. When the value in this column is set to ***No*** for a product, the flow associated with the list will automatically generate the event. The event triggers the start of the retention period for the retention label that was auto-applied to the corresponding product documents. For this scenario, we use the following flow to trigger the event:
-[ ![Configuring the flow that will trigger the event](../media/SPRetention24.png) ](../media/SPRetention24.png#lightbox)
+[ ![Configuring the flow that will trigger the event.](../media/SPRetention24.png) ](../media/SPRetention24.png#lightbox)
To create this flow, start from a SharePoint connector and select the **When an item is created or modified** trigger. Specify the site address and list name. Then add a condition based on when the **In Production** list column value is set to ***No*** (or equal to *false* on the condition card). Then add an action based on the built-in HTTP template. Use the values in the following section to configure the HTTP action. You can copy the values for the **URI** and **Body** properties from the following section and paste them into the template.
This list describes the parameters in the **Body** property of the action that m
- **EventType**: The value for this parameter corresponds to the event type that the created event will apply to. This event type was defined when you created the retention label. For this scenario, the event type is "Product Cessation." - **SharePointAssetIdQuery**: This parameter defines the asset ID for the event. Event-based retention needs a unique identifier for the document. We can use asset IDs to identify the documents that a particular event applies to or, as in this scenario, the metadata column **Product Name**. To do this, we need to create a new **ProductName** managed property that can be used in the KQL query. (Alternatively, we could use **RefinableString00** instead of creating a new managed property). We also need to map this new managed property to the **ows_Product_x0020_Name** crawled property. Here's a screenshot of this managed property.
- [ ![Rentention managed property](../media/SPRetention25.png) ](../media/SPRetention25.png#lightbox)
+ [ ![Rentention managed property.](../media/SPRetention25.png) ](../media/SPRetention25.png#lightbox)
- **EventDateTime**: This parameter defines the date that the event occurs. Use the current date format:<br/><br/>*formatDateTime(utcNow(),'yyyy-MM-dd'*)
Now the retention label is created and auto-applied, and the flow is configured
Select the event to view the details on the flyout page. Notice that even though the event is created, the event status shows that no SharePoint sites or documents have been processed.
-![Event details](../media/SPRetention29.png)
+![Event details.](../media/SPRetention29.png)
But after a delay, the event status shows that a SharePoint site and a SharePoint document have been processed.
As the [Start retention when an event occurs](event-driven-retention.md) article
As the following screenshot shows, the asset ID managed property is called **ComplianceAssetId**.
-[ ![ComplianceAssetId managed property](../media/SPRetention27.png) ](../media/SPRetention27.png#lightbox)
+[ ![ComplianceAssetId managed property.](../media/SPRetention27.png) ](../media/SPRetention27.png#lightbox)
Instead of using the default **Asset Id** property as we do in this scenario, you can use any other property. But it's important to understand that if you don't specify an asset ID or keywords for an event, all the content that has a label of that event type will get its retention period triggered by the event.
compliance Building Search Queries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/building-search-queries.md
description: "Use keywords and conditions to narrow the scope of the search when
When configuring the search query when creating a [collection](collections-overview.md) in an Advanced eDiscovery case, you can use keywords to find specific content and conditions to narrow the scope of the search to return items that are most relevant to your legal investigation.
-![Use keywords and conditions to narrow the results of a search](../media/SearchQueryBox.png)
+![Use keywords and conditions to narrow the results of a search.](../media/SearchQueryBox.png)
## Keyword searches
Type a keyword query in the **Keywords** box in the search query. You can specif
Alternatively, you can select the **Show keyword list** check box and the type a keyword or keyword phrase in each row. The keywords in each row are connected by a logical operator (which is represented as *c:s* in the search query syntax) that is similar in functionality to the **OR** operator in the search query that's created. This means items that contain any keyword in any row are in the search results. You can add up to 180 rows in the keyword list in Advanced eDiscovery search queries.
-![Use the keyword list to get statistics on each keyword in the query](../media/KeywordListSearch.png)
+![Use the keyword list to get statistics on each keyword in the query.](../media/KeywordListSearch.png)
Why use the keyword list? You can get statistics that show how many items match each keyword in the keyword list. This can help you quickly identify the keywords that are the most (and least) effective. You can also use a keyword phrase (surrounded by parentheses) in a row in the keywords list. For more information about search statistics, see [Search statistics](search-statistics-in-advanced-ediscovery.md).
compliance Bulk Add Custodians https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/bulk-add-custodians.md
For Advanced eDiscovery cases that involve many custodians, you can import multi
3. On the **Import custodians** flyout page, click **Download a blank template** to download a custodian template CSV file.
- ![Download a CSV template from Import custodians flyout page](../media/ImportCustodians1.png)
+ ![Download a CSV template from Import custodians flyout page.](../media/ImportCustodians1.png)
4. Add the custodial information to the CSV file and save it to your local computer. See the [Custodian CSV file](#custodian-csv-file) section for information about the required properties in the CSV file.
compliance Bulk Import External Contacts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/bulk-import-external-contacts.md
After you run the command in Step 2, the external contacts are created, but they
1. In the EAC, go to **Recipients** \> **Contacts**.
-2. Click a contact and then click **Edit** ![Edit icon](../media/ebd260e4-3556-4fb0-b0bb-cc489773042c.gif) to display the contact's properties.
+2. Click a contact and then click **Edit** ![Edit icon.](../media/ebd260e4-3556-4fb0-b0bb-cc489773042c.gif) to display the contact's properties.
That's it! Users can see the contacts and the additional information in the address book Outlook and Outlook on the web.
compliance Check Your Content Search Query For Errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/check-your-content-search-query-for-errors.md
If unsupported characters are found in your query, a warning message is displaye
Here's an example of the warning message that's displayed after you click **Check query for typos** for the search query in the previous screenshot. Note the original query used smart quotes and lowercase Boolean operators.
-![A warning message is displayed with a suggested revision for your query](../media/23214b30-8e52-412c-bd80-63fb1b3ed52d.png)
+![A warning message is displayed with a suggested revision for your query.](../media/23214b30-8e52-412c-bd80-63fb1b3ed52d.png)
## How to prevent unsupported characters in your search queries
compliance Classifier Get Started With https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-get-started-with.md
It's helpful to understand what's involved in creating a custom trainable classi
This timeline reflects a sample deployment of trainable classifiers.
-![trainable-classifier-timeline](../media/trainable-classifier-deployment-timeline_border.png)
+![trainable-classifier-timeline.](../media/trainable-classifier-deployment-timeline_border.png)
> [!TIP] > Opt-in is required the first time for trainable classifiers. It takes twelve days for Microsoft 365 to complete a baseline evaluation of your organizations content. Contact your global administrator to kick off the opt-in process.
Once the trainable classifier has processed enough positive samples to build a p
10. You can now view the details page by choosing the classifier. > [!div class="mx-imgBorder"]
- > ![trainable classifier ready for testing](../media/classifier-trainable-ready-to-test-detail.png)
+ > ![trainable classifier ready for testing.](../media/classifier-trainable-ready-to-test-detail.png)
11. Collect at least 200 test content items (10,000 max) for best results. These should be a mix of items that are strong positives, strong negatives and some that are a little less obvious in their nature. See, [Default crawled file name extensions and parsed file types in SharePoint Server](/sharepoint/technical-reference/default-crawled-file-name-extensions-and-parsed-file-types) for the supported file types.
Once the trainable classifier has processed enough positive samples to build a p
16. When the trainable classifier is done processing your test files, the status on the details page will change to `Ready to review`. If you need to increase the test sample size, choose `Add items to test` and allow the trainable classifier to process the additional items. > [!div class="mx-imgBorder"]
- > ![ready to review screenshot](../media/classifier-trainable-ready-to-review-detail.png)
+ > ![ready to review screenshot.](../media/classifier-trainable-ready-to-review-detail.png)
17. Choose `Tested items to review` tab to review items. 18. Microsoft 365 will present 30 items at a time. Review them and in the `We predict this item is "Relevant". Do you agree?` box choose either `Yes` or `No` or `Not sure, skip to next item`. Model accuracy is automatically updated after every 30 items. > [!div class="mx-imgBorder"]
- > ![review items box](../media/classifier-trainable-review-detail.png)
+ > ![review items box.](../media/classifier-trainable-review-detail.png)
19. Review *at least* 200 items. Once the accuracy score has stabilized, the **publish** option will become available and the classifier status will say `Ready to use`. > [!div class="mx-imgBorder"]
- > ![accuracy score and ready to publish](../media/classifier-trainable-review-ready-to-publish.png)
+ > ![accuracy score and ready to publish.](../media/classifier-trainable-review-ready-to-publish.png)
20. Publish the classifier.
compliance Classifier How To Retrain Content Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-how-to-retrain-content-explorer.md
To understand more about the overall workflow of retraining a classifier, see [P
9. Open **Trainable classifiers**. 10. The classifier that was used in your Communications compliance policy will appear under the **Re-training** heading.
-![classifier in retraining status](../media/classifier-retraining.png)
+![classifier in retraining status.](../media/classifier-retraining.png)
11. Once retraining completes, choose the classifier to open the retraining overview.
-![classifier retraining results overview](../media/classifier-retraining-overview.png)
+![classifier retraining results overview.](../media/classifier-retraining-overview.png)
12. Review the recommended action, and the prediction comparisons of the retrained and currently published versions of the classifier. 13. If you satisfied with the results of the retraining, choose **Re-publish**.
compliance Classifier Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-learn-about.md
Microsoft 365 comes with five pre-trained classifiers:
These appear in the **Microsoft 365 compliance center** > **Data classification** > **Trainable classifiers** view with the status of `Ready to use`.
-![classifiers-pre-trained-classifiers](../media/classifiers-ready-to-use-classifiers.png)
+![classifiers-pre-trained-classifiers.](../media/classifiers-ready-to-use-classifiers.png)
> [!IMPORTANT] > Please note the offensive language, harassment, profanity, discrimination, and threat classifiers only work with searchable text and are not an exhaustive or complete list of terms or language across these areas. Further, language and cultural standards continually change, and in light of these realities, Microsoft reserves the right to update these classifiers in its discretion. While classifiers may assist your organization in detecting these areas, classifiers are not intended to provide your organization's sole means of detecting or addressing the use of such language. Your organization, not Microsoft or its subsidiaries, remains responsible for all decisions related to monitoring, scanning, blocking, removal, and retention of any content identified by a pre-trained classifier, including compliance with local privacy and other applicable laws. Microsoft encourages consulting with legal counsel before deployment and use.
For example you could create trainable classifiers for:
Creating and publishing a classifier for use in compliance solutions, such as retention policies and communication supervision, follows this flow. For more detail on creating a custom trainable classifier see, [Creating a custom classifier](classifier-get-started-with.md).
-![process flow custom classifier](../media/classifier-trainable-classifier-flow.png)
+![process flow custom classifier.](../media/classifier-trainable-classifier-flow.png)
### Retraining classifiers You can help improve the accuracy of all custom classifiers and some pre-trained classifiers by providing them with feedback on the accuracy of the classification that they perform. This is called retraining and follow this workflow.
-![classifier retraining workflow](../media/classifier-retraining-workflow.png)
+![classifier retraining workflow.](../media/classifier-retraining-workflow.png)
## See also
compliance Close Or Delete Case https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/close-or-delete-case.md
To close a case:
2. On the **Settings** tab, under **Case Information**, click **Select**.
- ![Access the case information flyout page in an Advanced eDiscovery case](..\media\AeDSelectCaseInformation.png)
+ ![Access the case information flyout page in an Advanced eDiscovery case.](..\media\AeDSelectCaseInformation.png)
3. At the bottom of the **Case Information** flyout page, click **Actions**, and then click **Close case**.
compliance Close Reopen Delete Core Ediscovery Cases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/close-reopen-delete-core-ediscovery-cases.md
To close a case:
2. Click the name of the case that you want to close.
- ![Close case on case home page](../media/eDiscoveryCaseHomePage.png)
+ ![Close case on case home page.](../media/eDiscoveryCaseHomePage.png)
3. On the home page, under **Status**, click **Close case**.
When you reopen a case, any eDiscovery holds that were in place when the case wa
2. Click the name of the case that you want to reopen.
- ![Reopen a closed case](../media/eDiscoveryCaseHomePageReopen.png)
+ ![Reopen a closed case.](../media/eDiscoveryCaseHomePageReopen.png)
3. On the home page, under **Status**, click **Reopen case**.
To delete an eDiscovery hold:
3. On the flyout page, click **Delete**.
- ![Delete an eDiscovery hold](../media/DeleteeDiscoveryHold.png)
+ ![Delete an eDiscovery hold.](../media/DeleteeDiscoveryHold.png)
To delete a case:
To delete a case:
3. On the case home page, under **Status**, click **Delete case**.
- ![Delete a case](../media/eDiscoveryCaseHomePageDelete.png)
+ ![Delete a case.](../media/eDiscoveryCaseHomePageDelete.png)
If the case you're trying to delete still contains eDiscovery holds, you'll receive an error message. You'll have to delete all holds associated with the case and then try again to delete the case.
compliance Collection Statistics Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/collection-statistics-reports.md
This section describes the statistics that are available for draft collections.
This section displays a graphical summary of the estimated items returned by the collection. This indicates the number of items that match the search criteria of the collection. This information gives you an idea about the estimated number of items returned by the collection.
-![Collection estimates for a draft collection](../media/AeDCollectionEstimates.png)
+![Collection estimates for a draft collection.](../media/AeDCollectionEstimates.png)
- **Estimated items by locations**: The total number of estimated items returned by the collection. The specific number of items located in mailboxes and located in sites is also displayed.
This section describes the statistics that are available after you commit a coll
After you commit a collection to a review set, the following tabs are displayed on the flyout page of the committed connection. Each of these tabs contains different types of information about the collection.
-![Tabs on flyout page of committed collection](../media/CommittedCollectionFlyoutPage.png)
+![Tabs on flyout page of committed collection.](../media/CommittedCollectionFlyoutPage.png)
### Collection contents
compliance Collections Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/collections-overview.md
With the release of collections in an Advanced eDiscovery, the **Searches** tab
To get started using collections in Advanced eDiscovery, here's a basic workflow and descriptions of each step in the process.
-![Collections workflow in Advanced eDiscovery](../media/CollectionsWorkflow.png)
+![Collections workflow in Advanced eDiscovery.](../media/CollectionsWorkflow.png)
1. **Create and run a draft collection**. The first step is to create a draft collection and define the custodial and non-custodial data sources to search. You can also search other data sources that haven't been added to the case. After you add the data sources, you configure the search query to search the data sources for content relevant to the case. You can keywords, properties, and conditions to build search queries that return content that's likely most relevant to the case. For more information, see [Create a draft collection](create-draft-collection.md).
compliance Commit Draft Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/commit-draft-collection.md
When you're satisfied with the items you've collected in a draft collection and
1. In the Microsoft 365 compliance center, open the Advanced eDiscovery case, and then select the **Collections** tab to display a list of the collections in the case.
- ![List of collections in a case](../media/CommitDraftCollections1.png)
+ ![List of collections in a case.](../media/CommitDraftCollections1.png)
> [!TIP] > A value of `Estimated` in the **Status** column identifies the draft collections that can be added to a review set. A status of `Committed` indicates that a collection has already been added to a review set.
compliance Communication Compliance Case Study https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-case-study.md
Contoso IT administrators take the following steps to verify the licensing suppo
2. Here they confirm that they have one of the [license options](communication-compliance-configure.md#subscriptions-and-licensing) that includes support for communication compliance.
-![Communication compliance licensing](../media/communication-compliance-case-licenses.png)
+![Communication compliance licensing.](../media/communication-compliance-case-licenses.png)
### Permissions for communication compliance
After configuring the permissions for communication compliance, Contoso IT admin
The quickest way to access the solution is to sign in directly to the **Communication compliance** (<https://compliance.microsoft.com/supervisoryreview>) solution. Using this link, Contoso IT administrators and compliance specialists will be directed to the communication compliance Overview dashboard where you can quickly review the status of alerts and create new policies from the pre-defined templates.
-![Communication compliance overview](../media/communication-compliance-case-overview.png)
+![Communication compliance overview.](../media/communication-compliance-case-overview.png)
### Starting from the Microsoft 365 compliance center Another easy way for Contoso IT administrators and compliance specialists to access the communication compliance solution is to sign in directly to the **Microsoft 365 compliance center** [(https://compliance.microsoft.com)](https://compliance.microsoft.com). After signing in, users simply need to select the **Show all** control to display all the compliance solutions and then select the **Communication compliance** solution to get started.
-![Compliance center](../media/communication-compliance-case-center.png)
+![Compliance center.](../media/communication-compliance-case-center.png)
### Starting from the Microsoft 365 solution catalog Contoso IT administrators and compliance specialists could also choose to access the communication compliance solution by selecting the Microsoft 365 solution catalog. By selecting **Catalog** in **Solutions** section of the left navigation while in the **Microsoft 365 compliance center**, they can open the solution catalog listing all Microsoft 365 compliance solutions. Scrolling down to the **Insider risk management** section, Contoso IT administrators can select Communication compliance to get started. Contoso IT administrators also decide to use the Show in navigation control to pin the communication compliance solution to the left-navigation pane for quicker access when they sign in going forward.
-![Solution catalog](../media/communication-compliance-case-solution.png)
+![Solution catalog.](../media/communication-compliance-case-solution.png)
### Starting from the Microsoft 365 admin center To access communication compliance when starting from the Microsoft 365 admin center, Contoso IT administrators and compliance specialists sign in to the Microsoft 365 admin center [(https://admin.microsoft.com)](https://admin.microsoft.com) and navigate to **Microsoft 365 admin center** > **Compliance**.
-![Communication compliance link](../media/communication-compliance-case-compliance-link.png)
+![Communication compliance link.](../media/communication-compliance-case-compliance-link.png)
This action opens the **Office 365 Security and Compliance center**, and they must select the link to the **Microsoft 365 compliance center** provided in the banner at the top of the page.
-![Office 365 security and compliance center](../media/communication-compliance-case-scc.png)
+![Office 365 security and compliance center.](../media/communication-compliance-case-scc.png)
Once in the **Microsoft 365 compliance center**, Contoso IT administrators select **Show all** to display the full list of compliance solutions.
-![Communication compliance menu](../media/communication-compliance-case-show-all.png)
+![Communication compliance menu.](../media/communication-compliance-case-show-all.png)
After selecting **Show all**, the Contoso IT administrators can access the communication compliance solution.
-![Communication compliance overview](../media/communication-compliance-case-overview.png)
+![Communication compliance overview.](../media/communication-compliance-case-overview.png)
## Step 3: Configuring prerequisites and creating a communication compliance policy
They need to create a new group to include all Contoso users, so they take the f
1. Contoso IT administrators IT sign in to the **Microsoft 365 admin center** [(https://admin.microsoft.com)](https://admin.microsoft.com) and navigate to **Microsoft 365 admin center** > **Groups** > **Groups**. 2. They select **Add a group** and complete the wizard to create a new *Microsoft 365 group* or *Distribution group*.
- ![Groups](../media/communication-compliance-case-all-employees.png)
+ ![Groups.](../media/communication-compliance-case-all-employees.png)
3. After the new group is created, they need to add all Contoso users to the new group. They open the **Exchange admin center** [(https://outlook.office365.com/ecp)](https://outlook.office365.com/ecp) and navigate to **Exchange admin center** > **recipients** > **groups**. The Contoso IT administrators select the Membership area and the new *All Employees* group they created and select the **Edit** control to add all Contoso users to the new group in the wizard.
- ![Exchange admin center](../media/communication-compliance-case-eac.png)
+ ![Exchange admin center.](../media/communication-compliance-case-eac.png)
### Creating the policy to monitor for offensive language
With all the prerequisites completed, the IT administrators and the compliance s
1. The Contoso IT administrators and compliance specialists sign into the **Microsoft 365 compliance center** and select **Communication compliance** from the left navigation pane. This action opens the **Overview** dashboard that has quick links for communication compliance policy templates. They choose the **Monitor for offensive language** template by selecting **Get started** for the template.
- ![Communication compliance offensive language template](../media/communication-compliance-case-template.png)
+ ![Communication compliance offensive language template.](../media/communication-compliance-case-template.png)
2. On the policy template wizard, the Contoso IT administrators and compliance specialists work together to complete the three required fields: **Policy name**, **Users or groups to supervise**, and **Reviewers**. 3. Since the policy wizard has already suggested a name for the policy, the IT administrators and compliance specialists decide to keep the suggested name and focus on the remaining fields. They select the *All users* group for the **Users or groups to supervise** field and select the compliance specialists that should investigate and remediate policy alerts for the **Reviewers** field. The last step to configure the policy and start gathering alert information is to select **Create policy**.
- ![Communication compliance offensive language wizard](../media/communication-compliance-case-wizard.png)
+ ![Communication compliance offensive language wizard.](../media/communication-compliance-case-wizard.png)
## Step 4: Investigate and remediate alerts
compliance Communication Compliance Feature Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-feature-reference.md
Customers with Microsoft 365 subscriptions that include communication compliance
> [!IMPORTANT] > Are you receiving prompts for additional license validation when testing Power Automate flows? Your organization may not have received service updates for this preview feature yet. Updates are being deployed and all organizations with Microsoft 365 subscriptions that include communication compliance should have license support for flows created from the recommended Power Automate templates by October 30, 2020.
-![Communication compliance Power Automate](../media/communication-compliance-power-automate.png)
+![Communication compliance Power Automate.](../media/communication-compliance-power-automate.png)
The following Power Automate template is provided to customers to support process automation for communication compliance alerts:
Complete the following steps to delete a Power Automate flow:
The new **Reports** dashboard is the central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities. Information contained in the report widgets is not exportable. Detailed reports provide in-depth information related to specific communication compliance areas and offer the ability to filter, group, sort, and export information while reviewing. For the date and time range filters, the date and time for events are listed in Coordinated Universal Time (UTC).
-![Communication compliance reports dashboard](../media/communication-compliance-reports-dashboard.png)
+![Communication compliance reports dashboard.](../media/communication-compliance-reports-dashboard.png)
The **Reports dashboard** contains the following report widgets and detailed reports links:
compliance Communication Compliance Investigate Remediate https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-investigate-remediate.md
For a complete list of filters and field details, see [Filters](communication-co
8. If you'd like to save the selected filters as a filter query, select **Save the query** control after you've configured at least one filter value. Enter a name for the filter query and select **Save**. This filter is available to use for only this policy and is listed in the **Saved filter queries** section of the **Filters** details page.
- ![Communication compliance filter detail controls](../media/communication-compliance-filter-detail-controls.png)
+ ![Communication compliance filter detail controls.](../media/communication-compliance-filter-detail-controls.png)
### Using near and exact duplicate analysis
Communication compliance policies automatically scan and pre-group near and exac
8. Select **Close** after completing the remediation actions on the messages.
- ![Communication compliance exact duplicates controls](../media/communication-compliance-duplicates-controls.png)
+ ![Communication compliance exact duplicates controls.](../media/communication-compliance-duplicates-controls.png)
## Remediate alerts
No matter where you start to review alerts or the filtering you configure, the n
Sometimes it's obvious from the source or subject that a message can be immediately remediated. It may be that the message is spurious or incorrectly matched to a policy and it should be resolved as misclassified. Select the **Report as misclassified** control to share misclassified content with Microsoft, immediately resolve the alert, and remove from the pending alert queue. From the source or sender information, you may already know how the message should be routed or handled in these circumstances. Consider using the **Tag as** or **Escalate** controls to assign a tag to applicable messages or to send messages to a designated reviewer.
-![Communication compliance remediation controls](../media/communication-compliance-remediation-controls.png)
+![Communication compliance remediation controls.](../media/communication-compliance-remediation-controls.png)
### Step 2: Examine the message details
Now that you've reviewed the details of the message for the alert, you can choos
- **Escalate for investigation**: Using the **Escalate for investigation** control, you can create a new [Advanced eDiscovery case](overview-ediscovery-20.md) for single or multiple messages. You'll provide a name and notes for the new case, and user who sent the message matching the policy is automatically assigned as the case custodian. You don't need any additional permissions to manage the case. Creating a case does not resolve or create a new tag for the message. You can select a total of 100 messages when creating an Advanced eDiscovery case during the remediation process. Messages in all communication channels monitored by communication compliance are supported. For example, you could select 50 Microsoft Teams chats, 25 Exchange Online email messages, and 25 Yammer messages when you open a new Advanced eDiscovery case for a user. - **Remove message in Teams**: Using the **Remove message in Teams** control, you can block inappropriate messages and content identified in alerts from Microsoft Teams channels and 1:1 and group chats. Removed messages and content are replaced with a policy tip that explains that it is blocked and the policy that applies to its removal from view. Recipients are provided a link in the policy tip to learn more about the applicable policy and the review process. The sender receives a policy tip for the blocked message and content but can review the details of the blocked message and content for context regarding the removal.
- ![Remove a message from Microsoft Teams](../media/communication-compliance-remove-teams-message.png)
+ ![Remove a message from Microsoft Teams.](../media/communication-compliance-remove-teams-message.png)
### Step 4: Determine if message details should be archived outside of communication compliance
compliance Communication Compliance Solution Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-solution-overview.md
Protecting sensitive information and detecting and acting on workplace harassmen
Use the following steps to configure communication compliance for your organization:
-![Insider risk solution communication compliance steps](../media/ir-solution-cc-steps.png)
+![Insider risk solution communication compliance steps.](../media/ir-solution-cc-steps.png)
1. Learn about [communication compliance](communication-compliance.md) in Microsoft 365 2. Plan for [communication compliance](communication-compliance-plan.md) and [verify licensing](communication-compliance-configure.md#subscriptions-and-licensing)
compliance Communication Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance.md
Communication compliance in Microsoft 365 offers several important features to h
- Flexible remediation workflows - Actionable insights
-![Communication compliance home page](../media/communication-compliance-home.png)
+![Communication compliance home page.](../media/communication-compliance-home.png)
### Intelligent customizable templates
Communication compliance helps you address common pain points associated with co
Identifying and resolving compliance issues with communication compliance in Microsoft 365 uses the following workflow:
-![Communication compliance workflow](../media/communication-compliance-workflow.png)
+![Communication compliance workflow.](../media/communication-compliance-workflow.png)
### Configure
compliance Compliance Manager Mcca https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-mcca.md
Your report will also be customized based on your role.
The table below shows which roles have access to which sections of the report. Other roles within your organization (not listed in the table below) may not be able to run the tool, or they may run the tool and have limited access to information in the final report.
-![MCCA - roles](../media/compliance-manager-mcca-roles.png "MCCA roles")
+![MCCA - roles.](../media/compliance-manager-mcca-roles.png "MCCA roles")
Exceptions: 1. Users won't be able to generate report for IP apart from ΓÇ£Use IRM for Exchange OnlineΓÇ¥ section.
Exceptions:
The **Solutions Summary** section of the report gives an overview of improvement actions that your organization can take in Compliance Manager to help improve your compliance posture.
-![MCCA - solutions summary](../media/compliance-manager-mcca-solutions.png "MCCA Solutions Summary screen")
+![MCCA - solutions summary.](../media/compliance-manager-mcca-solutions.png "MCCA Solutions Summary screen")
MCCA evaluates your current configurations against the recommended improvement actions in Compliance Manager. Any improvement action identified by the MCCA tool as needing attention will be listed in this section.
compliance Compliance Manager Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-setup.md
Users with Azure AD identities who don't have Office 365 or Microsoft 365 subscr
### Role types
-The table below shows the functions allowed by each role in Compliance Manager. The table also shows how each [Azure AD role](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles) maps to Compliance Manager roles. Users will need at least the Compliance Manager reader role, or Azure AD global reader role, to access Compliance Manager.
+The table below shows the functions allowed by each role in Compliance Manager. The table also shows how each [Azure AD role](/azure/active-directory/roles/permissions-reference) maps to Compliance Manager roles. Users will need at least the Compliance Manager reader role, or Azure AD global reader role, to access Compliance Manager.
| User can: | Compliance Manager role | Azure AD role |
compliance Compliance Manager Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md
The **Actions** tab is required. It designates improvement actions managed by y
- **actionScore**: In this required field, provide a numeric score value for your action. The value must be a whole number ranging from 1 to 99; it cannot be 0, null, or blank. The higher the number, the greater its value toward improving your compliance posture. The image below demonstrates how Compliance Manager scores controls:
- ![Compliance Manager controls point values](../media/compliance-score-action-scoring.png "Compliance Manager controls point values")
+ ![Compliance Manager controls point values.](../media/compliance-score-action-scoring.png "Compliance Manager controls point values")
- **actionDescriptionTitle**: This is the title of the description and is required. This description title allows you to have the same action in multiple templates and surface a different description in each template. This field helps you clarify what template the description is referencing. In most cases, you can put the name of the template you're creating in this field.
compliance Compliance Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager.md
Compliance Manager helps simplify compliance and reduce risk by providing:
Your Compliance Manager dashboard shows your current compliance score, helps you see what needs attention, and guides you to key improvement actions. Below is an example of what your Compliance Manager dashboard will look like:
-![Compliance Manager - dashboard](../media/compliance-manager-dashboard.png "Compliance Manager dashboard")
+![Compliance Manager - dashboard.](../media/compliance-manager-dashboard.png "Compliance Manager dashboard")
## Understanding your compliance score
compliance Compliance Score Calculation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-score-calculation.md
Each action has an assigned value in Compliance Manager based on the risk it rep
| Corrective mandatory | 3 | | Corrective discretionary | 1 |
-![Compliance Manager action point values](../media/compliance-score-action-scoring.png "Compliance Manager action point values")
+![Compliance Manager action point values.](../media/compliance-score-action-scoring.png "Compliance Manager action point values")
compliance Configure Edge To Export Search Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/configure-edge-to-export-search-results.md
As a result of recent changes to the newest version of Microsoft Edge, ClickOnce
2. If the existing value is set to **Default** or **Disabled** in the dropdown list, change it to **Enabled**.
- ![Select Enabled from dropdown list](../media/ClickOnceimage1.png)
+ ![Select Enabled from dropdown list.](../media/ClickOnceimage1.png)
3. Scroll down to the bottom of the browser window and click **Restart** to restart Edge.
- ![Click Restart](../media/ClickOnceimage2.png)
+ ![Click Restart.](../media/ClickOnceimage2.png)
**Note:** Organizations can use Group Policy to disable ClickOnce support. To check if there is an organizational policy for ClickOnce support, go to **edge://policy**. The following screenshot shows that ClickOnce is enabled across the entire organization. If this policy value is set to **false**, you will need to contact an admin in your organization.
-![List of Edge organizational policies](../media/ClickOnceimage3.png)
+![List of Edge organizational policies.](../media/ClickOnceimage3.png)
## Install and run the eDiscovery Export Tool 1. Click **Download results** on the flyout page of an export in Content Search or an eDiscovery case.
- ![Click Download results on the flyout page to download search results](../media/ClickOnceExport1.png)
+ ![Click Download results on the flyout page to download search results.](../media/ClickOnceExport1.png)
2. You will be prompted with a confirmation to launch the tool, Click **Open**.
- ![Click Open to launch the eDiscovery Export Tool](../media/ClickOnceimage4.png)
+ ![Click Open to launch the eDiscovery Export Tool.](../media/ClickOnceimage4.png)
If the eDiscovery Export Tool isn't installed, you will be prompted with a Security Warning,
- ![Click Install to install the eDiscovery Export Tool](../media/ClickOnceimage5.png)
+ ![Click Install to install the eDiscovery Export Tool.](../media/ClickOnceimage5.png)
3. Click **Install**. After it's installed, the export tool will launch automatically.
compliance Configure Irm To Use An On Premises Ad Rms Server https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/configure-irm-to-use-an-on-premises-ad-rms-server.md
To verify that you have successfully imported the TPD and enabled IRM, do the fo
- Use the **Test-IRMConfiguration** cmdlet to test IRM functionality. For details, see "Example 1" in [Test-IRMConfiguration](/powershell/module/exchange/test-irmconfiguration). -- Compose a new message in Outlook on the web and IRM-protect it by selecting **Set permissions** option from the extended menu (![More Options Icon](../media/ITPro-EAC-MoreOptionsIcon.gif)).
+- Compose a new message in Outlook on the web and IRM-protect it by selecting **Set permissions** option from the extended menu (![More Options Icon.](../media/ITPro-EAC-MoreOptionsIcon.gif)).
compliance Configure Search And Analytics Settings In Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/configure-search-and-analytics-settings-in-advanced-ediscovery.md
To configure search and analytics settings for a case:
The case settings page is displayed. These settings are applied to all review sets in a case.
- ![Configure analytics and search settings for an Advanced eDiscovery case](../media/AeDCaseSettings.png)
+ ![Configure analytics and search settings for an Advanced eDiscovery case.](../media/AeDCaseSettings.png)
## Near duplicates and email threading
In this section, you can set parameters for themes. For more information, see [T
If you select the **Automatically create a For Review saved search after analytics** checkbox, Advanced eDiscovery autogenerates review set query named **For Review.**
-![The For Review autogenerated query](../media/AeDForReviewQuery.png)
+![The For Review autogenerated query.](../media/AeDForReviewQuery.png)
This query basically filters out duplicate items from the review set. This lets you review the unique items in the review set. This query is created only when you run analytics for a review set in the case. For more information, about review set queries, see [Query the data in a review set](review-set-search.md).
compliance Content Search Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/content-search-reference.md
Keep the following things in mind when using the keyword list to create a search
**Incorrect**
- ![The incorrect way to format a keyword list (by pasting the list into the keyword box)](../media/fb54e3df-232a-439a-b3d7-27a60ec76a4c.png)
+ ![The incorrect way to format a keyword list (by pasting the list into the keyword box).](../media/fb54e3df-232a-439a-b3d7-27a60ec76a4c.png)
**Correct**
- ![The correct way to format a keyword list (by selecting checkbox and then pasting list)](../media/5d511a7b-c1f9-499c-bffe-e075bfc9adec.png)
+ ![The correct way to format a keyword list (by selecting checkbox and then pasting list).](../media/5d511a7b-c1f9-499c-bffe-e075bfc9adec.png)
- You can also prepare a list of keywords or keyword phrases in an Excel file or a plain text file, and then copy and paste your list into the keyword list. To do this, you have to select the **Show keyword list** check box. Then, click the first row in the keyword list and paste your list. Each line from the Excel or text file is pasted into separate row in the keyword list. - After you create a query using the keyword list, it's a good idea to verify the search query syntax to make the search query is what you intended. In the search query that's displayed under **Query** in the details pane, the keywords are separated by the text **(c:s)**. This indicates that the keywords are connected by a logical operator similar in functionality to the **OR** operator. Similarly, if your search query includes conditions, the keywords and the conditions are separated by the text **(c:c)**. This indicates that the keywords are connected to the conditions with a logical operator similar in functionality to the **AND** operator. Here's an example of the search query (displayed in the Details pane) that results when using the keyword list and a condition.
- ![Example of the query that's created when using the keyword list and a condition](../media/b463750c-57fa-4602-9fed-0d5a420db3ad.png)
+ ![Example of the query that's created when using the keyword list and a condition.](../media/b463750c-57fa-4602-9fed-0d5a420db3ad.png)
- When you run a content search, Microsoft 365 automatically checks your search query for unsupported characters and for Boolean operators that may not be capitalized. Unsupported characters are often hidden and typically cause a search error or return unintended results. For more information about the unsupported characters that are checked, see [Check your Content Search query for errors](check-your-content-search-query-for-errors.md). -- If you have a search query that contains keywords for non-English characters (such as Chinese characters), you can click **Query language-country/region**![Query language-country/region icon in Content search](../media/8d4b60c8-e1f1-40f9-88ae-ee2a7eca0886.png) and select a language-country culture code value for the search. The default language/region is neutral. How can you tell if you need to change the language setting for a content search? If you're certain content locations contain the non-English characters you're searching for, but the search returns no results, the language setting may be the cause.
+- If you have a search query that contains keywords for non-English characters (such as Chinese characters), you can click **Query language-country/region**![Query language-country/region icon in Content search.](../media/8d4b60c8-e1f1-40f9-88ae-ee2a7eca0886.png) and select a language-country culture code value for the search. The default language/region is neutral. How can you tell if you need to change the language setting for a content search? If you're certain content locations contain the non-English characters you're searching for, but the search returns no results, the language setting may be the cause.
## Partially indexed items
Keep the following things in mind when searching for content in Microsoft Teams
In the search results, meeting summaries are identified as **Meeting** in the **Type field**, and call summaries are identified as **Call**. Also, conversations that are part of a Teams channel and 1xN chats are identified as **IM** in the **Type** field.
- ![Teams meetings, calls, and 1xN chats are identified in the Type field](../media/O365-ContentSearch-Teams-MessageKind.png)
+ ![Teams meetings, calls, and 1xN chats are identified in the Type field.](../media/O365-ContentSearch-Teams-MessageKind.png)
For more information, see [Microsoft Teams launches eDiscovery for calls and meetings](https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-teams-launches-ediscovery-for-calling-and-meetings/ba-p/210947).
Keep the following things in mind when searching for content in Microsoft Teams
**Card content in Teams**
- ![Card content in Teams channel message](../media/CardContentTeams.png)
+ ![Card content in Teams channel message.](../media/CardContentTeams.png)
**Card content in search results**
- ![Same card content in the results of a Content search](../media/CardContentEdiscoverySearchResults.png)
+ ![Same card content in the results of a Content search.](../media/CardContentEdiscoverySearchResults.png)
> [!NOTE] > To display images from card content in search results at this time (such as the checkmarks in the previous screenshot), you have to be signed into Teams (at https://teams.microsoft.com) in a different tab in the same browser session that you use to view the search results. Otherwise, image placeholders are displayed.
Keep the following things in mind when searching for content in Microsoft Teams
- To use the **Kind** property as part of the keyword search query, in the **Keywords** box of a search query, type `kind:microsoftteams`.
- ![Use kind:microsoftteams in the Keywords box](../media/O365-ContentSearch-Teams-Keywords.png)
+ ![Use kind:microsoftteams in the Keywords box.](../media/O365-ContentSearch-Teams-Keywords.png)
- To use a search condition, add the **Message kind** condition and use the value `microsoftteams`.
You can use the **ItemClass** email property or the **Type** search condition to
For example, you can use the following search query to return Yammer messages and Yammer praise items:
- ![Use the ItemClass property to search for Yammer items](../media/YammerContentSearch1.png)
+ ![Use the ItemClass property to search for Yammer items.](../media/YammerContentSearch1.png)
- Alternatively, you can use the **Type** email condition and select **Yammer messages** to return Yammer items. For example, the following search query will return all Yammer conversation items that contain the keyword "confidential".
- ![Use the Type condition card to search for Yammer conversation items](../media/YammerContentSearch2.png)
+ ![Use the Type condition card to search for Yammer conversation items.](../media/YammerContentSearch2.png)
## Searching inactive mailboxes
-You can search inactive mailboxes in a content search. To get a list of the inactive mailboxes in your organization, run the command `Get-Mailbox -InactiveMailboxOnly` in Exchange Online PowerShell. Alternatively, you can go to **Information governance** \> **Retention** in the Microsoft 365 compliance center, and then click **More**![Navigation Bar ellipses](../media/9723029d-e5cd-4740-b5b1-2806e4f28208.gif) \> **Inactive mailboxes**.
+You can search inactive mailboxes in a content search. To get a list of the inactive mailboxes in your organization, run the command `Get-Mailbox -InactiveMailboxOnly` in Exchange Online PowerShell. Alternatively, you can go to **Information governance** \> **Retention** in the Security & Compliance Center, and then click **More**![Navigation Bar ellipses.](../media/9723029d-e5cd-4740-b5b1-2806e4f28208.gif) \> **Inactive mailboxes**.
Here are a few things to keep in mind when searching inactive mailboxes.
compliance Content Search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/content-search.md
To access to the **Content search** page in the Microsoft 365 compliance center
5. On the **Locations** page, choose the content locations that you want to search. You can search mailboxes, sites, and public folders.
- ![Choose the content locations to place on hold](../media/ContentSearchLocations.png)
+ ![Choose the content locations to place on hold.](../media/ContentSearchLocations.png)
1. **Exchange mailboxes**: Set the toggle to **On** and then click **Choose users, groups, or teams** to specify the mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also search the mailbox associated with a Microsoft Team (for channel messages), Office 365 Group, and Yammer Group. For more information about the application data stored in mailboxes, see [Content stored in mailboxes for eDiscovery](what-is-stored-in-exo-mailbox.md).
To access to the **Content search** page in the Microsoft 365 compliance center
6. On the **Define your search conditions** page, type a keyword query and add conditions to the search query if necessary.
- ![Configure the search query](../media/ContentSearchQuery.png)
+ ![Configure the search query.](../media/ContentSearchQuery.png)
1. Specify keywords, message properties such as sent and received dates, or document properties such as file names or the date that a document was last changed. You can use more complex queries that use a Boolean operator, such as **AND**, **OR**, **NOT**, and **NEAR**. If you leave the keyword box empty, all content located in the specified content locations is included in the search results. For more information, see [Keyword queries and search conditions for eDiscovery](keyword-queries-and-search-conditions.md).
compliance Conversation Review Sets https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/conversation-review-sets.md
Here are few definitions to help you get start using conversation reconstruction
- **Conversation:** Represents a grouping of one or more messages. Across different applications, conversations may be represented in different ways. In some applications, there is an explicit action that results from replying to an existing message. Conversations are formed explicitly as a result of this user action. For example, here is a screenshot of a channel conversation in Microsoft Teams.
- ![Microsoft Teams Channel Conversation](../media/threadedchat.png)
+ ![Microsoft Teams Channel Conversation.](../media/threadedchat.png)
In other apps (such as group chat messages in Teams), there is not a formal reply chain and instead messages appear as a "flat river of messages" within a single thread. In these types apps, conversations are inferred from a group of messages that occur within a certain time. This "soft-grouping" of messages (as opposed to a reply chain) represent the "back and forth" conversation about a specific topic of interest.
After you have reviewed and finalized the search query in a collection, you can
When you add items from conversations to a review set, you can use the threaded conversations option to collect contextual messages from conversations that contain items that match the search criteria of the collection. After you select the thread conversations option, the following things can happen:
- ![Conversation Retrieval](../media/messagesandconversations.png)
+ ![Conversation Retrieval.](../media/messagesandconversations.png)
1. Using a keyword and date range query, the search returned a hit on *Message 3*. This message was part of a larger conversation, illustrated by *CRC1*.
To enable the threaded conversations option, see [Commit a draft collection to a
After the content has been processed and added to the review set, you can start reviewing the data in the review set. Individual messages are threaded together and presented as conversations. This lets you review and export contextual conversations.
- ![Conversation review set](../media/ConversationRSOptions.PNG)
+ ![Conversation review set.](../media/ConversationRSOptions.PNG)
The following sections describe reviewing and exporting conversations.
compliance Create A Custom Sensitive Information Type In Scc Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell.md
In this topic, the XML markup uses rule to mean the patterns that define an enti
Here's the simplest scenario. You want your policy to identify content that contains your organization's employee ID, which is formatted as a nine-digit number. So the pattern refers to a regular expression contained in the rule that identifies nine-digit numbers. Any content containing a nine-digit number satisfies the pattern.
-![Diagram of entity with one pattern](../media/4cc82dcf-068f-43ff-99b2-bac3892e9819.png)
+![Diagram of entity with one pattern.](../media/4cc82dcf-068f-43ff-99b2-bac3892e9819.png)
However, while simple, this pattern may identify many false positives by matching content that contains any nine-digit number that is not necessarily an employee ID.
For this reason, it's more common to define an entity by using more than one pat
For example, to increase the likelihood of identifying content that contains an employee ID, you can define another pattern that also identifies a hire date, and define yet another pattern that identifies both a hire date and a keyword (such as "employee ID"), in addition to the nine-digit number.
-![Diagram of entity with multiple patterns](../media/c8dc2c9d-00c6-4ebc-889a-53b41a90024a.png)
+![Diagram of entity with multiple patterns.](../media/c8dc2c9d-00c6-4ebc-889a-53b41a90024a.png)
Note a couple of important aspects of this structure:
An entity is a sensitive information type, such as a credit card number, that ha
2. Add a comment that contains the name of your custom entity ΓÇö in this example, Employee ID. Later, you'll add the entity name to the localized strings section, and that name is what appears in the UI when you create a policy. 3. Generate a GUID for your entity. There are several ways to generate GUIDs, but you can do it easily in PowerShell by typing **[guid]::NewGuid()**. Later, you'll also add the entity GUID to the localized strings section.
-![XML markup showing Rules and Entity elements](../media/c46c0209-0947-44e0-ac3a-8fd5209a81aa.png)
+![XML markup showing Rules and Entity elements.](../media/c46c0209-0947-44e0-ac3a-8fd5209a81aa.png)
## What pattern do you want to match? [Pattern element, IdMatch element, Regex element]
The pattern contains the list of what the sensitive information type is looking
What all of the below patterns have in common is that they all reference the same regular expression, which looks for a nine-digit number (\d{9}) surrounded by white space (\s) … (\s). This regular expression is referenced by the IdMatch element and is the common requirement for all patterns that look for the Employee ID entity. IdMatch is the identifier that the pattern is to trying to match, such as Employee ID or credit card number or social security number. A Pattern element must have exactly one IdMatch element.
-![XML markup showing multiple Pattern elements referencing single Regex element](../media/8f3f497b-3b8b-4bad-9c6a-d9abf0520854.png)
+![XML markup showing multiple Pattern elements referencing single Regex element.](../media/8f3f497b-3b8b-4bad-9c6a-d9abf0520854.png)
When satisfied, a pattern returns a count and confidence level, which you can use in the conditions in your policy. When you add a condition for detecting a sensitive information type to a policy, you can edit the count and confidence level as shown here. Confidence level (also called match accuracy) is explained later in this topic.
-![Instance count and match accuracy options](../media/sit-confidence-level.png)
+![Instance count and match accuracy options.](../media/sit-confidence-level.png)
When you create your regular expression, keep in mind that there are potential issues to be aware of. For example, if you write and upload a regex that identifies too much content, this can impact performance. To learn more about these potential issues, see the later section [Potential validation issues to be aware of](#potential-validation-issues-to-be-aware-of).
A Pattern can include multiple Match elements; they can be included directly in
You can use the optional minCount attribute to specify how many instances of a match need to be found for each of the Match elements. For example, you can specify that a pattern is satisfied only when at least two keywords from a keyword list are found.
-![XML markup showing Match element with minOccurs attribute](../media/607f6b5e-2c7d-43a5-a131-a649f122e15a.png)
+![XML markup showing Match element with minOccurs attribute.](../media/607f6b5e-2c7d-43a5-a131-a649f122e15a.png)
### Keywords [Keyword, Group, and Term elements, matchStyle and caseSensitive attributes]
Keywords are included as a list of Term elements in a Group element. The Group e
Finally, you can use the caseSensitive attribute of the Term element to specify that the content must match the keyword exactly, including lower- and upper-case letters.
-![XML markup showing Match elements referencing keywords](../media/e729ba27-dec6-46f4-9242-584c6c12fd85.png)
+![XML markup showing Match elements referencing keywords.](../media/e729ba27-dec6-46f4-9242-584c6c12fd85.png)
### Regular expressions [Regex element]
For example, an employee ID badge has a hire date on it, so this custom entity c
For more information, see [What the DLP functions look for](what-the-dlp-functions-look-for.md).
-![XML markup showing Match element referencing built-in function](../media/dac6eae3-9c52-4537-b984-f9f127cc9c33.png)
+![XML markup showing Match element referencing built-in function.](../media/dac6eae3-9c52-4537-b984-f9f127cc9c33.png)
## Different combinations of evidence [Any element, minMatches and maxMatches attributes]
In this example, a pattern is defined for salary revision using at least three u
Your sensitive information type is looking for a pattern that represents an employee ID, and as part of that pattern it's also looking for corroborative evidence like a keyword such as "ID". It makes sense that the closer together this evidence is, the more likely the pattern is to be an actual employee ID. You can determine how close other evidence in the pattern must be to the entity by using the required patternsProximity attribute of the Entity element.
-![XML markup showing patternsProximity attribute](../media/e97eb7dc-b897-4e11-9325-91c742d9839b.png)
+![XML markup showing patternsProximity attribute.](../media/e97eb7dc-b897-4e11-9325-91c742d9839b.png)
For each pattern in the entity, the patternsProximity attribute value defines the distance (in Unicode characters) from the IdMatch location for all other Matches specified for that Pattern. The proximity window is anchored by the IdMatch location, with the window extending to the left and right of the IdMatch.
-![Diagram of proximity window](../media/b593dfd1-5eef-4d79-8726-a28923f7c31e.png)
+![Diagram of proximity window.](../media/b593dfd1-5eef-4d79-8726-a28923f7c31e.png)
The example below illustrates how the proximity window affects the pattern matching where IdMatch element for the employee ID custom entity requires at least one corroborating match of keyword or date. Only ID1 matches because for ID2 and ID3, either no or only partial corroborating evidence is found within the proximity window.
-![Diagram of corroborative evidence and proximity window](../media/dc68e38e-dfa1-45b8-b204-89c8ba121f96.png)
+![Diagram of corroborative evidence and proximity window.](../media/dc68e38e-dfa1-45b8-b204-89c8ba121f96.png)
Note that for email, the message body and each attachment are treated as separate items. This means that the proximity window does not extend beyond the end of each of these items. For each item (attachment or body), both the idMatch and corroborative evidence needs to reside in that item.
The more evidence that a pattern requires, the more confidence you have that an
The Pattern element has a required confidenceLevel attribute. You can think of the value of confidenceLevel (an integer between 1 and 100) as a unique ID for each pattern in an entity ΓÇö the patterns in an entity must have different confidence levels that you assign. The precise value of the integer doesn't matter ΓÇö simply pick numbers that make sense to your compliance team. After you upload your custom sensitive information type and then create a policy, you can reference these confidence levels in the conditions of the rules that you create.
-![XML markup showing Pattern elements with different values for confidenceLevel attribute](../media/sit-xml-markedup-2.png)
+![XML markup showing Pattern elements with different values for confidenceLevel attribute.](../media/sit-xml-markedup-2.png)
In addition to confidenceLevel for each Pattern, the Entity has a recommendedConfidence attribute. The recommended confidence attribute can be thought of as the default confidence level for the rule. When you create a rule in a policy, if you don't specify a confidence level for the rule to use, that rule will match based on the recommended confidence level for the entity. Please note that the recommendedConfidence attribute is mandatory for each Entity ID in the Rule Package, if missing you won't be able to save policies that use the Sensitive Information Type.
In addition to confidenceLevel for each Pattern, the Entity has a recommendedCon
If your compliance team uses the Microsoft 365 Compliance center to create polices policies in different locales and in different languages, you can provide localized versions of the name and description of your custom sensitive information type. When your compliance team uses Microsoft 365 in a language that you support, they'll see the localized name in the UI.
-![Instance count and match accuracy options](../media/11d0b51e-7c3f-4cc6-96d8-b29bcdae1aeb.png)
+![Instance count and match accuracy options.](../media/11d0b51e-7c3f-4cc6-96d8-b29bcdae1aeb.png)
The Rules element must contain a LocalizedStrings element, which contains a Resource element that references the GUID of your custom entity. In turn, each Resource element contains one or more Name and Description elements that each use the langcode attribute to provide a localized string for a specific language.
-![XML markup showing contents of LocalizedStrings element](../media/a96fc34a-b93d-498f-8b92-285b16a7bbe6.png)
+![XML markup showing contents of LocalizedStrings element.](../media/a96fc34a-b93d-498f-8b92-285b16a7bbe6.png)
Note that you use localized strings only for how your custom sensitive information type appears in the UI of the Compliance center. You can't use localized strings to provide different localized versions of a keyword list or regular expression.
The Version element is also important. When you upload your rule package for the
When complete, your RulePack element should look like this.
-![XML markup showing RulePack element](../media/fd0f31a7-c3ee-43cd-a71b-6a3813b21155.png)
+![XML markup showing RulePack element.](../media/fd0f31a7-c3ee-43cd-a71b-6a3813b21155.png)
## Validators
compliance Create A Custom Sensitive Information Type https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type.md
If Mod value != digit 8
> [!NOTE] > If the check digit is not part of the checksum calculation then use 0 as the weight for the check digit. For example, in the above case weight 8 will be equal to 0 if the check digit is not to be used for calculating the check digit. Modulo_operation).
-![screenshot of configured checksum validator](../media/checksum-validator.png)
+![screenshot of configured checksum validator.](../media/checksum-validator.png)
### Date validator
If a date value that is embedded in regular expression is part of a new pattern
2. Then add the date validator. 3. Select the date format and the start offset. Since the date string is the first six digits, the offset is `0`.
-![screenshot of configured date validator](../media/date-validator.png)
+![screenshot of configured date validator.](../media/date-validator.png)
### Functional processors as validators
compliance Create A Dlp Policy From A Template https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-dlp-policy-from-a-template.md
In this example, you'll create a DLP policy that identifies U.S. PII data, which
3. In the Security &amp; Compliance Center \> left navigation \> **Data loss prevention** \> **Policy** \> **+ Create a policy**.
- ![Create a policy button](../media/b1e48a08-92e2-47ca-abdc-4341694ddc7c.png)
+ ![Create a policy button.](../media/b1e48a08-92e2-47ca-abdc-4341694ddc7c.png)
4. Choose the DLP policy template that protects the types of sensitive information that you need \> **Next**.
In this example, you'll create a DLP policy that identifies U.S. PII data, which
When you select a template, you can read the description on the right to learn what types of sensitive information the template protects.
- ![Page for choosing a DLP policy template](../media/775266f6-ad87-4080-8d7c-97f2e7403b30.png)
+ ![Page for choosing a DLP policy template.](../media/775266f6-ad87-4080-8d7c-97f2e7403b30.png)
5. Name the policy \> **Next**.
In this example, you'll create a DLP policy that identifies U.S. PII data, which
To include only specific SharePoint sites or OneDrive for Business accounts, switch the **Status** to on, and then click the links under **Include** to choose specific sites or accounts. When you apply a policy to a site, the rules configured in that policy are automatically applied to all subsites of that site.
- ![Options for locations where a DLP policy can be applied](../media/ee50a61a-e867-4571-a150-3eec8d83650f.png)
+ ![Options for locations where a DLP policy can be applied.](../media/ee50a61a-e867-4571-a150-3eec8d83650f.png)
In this example, to protect sensitive information stored in all OneDrive for Business accounts, turn off the **Status** for both **Exchange email** and **SharePoint sites**, and leave the **Status** on for **OneDrive accounts**.
In this example, you'll create a DLP policy that identifies U.S. PII data, which
8. A DLP policy template contains predefined rules with conditions and actions that detect and act upon specific types of sensitive information. You can edit, delete, or turn off any of the existing rules, or add new ones. When done, click **Next**.
- ![Rules expanded in US PII policy template](../media/3bc9f1b6-f8ad-4334-863a-24448bb87687.png)
+ ![Rules expanded in US PII policy template.](../media/3bc9f1b6-f8ad-4334-863a-24448bb87687.png)
In this example, the U.S. PII Data template includes two predefined rules:
In this example, you'll create a DLP policy that identifies U.S. PII data, which
So you expand the rule named **Low volume of content detected U.S. PII** \> **Delete rule**.
- ![Delete rule button](../media/bc36f7d2-0fae-4af1-92e8-95ba51077b12.png)
+ ![Delete rule button.](../media/bc36f7d2-0fae-4af1-92e8-95ba51077b12.png)
9. Now, in this example, you need to add two sensitive information types (U.S. bank account numbers and U.S. driver's license numbers), allow people to override a rule, and change the count to any occurrence. You can do all of this by editing one rule, so select **High volume of content detected U.S. PII** \> **Edit rule**.
- ![Edit rule button](../media/eaf54067-4945-4c98-8dd6-fb2c5d6de075.png)
+ ![Edit rule button.](../media/eaf54067-4945-4c98-8dd6-fb2c5d6de075.png)
10. To add a sensitive information type, in the **Conditions** section \> **Add or change types**. Then, under **Add or change types** \> choose **Add** \> select **U.S. Bank Account Number** and **U.S. Driver's License Number** \> **Add** \> **Done**.
- ![Option to Add or change types](../media/c6c3ae86-f7db-40a8-a6e4-db11692024be.png)
+ ![Option to Add or change types.](../media/c6c3ae86-f7db-40a8-a6e4-db11692024be.png)
- ![Add or change types pane](../media/fdbb96af-b914-4a6c-a97b-bbd014689965.png)
+ ![Add or change types pane.](../media/fdbb96af-b914-4a6c-a97b-bbd014689965.png)
11. To change the count (the number of instances of sensitive information required to trigger the rule), under **Instance count** \> choose the **min** value for each type \> enter 1. The minimum count cannot be empty. The maximum count can be empty; an empty **max** value convert to **any**. When finished, the min count for all of the sensitive information types should be **1** and the max count should be **any**. In other words, any occurrence of this type of sensitive information will satisfy this condition.
- ![Instance counts for sensitive information types](../media/5c6e08cb-59a9-4558-b54b-d899836d4737.png)
+ ![Instance counts for sensitive information types.](../media/5c6e08cb-59a9-4558-b54b-d899836d4737.png)
12. For the final customization, you don't want your DLP policies to block people from doing their work when they have a valid business justification or encounter a false positive, so you want the user notification to include options to override the blocking action.
In this example, you'll create a DLP policy that identifies U.S. PII data, which
In the **User overrides** section, you can see that overrides for a business justification are turned on, but overrides to report false positives are not. Choose **Override the rule automatically if they report it as a false positive**.
- ![User notifications section and User overrides section](../media/62720e7a-a939-4c03-b414-67748f3d64a0.png)
+ ![User notifications section and User overrides section.](../media/62720e7a-a939-4c03-b414-67748f3d64a0.png)
13. At the top of the rule editor, change the name of this rule from the default **High volume of content detected U.S. PII** to **Any content detected with U.S. PII** because it's now triggered by any occurrence of its sensitive information types.
In this example, you'll create a DLP policy that identifies U.S. PII data, which
19. Turn on the policies so that the rules are enforced and the content's protected. Continue to monitor the DLP reports and any incident reports or notifications to make sure that the results are what you intend.
- ![Options for using test mode and turning on policy](../media/49fafaac-c6cb-41de-99c4-c43c3e380c3a.png)
+ ![Options for using test mode and turning on policy.](../media/49fafaac-c6cb-41de-99c4-c43c3e380c3a.png)
20. Review your settings for this policy \> choose **Create**.
You can edit or turn off a DLP policy at any time. Turning off a policy disables
To edit or turn off a DLP policy, on the **Policy** page \> select the policy \> **Edit policy**.
-![Edit policy button](../media/ce319e92-0519-44fe-9507-45a409eaefe4.png)
+![Edit policy button.](../media/ce319e92-0519-44fe-9507-45a409eaefe4.png)
In addition, you can turn off each rule individually by editing the policy and then toggling off the **Status** of that rule, as described above.
compliance Create A Litigation Hold https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-litigation-hold.md
Here are the steps to place a mailbox on Litigation hold using the Microsoft 365
4. On the properties flyout page, click the **Mail** tab, and then under **More actions**, click **Manage litigation hold**.
- ![Click Manage litigation hold on the Mail tab of user properties flyout page](../media/M365AdminCenterLitHold1.png)
+ ![Click Manage litigation hold on the Mail tab of user properties flyout page.](../media/M365AdminCenterLitHold1.png)
5. On the **Manage litigation hold** flyout page, select the **Turn on litigation hold** checkbox and then enter the following optional information:
When a mailbox is placed on Litigation hold, items in the Purges subfolder are p
The following illustration shows the subfolders in the Recoverable Items folders and the hold workflow process.
-![Litigation hold life cycle](../media/LitigationHoldLifeCycle.png)
+![Litigation hold life cycle.](../media/LitigationHoldLifeCycle.png)
> [!NOTE] > If a hold associated with an eDiscovery case is placed on a mailbox, purged items are moved from the Deletions subfolder to the DiscoveryHolds subfolder and are preserved until the mailbox is released from the eDiscovery hold.
compliance Create A Report On Holds In Ediscovery Cases https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-report-on-holds-in-ediscovery-cases.md
After you've connected to Security & Compliance Center PowerShell, the next step
Here's an example of running the CaseHoldsReport.ps1 script.
- ![The output after running the CaseHoldsReport.ps1 script](../media/7d312ed5-505e-4ec5-8f06-3571e3524a1a.png)
+ ![The output after running the CaseHoldsReport.ps1 script.](../media/7d312ed5-505e-4ec5-8f06-3571e3524a1a.png)
## More information
compliance Create Activity Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-activity-alerts.md
You can create an activity alert that will send you an email notification when u
2. Sign in using your work or school account.
-3. On the **Activity alerts** page, click ![Add icon](../media/8ee52980-254b-440b-99a2-18d068de62d3.gif) **New**.
+3. On the **Activity alerts** page, click ![Add icon.](../media/8ee52980-254b-440b-99a2-18d068de62d3.gif) **New**.
The flyout page to create an activity alert is displayed.
- ![Create an activity alert](../media/53888bd5-9fa2-4398-8ccc-1a9dc72517ac.png)
+ ![Create an activity alert.](../media/53888bd5-9fa2-4398-8ccc-1a9dc72517ac.png)
4. Complete the following fields to create an activity alert:
You can create an activity alert that will send you an email notification when u
The new alert is displayed in the list on the **Activity alerts** page.
- ![A list of alerts is displayed on the Activity alerts page](../media/02b774f2-1719-41de-bbc9-5e5b7576f335.png)
+ ![A list of alerts is displayed on the Activity alerts page.](../media/02b774f2-1719-41de-bbc9-5e5b7576f335.png)
The status of the alert is set to **On**. Note that the recipients who will receive an email notification when an alert is sent are also listed.
To turn an activity alert back on, just repeat these steps and click the **Off**
- Here's an example of the email notification that is sent to the users that are specified in the Sent this alert to field (and listed under **Recipients** on the **Activity alerts** page) in the Microsoft 365 compliance center.
- ![Example of an email notification sent for an activity alert](../media/a5f91611-fae6-4fe9-82f5-58521a2e2541.png)
+ ![Example of an email notification sent for an activity alert.](../media/a5f91611-fae6-4fe9-82f5-58521a2e2541.png)
- Here are some common document and email activities that you can create activity alerts for. The tables describe the activity, the name of the activity to create an alert for, and the name of the activity group that the activity is listed under in the **Activities** drop-down list. To see a complete list of the activities that you can create activity alerts for, see the "Audited activities" section in [Search the audit log](search-the-audit-log-in-security-and-compliance.md#audited-activities).
compliance Create And Manage Advanced Ediscoveryv2 Case https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-and-manage-advanced-ediscoveryv2-case.md
Complete the following steps to create a case and add members. The user who crea
To get you started using Advanced eDiscovery, here's a basic workflow that aligns with [common eDiscovery practices](advanced-ediscovery-edrm.md). In each of these steps, we'll also highlight some extended Advanced eDiscovery functionality that you can explore.
-![Advanced eDiscovery workflow](../media/AeDWorkflow.png)
+![Advanced eDiscovery workflow.](../media/AeDWorkflow.png)
1. **[Add custodians](add-custodians-to-case.md) and [non-custodial data sources](non-custodial-data-sources.md) to the case**. The first step after creating a case is to add custodians. A *custodian* is a person having administrative control of a document or electronic file that may be relevant to the case. Additionally, you can add data sources that aren't associated with a specific user but may be relevant to the case.
To get you started using Advanced eDiscovery, here's a basic workflow that align
Here's an architecture diagram that shows the Advanced eDiscovery end-to-end workflow in a single-geo environment and in a multi-geo environment, and the end-to-end data flow that's aligned with the [Electronic Discovery Reference Model](overview-ediscovery-20.md#advanced-ediscovery-alignment-with-the-electronic-discovery-reference-model).
-[![Model poster: Advanced eDiscovery Architecture in Microsoft 365](../media/solutions-architecture-center/ediscovery-poster-thumb.png)](../media/solutions-architecture-center/m365-advanced-ediscovery-architecture.png)
+[![Model poster: Advanced eDiscovery Architecture in Microsoft 365.](../media/solutions-architecture-center/ediscovery-poster-thumb.png)](../media/solutions-architecture-center/m365-advanced-ediscovery-architecture.png)
[View as an image](../media/solutions-architecture-center/m365-advanced-ediscovery-architecture.png)
compliance Create And Manage Inactive Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-and-manage-inactive-mailboxes.md
To view a list of the inactive mailboxes in your organization:
2. In the left navigation pane of the Microsoft 365 compliance center, click **Show all**, and then click **Information governance > Retention**.
- ![Click the Inactive Mailbox button on the Retention page](../media/MCCInactiveMailboxes1.png)
+ ![Click the Inactive Mailbox button on the Retention page.](../media/MCCInactiveMailboxes1.png)
3. On the **Retention** page, click **Inactive mailbox** to display a list of inactive mailboxes. 4. Select an inactive mailbox to display a flyout page with information about the inactive mailbox.
- ![The flyout page displays details about the inactive mailbox](../media/MCCInactiveMailboxes2.png)
+ ![The flyout page displays details about the inactive mailbox.](../media/MCCInactiveMailboxes2.png)
-You can click ![Export search results icon](../media/47205c65-babd-4b3a-bd7b-98dfd92883ba.png) **Export** to view or download a CSV file that contains additional information about the inactive mailboxes in your organization.
+You can click ![Export search results icon.](../media/47205c65-babd-4b3a-bd7b-98dfd92883ba.png) **Export** to view or download a CSV file that contains additional information about the inactive mailboxes in your organization.
Alternatively, you can run the following command in Exchange Online PowerShell to display the list of inactive mailboxes.
compliance Create Apply Retention Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-apply-retention-labels.md
Making retention labels available to people in your organization so that they ca
2. Publish the retention labels by using a retention label policy.
-![Diagram of roles and tasks for labels](../media/4082bc7d-c04c-4b9a-8a26-7f12565d3311.png)
+![Diagram of roles and tasks for labels.](../media/4082bc7d-c04c-4b9a-8a26-7f12565d3311.png)
Use the following instructions for the two admin steps.
If you publish retention labels to Exchange, it can take up to seven days for th
For example:
-![Diagram of when manual labels take effect](../media/b19f3a10-f625-45bf-9a53-dd14df02ae7c.png)
+![Diagram of when manual labels take effect.](../media/b19f3a10-f625-45bf-9a53-dd14df02ae7c.png)
If the labels don't appear after seven days, check the **Status** of the label policy by selecting it from the **Label policies** page in the compliance center. If you see the status of **Off (Error)** and in the details for the locations see a message that it's taking longer than expected to deploy the policy (for SharePoint) or to try redeploying the policy (for OneDrive), try running [Set-RetentionCompliancePolicy](/powershell/module/exchange/set-retentioncompliancepolicy), a PowerShell command, to retry the policy distribution:
Use the following sections to understand how to apply retention labels.
To label an item in the Outlook desktop client, select the item. On the **Home** tab on the ribbon, click **Assign Policy**, and then choose the retention label.
-![Assign Policy button](../media/30684dea-dd73-4e4a-9185-8e29f403b6ca.png)
+![Assign Policy button.](../media/30684dea-dd73-4e4a-9185-8e29f403b6ca.png)
You can also right-click an item, click **Assign Policy** in the context menu, and then choose the retention label. When you select multiple items, you can use this method to assign the same retention label to multiple items at once.
When labels are applied that aren't standard retention labels but mark items as
To label an item in Outlook on the web, right-click the item \> **Assign policy** \> choose the retention label. Unlike Outlook desktop, you can't use this method if you multi-select items.
-![Assign policy menu in Outlook on the web](../media/146a23cf-e478-4595-b2e8-f707fc4e6ea3.png)
+![Assign policy menu in Outlook on the web.](../media/146a23cf-e478-4595-b2e8-f707fc4e6ea3.png)
After the retention label is applied, you can view that retention label and what action it takes at the top of the item. If an email is classified and has an associated retention period, you can know at a glance when the email will expire.
-![Label assigned to email in Outlook on the web](../media/16f6c91b-5eab-4574-9d13-6d12be00a783.png)
+![Label assigned to email in Outlook on the web.](../media/16f6c91b-5eab-4574-9d13-6d12be00a783.png)
As with the desktop version of Outlook on the web, you can also apply retention labels to folders. Right-click the folder, select **Assign policy**, and change **Use parent folder policy** to the retention label you want to use as that folder's default retention label. #### Applying retention labels in OneDrive and SharePoint
-To label a document (including OneNote files) in OneDrive or SharePoint, select the item \> in the upper-right corner, choose **Open the details pane**![Information pane icon](../media/50b6d51b-92b4-4c5f-bb4b-4ca2d4aa3d04.png) \> **Apply retention label** \> choose the retention label.
+To label a document (including OneNote files) in OneDrive or SharePoint, select the item \> in the upper-right corner, choose **Open the details pane**![Information pane icon.](../media/50b6d51b-92b4-4c5f-bb4b-4ca2d4aa3d04.png) \> **Apply retention label** \> choose the retention label.
You can also apply a retention label to a folder or document set, and you can set a [default retention label for a document library](#applying-a-default-retention-label-to-all-content-in-a-sharepoint-library-folder-or-document-set).
-![Apply label list for an item in SharePoint](../media/151cc83c-da57-45b0-9cd1-fd2f28a31083.png)
+![Apply label list for an item in SharePoint.](../media/151cc83c-da57-45b0-9cd1-fd2f28a31083.png)
After a retention label is applied to an item, you can view it in the details pane when that item's selected.
-![Applied label shown in Details pane](../media/d06e585e-29f7-4c8c-afef-629c97268b8e.png)
+![Applied label shown in Details pane.](../media/d06e585e-29f7-4c8c-afef-629c97268b8e.png)
For SharePoint, but not OneDrive, you can create a view of the library that contains the **Labels** column or **Item is a Record** column. This view lets you see at a glance the retention labels assigned to all items and which items are records. Note, however, that you can't filter the view by the **Item is a Record** column. For instructions how to add columns, see [Show or hide columns in a list or library](https://support.microsoft.com/en-us/office/show-or-hide-columns-in-a-list-or-library-b820db0d-9e3e-4ff9-8b8b-0b2dbefa87e2).
For a document library, the default label configuration is done on the **Library
For example, if you have a retention label for marketing materials, and you know a specific document library contains only that type of content, you can make the **Marketing Materials** retention label the default label for all documents in that library.
-![Apply label option on library Settings page](../media/0787d651-63dc-43b4-8768-716a5ecc64ec.png)
+![Apply label option on library Settings page.](../media/0787d651-63dc-43b4-8768-716a5ecc64ec.png)
#### Label behavior when you use a default label for SharePoint
For example, you can create a rule that applies a specific retention label to al
To create a rule, right-click an item \> **Rules** \> **Create Rule** \> **Advanced Options** \> **Rules Wizard** \> **apply retention policy**.
-![Rules wizard with option to apply retention policies](../media/eeb2407c-15b6-4224-99cf-e0a00034d8ea.png)
+![Rules wizard with option to apply retention policies.](../media/eeb2407c-15b6-4224-99cf-e0a00034d8ea.png)
Although the UI refers to retention policies, it's your retention labels that display here and can be selected, not your retention policies.
compliance Create Custom Sensitive Information Types With Exact Data Match Based Classification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification.md
But what if you wanted a custom sensitive information type (SIT) that uses exact
- handle sensitive information more securely - be used with several Microsoft cloud services
-![EDM-based classification](../media/EDMClassification.png)
+![EDM-based classification.](../media/EDMClassification.png)
EDM-based classification enables you to create custom sensitive information types that refer to exact values in a database of sensitive information. The database can be refreshed daily, and contain up to 100 million rows of data. So as employees, patients, or clients come and go, and records change, your custom sensitive information types remain current and applicable. And, you can use EDM-based classification with policies, such as [data loss prevention policies](dlp-learn-about-dlp.md) or [Microsoft Cloud App Security file policies](/cloud-app-security/data-protection-policies).
EDM-based classification is included in these subscriptions
|Portal|World Wide/GCC|GCC-High|DOD| |||||
-|Office SCC|protection.office.com|scc.office365.us|scc.protection.apps.mil|
+|Office SCC|compliance.microsoft.com|scc.office365.us|scc.protection.apps.mil|
|Microsoft 365 Security center|security.microsoft.com|security.microsoft.us|security.apps.mil| |Microsoft 365 Compliance center|compliance.microsoft.com|compliance.microsoft.us|compliance.apps.mil|
These locations are support EDM sensitive information types:
10. In the **Conditions** section, in the **+ Add a condition** list, choose **Content contains sensitive type**.
- ![Content contains sensitive info types](../media/edm-dlp-newrule-conditions.png)
+ ![Content contains sensitive info types.](../media/edm-dlp-newrule-conditions.png)
11. Search for the sensitive information type you created when you set up your rule package, and then choose **+ Add**. Then choose **Done**.
compliance Create Draft Collection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-draft-collection.md
After you create a draft collection, it listed on the **Collections** page in th
During the draft collection process, Advanced eDiscovery performs a search estimate using the search criteria and data sources that you specified in the collection. Advanced eDiscovery also prepares a sampling of items that you can preview. When the collection is complete, the following columns and corresponding values on the **Collection** page are updated:
-![Status states for a draft collection](../media/DraftCollectionStatus.png)
+![Status states for a draft collection.](../media/DraftCollectionStatus.png)
- **Status**: Indicates the status and type of collection. A value of **Estimated** indicates that a draft collection is complete. This same value also indicates that the collection is a draft collection, and that it hasn't been added to a review set. A value of **Committed** in the **Status** column indicates that the collection has been added to a review set.
During the draft collection process, Advanced eDiscovery performs a search estim
After the draft collection is successfully completed, you can perform various tasks. To perform most of these tasks, just go the **Collections** tab and click the name of the draft collection to display the flyout page.
-![Flyout page for a draft collection](../media/DraftCollectionFlyoutPage.png)
+![Flyout page for a draft collection.](../media/DraftCollectionFlyoutPage.png)
Here's a list of things you can do from the collection flyout page:
Here's a list of things you can do from the collection flyout page:
You can use the options in the **Actions** menu on the flyout page of a draft collection to perform various management tasks.
-![Options on Actions menu for draft collection](../media/DraftCollectionActionsMenu.png)
+![Options on Actions menu for draft collection.](../media/DraftCollectionActionsMenu.png)
Here's are descriptions of the management options.
compliance Create Ediscovery Holds https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-ediscovery-holds.md
To create an eDiscovery hold that's associated with a Core eDiscovery case:
7. On the **Choose locations** wizard page, choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold.
- ![Choose the content locations to place on hold](../media/eDiscoveryHoldLocations.png)
+ ![Choose the content locations to place on hold.](../media/eDiscoveryHoldLocations.png)
1. **Exchange mailboxes**: Set the toggle to **On** and then click **Choose users, groups, or teams** to specify the mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, Office 365 Group, and Yammer Group. For more information about the application data that is preserved when a mailbox is placed on hold, see [Content stored in mailboxes for eDiscovery](what-is-stored-in-exo-mailbox.md).
To create an eDiscovery hold that's associated with a Core eDiscovery case:
9. To create a query-based hold using keywords or conditions, complete the following steps. To preserve all content in the specified content locations, click **Next**.
- ![Create a query-based hold with keyword and conditions](../media/eDiscoveryHoldQuery.png)
+ ![Create a query-based hold with keyword and conditions.](../media/eDiscoveryHoldQuery.png)
1. In the box under **Keywords**, type a query to preserve only the content that matches the query criteria. You can specify keywords, email message properties, or site properties, such as file names. You can also use more complex queries that use a Boolean operator, such as **AND**, **OR**, or **NOT**.
Keep the following things in mind when you place a query-based eDiscovery hold o
After you create an eDiscovery hold, information about the new hold is displayed on the flyout page for the selected hold. This information includes the number of mailboxes and sites on hold and statistics about the content that was placed on hold, such as the total number and size of items placed on hold and the last time the hold statistics were calculated. These hold statistics help you identify the amount of content related to the case is being preserved.
-![Hold statistics](../media/eDiscoveryHoldStatistics.png)
+![Hold statistics.](../media/eDiscoveryHoldStatistics.png)
Keep the following things in mind about eDiscovery hold statistics:
compliance Create Hold Notification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-hold-notification.md
Using Advanced eDiscovery custodian communications, organizations can manage their workflow around communicating with custodians. Through the Communications tool, legal teams can systematically send, collect, and track legal hold notifications. The flexible creation process also allows teams to customize the hold notification workflow and the content in the notices sent to custodians.
-![Communications Page](../media/CommunicationPage.PNG)
+![Communications Page.](../media/CommunicationPage.PNG)
The article outlines the steps in the hold notification workflow.
The article outlines the steps in the hold notification workflow.
The first step is to specify the appropriate details for legal hold notices or other custodian communications.
-![Name Communication Page](../media/NameCommunication.PNG)
+![Name Communication Page.](../media/NameCommunication.PNG)
1. In the Microsoft 365 compliance center, go to **eDiscovery > Advanced** to display the list of cases in your organization.
The first step is to specify the appropriate details for legal hold notices or o
Next, you can create and add the content of the hold notice. On the **Define portal content** page in the **Create communication** wizard, specify the contents of the hold notice. This content will be automatically appended to the Issuance, Re-Issue, Reminder, and Escalation notices. Additionally, this content will appear in the custodian's Compliance Portal.
-![Portal Content Page](../media/PortalContent.PNG)
+![Portal Content Page.](../media/PortalContent.PNG)
To create the portal content:
To create a release notification:
Optionally, you can simplify the workflow for following up with unresponsive custodians by creating and scheduling automated reminder and escalation notifications.
-![Reminder/Escalation Page](../media/ReminderEscalations.PNG)
+![Reminder/Escalation Page.](../media/ReminderEscalations.PNG)
### Reminders
To schedule escalations:
After you have finalized the content for notifications, select the custodians that you would like to send notifications to.
-![Select Custodians Page](../media/SelectCustodians.PNG)
+![Select Custodians Page.](../media/SelectCustodians.PNG)
To add custodians:
compliance Create Info Mgmt Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-info-mgmt-policies.md
To ensure that an information policy is applied to all documents of a certain ty
2. On the Site Settings page, under **Site Collection Administration** \> **Content Type Policy Templates**.
- ![Content Type Policy Template link on Site Settings page](../media/26d3466a-23ec-443f-88f0-2aaff38e992b.png)
+ ![Content Type Policy Template link on Site Settings page.](../media/26d3466a-23ec-443f-88f0-2aaff38e992b.png)
3. On the Policies page \> **Create**.
Adding an information management policy to a content type makes it easy to assoc
2. On the Site Settings page, under **Web Designer Galleries** \> **Site content types**.
- ![Site content types link on Site Settings page](../media/6f6fa51f-15d7-4782-b06f-a7b36e874cd3.png)
+ ![Site content types link on Site Settings page.](../media/6f6fa51f-15d7-4782-b06f-a7b36e874cd3.png)
3. On the Site Content Type Settings page, select the content type that you want to add a policy to.
Adding an information management policy to a content type makes it easy to assoc
6. In the next sections, select the individual policy features that you want to add to your information management policy.
- ![Types of content policies](../media/19fcb8a3-974b-40d3-a13f-b76088d122f8.png)
+ ![Types of content policies.](../media/19fcb8a3-974b-40d3-a13f-b76088d122f8.png)
7. To specify a retention period for documents and items that are subject to this policy, choose **Enable Retention**, and then specify the retention period and the actions that you want to occur when the items expire.
You need at least the Manage Lists permission to change the information manageme
3. Under **Permissions and Management**\> **Information management policy settings**.
- ![Information management policies link on settings page for document library](../media/9fa6d366-6aab-49e1-a05c-898ac6f536e6.png)
+ ![Information management policies link on settings page for document library.](../media/9fa6d366-6aab-49e1-a05c-898ac6f536e6.png)
4. On the Information Management Policy Settings page, make sure that the source of retention for the list or library is set to Library and Folders.
If information management policies have already been created for your site as si
3. Under **Permissions and Management** \> **Information management policy settings**.
- ![Information management policies link on settings page for document library](../media/9fa6d366-6aab-49e1-a05c-898ac6f536e6.png)
+ ![Information management policies link on settings page for document library.](../media/9fa6d366-6aab-49e1-a05c-898ac6f536e6.png)
4. Verify that the policy source is set to **Content Types**, and under **Content Type Policies** select the content type you want to apply the policy to.
You can define an information management policy and then create a template from
2. On the Site Settings page, under **Site Collection Administration** \> **Content Type Policy Templates**.
- ![Content Type Policy Template link on Site Settings page](../media/26d3466a-23ec-443f-88f0-2aaff38e992b.png)
+ ![Content Type Policy Template link on Site Settings page.](../media/26d3466a-23ec-443f-88f0-2aaff38e992b.png)
3. Choose the policy you want to export \> scroll to the bottom \> **Export**.
compliance Create Report On And Delete Multiple Content Searches https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-report-on-and-delete-multiple-content-searches.md
To run the script:
The script displays the progress of creating and running the searches. When the script is complete, it returns to the prompt.
- ![Sample output from running the script to create multiple compliance searches](../media/37d59b0d-5f89-4dbc-9e2d-0e88e2ed7b4c.png)
+ ![Sample output from running the script to create multiple compliance searches.](../media/37d59b0d-5f89-4dbc-9e2d-0e88e2ed7b4c.png)
## Step 4: Run the script to report the search estimates
After you create the searches, the next step is to run a script that displays a
The script displays the progress of creating and running the searches. When the script is complete, the report is displayed.
- ![Run the search report to display the estimates for the search group](../media/3b5f2595-71d5-4a14-9214-fad156c981f8.png)
+ ![Run the search report to display the estimates for the search group.](../media/3b5f2595-71d5-4a14-9214-fad156c981f8.png)
> [!NOTE] > If the same mailbox or site is specified as a content location in more than one search in a search group, the total results estimate in the report (for both the number of items and the total size) might include results for the same items. That's because the same email message or document will be counted more than once if it matches the query for different searches in the search group.
Because you might be creating a lot of searches, this last script just makes it
The script displays the name of each search that's deleted.
- ![Run the script to delete the searches in the search group](../media/9d97b9d6-a539-4d9b-a4e4-e99989144ec7.png)
+ ![Run the script to delete the searches in the search group.](../media/9d97b9d6-a539-4d9b-a4e4-e99989144ec7.png)
compliance Create Retention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md
To return to the default value of both the mailbox and SharePoint site for the s
Unlike other locations, you can't toggle the status of the Skype location on to automatically include all users. Instead, when you turn on that location, you must then select the **Edit** option to manually choose the users whose conversations you want to retain:
-![Edit Skype location for retention policies](../media/skype-location-retention-policies.png)
+![Edit Skype location for retention policies.](../media/skype-location-retention-policies.png)
After you select this **Edit** option, in the **Skype for Business** pane you can quickly include all users by selecting the hidden box before the **Name** column. However, it's important to understand that each user counts as a specific inclusion in the policy. So if you include 1,000 users by selecting this box, it's the same as if you manually selected 1,000 users to include, which is the maximum supported for Skype for Business.
Examples:
At the end of the retention period, you choose whether you want the content to be permanently deleted:
-![Retention settings page](../media/b05f84e5-fc71-4717-8f7b-d06a29dc4f29.png)
+![Retention settings page.](../media/b05f84e5-fc71-4717-8f7b-d06a29dc4f29.png)
### Deleting content that's older than a specific age
compliance Create Search To Collect Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-search-to-collect-data.md
On the **Searches** tab in your case, you can create a new search by clicking **New search** and following the wizard.
-![The search wizard in an Advanced eDiscovery case](../media/AeDSearch1.png)
+![The search wizard in an Advanced eDiscovery case.](../media/AeDSearch1.png)
## Name the search and give it a description
compliance Create Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-sensitivity-labels.md
The global admin for your organization has full permissions to create and manage
For example, from the Microsoft 365 compliance center:
- ![Create a sensitivity label](../media/create-sensitivity-label-full.png)
+ ![Create a sensitivity label.](../media/create-sensitivity-label-full.png)
> [!NOTE] > By default, tenants don't have any labels and you must create them. The labels in the example picture show default labels that were [migrated from Azure Information Protection](/azure/information-protection/configure-policy-migrate-labels). 3. On the **Define the scope for this label** page, the options selected determine the label's scope for the settings that you can configure and where they will be visible when they are published:
- ![Scopes for sensitivity labels](../media/sensitivity-labels-scopes.png)
+ ![Scopes for sensitivity labels.](../media/sensitivity-labels-scopes.png)
- If **Files & emails** is selected, you can configure settings in this wizard that apply to apps that support sensitivity labels, such as Office Word and Outlook. If this option isn't selected, the wizard displays the first page of these settings but you can't configure them and the labels won't be available for users to select in these apps.
The global admin for your organization has full permissions to create and manage
To edit an existing label, select it, and then select the **Edit label** button:
-![Edit label button to edit a sensitivity label](../media/edit-sensitivity-label-full.png)
+![Edit label button to edit a sensitivity label.](../media/edit-sensitivity-label-full.png)
This button starts the **Edit sensitivity label** wizard, which lets you change all the label settings in step 4.
Set-Label -Identity $Label -LocaleSettings (ConvertTo-Json $DisplayNameLocaleSet
For example, from the Microsoft 365 compliance center:
- ![Publish labels](../media/publish-sensitivity-labels-full.png)
+ ![Publish labels.](../media/publish-sensitivity-labels-full.png)
> [!NOTE] > By default, tenants don't have any label policies and you must create them.
Completing the wizard automatically publishes the label policy. To make changes
To edit an existing label policy, select it, and then select the **Edit Policy** button:
-![Edit a sensitivity label](../media/edit-sensitivity-label-policy-full.png)
+![Edit a sensitivity label.](../media/edit-sensitivity-label-policy-full.png)
This button starts the **Create policy** wizard, which lets you edit which labels are included and the label settings. When you complete the wizard, any changes are automatically replicated to the selected users and services.
compliance Create Tag Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-tag-groups.md
To create a tag group:
1. In a review set, click **Manage review set**.
- ![Click Manage review set](../media/ED-managews.png)
+ ![Click Manage review set.](../media/ED-managews.png)
2. In the **Tags** tile, click **Manage tags**.
- ![Click Manage tags in the Tags tile](../media/ED-managetags.png)
+ ![Click Manage tags in the Tags tile.](../media/ED-managetags.png)
Once inside the tag management, tags can be created to meet the requirements of your case. You can start by creating a tag group. 1. Click **Add section**.
- ![Adding a tag group](../media/ED-addtagsection.png)
+ ![Adding a tag group.](../media/ED-addtagsection.png)
The preview screen will update when you save so you can preview the tag panel without having to close the tag management screen and go back to the working set.
Once inside the tag management, tags can be created to meet the requirements of
3. To create a tag within that group, click the ellipses on the new tag group to create tags in that new section.
- ![Creating tags in a tag group](../media/ED-createtag.png)
+ ![Creating tags in a tag group.](../media/ED-createtag.png)
- **Option tags** will force users to select one tag from a group of tags.
Once inside the tag management, tags can be created to meet the requirements of
To nest tags, click the ellipses next to a tag and then select a new tag to add.
-![Nesting tags](../media/ED-tagnesting.png)
+![Nesting tags.](../media/ED-tagnesting.png)
compliance Create Test Tune Dlp Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-test-tune-dlp-policy.md
DLP policies for Exchange Online can be managed through the Exchange admin cente
Microsoft 365 provides a range of [DLP policy templates](what-the-dlp-policy-templates-include.md) you can use to create policies. Let's say that you're an Australian business. You can filter the templates on Australia, and choose Financial, Medical and Health, and Privacy.
-![Option to choose country or region](../media/DLP-create-test-tune-choose-country.png)
+![Option to choose country or region.](../media/DLP-create-test-tune-choose-country.png)
For this demonstration I'll choose Australian Personally Identifiable Information (PII) Data, which includes the information types of Australian Tax File Number (TFN) and Driver's License Number.
-![Option to choose a policy template](../media/DLP-create-test-tune-choose-policy-template.png)
+![Option to choose a policy template.](../media/DLP-create-test-tune-choose-policy-template.png)
Give your new DLP policy a name. The default name will match the DLP policy template, but you should choose a more descriptive name of your own, because multiple policies can be created from the same template.
-![Option to name your policy](../media/DLP-create-test-tune-name-policy.png)
+![Option to name your policy.](../media/DLP-create-test-tune-name-policy.png)
Choose the locations that the policy will apply to. DLP policies can apply to Exchange Online, SharePoint Online, and OneDrive for Business. I am going to leave this policy configured to apply to all locations.
-![Option to choose all locations](../media/DLP-create-test-tune-choose-locations.png)
+![Option to choose all locations.](../media/DLP-create-test-tune-choose-locations.png)
At the first **Policy Settings** step, just accept the defaults for now. You can customize DLP policies, but the defaults are a fine place to start.
-![Options to customize the type of content to protect](../media/DLP-create-test-tune-default-customization-settings.png)
+![Options to customize the type of content to protect.](../media/DLP-create-test-tune-default-customization-settings.png)
After clicking Next,** you'll be presented with an more **Policy Settings** page with more customization options. For a policy that you are just testing, here's where you can start to make some adjustments.
After clicking Next,** you'll be presented with an more **Policy Settings** page
- I've also decreased the number of instances from 10 to 1, so that this policy will detect any sharing of Australian PII data, not just bulk sharing of the data. - I've also added another recipient to the incident report email.
-![Additional policy settings](../media/DLP-create-test-tune-more-policy-settings.png)
+![Additional policy settings.](../media/DLP-create-test-tune-more-policy-settings.png)
Finally, I've configured this policy to run in test mode initially. Notice there's also an option here to disable policy tips while in test mode. This gives you the flexibility to have policy tips enabled in the policy, but then decide whether to show or suppress them during your testing.
-![Option to test out policy first](../media/DLP-create-test-tune-test-mode.png)
+![Option to test out policy first.](../media/DLP-create-test-tune-test-mode.png)
On the final review screen, click **Create** to finish creating the policy.
Your new DLP policy will begin to take effect within about 1 hour. You can sit a
As an example, the DLP policy I created for this article will detect Australian tax file numbers (TFN). According to the documentation, the match is based on the following criteria.
-![Documentation on Australia Tax File Number](../media/DLP-create-test-tune-Australia-Tax-File-Number-doc.png)
+![Documentation on Australia Tax File Number.](../media/DLP-create-test-tune-Australia-Tax-File-Number-doc.png)
To demonstrate TFN detection in a rather blunt manner, an email with the words "Tax file number" and a nine digit string in close proximity will sail through without any issues. The reason it does not trigger the DLP policy is that the nine digit string must pass the checksum that indicates it is a valid TFN and not just a harmless string of numbers.
-![Australia tax file number that does not pass checksum](../media/DLP-create-test-tune-email-test1.png)
+![Australia tax file number that does not pass checksum.](../media/DLP-create-test-tune-email-test1.png)
In comparison, an email with the words "Tax file number" and a valid TFN that passes the checksum will trigger the policy. For the record here, the TFN I'm using was taken from a website that generates valid, but not genuine, TFNs. Such sites are useful because one of the most common mistakes when testing a DLP policy is using a fake number that's not valid and won't pass the checksum (and therefore won't trigger the policy).
-![Australia tax file number that passes the checksum](../media/DLP-create-test-tune-email-test2.png)
+![Australia tax file number that passes the checksum.](../media/DLP-create-test-tune-email-test2.png)
The incident report email includes the type of sensitive information that was detected, how many instances were detected, and the confidence level of the detection.
-![Incident report showing tax file number detected](../media/DLP-create-test-tune-email-incident-report.png)
+![Incident report showing tax file number detected.](../media/DLP-create-test-tune-email-incident-report.png)
If you leave your DLP policy in test mode and analyze the incident report emails, you can start to get a feel for the accuracy of the DLP policy and how effective it will be when it is enforced. In addition to the incident reports, you can [use the DLP reports](view-the-dlp-reports.md) to see an aggregated view of policy matches across your tenant.
As you analyze your policy hits, you might want to make some adjustments to how
In the Compliance Center you can edit an existing policy to adjust the behavior.
-![Option to edit policy](../media/DLP-create-test-tune-edit-policy.png)
+![Option to edit policy.](../media/DLP-create-test-tune-edit-policy.png)
You can adjust the location settings so that the policy is applied only to specific workloads, or to specific sites and accounts.
-![Options to choose specific locations](../media/DLP-create-test-tune-edit-locations.png)
+![Options to choose specific locations.](../media/DLP-create-test-tune-edit-locations.png)
You can also adjust the policy settings and edit the rules to better suit your needs.
-![Option to edit rule](../media/DLP-create-test-tune-edit-rule.png)
+![Option to edit rule.](../media/DLP-create-test-tune-edit-rule.png)
When editing a rule within a DLP policy, you can change:
When editing a rule within a DLP policy, you can change:
- User overrides determines whether users can choose to proceed with their email or file sharing anyway. - Incident reports, to notify administrators.
-![Options to edit parts of a rule](../media/DLP-create-test-tune-editing-options.png)
+![Options to edit parts of a rule.](../media/DLP-create-test-tune-editing-options.png)
For this demonstration I've added user notifications to the policy (be careful of doing this without adequate user awareness training), and allowed users to override the policy with a business justification or by flagging it as a false positive. You can also customize the email and policy tip text if you want to include any additional information about your organization's policies, or prompt users to contact support if they have questions.
-![Options for user notifications and overrides](../media/DLP-create-test-tune-user-notifications.png)
+![Options for user notifications and overrides.](../media/DLP-create-test-tune-user-notifications.png)
The policy contains two rules for handling of high volume and low volume, so be sure to edit both with the actions that you want. This is an opportunity to treat cases differently depending on their characteristics. For example, you might allow overrides for low volume violations, but not allow overrides for high volume violations.
-![One rule for high volume and one rule for low volume](../media/DLP-create-test-tune-two-rules.png)
+![One rule for high volume and one rule for low volume.](../media/DLP-create-test-tune-two-rules.png)
Also, if you want to actually block or restrict access to content that is in violation of policy, you need to configure an action on the rule to do so.
-![Option to restrict access to content](../media/DLP-create-test-tune-restrict-access-action.png)
+![Option to restrict access to content.](../media/DLP-create-test-tune-restrict-access-action.png)
After saving those changes to the policy settings, I also need to return to the main settings page for the policy and enable the option to show policy tips to users while the policy is in test mode. This is an effective way to introduce DLP policies to your end users, and do user awareness training, without risking too many false positives that impact their productivity.
-![Option to show policy tips in test mode](../media/DLP-create-test-tune-show-policy-tips.png)
+![Option to show policy tips in test mode.](../media/DLP-create-test-tune-show-policy-tips.png)
On the server side (or cloud side if you prefer), the change may not take effect immediately, due to various processing intervals. If you're making a DLP policy change that will display new policy tips to a user, the user may not see the changes take effect immediately in their Outlook client, which checks for policy changes every 24 hours. If you want to speed things up for testing, you can use this registry fix to [clear the last download time stamp from the PolicyNudges key](https://support.microsoft.com/en-au/help/2823261/changes-to-a-data-loss-prevention-policy-don-t-take-effect-in-outlook?__hstc=18650278.46377037dc0a82baa8a30f0ef07a7b2f.1538687978676.1538693509953.1540315763430.3&__hssc=18650278.1.1540315763430&__hsfp=3446956451). Outlook will download the latest policy information the next time you restart it and begin composing an email message. If you have policy tips enabled, the user will begin to see the tips in Outlook, and can report false positives to you when they occur.
-![Policy tip with option to report false positive](../media/DLP-create-test-tune-policy-tip-in-outlook.png)
+![Policy tip with option to report false positive.](../media/DLP-create-test-tune-policy-tip-in-outlook.png)
## Investigate false positives
DLP policy templates are not perfect straight out of the box. It's likely that y
Here's an example of a false positive. This email is quite harmless. The user is providing their mobile phone number to someone, and including their email signature.
-![Email showing false positive information](../media/DLP-create-test-tune-false-positive-email.png)
+![Email showing false positive information.](../media/DLP-create-test-tune-false-positive-email.png)
But the user sees a policy tip warning them that the email contains sensitive information, specifically, an Australian driver's license number.
-![Option to report false positive in policy tip](../media/DLP-create-test-tune-policy-tip-closeup.png)
+![Option to report false positive in policy tip.](../media/DLP-create-test-tune-policy-tip-closeup.png)
The user can report the false positive, and the administrator can look into why it has occurred. In the incident report email, the email is flagged as a false positive.
-![Incident report showing false positive](../media/DLP-create-test-tune-false-positive-incident-report.png)
+![Incident report showing false positive.](../media/DLP-create-test-tune-false-positive-incident-report.png)
This driver's license case is a good example to dig into. The reason this false positive has occurred is that the "Australian Driver's License" type will be triggered by any 9-digit string (even one that is part of a 10-digit string), within 300 characters proximity to the keywords "Sydney nsw" (not case sensitive). So it's triggered by the phone number and email signature, only because the user happens to be in Sydney.
One option is to remove the Australian driver's license information type from th
Another option is to increase the instance count, so that a low volume of driver's licenses is only detected when there are multiple instances.
-![Option to edit the instance count](../media/DLP-create-test-tune-edit-instance-count.png)
+![Option to edit the instance count.](../media/DLP-create-test-tune-edit-instance-count.png)
In addition to changing the instance count, you can also adjust the match accuracy (or confidence level). If your sensitive information type has multiple patterns, you can adjust the match accuracy in your rule, so that your rule matches only specific patterns. For example, to help reduce false positives, you can set the match accuracy of your rule so that it matches only the pattern with the highest confidence level. For more information on confidence levels, see [How to use confidence level to tune your rules](data-loss-prevention-policies.md#match-accuracy).
Finally, if you want to get even a bit more advanced, you can customize any sens
When you're happy that your DLP policy is accurately and effectively detecting sensitive information types, and that your end users are ready to deal with the policies being in place, then you can enable the policy.
-![Option to turn on policy](../media/DLP-create-test-tune-turn-on-policy.png)
+![Option to turn on policy.](../media/DLP-create-test-tune-turn-on-policy.png)
If you're waiting to see when the policy will take effect, [Connect to Security & Compliance Center PowerShell](/powershell/exchange/connect-to-scc-powershell) and run the [Get-DlpCompliancePolicy cmdlet](/powershell/module/exchange/get-dlpcompliancepolicy) to see the DistributionStatus.
-![Running cmdlet in PowerShell](../media/DLP-create-test-tune-PowerShell.png)
+![Running cmdlet in PowerShell.](../media/DLP-create-test-tune-PowerShell.png)
After turning on the DLP policy, you should run some final tests of your own to make sure that the expected policy actions are occurring. If you're trying to test things like credit card data, there are websites online with information on how to generate sample credit card or other personal information that will pass checksums and trigger your policies. Policies that allow user overrides will present that option to the user as part of the policy tip.
-![Policy tip that allows user override](../media/DLP-create-test-tune-override-option.png)
+![Policy tip that allows user override.](../media/DLP-create-test-tune-override-option.png)
Policies that restrict content will present the warning to the user as part of the policy tip, and prevent them from sending the email.
-![Policy tip that content is restricted](../media/DLP-create-test-tune-restrict-warning.png)
+![Policy tip that content is restricted.](../media/DLP-create-test-tune-restrict-warning.png)
## Summary
compliance Csv File For An Id List Content Search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/csv-file-for-an-id-list-content-search.md
You can use a CSV file from a search that included SharePoint sites and OneDrive
Here's an example of a CSV file that's ready to be submitted for an ID list content search.
- ![Example of a CSV file for a targeted content search](../media/SearchIDListCSVFile.png)
+ ![Example of a CSV file for a targeted content search.](../media/SearchIDListCSVFile.png)
6. Save the CSV file or use **Save As** to the save the file with different file name. In both cases, be sure to save the file with the CSV format.
The next step is to create a new ID list search and submit the CSV file that you
Here's an example of the flyout page from an ID list search that shows the query that's generated and the estimated number of search results.
- ![Search query for ID list search](../media/SearchIDListFlyout.png)
+ ![Search query for ID list search.](../media/SearchIDListFlyout.png)
The number of estimated items displayed in statistics for the ID search should match the number of items that you selected in the CSV file.
compliance Customer Key Availability Key Understand https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-availability-key-understand.md
When Exchange Online and Skype for Business accesses availability key to provide
Log records include attributes such as date, time, activity, organization ID, and data encryption policy ID. The record is available as part of Unified Audit Logs and is accessible from the Security & Compliance Center Audit Log Search tab.
-![Audit log search for availability key events](../media/customerkeyauditlogsearchavailabilitykeyloggingimage.png)
+![Audit log search for availability key events.](../media/customerkeyauditlogsearchavailabilitykeyloggingimage.png)
Exchange Online and Skype for Business availability key records use the Office 365 Management Activity [common schema](/office/office-365-management-api/office-365-management-activity-api-schema#common-schema) with added custom parameters: Policy Id, Scope Key Version Id, and Request Id.
-![Availability key custom parameters](../media/customerkeyauditlogsearchavailabilitykeyloggingcustomparam.png)
+![Availability key custom parameters.](../media/customerkeyauditlogsearchavailabilitykeyloggingcustomparam.png)
### SharePoint Online, OneDrive for Business, and Teams files availability key logging
Microsoft 365 uses the availability key to wrap the tier of keys lower in the ke
### Encryption ciphers used to encrypt keys for Exchange Online and Skype for Business
-![Encryption ciphers for Exchange Online Customer Key](../media/customerkeyencryptionhierarchiesexchangeskype.png)
+![Encryption ciphers for Exchange Online Customer Key.](../media/customerkeyencryptionhierarchiesexchangeskype.png)
### Encryption ciphers used to encrypt keys for SharePoint Online and OneDrive for Business
-![Encryption ciphers for SharePoint Online Customer Key](../media/customerkeyencryptionhierarchiessharepointonedriveteamsfiles.png)
+![Encryption ciphers for SharePoint Online Customer Key.](../media/customerkeyencryptionhierarchiessharepointonedriveteamsfiles.png)
## Related articles
compliance Customer Key Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-key-overview.md
The key hierarchy used for DEPs that encrypt data for multiple Microsoft 365 wor
#### Encryption ciphers used to encrypt keys for Exchange Online and Skype for Business
-![Encryption ciphers for Exchange Online Customer Key](../media/customerkeyencryptionhierarchiesexchangeskype.png)
+![Encryption ciphers for Exchange Online Customer Key.](../media/customerkeyencryptionhierarchiesexchangeskype.png)
#### Encryption ciphers used to encrypt keys for SharePoint Online, OneDrive for Business, and Teams files
-![Encryption ciphers for SharePoint Online Customer Key](../media/customerkeyencryptionhierarchiessharepointonedriveteamsfiles.png)
+![Encryption ciphers for SharePoint Online Customer Key.](../media/customerkeyencryptionhierarchiessharepointonedriveteamsfiles.png)
## Related articles
compliance Customer Lockbox Requests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-lockbox-requests.md
These steps outline the typical workflow when a Microsoft engineer starts a Cust
5. After a Microsoft Support manager approves the request, Customer Lockbox sends the designated approver at the organization an email notification about the pending access request from Microsoft.
- ![Example of a Customer Lockbox email notification](../media/CustomerLockbox1.png)
+ ![Example of a Customer Lockbox email notification.](../media/CustomerLockbox1.png)
Anyone who is assigned the [Customer Lockbox access approver](/office365/admin/add-users/about-admin-roles) admin role in Microsoft 365 admin center can approve Customer Lockbox requests.
You can turn on Customer Lockbox controls in the Microsoft 365 admin center. Whe
3. Select **Security & Privacy** > **Customer Lockbox** > **Edit**, and then move the toggle to **On** or **Off** to turn the feature on or off.
- ![Require approval for Customer Lockbox](../media/CustomerLockbox4.png)
+ ![Require approval for Customer Lockbox.](../media/CustomerLockbox4.png)
## Approve or deny a Customer Lockbox request
You can turn on Customer Lockbox controls in the Microsoft 365 admin center. Whe
2. Choose **Support > Customer Lockbox Requests**.
- ![Click Support, then click Customer Lockbox Requests](../media/CustomerLockbox5.png)
+ ![Click Support, then click Customer Lockbox Requests.](../media/CustomerLockbox5.png)
A list of Customer Lockbox requests displays.
- ![List of Customer Lockbox requests](../media/CustomerLockbox6.png)
+ ![List of Customer Lockbox requests.](../media/CustomerLockbox6.png)
3. Select a Customer Lockbox request, and then choose **Approve** or **Deny**.
- ![Approve Customer Lockbox requests](../media/CustomerLockbox7.png)
+ ![Approve Customer Lockbox requests.](../media/CustomerLockbox7.png)
A confirmation message about the approval of the Customer Lockbox request displays.
- ![Deny Customer Lockbox requests](../media/CustomerLockbox8.png)
+ ![Deny Customer Lockbox requests.](../media/CustomerLockbox8.png)
> [!NOTE] > Use the Set-AccessToCustomerDataRequest cmdlet to approve, deny, or cancel Microsoft 365 customer lockbox requests that control access to your data by Microsoft support engineers. For more information, see [Set-AccessToCustomerDataRequest](/powershell/module/exchange/set-accesstocustomerdatarequest).
Before you can use the audit log to track requests for Customer Lockbox, there a
The **Audit log search** page displays.
- ![Audit log search page](../media/auditlogsearch1.png)
+ ![Audit log search page.](../media/auditlogsearch1.png)
4. Configure the following search criteria:
When a person in your organization approves or denies a Customer Lockbox request
The following screenshot shows an example of an audit log record that corresponds to an approved Customer Lockbox request. If a Customer Lockbox request was denied, then the value of **ApprovalDecision** parameter would be **Deny**.
-![Audit record for an approved Customer Lockbox request](../media/CustomerLockbox9.png)
+![Audit record for an approved Customer Lockbox request.](../media/CustomerLockbox9.png)
> [!TIP] > To display more detailed information in an audit record, click **More information**.
compliance Data Classification Activity Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-activity-explorer.md
description: "Activity explorer rounds out the functionality of the data classif
The [data classification overview](data-classification-overview.md) and [content explorer](data-classification-content-explorer.md) tabs give you visibility into what content has been discovered and labeled, and where that content is. Activity explorer rounds out this suite of functionality by allowing you to monitor what's being done with your labeled content. Activity explorer provides a historical view of activities on your labeled content. The activity information is collected from the Microsoft 365 unified audit logs, transformed and made available in the Activity explorer UI.
-![placeholder screenshot overview activity explorer](../media/data-classification-activity-explorer-1.png)
+![placeholder screenshot overview activity explorer.](../media/data-classification-activity-explorer-1.png)
There are over 30 different filters available for use, some are:
compliance Data Classification Content Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-content-explorer.md
description: "Content explorer allows you to natively view labeled items."
The data classification content explorer allows you to natively view the items that were summarized on the overview page.
-![content explorer collapsed screenshot](../media/data-classification-content-explorer-1.png)
+![content explorer collapsed screenshot.](../media/data-classification-content-explorer-1.png)
## Prerequisites
A [retention label](retention.md) allows you to define how long a labeled item i
### Export The **export** control will create a .csv file that contains a listing of whatever is showing in the **All locations** pane.
-![data classification export control](../media/data_classification_export_control.png)
+![data classification export control.](../media/data_classification_export_control.png)
### Search When you drill down into a location, such as an Exchange folder, or a SharePoint or OneDrive site, the **search** tool appears.
-![content explorer search tool](../media/data_classification_search_tool.png)
+![content explorer search tool.](../media/data_classification_search_tool.png)
The scope of the search tool is what is displaying in the **All locations** pane and what you can search on varies depending on the selected location.
compliance Data Classification Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-overview.md
Microsoft 365 comes with many definitions of sensitive information types, such a
The sensitive information type card shows the top sensitive information types that have been found and labeled across your organization.
-![top sensitive information types](../media/data-classification-sens-info-types-card.png)
+![top sensitive information types.](../media/data-classification-sens-info-types-card.png)
To find out how many items are in any given classification category, hover over the bar for the category.
-![top sensitive information types hover detail](../media/data-classification-sens-info-types-hover.png)
+![top sensitive information types hover detail.](../media/data-classification-sens-info-types-hover.png)
> [!NOTE] > If the card displays the message "No data found with sensitive information", it means that there are no items in your organization that have been classified as being a sensitive information type or no items that have been crawled. To get started with labels, see:
Sensitivity labels must be enabled for files that are in SharePoint and OneDrive
The sensitivity label card shows the number of items (email or document) by sensitivity level.
-![breakdown of content by sensitivity label classification placeholder screenshot](../media/data-classification-top-sensitivity-labels-applied.png)
+![breakdown of content by sensitivity label classification placeholder screenshot.](../media/data-classification-top-sensitivity-labels-applied.png)
> [!NOTE] > If you haven't created or published any sensitivity labels or no content has had a sensitivity label applied, this card will display the message "No sensitivity labels detected". To get started with sensitivity labels, see:
Retention labels are used to manage the retention and disposition of content in
The top applied retention labels card shows you how many items have a given retention label.
-![top applied retention labels placeholder screenshot](../media/data-classification-top-retention-labels-applied.png)
+![top applied retention labels placeholder screenshot.](../media/data-classification-top-retention-labels-applied.png)
> [!NOTE] > If this card displays the message, "No retention labels detected", it means you haven't created or published any retention labels or no content has had a retention label applied. To get started with retention labels, see:
compliance Data Loss Prevention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-loss-prevention-policies.md
f1_keywords: - 'ms.o365.cc.DLPLandingPage'
-localization_priority: low
+localization_priority: null
- M365-security-compliance - SPO_Content
search.appverid:
- MET150 - seo-marvel-apr2020+
+feedback_system: None
description: data loss prevention reference material
With a DLP policy, you can:
You create and manage DLP policies on the Data loss prevention page in the Microsoft 365 Compliance center.
-![Data loss prevention page in the Office 365 Security &amp; Compliance Center](../media/943fd01c-d7aa-43a9-846d-0561321a405e.png)
+![Data loss prevention page in the Office 365 Security &amp; Compliance Center.](../media/943fd01c-d7aa-43a9-846d-0561321a405e.png)
<!-- MOVED TO LEARN ABOUT ## What a DLP policy contains
A DLP policy contains a few basic things:
- **Conditions** the content must match before the rule is enforced. For example, a rule might be configured to look only for content containing Social Security numbers that's been shared with people outside your organization.
- - **Actions** that you want the rule to take automatically when content matching the conditions is found. For example, a rule might be configured to block access to a document and send both the user and compliance officer an email notification. -->
+ - **Actions** that you want the rule to take automatically when content matching the conditions is found. For example, a rule might be configured to block access to a document and send both the user and compliance officer an email notification.
You can use a rule to meet a specific protection requirement, and then use a DLP policy to group together common protection requirements, such as all of the rules needed to comply with a specific regulation. For example, you might have a DLP policy that helps you detect the presence of information subject to the Health Insurance Portability and Accountability Act (HIPAA). This DLP policy could help protect HIPAA data (the what) across all SharePoint Online sites and all OneDrive for Business sites (the where) by finding any document containing this sensitive information that's shared with people outside your organization (the conditions) and then blocking access to the document and sending a notification (the actions). These requirements are stored as individual rules and grouped together as a DLP policy to simplify management and reporting.
-![Diagram shows that DLP policy contains locations and rules](../media/c006860c-2d00-42cb-aaa4-5b5638d139f7.png)
+![Diagram shows that DLP policy contains locations and rules.](../media/c006860c-2d00-42cb-aaa4-5b5638d139f7.png) -->
<!-- MOVED TO LEARN ABOUT ### Locations
DLP policies are applied to sensitive items across Microsoft 365 locations and c
|Microsoft Cloud App Security |instance | -->
+<!-- moved to dlp-policy-reference.md
If you choose to include specific distribution groups in Exchange, the DLP policy will be scoped only to the members of that group. Similarly excluding a distribution group will exclude all the members of that distribution group from policy evaluation. You can choose to scope a policy to the members of distribution lists, dynamic distribution groups, and security groups. A DLP policy can contain no more than 50 such inclusions and exclusions. If you choose to include or exclude specific SharePoint sites, a DLP policy can contain no more than 100 such inclusions and exclusions. Although this limit exists, you can exceed this limit by applying either an org-wide policy or a policy that applies to entire locations.
A rule also provides options to notify users (with policy tips and email notific
Here are the components of a rule, each explained below.
-![Sections of the DLP rule editor](../media/1859d504-b9c2-45ed-961b-a0092251acc2.png)
+![Sections of the DLP rule editor.](../media/1859d504-b9c2-45ed-961b-a0092251acc2.png)
#### Conditions
Conditions are important because they determine what types of information you're
Conditions focus on the **content**, such as what types of sensitive information you're looking for, and also on the **context**, such as who the document is shared with. You can use conditions to assign different actions to different risk levels. For example, sensitive content shared internally might be lower risk and require fewer actions than sensitive content shared with people outside the organization.
-![List showing available DLP conditions](../media/0fa43f90-d007-4506-ae93-43e8424fe103.png)
+![List showing available DLP conditions.](../media/0fa43f90-d007-4506-ae93-43e8424fe103.png)
The conditions now available can determine if:
The conditions now available can determine if:
A DLP policy can help protect sensitive information, which is defined as a **sensitive information type**. Microsoft 365 includes definitions for many common sensitive information types across many different regions that are ready for you to use, such as a credit card number, bank account numbers, national ID numbers, and passport numbers.
-![List of available sensitive information types](../media/3eaa9911-bc94-44be-902f-363dbf3b07fe.png)
+![List of available sensitive information types.](../media/3eaa9911-bc94-44be-902f-363dbf3b07fe.png)
When a DLP policy looks for a sensitive information type such as a credit card number, it doesn't simply look for a 16-digit number. Each sensitive information type is defined and detected by using a combination of:
This helps DLP detection achieve a high degree of accuracy while reducing the nu
When content matches a condition in a rule, you can apply actions to automatically protect the content.
-![List of available DLP actions](../media/8aef17fc-1e99-4ac7-adfc-0f2c9c1a0697.png)
+![List of available DLP actions.](../media/8aef17fc-1e99-4ac7-adfc-0f2c9c1a0697.png)
With the actions now available, you can:
With the actions now available, you can:
For site content, this means that permissions for the document are restricted for everyone except the primary site collection administrator, document owner, and person who last modified the document. These people can remove the sensitive information from the document or take other remedial action. When the document is in compliance, the original permissions are automatically restored. When access to a document is blocked, the document appears with a special policy tip icon in the library on the site.
- ![Policy tip showing access to document is blocked](../media/b6cefed3-d212-43d7-8534-4b92b26ebd50.png)
+ ![Policy tip showing access to document is blocked.](../media/b6cefed3-d212-43d7-8534-4b92b26ebd50.png)
For email content, this action blocks the message from being sent. Depending on how the DLP rule is configured, the sender sees an NDR or (if the rule uses a notification) a policy tip and/or email notification.
- ![Warning that unauthorized recipients must be removed from the message](../media/302f9994-912d-41e7-861f-8a4539b3c285.png)
+ ![Warning that unauthorized recipients must be removed from the message.](../media/302f9994-912d-41e7-861f-8a4539b3c285.png)
#### User notifications and user overrides You can use notifications and overrides to educate your users about DLP policies and help them remain compliant without blocking their work. For example, if a user tries to share a document containing sensitive information, a DLP policy can both send them an email notification and show them a policy tip in the context of the document library that allows them to override the policy if they have a business justification.
-![User notifications and user overrides sections of DLP rule editor](../media/37b560d4-6e4e-489e-9134-d4b9daf60296.png)
+![User notifications and user overrides sections of DLP rule editor.](../media/37b560d4-6e4e-489e-9134-d4b9daf60296.png)
The email can notify the person who sent, shared, or last modified the content and, for site content, the primary site collection administrator and document owner. In addition, you can add or remove whomever you choose from the email notification.
The email notification and policy tip explain why content conflicts with a DLP p
Here's what a policy tip looks like in a OneDrive for Business account.
-![Policy tip for a document in a OneDrive account](../media/f9834d35-94f0-4511-8555-0fe69855ce6d.png)
+![Policy tip for a document in a OneDrive account.](../media/f9834d35-94f0-4511-8555-0fe69855ce6d.png)
To learn more about user notifications and policy tips in DLP policies, see [Use notifications and policy tips](use-notifications-and-policy-tips.md).
When a rule is matched, you can send an alert email to your compliance officer (
In addition, you can also send an incident report with details of the event. This report includes information about the item that was matched, the actual content that matched the rule, and the name of the person who last modified the content. For email messages, the report also includes as an attachment the original message that matches a DLP policy. > [!div class="mx-imgBorder"]
-> ![Page for configuring incident reports](../media/Alerts-and-incident-report.png)
+> ![Page for configuring incident reports.](../media/Alerts-and-incident-report.png)
DLP scans email differently from items in SharePoint Online or OneDrive for Business. In SharePoint Online and OneDrive for Business, DLP scans existing items as well as new ones and generates an alert and incident report whenever a match is found. In Exchange Online, DLP only scans new email messages and generates a report if there is a policy match. DLP ***does not*** scan or match previously existing email items that are stored in a mailbox or archive.
You can easily identify such loosely defined data by using grouping and logical
Within a group, you can choose whether any or all of the conditions in that group must be satisfied for the content to match the rule.
-![Group showing the operators within the group](../media/6a12f1e8-112d-48ee-9a73-82b3dd0542e7.png)
+![Group showing the operators within the group.](../media/6a12f1e8-112d-48ee-9a73-82b3dd0542e7.png)
### Adding a group You can quickly add a group, which can have its own conditions and operator within that group.
-![Add group button](../media/5f72f292-d1f3-4f11-a911-a9f71e10abf6.png)
+![Add group button.](../media/5f72f292-d1f3-4f11-a911-a9f71e10abf6.png)
### Choosing the operator between groups
For example, the built-in **U.S. HIPAA** policy has a rule that uses an **AND**
- from the group **Medical Terms** (at least one ICD-9-CM keyword **OR** ICD-10-CM keyword)
-![Groups showing the operator between groups](../media/354aa77f-569c-4847-9dfe-605ee2bb28d1.png)
+![Groups showing the operator between groups.](../media/354aa77f-569c-4847-9dfe-605ee2bb28d1.png)
## The priority by which rules are processed When you create rules in a policy, each rule is assigned a priority in the order in which it's created ΓÇö meaning, the rule created first has first priority, the rule created second has second priority, and so on. > [!div class="mx-imgBorder"]
-> ![Rules in priority order](../media/dlp-rules-in-priority-order.png)
+> ![Rules in priority order.](../media/dlp-rules-in-priority-order.png)
After you have set up more than one DLP policy, you can change the priority of one or more policies. To do that, select a policy, choose **Edit policy**, and use the **Priority** list to specify its priority. > [!div class="mx-imgBorder"]
-> ![Set priority for a policy](../media/dlp-set-policy-priority.png)
+> ![Set priority for a policy.](../media/dlp-set-policy-priority.png)
When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the rules are processed in priority order and the most restrictive action is enforced. For example, if content matches all of the following rules, Rule 3 is enforced because it's the highest priority, most restrictive rule:
Regarding policy tips, note that:
- If the policy tips in the most restrictive rule allow people to override the rule, then overriding this rule also overrides any other rules that the content matched.
+-->
+ ## Tuning rules to make them easier or harder to match After people create and turn on their DLP policies, they sometimes run into these issues:
To use instance count to tune rules, the guidance is straightforward:
Typically, you use less restrictive actions, such as sending user notifications, in a rule with a lower instance count (for example, 1-9). And you use more restrictive actions, such as restricting access to content without allowing user overrides, in a rule with a higher instance count (for example, 10-any).
-![Instance counts in the rule editor](../media/e7ea3c12-72c5-4bb3-9590-c924c665e84d.png)
+![Instance counts in the rule editor.](../media/e7ea3c12-72c5-4bb3-9590-c924c665e84d.png)
### Match accuracy
It's important to understand that when a specific type of sensitive information,
So if you want to create two mutually exclusive rules for credit cards, one for the 65% match accuracy and one for the 85% match accuracy, the ranges for match accuracy would look like this. The first rule picks up only matches of the 65% pattern. The second rule picks up matches with **at least one** 85% match and **can potentially have** other lower-confidence matches.
-![Two rules with different ranges for match accuracy](../media/21bdfe36-7a91-4347-8098-11809a92f9a4.png)
+![Two rules with different ranges for match accuracy.](../media/21bdfe36-7a91-4347-8098-11809a92f9a4.png)
For these reasons, the guidance for creating rules with different match accuracies is:
When you use a previously created and published [retention label](retention.md#r
- Published retention labels can take from one to seven days to sync. For more information, see [When retention labels become available to apply](create-apply-retention-labels.md#when-retention-labels-become-available-to-apply) for retention labels published in a retention policy, and [How long it takes for retention labels to take effect](apply-retention-labels-automatically.md#how-long-it-takes-for-retention-labels-to-take-effect) for retention labels that are auto-published. - Using a retention label in a policy **is only supported for items in SharePoint and OneDrive***.
- ![Labels as a condition](../media/5b1752b4-a129-4a88-b010-8dcf8a38bb09.png)
+ ![Labels as a condition.](../media/5b1752b4-a129-4a88-b010-8dcf8a38bb09.png)
You might want to use a retention label in a DLP policy if you have items that are under retention and disposition, and you also want to apply other controls to them, for example:
Several features can be applied to content containing sensitive information:
- A DLP policy can enforce **protection** actions on this content. And before enforcing these actions, a DLP policy can require other conditions to be met in addition to the content containing a label.
-![Diagram of features that can apply to sensitive information](../media/dd410f97-a3a3-455c-a1e9-7ed8ae6893d6.png)
+![Diagram of features that can apply to sensitive information.](../media/dd410f97-a3a3-455c-a1e9-7ed8ae6893d6.png)
Note that a DLP policy has a richer detection capability than a label or retention policy applied to sensitive information. A DLP policy can enforce protective actions on content containing sensitive information, and if the sensitive information is removed from the content, those protective actions are undone the next time the content's scanned. But if a retention policy or label is applied to content containing sensitive information, that's a one-time action that won't be undone even if the sensitive information is removed. By using a label as a condition in a DLP policy, you can enforce both retention and protection actions on content with that label. You can think of content containing a label exactly like content containing sensitive information - both a label and a sensitive information type are properties used to classify content, so that you can enforce actions on that content.
-![Diagram of DLP policy using label as a condition](../media/4538fd8f-fb74-4743-bc22-a5de33adfebb.png)
+![Diagram of DLP policy using label as a condition.](../media/4538fd8f-fb74-4743-bc22-a5de33adfebb.png)
## Simple settings vs. advanced settings
By far, the most common DLP scenario is creating a policy to help protect conten
To simplify achieving this goal, when you create a DLP policy, you can choose **Use simple settings**. These settings provide everything you need to implement the most common DLP policy, without having to go into the rule editor.
-![DLP options for simple and advanced settings](../media/33c93824-ead5-43b6-9c3e-fd1630c92a7d.png)
+![DLP options for simple and advanced settings.](../media/33c93824-ead5-43b6-9c3e-fd1630c92a7d.png)
### Advanced settings
The advanced settings present you with the rule editor, where you have full cont
To jump to a section quickly, click an item in the top navigation of the rule editor to go to that section below.
-![Top navigation menu of DLP rule editor](../media/c527b97f-ca53-4c79-ad19-1a63be8a8ecc.png)
+![Top navigation menu of DLP rule editor.](../media/c527b97f-ca53-4c79-ad19-1a63be8a8ecc.png)
## DLP policy templates
The first step in creating a DLP policy is choosing what information to protect.
A preconfigured DLP policy template can help you detect specific types of sensitive information, such as HIPAA data, PCI-DSS data, Gramm-Leach-Bliley Act data, or even locale-specific personally identifiable information (P.I.). To make it easy for you to find and protect common types of sensitive information, the policy templates included in Microsoft 365 already contain the most common sensitive information types necessary for you to get started.
-![List of templates for data loss prevention policies with focus on template for U.S. Patriot Act](../media/791b2403-430b-4987-8643-cc20abbd8148.png)
+![List of templates for data loss prevention policies with focus on template for U.S. Patriot Act.](../media/791b2403-430b-4987-8643-cc20abbd8148.png)
Your organization may also have its own specific requirements, in which case you can create a DLP policy from scratch by choosing the **Custom policy** option. A custom policy is empty and contains no premade rules.
If you're creating DLP policies with a large potential impact, we recommend foll
3. **Start full enforcement on the policies** so that the actions in the rules are applied and the content's protected. Continue to monitor the DLP reports and any incident reports or notifications to make sure that the results are what you intend.
- ![Options for using test mode and turning on policy](../media/49fafaac-c6cb-41de-99c4-c43c3e380c3a.png)
+ ![Options for using test mode and turning on policy.](../media/49fafaac-c6cb-41de-99c4-c43c3e380c3a.png)
You can turn off a DLP policy at any time, which affects all rules in the policy. However, each rule can also be turned off individually by toggling its status in the rule editor.
- ![Options for turning off a rule in a policy](../media/f7b258ff-1b8b-4127-b580-83c6492f2bef.png)
+ ![Options for turning off a rule in a policy.](../media/f7b258ff-1b8b-4127-b580-83c6492f2bef.png)
You can also change the priority of multiple rules in a policy. To do that, open a policy for editing. In a row for a rule, choose the ellipses (**...**), and then choose an option, such as **Move down** or **Bring to last**. > [!div class="mx-imgBorder"]
- > ![Set rule priority](../media/dlp-set-rule-priority.png)-->
+ > ![Set rule priority.](../media/dlp-set-rule-priority.png)-->
## DLP reports
With the DLP reports, you can get business insights and:
In addition, you can use the DLP reports to fine tune your DLP policies as you run them.
-![Reports Dashboard in Security and Compliance Center](../media/6d741252-a0ce-4429-95ba-6c857ecc9a7e.png)
+![Reports Dashboard in Security and Compliance Center.](../media/6d741252-a0ce-4429-95ba-6c857ecc9a7e.png)
## How DLP policies work
For this reason, DLP policies check documents for policy matches frequently in t
As people add or change documents in their sites, the search engine scans the content, so that you can search for it later. While this is happening, the content's also scanned for sensitive information and to check if it's shared. Any sensitive information that's found is stored securely in the search index, so that only the compliance team can access it, but not typical users. Each DLP policy that you've turned on runs in the background (asynchronously), checking search frequently for any content that matches a policy, and applying actions to protect it from inadvertent leaks.
-![Diagram showing how DLP policy evaluates content asynchronously](../media/bdf73099-039a-4909-ae89-ac12c41992ba.png)
+![Diagram showing how DLP policy evaluates content asynchronously.](../media/bdf73099-039a-4909-ae89-ac12c41992ba.png)
<!-- conflict with a DLP policy is bad wording --> Finally, documents can conflict with a DLP policy, but they can also become compliant with a DLP policy. For example, if a person adds credit card numbers to a document, it might cause a DLP policy to block access to the document automatically. But if the person later removes the sensitive information, the action (in this case, blocking) is automatically undone the next time the document is evaluated against the policy.
compliance Data Spillage Scenariosearch And Purge https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-spillage-scenariosearch-and-purge.md
This document provides a list of instructions on how to permanently remove a mes
Here's a how to manage a data spillage incident:
-![The 8-step workflow for managing data spillage incidents](../media/O365-eDiscoverySolutions-DataSpillage-workflow.png)
+![The 8-step workflow for managing data spillage incidents.](../media/O365-eDiscoverySolutions-DataSpillage-workflow.png)
[(Optional) Step 1: Manage who can access the case and set compliance boundaries](#optional-step-1-manage-who-can-access-the-case-and-set-compliance-boundaries)<br/> [Step 2: Create an eDiscovery case](#step-2-create-an-ediscovery-case)<br/>
After you verified the search results, you may want to share your findings with
The Export report page is displayed.
- ![Select the search and then click More > Export report on the flyout page](../media/O365-eDiscoverySolutions-DataSpillage-ExportReport1.png)
+ ![Select the search and then click More > Export report on the flyout page.](../media/O365-eDiscoverySolutions-DataSpillage-ExportReport1.png)
3. Select **All items, including ones that have unrecognized format, are encrypted, or weren't indexed for other reasons** and then click **Generate report**.
After you verified the search results, you may want to share your findings with
5. Click the export job, and then click **Download** report on the flyout page.
- ![On the Export page, click the export and then click "Download report"](../media/O365-eDiscoverySolutions-DataSpillage-ExportReport2.png)
+ ![On the Export page, click the export and then click "Download report.".](../media/O365-eDiscoverySolutions-DataSpillage-ExportReport2.png)
The **Export Summary** report contains the number of locations found with results and the size of the search results. You can use this to compare with the report generated after deletion and provide as a proof of deletion. The **Results** report contains a more detailed summary of the search results, including the subject, sender, recipients, if the email was read, dates, and size of each message. If any of the details in this report contains that actual spilled data, be sure to permanently delete the Results.csv file when the investigation is complete.
There are two ways to collect a list of email addresses of mailboxes with spille
4. In the **Type** drop down list, click **Top locations**.
- ![Get a list of mailboxes that contain search results on the Top locations page in the Search statistics](../media/O365-eDiscoverySolutions-DataSpillage-TopLocations.png)
+ ![Get a list of mailboxes that contain search results on the Top locations page in the Search statistics.](../media/O365-eDiscoverySolutions-DataSpillage-TopLocations.png)
A list of mailboxes that contain search results is displayed. The number of items in each mailbox that match the search query is also displayed.
If the keywords in the search query that you created and used in Step 3 contains
2. On the flyout page, click **Delete**.
- ![Select the search and then click Delete on the flyout page](../media/O365-eDiscoverySolutions-DataSpillage-DeleteSearch.png)
+ ![Select the search and then click Delete on the flyout page.](../media/O365-eDiscoverySolutions-DataSpillage-DeleteSearch.png)
### Auditing the data spillage investigation process
compliance De Duplication In Ediscovery Search Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/de-duplication-in-ediscovery-search-results.md
The following graphics show how duplicate messages are displayed in the **Result
### Results.csv report (viewed in Excel)
-![Viewing info about duplicate items in the Results.csv report](../media/e3d64004-3b91-4cba-b6f3-934b46cbdcdb.png)
+![Viewing info about duplicate items in the Results.csv report.](../media/e3d64004-3b91-4cba-b6f3-934b46cbdcdb.png)
### Manifest.xml report (viewed in Excel)
-![Viewing info about duplicate items in the Manifest.xml report](../media/69aa4786-9883-46ff-bcae-b35e0daf4a6d.png)
+![Viewing info about duplicate items in the Manifest.xml report.](../media/69aa4786-9883-46ff-bcae-b35e0daf4a6d.png)
Additionally, other properties from duplicate messages are included in the export reports. This includes the mailbox the duplicate message is located in, whether the message was sent to a distribution group, and whether the message was Cc'd or Bcc'd to another user.
compliance Decision Based On The Results In Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/decision-based-on-the-results-in-advanced-ediscovery.md
In the Relevance module in Advanced eDiscovery, the Decide tab provides addition
## Using the Decide tab
-![Relevance Decide](../media/f32fed89-f3b5-404a-90c7-ea25d2eb58a9.png)
+![Relevance Decide.](../media/f32fed89-f3b5-404a-90c7-ea25d2eb58a9.png)
This tab includes the following components:
compliance Declare Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/declare-records.md
When you create a retention label from the **Records Management** solution in th
For example:
-![Configure a retention label to mark content as a record or regulatory](../media/recordversioning6.png)
+![Configure a retention label to mark content as a record or regulatory.](../media/recordversioning6.png)
Using this retention label, you can now apply it to SharePoint or OneDrive documents and Exchange emails, as needed.
When retention labels that mark items as a record or regulatory record are made
Example of a document marked as record by using a retention label:
-![Details pane for document tagged as a record](../media/recordversioning7.png)
+![Details pane for document tagged as a record.](../media/recordversioning7.png)
## Searching the audit log for labeled items that were declared records
compliance Define Mail Flow Rules To Encrypt Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email.md
You can define mail flow rules for triggering message encryption with the new OM
3. In the Microsoft 365 admin center, choose **Admin centers** \> **Exchange**.
-4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
+4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
5. In **Name**, type a name for the rule, such as Encrypt mail for DrToniRamos@hotmail.com.
You can define mail flow rules for triggering message encryption with the new OM
4. In the EAC, go to **Mail flow** \> **Rules**.
-5. In the list of mail flow rules, select the rule you want to modify to use the new OME capabilities and then choose **Edit** ![Edit icon](../media/ebd260e4-3556-4fb0-b0bb-cc489773042c.gif).
+5. In the list of mail flow rules, select the rule you want to modify to use the new OME capabilities and then choose **Edit** ![Edit icon.](../media/ebd260e4-3556-4fb0-b0bb-cc489773042c.gif).
6. To enable encryption using the new OME capabilities, from **Do the following**, choose **Modify the message security** and then choose **Apply Office 365 Message Encryption and rights protection**. Select an RMS template from the list, choose **Save** and then choose **OK**.
You can remove encryption that is applied by your organization.
3. In the Microsoft 365 admin center, choose **Admin centers** \> **Exchange**.
-4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
+4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
5. In **Name**, type a name for the rule, such as Remove encryption from outgoing mail.
compliance Deploy Facebook Connector https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/deploy-facebook-connector.md
This article contains the step-by-step process to deploy a connector that uses t
1. Go to <https://portal.azure.com> and sign in using the credentials of a global admin account.
- ![Create app in AAD](../media/FBCimage1.png)
+ ![Create app in AAD.](../media/FBCimage1.png)
2. In the left navigation pane, click **Azure Active Directory**.
- ![Click Azure Active Directory](../media/FBCimage2.png)
+ ![Click Azure Active Directory.](../media/FBCimage2.png)
3. In the left navigation pane, click **App registrations (Preview)** and then click **New registration**.
- ![Click **App registrations (Preview)** and then click **New registration**](../media/FBCimage3.png)
+ ![Click **App registrations (Preview)** and then click **New registration**.](../media/FBCimage3.png)
4. Register the application. Under Redirect URI, select Web in the application type dropdown list and then type <https://portal.azure.com> in the box for the URI.
- ![Register the application](../media/FBCimage4.png)
+ ![Register the application.](../media/FBCimage4.png)
5. Copy the **Application (client) ID** and **Directory (tenant) ID** and save them to a text file or other safe location. You use these IDs in later steps.
- ![Copy the Application ID and Directory ID and save them](../media/FBCimage5.png)
+ ![Copy the Application ID and Directory ID and save them.](../media/FBCimage5.png)
6. Go to **Certificates & secrets for the new app.**
- ![Go to Certificates & secrets for the new app](../media/FBCimage6.png)
+ ![Go to Certificates & secrets for the new app.](../media/FBCimage6.png)
7. Click **New client secret**
- ![Click New client secret](../media/FBCimage7.png)
+ ![Click New client secret.](../media/FBCimage7.png)
8. Create a new secret. In the description box, type the secret and then choose an expiration period.
- ![Type the secret and then choose an expiration period](../media/FBCimage8.png)
+ ![Type the secret and then choose an expiration period.](../media/FBCimage8.png)
9. Copy the value of the secret and save it to a text file or other storage location. This is the AAD application secret that you use in later steps.
- ![Copy the value of the secret and save it](../media/FBCimage9.png)
+ ![Copy the value of the secret and save it.](../media/FBCimage9.png)
## Step 2: Deploy the connector web service from GitHub to your Azure account 1. Go to [this GitHub site](https://github.com/microsoft/m365-sample-connector-csharp-aspnet) and click **Deploy to Azure**.
- ![Click Deploy to Azure](../media/FBCGithubApp.png)
+ ![Click Deploy to Azure.](../media/FBCGithubApp.png)
2. After you click **Deploy to Azure**, you will be redirected to an Azure portal with a custom template page. Fill in the **Basics** and **Settings** details and then click **Purchase**.
This article contains the step-by-step process to deploy a connector that uses t
- **APISecretKey:** You can type any value as the secret. This is used to access the connector web app in Step 5.
- ![Click Create a resource and type storage account](../media/FBCimage12.png)
+ ![Click Create a resource and type storage account.](../media/FBCimage12.png)
3. After the deployment is successful, the page will look similar to the following screenshot:
- ![Click Storage and then click Storage account](../media/FBCimage13.png)
+ ![Click Storage and then click Storage account.](../media/FBCimage13.png)
## Step 3: Register the Facebook app 1. Go to <https://developers.facebook.com>, log in using the credentials for the account for your organization's Facebook Business pages, and then click **Add New App**.
- ![Add a new app for Facebook business page](../media/FBCimage25.png)
+ ![Add a new app for Facebook business page.](../media/FBCimage25.png)
2. Create a new app ID.
- ![Create a new app ID](../media/FBCimage26.png)
+ ![Create a new app ID.](../media/FBCimage26.png)
3. In the left navigation pane, click **Add Products** and then click **Set Up** in the **Facebook Login** tile.
- ![Click Add Products](../media/FBCimage27.png)
+ ![Click Add Products.](../media/FBCimage27.png)
4. On the Integrate Facebook Login page, click **Web**.
- ![Click Web on the Integrate Facebook Login page](../media/FBCimage28.png)
+ ![Click Web on the Integrate Facebook Login page.](../media/FBCimage28.png)
5. Add the Azure app service URL; for example `https://fbconnector.azurewebsites.net`.
- ![Add the Azure app service URL](../media/FBCimage29.png)
+ ![Add the Azure app service URL.](../media/FBCimage29.png)
6. Complete the QuickStart section of the Facebook Login setup.
- ![Complete the QuickStart section](../media/FBCimage30.png)
+ ![Complete the QuickStart section.](../media/FBCimage30.png)
7. In the left navigation pane under **Facebook Login**, click **Settings**, and add the OAuth redirect URI in the **Valid OAuth Redirect URIs** box. Use the format **\<connectorserviceuri>/Views/FacebookOAuth**, where the value for connectorserviceuri is the Azure app service URL for your organization; for example, `https://fbconnector.azurewebsites.net`.
- ![Add the OAuth redirect URI to the Valid OAuth Redirect URIs box](../media/FBCimage31.png)
+ ![Add the OAuth redirect URI to the Valid OAuth Redirect URIs box.](../media/FBCimage31.png)
8. In the left navigation pane, click **Add Products** and then click **Webhooks.** In the **Page** pull-down menu, click **Page**.
- ![Click Add Products and then click **Webhooks](../media/FBCimage32.png)
+ ![Click Add Products and then click **Webhooks.](../media/FBCimage32.png)
9. Add Webhooks Callback URL and add a verify token. The format of the callback URL, use the format `<connectorserviceuri>/api/FbPageWebhook`, where the value for connectorserviceuri is the Azure app service URL for your organization; for example `https://fbconnector.azurewebsites.net`. The verify token should similar to a strong password. Copy the verify token to a text file or other storage location.
- ![Add the verify token](../media/FBCimage33.png)
+ ![Add the verify token.](../media/FBCimage33.png)
10. Test and subscribe to the endpoint for feed.
- ![Test and subscribe to the endpoint](../media/FBCimage34.png)
+ ![Test and subscribe to the endpoint.](../media/FBCimage34.png)
11. Add a privacy URL, app icon, and business use. Also, copy the app ID and app secret to a text file or other storage location.
- ![Add a privacy URL, app icon, and business use](../media/FBCimage35.png)
+ ![Add a privacy URL, app icon, and business use.](../media/FBCimage35.png)
12. Make the app public.
- ![Make the app public](../media/FBCimage36.png)
+ ![Make the app public.](../media/FBCimage36.png)
13. Add user to the admin or tester role.
- ![Add user to the admin or tester role](../media/FBCimage37.png)
+ ![Add user to the admin or tester role.](../media/FBCimage37.png)
14. Add the **Page Public Content Access** permission.
- ![dd the Page Public Content Access permission](../media/FBCimage38.png)
+ ![dd the Page Public Content Access permission.](../media/FBCimage38.png)
15. Add Manage Pages permission.
- ![Add Manage Pages permission](../media/FBCimage39.png)
+ ![Add Manage Pages permission.](../media/FBCimage39.png)
16. Get the application reviewed by Facebook.
- ![Get the application reviewed by Facebook](../media/FBCimage40.png)
+ ![Get the application reviewed by Facebook.](../media/FBCimage40.png)
## Step 4: Configure the connector web app 1. Go to `https://<AzureAppResourceName>.azurewebsites.net` (where AzureAppResourceName is the name of your Azure app resource that you named in Step 4). For example, if the name is **fbconnector**, go to `https://fbconnector.azurewebsites.net`. The home page of the app will look like the following screenshot:
- ![Go to you connector web app](../media/FBCimage41.png)
+ ![Go to you connector web app.](../media/FBCimage41.png)
2. Click **Configure** to display a sign in page.
- ![Click Configure to display a sign in page](../media/FBCimage42.png)
+ ![Click Configure to display a sign in page.](../media/FBCimage42.png)
3. In the Tenant Id box, type or paste your tenant Id (that you obtained in Step 2). In the password box, type or paste the APISecretKey (that you obtained in Step 2), and then click **Set Configuration Settings** to display the configuration details page.
- ![Sign in using your tenant Id and password and go to configuration details page](../media/FBCimage43.png)
+ ![Sign in using your tenant Id and password and go to configuration details page.](../media/FBCimage43.png)
4. Enter the following configuration settings
This article contains the step-by-step process to deploy a connector that uses t
5. On the **Add credentials for your connector app** page, enter the following information and then click **Validate connection**.
- ![Enter connector app credentials](../media/TCimage38.png)
+ ![Enter connector app credentials.](../media/TCimage38.png)
- In the **Name** box, type a name for the connector, such as **Facebook news page**.
This article contains the step-by-step process to deploy a connector that uses t
8. On the **Configure Facebook connector app** page, click **Login with Facebook** and log in using the credentials for the account for your organization's Facebook Business pages. Make sure the Facebook account that you logged in to is assigned the admin role for your organization's Facebook Business pages.
- ![Log in with Facebook](../media/FBCimage50.png)
+ ![Log in with Facebook.](../media/FBCimage50.png)
9. A list of the business pages managed by the Facebook account that you logged in to is displayed. Select the page to archive and then click **Next**.
- ![Select the organization business page that you want to archive](../media/FBCimage52.png)
+ ![Select the organization business page that you want to archive.](../media/FBCimage52.png)
10. Click **Continue** to exit the setup of the connector service app.
compliance Deploy Twitter Connector https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/deploy-twitter-connector.md
This article contains the step-by-step process to deploy a connector that uses t
1. Go to <https://portal.azure.com> and sign in using the credentials of a global admin account.
- ![Sign in to Azure](../media/TCimage01.png)
+ ![Sign in to Azure.](../media/TCimage01.png)
2. In the left navigation pane, click **Azure Active Directory**.
- ![Go to Azure Active Directory](../media/TCimage02.png)
+ ![Go to Azure Active Directory.](../media/TCimage02.png)
3. In the left navigation pane, click **App registrations (Preview)** and then click **New registration**.
- ![Create a new app registration](../media/TCimage03.png)
+ ![Create a new app registration.](../media/TCimage03.png)
4. Register the application. Under **Redirect URI (optional)**, select **Web** in the application type dropdown list and then type `https://portal.azure.com` in the box for the URI.
- ![Type https://portal.azure.com for the redirect URI](../media/TCimage04.png)
+ ![Type https://portal.azure.com for the redirect URI.](../media/TCimage04.png)
5. Copy the **Application (client) ID** and **Directory (tenant) ID** and save them to a text file or other safe location. You use these IDs in later steps.
- ![Copy and save the Application Id and Directory Id](../media/TCimage05.png)
+ ![Copy and save the Application Id and Directory Id.](../media/TCimage05.png)
6. Go to **Certificates & secrets for the new app** and under **Client secrets** click **New client secret**.
- ![Create a new client secret](../media/TCimage06.png)
+ ![Create a new client secret.](../media/TCimage06.png)
7. Create a new secret. In the description box, type the secret and then choose an expiration period.
- ![Type the secret and choose expiration period](../media/TCimage08.png)
+ ![Type the secret and choose expiration period.](../media/TCimage08.png)
8. Copy the value of the secret and save it to a text file or other storage location. This is the AAD application secret that you use in later steps.
- ![Copy and save the secret](../media/TCimage09.png)
+ ![Copy and save the secret.](../media/TCimage09.png)
## Step 2: Deploy the connector web service from GitHub to your Azure account 1. Go to [this GitHub site](https://github.com/microsoft/m365-sample-twitter-connector-csharp-aspnet) and click **Deploy to Azure**.
- ![Go to the Azure home page](../media/FBCimage11.png)
+ ![Go to the Azure home page.](../media/FBCimage11.png)
2. After you click **Deploy to Azure**, you will be redirected to an Azure portal with a custom template page. Fill in the **Basics** and **Settings** details and then click **Purchase**.
- ![Click Create a resource and type storage account](../media/FBCimage12.png)
+ ![Click Create a resource and type storage account.](../media/FBCimage12.png)
- **Subscription:** Select your Azure subscription that you want to deploy the Twitter connector web service to.
This article contains the step-by-step process to deploy a connector that uses t
3. After the deployment is successful, the page will look similar to the following screenshot:
- ![Click Storage and then click Storage account](../media/FBCimage13.png)
+ ![Click Storage and then click Storage account.](../media/FBCimage13.png)
## Step 3: Create the Twitter app 1. Go to https://developer.twitter.com, log in using the credentials for the developer account for your organization, and then click **Apps**.
- ![Go to https://developer.twitter.com and log in](../media/TCimage25-5.png)
+ ![Go to https://developer.twitter.com and log in.](../media/TCimage25-5.png)
2. Click **Create an app**.
- ![Go to Apps page to create an app](../media/TCimage26.png)
+ ![Go to Apps page to create an app.](../media/TCimage26.png)
3. Under **App details**, add information about the application.
- ![Enter info about the app](../media/TCimage27.png)
+ ![Enter info about the app.](../media/TCimage27.png)
4. On the Twitter developer dashboard, select the app that you just created and then click **Details**.
- ![Copy and save the App Id](../media/TCimage28.png)
+ ![Copy and save the App Id.](../media/TCimage28.png)
5. On the **Keys and tokens** tab, under **Consumer API keys** copy both the API Key and the API secret key and save them to a text file or other storage location. Then click **Create** to generate an access token and access token secret and copy these to a text file or other storage location.
- ![Copy and save to API secret key](../media/TCimage29.png)
+ ![Copy and save to API secret key.](../media/TCimage29.png)
Then click **Create** to generate an access token and an access token secret, and copy these to a text file or other storage location. 6. Click the **Permissions** tab and configure the permissions as shown in the following screenshot:
- ![Configure permissions](../media/TCimage30.png)
+ ![Configure permissions.](../media/TCimage30.png)
7. After you save the permission settings, click the **App details** tab, and then click **Edit > Edit details**.
- ![Edit the app details](../media/TCimage31.png)
+ ![Edit the app details.](../media/TCimage31.png)
8. Do the following tasks:
This article contains the step-by-step process to deploy a connector that uses t
- Add the OAuth redirect Uri using the following format: **\<connectorserviceuri>/Views/TwitterOAuth**, where the value of *connectorserviceuri* is the Azure app service URL for your organization; for example, https://twitterconnector.azurewebsites.net/Views/TwitterOAuth.
- ![Allow connector app to sign in to Twitter and add OAuth redirect Uri](../media/TCimage32.png)
+ ![Allow connector app to sign in to Twitter and add OAuth redirect Uri.](../media/TCimage32.png)
The Twitter developer app is now ready to use.
The Twitter developer app is now ready to use.
1. Go to https://\<AzureAppResourceName>.azurewebsites.net (where **AzureAppResourceName** is the name of your Azure app resource that you named in Step 4). For example, if the name is **twitterconnector**, go to https://twitterconnector.azurewebsites.net. The home page of the app looks like the following screenshot:
- ![Go to Azure app resource page](../media/FBCimage41.png)
+ ![Go to Azure app resource page.](../media/FBCimage41.png)
2. Click **Configure** to display a sign in page.
- ![Click Configure to display sign in page](../media/FBCimage42.png)
+ ![Click Configure to display sign in page.](../media/FBCimage42.png)
3. In the Tenant Id box, type or paste your tenant Id (that you obtained in Step 2). In the password box, type or paste the APISecretKey (that you obtained in Step 2), and then click **Set Configuration Settings** to display the configuration details page.
- ![Sign in using tenant Id and API secret key](../media/TCimage35.png)
+ ![Sign in using tenant Id and API secret key.](../media/TCimage35.png)
4. Enter the following configuration settings
The Twitter developer app is now ready to use.
5. On the **Add credentials for your connector app** page, enter the following information and then click **Validate connection**.
- ![Enter connector app credentials](../media/TCimage38.png)
+ ![Enter connector app credentials.](../media/TCimage38.png)
- In the **Name** box, type a name for the connector, such as **Twitter help handle**.
The Twitter developer app is now ready to use.
9. On the Twitter sign in page, sign in using the credentials for your organization's Twitter account.
- ![Sign in to Twitter account](../media/TCimage42.png)
+ ![Sign in to Twitter account.](../media/TCimage42.png)
After you sign in, the Twitter page will display the following message, "Twitter Connector Job Successfully set up."
compliance Differences Between Estimated And Actual Ediscovery Search Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/differences-between-estimated-and-actual-ediscovery-search-results.md
This topic applies to searches that you can run using one of the following Micro
When you run an eDiscovery search, the tool you're using will return an estimate of the number of items (and their total size) that match the search criteria. For example, when you run a search in the Microsoft 365 compliance center, the estimated search results are displayed on the flyout page for the selected search.
-![Estimate of results displayed on the search flyout page](../media/EstimatedSearchResults1.png)
+![Estimate of results displayed on the search flyout page.](../media/EstimatedSearchResults1.png)
This is the same estimate of total size and number of items that is displayed in the eDiscovery Export Tool when you export results to a local computer and in the Export Summary report that's downloaded with the search results. **Estimated results in the eDiscovery Export tool**
-![Estimated results in eDiscovery Export tool](../media/d34312a5-0ee6-49aa-9460-7ea0015a6e66.png)
+![Estimated results in eDiscovery Export tool.](../media/d34312a5-0ee6-49aa-9460-7ea0015a6e66.png)
**Estimated results in Export Summary report**
-![Estimated search results are included in the Export Summary report](../media/44b579da-86c2-4f33-81b5-84d604003eda.png)
+![Estimated search results are included in the Export Summary report.](../media/44b579da-86c2-4f33-81b5-84d604003eda.png)
However, as you'll notice in the previous screenshot of the Export Summary report, the size and number of actual search results that are downloaded are different than the size and number of estimated search results.
-![Difference between estimated and downloaded search results](../media/84aef318-230f-430d-9d9e-02f21342d364.png)
+![Difference between estimated and downloaded search results.](../media/84aef318-230f-430d-9d9e-02f21342d364.png)
Here are some reasons for these differences:
compliance Disposition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/disposition.md
A disposition review can include content in Exchange mailboxes, SharePoint sites
Administrators can see an overview of all pending dispositions in the **Overview** tab. Reviewers see only their items pending disposition. For example:
-![Pending dispositions in Records management overview](../media/dispositions-overview.png)
+![Pending dispositions in Records management overview.](../media/dispositions-overview.png)
When you select the **View all pending dispositions**, you're taken to the **Disposition** page. For example:
-![Dispositions page in Microsoft 365 compliance center](../media/disposition-tab.png)
+![Dispositions page in Microsoft 365 compliance center.](../media/disposition-tab.png)
### Workflow for a disposition review The following diagram shows the basic workflow for a disposition review when a retention label is published and then manually applied by a user. Alternatively, a retention label configured for a disposition review can be automatically applied to content.
-![Chart showing flow of how disposition works](../media/5fb3f33a-cb53-468c-becc-6dda0ec52778.png)
+![Chart showing flow of how disposition works.](../media/5fb3f33a-cb53-468c-becc-6dda0ec52778.png)
### How to configure a retention label for disposition review
Triggering a disposition review at the end of the retention period is a configur
From the **Define retention settings** page for a retention label:
-![Retention settings for a label](../media/disposition-review-option.png)
+![Retention settings for a label.](../media/disposition-review-option.png)
After you select this **Trigger a disposition review** option, on the next page of the wizard, you specify how many consecutive stages of disposition you want and the disposition reviewers for each stage:
-![Specifying disposition reviewers](../media/disposition-reviewers.png)
+![Specifying disposition reviewers.](../media/disposition-reviewers.png)
Select **Add a stage**, and name your stage for identification purposes. Then specify the reviewers for that stage.
Within each individual stage of disposition, any of the users you specify for th
During the configuration phase, for each stage specified, you can rename it, reorder it, or remove it by selecting the Stage actions option (**...**):
-![Stage actions for disposition reviews](../media/stage-actions-disposition-review.png)
+![Stage actions for disposition reviews.](../media/stage-actions-disposition-review.png)
However, you can't reorder or remove a stage after you have created the retention label.
After you have specified your reviewers, remember to grant them the **Dispositio
Example default email notification sent to a reviewer:
-![Email notification example with default text when an item is ready for disposition review](../media/disposition-review-email.png)
+![Email notification example with default text when an item is ready for disposition review.](../media/disposition-review-email.png)
Also in preview, you can customize the email messages that are sent to disposition reviewers for the initial notification and then reminders. From any of the Disposition pages in the compliance center, select **Records management settings**:
-![Records management settings](../media/record-management-settings.png)
+![Records management settings.](../media/record-management-settings.png)
Then select the **Disposition notifications** tab, and specify whether you want to use just the default email message, or add your own text to the default message. Your custom text is added to the email instructions after the information about the retention label and before the next steps instructions.
Select **Save** to save any changes.
When a reviewer is notified by email that content is ready to review, they can click a link in the email that takes them directly to the **Disposition** page from **Records management** in the Microsoft 365 compliance center. There, the reviewers can see how many items for each retention label are waiting disposition with the **Type** displaying **Pending disposition**. They then select a retention label, and **Open in new window** to see all content with that label:
-![Open in new window for disposition review](../media/open-in-new-window.png)
+![Open in new window for disposition review.](../media/open-in-new-window.png)
From the **Pending dispositions** page, they see all pending dispositions for that label. When one or more items are selected, they can use the mini-preview pane and the **Source**, **Details**, and **History** tab to inspect the content before taking action on it:
-![Disposition options](../media/retention-disposition-options.png)
+![Disposition options.](../media/retention-disposition-options.png)
If you use the horizontal scroll bar, or close the min-review pane, you see more columns that include the expiry date and the name of the disposition review stage.
Use the **Disposition** tab from the **Records management** page to identify:
These items display **Records Disposed** in the **Type** column. For example:
-![Items that were disposed of without a disposition review](../media/records-disposed2.png)
+![Items that were disposed of without a disposition review.](../media/records-disposed2.png)
> [!NOTE] > This functionality uses information from the [unified audit log](search-the-audit-log-in-security-and-compliance.md) and therefore requires auditing to be [enabled and searchable](turn-audit-log-search-on-or-off.md) so the corresponding events are captured.
compliance Dlp Chrome Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-chrome-get-started.md
Now that youΓÇÖve removed Chrome from the disallowed browsers/apps list, you can
2. Refer to the procedures in [Get started with Activity explorer](data-classification-activity-explorer.md) to access and filter all the data for your Endpoint devices. > [!div class="mx-imgBorder"]
- > ![activity explorer filter for endpoint devices](../media/endpoint-dlp-4-getting-started-activity-explorer.png)
+ > ![activity explorer filter for endpoint devices.](../media/endpoint-dlp-4-getting-started-activity-explorer.png)
### Known Issues and Limitations
compliance Dlp Configure Endpoints Sccm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-configure-endpoints-sccm.md
If you're using System Center 2012 R2 Configuration Manager, monitoring consists
If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to troubleshoot the devices. For more information, see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-onboarding).
- ![Configuration Manager showing successful deployment with no errors](../media/sccm-deployment.png)
+ ![Configuration Manager showing successful deployment with no errors.](../media/sccm-deployment.png)
### Check that the devices are compliant with the Microsoft 365 Endpoint data loss prevention service
compliance Dlp Configure Endpoints Script https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-configure-endpoints-script.md
You can also manually onboard individual devices to Microsoft 365 Endpoint data
8. Right-click **Command prompt** and select **Run as administrator**.
- ![Window Start menu pointing to Run as administrator](../media/dlp-run-as-admin.png)
+ ![Window Start menu pointing to Run as administrator.](../media/dlp-run-as-admin.png)
9. Type the location of the script file. If you copied the file to the desktop, type: *%userprofile%\Desktop\WindowsDefenderATPOnboardingScript.cmd*
For security reasons, the package used to Offboard devices will expire 30 days a
8. Right-click **Command prompt** and select **Run as administrator**.
- ![Window Start menu pointing to Run as administrator](../media/dlp-run-as-admin.png)
+ ![Window Start menu pointing to Run as administrator.](../media/dlp-run-as-admin.png)
9. Type the location of the script file. If you copied the file to the desktop, type: *%userprofile%\Desktop\WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*
compliance Dlp Learn About Dlp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-learn-about-dlp.md
DLP reports a vast amount of information into Microsoft 365 from monitoring, pol
When DLP takes an action on a sensitive item, you can be notified of that action via a configurable alert. Rather than having these alerts pile up in a mailbox for you to sift through, the Compliance center makes them available in the [DLP Alerts Management Dashboard](dlp-configure-view-alerts-policies.md). Use the DLP Alerts dashboard to configure alerts, review them, triage them and track resolution of DLP Alerts. Here's an example of alerts generated by policy matches and activities from Windows 10 devices. > [!div class="mx-imgBorder"]
-> ![Alert info](../media/Alert-info-1.png)
+> ![Alert info.](../media/Alert-info-1.png)
You can also view details of the associated event with rich metadata in the same dashboard > [!div class="mx-imgBorder"]
-> ![event info](../media/Event-info-1.png)
+> ![event info.](../media/Event-info-1.png)
### Reports
The [DLP reports](view-the-dlp-reports.md#view-the-reports-for-data-loss-prevent
The Activity explorer tab on the DLP page has the *Activity* filter preset to *DLPRuleMatch*. Use this tool to review activity related to content that contains sensitive info or has labels applied, such as what labels were changed, files were modified, and matched a rule.
-![screenshot of the DLPRuleMatch scoped activity explorer](../media/dlp-activity-explorer.png)
+![screenshot of the DLPRuleMatch scoped activity explorer.](../media/dlp-activity-explorer.png)
For more information, see [Get started with activity explorer](data-classification-activity-explorer.md)
compliance Dlp Microsoft Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-microsoft-teams.md
DLP protection are applied differently to Teams entities.
Similar to how DLP works in [Exchange, Outlook, Outlook on the web](data-loss-prevention-policies.md#policy-evaluation-in-exchange-online-outlook-and-outlook-on-the-web), [SharePoint Online, OneDrive for Business sites](data-loss-prevention-policies.md#policy-evaluation-in-onedrive-for-business-and-sharepoint-online-sites), and [Office desktop clients](data-loss-prevention-policies.md#policy-evaluation-in-the-office-desktop-programs), policy tips appear when an action triggers with a DLP policy. Here's an example of a policy tip:
-![Blocked message notification in Teams](../media/dlp-teams-blockedmessage-notification.png)
+![Blocked message notification in Teams.](../media/dlp-teams-blockedmessage-notification.png)
Here, the sender attempted to share a social security number in a Microsoft Teams channel. The **What can I do?** link opens a dialog box that provides options for the sender to resolve the issue. Notice that, the sender can opt to override the policy, or notify an admin to review and resolve it.
-![Options to resolve blocked message](../media/dlp-teams-blockedmessage-possibleactions.png)
+![Options to resolve blocked message.](../media/dlp-teams-blockedmessage-possibleactions.png)
In your organization, you can choose to allow users to override a DLP policy. When you configure your DLP policies, you can use the default policy tips, or [customize policy tips](#to-customize-policy-tips) for your organization. Returning to our example, where a sender shared a social security number in a Teams channel, here's what the recipient saw: > [!div class="mx-imgBorder"]
-> ![Message blocked](../media/dlp-teams-blockedmessage-notification-to-user.png)
+> ![Message blocked.](../media/dlp-teams-blockedmessage-notification-to-user.png)
### To customize policy tips
To perform this task, you must be assigned a role that has permissions to edit D
4. Either create a new rule, or edit an existing rule for the policy. > [!div class="mx-imgBorder"]
- > ![Editing a rule for a policy](../media/dlp-teams-editrule.png)
+ > ![Editing a rule for a policy.](../media/dlp-teams-editrule.png)
5. On the **User notifications** tab, select **Customize the email text** and/or **Customize the policy tip text** options. > [!div class="mx-imgBorder"]
- > ![Customize user notifications and policy tips](../media/dlp-teams-editrule-usernotifications.png)<br/>
+ > ![Customize user notifications and policy tips.](../media/dlp-teams-editrule-usernotifications.png)<br/>
6. Specify the text you want to use for email notifications and/or policy tips, and then choose **Save**.
To perform this task, you must be assigned a role that has permissions to edit D
3. Select a policy, and look at the values under **Locations**. If you see **Teams chat and channel messages**, you're all set. If you don't, click **Edit**. > [!div class="mx-imgBorder"]
- > ![Locations for existing policy](../media/dlp-teams-editexistingpolicy.png)
+ > ![Locations for existing policy.](../media/dlp-teams-editexistingpolicy.png)
4. In the **Status** column, turn the policy on for **Teams chat and channel messages**. > [!div class="mx-imgBorder"]
- > ![DLP for Teams chats and channels](../media/dlp-teams-addteamschatschannels.png)
+ > ![DLP for Teams chats and channels.](../media/dlp-teams-addteamschatschannels.png)
5. On the **Choose locations** tab, keep the default setting of all accounts, or select **Let me choose specific locations**. You can specify:
To perform this task, you must be assigned a role that has permissions to edit D
In our example, we chose the U.S. Personally Identifiable Information Data template. > [!div class="mx-imgBorder"]
- > ![Privacy template for DLP policy](../media/dlp-teams-createnewpolicy-template.png)<br/>
+ > ![Privacy template for DLP policy.](../media/dlp-teams-createnewpolicy-template.png)<br/>
4. On the **Name your policy** tab, specify a name and description for the policy, and then choose **Next**.
To perform this task, you must be assigned a role that has permissions to edit D
1. distribution lists and security groups to include or exclude. **This is a public preview feature.** <!-- 1. the shared mailbox of a shared channel. **This is a public preview feature.**-->
- ![DLP policy locations](../media/dlp-teams-selectlocationsnewpolicy.png)
+ ![DLP policy locations.](../media/dlp-teams-selectlocationsnewpolicy.png)
> [!NOTE] > If you want to make sure documents that contain sensitive information are not shared inappropriately in Teams, make sure **SharePoint sites** and **OneDrive accounts** are turned on, along with **Teams chat and channel messages**.
To perform this task, you must be assigned a role that has permissions to edit D
7. On the **Policy settings** tab, under **What do you want to do if we detect sensitive info?**, review the settings. Here's where you can choose to keep default [policy tips and email notifications](use-notifications-and-policy-tips.md), or customize them. > [!div class="mx-imgBorder"]
- > ![DLP policy settings with tips and notifications](../media/dlp-teams-policysettings-tipsemails.png)
+ > ![DLP policy settings with tips and notifications.](../media/dlp-teams-policysettings-tipsemails.png)
When you're finished reviewing or editing settings, choose **Next**. 8. On the **Policy settings** tab, under **Do you want to turn on the policy or test things out first?**, choose whether to turn the policy on, [test it first](dlp-overview-plan-for-dlp.md#policy-deployment), or keep it turned off for now, and then choose **Next**. > [!div class="mx-imgBorder"]
- > ![Specify whether to turn the policy on](../media/dlp-teams-policysettings-turnonnow.png)
+ > ![Specify whether to turn the policy on.](../media/dlp-teams-policysettings-turnonnow.png)
9. On the **Review your settings** tab, review the settings for your new policy. Choose **Edit** to make changes. When you're finished, choose **Create**.
To ensure that SharePoint documents that contain sensitive information cannot be
- Content is shared from Microsoft 365 with people outside my organization > [!div class="mx-imgBorder"]
- > ![DLP conditions to detect external sharing of sensitive content](../media/dlp-teams-external-sharing/external-condition.png)
+ > ![DLP conditions to detect external sharing of sensitive content.](../media/dlp-teams-external-sharing/external-condition.png)
- **Actions** - Restrict access to the content for external users
To ensure that SharePoint documents that contain sensitive information cannot be
- Send incident reports to the Administrator > [!div class="mx-imgBorder"]
- > ![DLP action to block external sharing of sensitive content](../media/dlp-teams-external-sharing/external-action.png)
+ > ![DLP action to block external sharing of sensitive content.](../media/dlp-teams-external-sharing/external-action.png)
DLP policy in action when attempting to share a document in SharePoint that contains sensitive information with an external guest: > [!div class="mx-imgBorder"]
-> ![External sharing blocked](../media/dlp-teams-external-sharing/external-sharing-blocked.png)
+> ![External sharing blocked.](../media/dlp-teams-external-sharing/external-sharing-blocked.png)
DLP policy in action when guest attempts to open a document in Teams with block external: > [!div class="mx-imgBorder"]
-> ![External access blocked](../media/dlp-teams-external-sharing/external-access-blocked.png)
+> ![External access blocked.](../media/dlp-teams-external-sharing/external-access-blocked.png)
## Related articles
compliance Dlp Overview Plan For Dlp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-overview-plan-for-dlp.md
Your implementation plan should include:
Documenting how your organization is going to get from its starting state to the desired end state is essential to communicating with your stakeholders and setting the project scope. Here is a set of steps that are commonly used to deploy DLP. You'll want more detail than this, but you can use this to frame your DLP adoption path.
-![graphic showing common order for deploying DLP](../media/dlp-deployment-planning.png)
+![graphic showing common order for deploying DLP.](../media/dlp-deployment-planning.png)
#### Sensitive item discovery
If you're creating DLP policies with a large potential impact, we recommend foll
3. **Start full enforcement on the policies** so that the actions in the rules are applied and the content's protected. Continue to monitor the DLP reports and any incident reports or notifications to make sure that the results are what you intend.
- ![Options for using test mode and turning on policy](../media/49fafaac-c6cb-41de-99c4-c43c3e380c3a.png)
+ ![Options for using test mode and turning on policy.](../media/49fafaac-c6cb-41de-99c4-c43c3e380c3a.png)
You can turn off a DLP policy at any time, which affects all rules in the policy. However, each rule can also be turned off individually by toggling its status in the rule editor.
- ![Options for turning off a rule in a policy](../media/f7b258ff-1b8b-4127-b580-83c6492f2bef.png)
+ ![Options for turning off a rule in a policy.](../media/f7b258ff-1b8b-4127-b580-83c6492f2bef.png)
You can also change the priority of multiple rules in a policy. To do that, open a policy for editing. In a row for a rule, choose the ellipses (**...**), and then choose an option, such as **Move down** or **Bring to last**.
- ![Set rule priority](../media/dlp-set-rule-priority.png)
+ ![Set rule priority.](../media/dlp-set-rule-priority.png)
#### End-user training
compliance Dlp Policy Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md
+
+ Title: "Data Loss Prevention policy reference"
+f1.keywords: CSH
+++ Last updated :
+audience: Admin
++
+localization_priority: Normal
+search.appverid:
+- SPO160
+- MET150
+ms.assetid: 6501b5ef-6bf7-43df-b60d-f65781847d6c
+
+- M365-security-compliance
+- SPO_Content
+recommendations: false
+description: "DLP policy component and configuration reference"
++
+# Data Loss Prevention policy reference
+
+Data loss prevention (DLP) policies have many components that can be configured. In order to create an effective policy, you need to understand what the purpose of each component is and how its configuration alters the behavior of the policy. This article provides a detailed anatomy of a DLP policy.
+
+### Policy templates
+
+DLP policy templates are pre-sorted into four categories:
+
+- ones that can detect and protect types of **Financial** information
+- ones that can detect and protect types of **Medical and health** information
+- ones that can detect and protect types of **Privacy** information
+- a **Custom** template that you can use to build your own policy if one of the others doesn't meet your organizations needs.
+
+This table lists all policy templates and the sensitive information types (SIT) that they cover.
+
+Current as of 6/23/2021
+
+|Category| Template | SIT |
+||||
+|Financial| Australia Financial Data| - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia bank account number](sensitive-information-type-entity-definitions.md#australia-bank-account-number) </br> - [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
+|Financial| Canada Financial data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number)|
+|Financial| France Financial data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number)|
+|Financial| Germany Financial Data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number)|
+|Financial| Israel Financial Data |- [Israel bank account number](sensitive-information-type-entity-definitions.md#israel-bank-account-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
+|Financial| Japan Financial Data |- [Japan bank account number](sensitive-information-type-entity-definitions.md#japan-bank-account-number) </br> - [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
+|Financial| PCI Data Security Standard (PCI DSS)|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number)|
+|Financial| Saudi Arabia Anti-Cyber Crime Law|- [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [International banking account number (IBAN)](sensitive-information-type-entity-definitions.md#international-banking-account-number-iban) |
+|Financial| Saudi Arabia Financial Data |- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code) </br> - [International banking account number (IBAN)](sensitive-information-type-entity-definitions.md#international-banking-account-number-iban)|
+|Financial| UK Financial Data|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
+|Financial| US Financial Data|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [ABA Routing Number](sensitive-information-type-entity-definitions.md#aba-routing-number)|
+|Financial| U.S. Federal Trade Commission (FTC) Consumer Rules|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [ABA Routing Number](sensitive-information-type-entity-definitions.md#aba-routing-number)|
+|Financial| U.S. Gramm-Leach-Bliley Act (GLBA) Enhanced|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S. / U.K. passport number](sensitive-information-type-entity-definitions.md#us--uk-passport-number) </br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number)|
+|Financial| U.S. Gramm-Leach-Bliley Act (GLBA)|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
+|Medical and health| Australia Health Records Act (HRIP Act) Enhanced |- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia medical account number](sensitive-information-type-entity-definitions.md#australia-medical-account-number)|
+|Medical and health| Australia Health Records Act (HRIP Act)|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia medical account number](sensitive-information-type-entity-definitions.md#australia-medical-account-number)|
+|Medical and health| Canada Health Information Act (HIA) |- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
+|Medical and health| Canada Personal Health Information Act (PHIA) Manitoba|- [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
+|Medical and health| Canada Personal Health Act (PHIPA) Ontario |- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
+|Medical and health| U.K. Access to Medical Reports Act|- [U.K. national health service number](sensitive-information-type-entity-definitions.md#uk-national-health-service-number) </br> - [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino)|
+|Medical and health| U.S. Health Insurance Act (HIPAA) Enhanced|</br> - [International classification of diseases (ICD-9-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-9-cm) </br> - [International classification of diseases (ICD-10-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-10-cm) |
+|Medical and health| U.S. Health Insurance Act (HIPAA)| - [International classification of diseases (ICD-9-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-9-cm) </br> - [International classification of diseases (ICD-10-CM)](sensitive-information-type-entity-definitions.md#international-classification-of-diseases-icd-10-cm)|
+|Privacy| Australia Privacy Act Enhanced|- [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number) </br> - [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number)|
+|Privacy| Australia Privacy Act|- [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number) </br> - [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number)|
+|Privacy| Australia Personally Identifiable Information (PII) Data|- [Australia tax file number](sensitive-information-type-entity-definitions.md#australia-tax-file-number) </br> - [Australia driver's license number](sensitive-information-type-entity-definitions.md#australia-drivers-license-number)|
+|Privacy| Canada Personally Identifiable Information (PII) Data|- [Canada driver's license number](sensitive-information-type-entity-definitions.md#canada-drivers-license-number)</br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number) </br> - [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
+|Privacy| Canada Personal Information Protection Act (PIPA)|- [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
+|Privacy| Canada Personal Information Protection Act (PIPEDA)|- [Australia passport number](sensitive-information-type-entity-definitions.md#australia-passport-number) </br> [Canada driver's license number](sensitive-information-type-entity-definitions.md#canada-drivers-license-number) </br> - [Canada bank account number](sensitive-information-type-entity-definitions.md#canada-bank-account-number) </br> - [Canada passport number](sensitive-information-type-entity-definitions.md#canada-passport-number)</br> - [Canada social insurance number](sensitive-information-type-entity-definitions.md#canada-social-insurance-number) </br> - [Canada health service number](sensitive-information-type-entity-definitions.md#canada-health-service-number) </br> - [Canada Personal Health Identification Number](sensitive-information-type-entity-definitions.md#canada-personal-health-identification-number-phin)|
+|Privacy| France Data Protection Act|- [France national id card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni) </br> - [France social security number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee)|
+|Privacy| France Personally Identifiable Information (PII) Data|- [France social security number (INSEE)](sensitive-information-type-entity-definitions.md#france-social-security-number-insee) </br> - [France driver's license number](sensitive-information-type-entity-definitions.md#france-drivers-license-number) </br> - [France passport number](sensitive-information-type-entity-definitions.md#france-passport-number) </br> - [France national id card (CNI)](sensitive-information-type-entity-definitions.md#france-national-id-card-cni)|
+|Privacy| General Data Protection Regulation (GDPR) Enhanced|- [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [EU driver's license number](sensitive-information-type-entity-definitions.md#eu-drivers-license-number) </br> - [EU national identification number](sensitive-information-type-entity-definitions.md#eu-national-identification-number) </br> - [EU passport number](sensitive-information-type-entity-definitions.md#eu-passport-number) </br> - [EU social security number or equivalent identification](sensitive-information-type-entity-definitions.md#eu-social-security-number-or-equivalent-identification) </br> - [EU Tax identification number](sensitive-information-type-entity-definitions.md#eu-tax-identification-number)|
+|Privacy| General Data Protection Regulation (GDPR)|- [EU debit card number](sensitive-information-type-entity-definitions.md#eu-debit-card-number) </br> - [EU driver's license number](sensitive-information-type-entity-definitions.md#eu-drivers-license-number) </br> - [EU national identification number](sensitive-information-type-entity-definitions.md#eu-national-identification-number)</br> - [EU passport number](sensitive-information-type-entity-definitions.md#eu-passport-number) </br> - [EU social security number or equivalent identification](sensitive-information-type-entity-definitions.md#eu-social-security-number-or-equivalent-identification)</br> - [EU Tax identification number](sensitive-information-type-entity-definitions.md#eu-tax-identification-number)|
+|Privacy| Germany Personally Identifiable Information (PII) Data|- [Germany driver's license number](sensitive-information-type-entity-definitions.md#germany-drivers-license-number) </br> - [Germany passport number](sensitive-information-type-entity-definitions.md#germany-passport-number)|
+|Privacy| Israel Personally Identifiable Information (PII) Data|- [Israel national identification number](sensitive-information-type-entity-definitions.md#israel-national-identification-number)|
+|Privacy| Israel Protection of Privacy|- [Israel national identification number](sensitive-information-type-entity-definitions.md#israel-national-identification-number)</br> - [Israel bank account number](sensitive-information-type-entity-definitions.md#israel-bank-account-number)|
+|Privacy| Japan Personally Identifiable Information (PII) Data enhanced|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)</br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number)</br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)|
+|Privacy| Japan Personally Identifiable Information (PII) Data|- [Japan resident registration number](sensitive-information-type-entity-definitions.md#japan-resident-registration-number) </br> - [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)|
+|Privacy| Japan Protection of Personal Information Enhanced|- [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin) </br> - [Japan My Number - Personal](sensitive-information-type-entity-definitions.md#japan-my-numberpersonal)</br> - [Japan passport number](sensitive-information-type-entity-definitions.md#japan-passport-number) </br> - [Japan driver's license number](sensitive-information-type-entity-definitions.md#japan-drivers-license-number)|
+|Privacy| Japan Protection of Personal Information|- [Japan resident registration number](sensitive-information-type-entity-definitions.md#japan-resident-registration-number)</br> - [Japan Social Insurance Number (SIN)](sensitive-information-type-entity-definitions.md#japan-social-insurance-number-sin)|
+|Privacy| Saudi Arabia Personally Identifiable (PII) Data|- [Saudi Arabia National ID](sensitive-information-type-entity-definitions.md#saudi-arabia-national-id)|
+|Privacy| U.K. Data Protection Act|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.S. / U.K. passport number](sensitive-information-type-entity-definitions.md#us--uk-passport-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
+|Privacy| U.K. Privacy and Electronic Communications Regulations|- [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
+|Privacy| U.K. Personally Identifiable Information (PII) Data|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.S. / U.K. passport number](sensitive-information-type-entity-definitions.md#us--uk-passport-number)|
+|Privacy| U.K. Personal Information Online Code of Practice (PIOCP)|- [U.K. national insurance number (NINO)](sensitive-information-type-entity-definitions.md#uk-national-insurance-number-nino) </br> - [U.K. national health service number](sensitive-information-type-entity-definitions.md#uk-national-health-service-number) </br> - [SWIFT code](sensitive-information-type-entity-definitions.md#swift-code)|
+|Privacy| U.S Patriot Act Enhanced|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
+|Privacy| U.S. Patriot Act|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> - [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
+|Privacy| U.S. Personally Identifiable Information (PII) Data Enhanced|- [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S. / U.K. passport number](sensitive-information-type-entity-definitions.md#us--uk-passport-number)|
+|Privacy| U.S. Personally Identifiable Information (PII) Data|- [U.S. Individual Taxpayer Identification Number (ITIN)](sensitive-information-type-entity-definitions.md#us-individual-taxpayer-identification-number-itin) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)</br> - [U.S. / U.K. passport number](sensitive-information-type-entity-definitions.md#us--uk-passport-number)|
+|Privacy| U.S. State Breach Notification Laws Enhanced|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn) </br> - [U.S. / U.K. passport number](sensitive-information-type-entity-definitions.md#us--uk-passport-number)|
+|Privacy| U.S. State Breach Notification Laws|- [Credit card number](sensitive-information-type-entity-definitions.md#credit-card-number) </br> - [U.S. bank account number](sensitive-information-type-entity-definitions.md#us-bank-account-number)</br> -[U.S. driver's license number](sensitive-information-type-entity-definitions.md#us-drivers-license-number) </br> - [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
+|Privacy| U.S. State Social Security Number Confidentiality Laws|- [U.S. social security number (SSN)](sensitive-information-type-entity-definitions.md#us-social-security-number-ssn)|
+++
+### Locations
+
+<!--This section covers a mapping of data-at-rest, data-in-use, and data-in-motion to the locations/workloads. It introduces the idea that the options that are selected here have a direct impact on the UI that they will encounter further along in the policy creation/edit flow. It will also cover the dependencies between locations (eg. Teams chat and channel requires SharePoint and ODB). It will also include the impact of the different scope settings. eg. If you want the policy to be applied to DEF, but not HIJ, you should configure your include/exclude scopes like this......-->
++
+A DLP policy can find and protect items that contain sensitive information across multiple locations.
++
+|Location |Include/Exclude scope |data state |additional pre-requisites |
+|||||
+|Exchange email online |distribution group | data-in-motion| no |
+|SharePoint online sites |sites | data-at-rest </br> data-in-use | no|
+|OneDrive for Business accounts| account or distribution group |data-at-rest </br> data-in-use|no|
+|Teams chat and channel messages | account or distribution group |data-in-motion </br> data-in-use | no |
+|Microsoft Cloud App Security (MCAS) | cloud app instance |data-at-rest | - [Use data loss prevention policies for non-Microsoft cloud apps](dlp-use-policies-non-microsoft-cloud-apps.md#use-data-loss-prevention-policies-for-non-microsoft-cloud-apps) |
+|Devices |user or group |data-at-rest </br> data-in-use </br> data-in-motion |- [Learn about Microsoft 365 Endpoint data loss prevention](endpoint-dlp-learn-about.md#learn-about-microsoft-365-endpoint-data-loss-prevention) </br>- [Get started with Endpoint data loss prevention](endpoint-dlp-getting-started.md#get-started-with-endpoint-data-loss-prevention) </br>- [Configure device proxy and internet connection settings for Endpoint DLP](endpoint-dlp-configure-proxy.md#configure-device-proxy-and-internet-connection-settings-for-endpoint-dlp) |
+|On-premises repositories (file shares and SharePoint) |repository | data-at-rest | - [Learn about the Microsoft 365 data loss prevention on-premises scanner](dlp-on-premises-scanner-learn.md#learn-about-the-microsoft-365-data-loss-prevention-on-premises-scanner) </br> - [Get started with the data loss prevention on-premises scanner](dlp-on-premises-scanner-get-started.md#get-started-with-the-data-loss-prevention-on-premises-scanner) |
+
+If you choose to include specific distribution groups in Exchange, the DLP policy will be scoped only to the members of that group. Similarly excluding a distribution group will exclude all the members of that distribution group from policy evaluation. You can choose to scope a policy to the members of distribution lists, dynamic distribution groups, and security groups. A DLP policy can contain no more than 50 such inclusions and exclusions.
+
+If you choose to include or exclude specific SharePoint sites or OneDrive accounts, a DLP policy can contain no more than 100 such inclusions and exclusions. Although this limit exists, you can exceed this limit by applying either an org-wide policy or a policy that applies to entire locations.
+
+If you choose to include or exclude specific OneDrive accounts or groups, a DLP policy can contain no more than 100 user accounts or 50 groups as inclusion or exclusion.
+
+#### Location support for how content can be defined
+
+DLP policies detect sensitive items by matching them to a sensitive information type (SIT), to a sensitivity label, or a retention label. Each location supports different methods of defining sensitive content. Additionally, when you combine locations in a policy, how the content can be defined can change from how it can be defined by a single location.
+
+> [!IMPORTANT]
+> When you select multiple locations for a policy, a "no" value for a content definition category takes precedence over "yes" value. For example, when you select SharePoint sites only, the policy will support detecting sensitive items by one or more of SIT, by sensitivity label, or by retention label. But, when you select SharePoint sites ***and*** Teams chat and channel messages locations, the policy will only support detecting sensitive items by SIT.
+
+|location| content can be defined by SIT| content can be defined sensitivity label| content can be defined by retention label|
+|||||
+|Exchange email online|yes| yes| no|
+|SharePoint online sites| yes| yes| yes|
+|OneDrive for Business accounts| yes| yes| yes|
+|Teams Chat and Channel messages | yes| no| no|
+|Devices |yes | yes| no|
+|Microsoft Cloud App Security| yes| yes| yes|
+|On-Premises repositories| yes| yes| no|
+
+> [!NOTE]
+> DLP supports detecting sensitivity labels on emails and attachemnets See, [Use sensitivity labels as conditions in DLP policies](dlp-sensitivity-label-as-condition.md#use-sensitivity-labels-as-conditions-in-dlp-policies)
+++
+### Rules
+
+<!--This section introduces the classifications of content that, when detected, can be protected. Link out to [Learn about sensitive information types]() and [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md#sensitive-information-type-entity-definitions) as well as labels (cross referenced by supporting workload). It will touch on the purpose of multiple conditions, confidence levels (link out to [more on confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels)) and confidence levels video. How to use the confidence level to change the behavior of a policy in conjunction with the instance count. eg. if you want your policy to trigger when it encounters situation DEF, set your conditions like HIJ.-->
+<!--
+- What is a rule in the context of a Policy?
+- when and why should I have more than one rule?
+- The purpose of rule groups
+- How do I tune the behavior of a Policy through the tuning of rules
+- what's in a rule-->
+
+Rules are the business logic of DLP policies. They consist of:
+
+- [**Conditions**](#conditions) that when matched, trigger the policy
+- [**Exceptions**](#exceptions) to the conditions
+- [**Actions**](#actions) to take when the policy is triggered
+- [**User notifications**](#user-notifications-and-policy-tips) to inform your users when they are doing something that triggers a policy and help educate them on how your org wants sensitive information treated
+- [**User Overrides**](#user-overrides) when configured by an admin, allow users to selectively override a blocking action
+- [**Incident Reports**](#incident-reports) that notify admins and other key stakeholders when a rule match occurs
+- [**Additional Options**](#additional-options) which define the priority for rule evaluation and can stop further rule and policy processing.
+
+ A policy contains one or more rules. Rules are executed sequentially, starting with the highest-priority rule in each policy.
+
+#### The priority by which rules are processed
+
+Each rule is assigned a priority in the order in which it's created ΓÇö meaning, the rule created first has first priority, the rule created second has second priority, and so on.
+
+![Rules in priority order](../media/dlp-rules-in-priority-order.png)
+
+When content is evaluated against rules, the rules are processed in priority order. If content matches multiple rules, the first rule evaluated that has the most restrictive action is enforced. For example, if content matches all of the following rules, Rule 3 is enforced because it's the highest priority, most restrictive rule:
+
+- Rule 1: only notifies users
+- Rule 2: notifies users, restricts access, and allows user overrides
+- Rule 3: notifies users, restricts access, and does not allow user overrides
+- Rule 4: restricts access
+
+Rules 1, 2, and 4 would be evaluated, but not applied. In this example, matches for all of the rules are recorded in the audit logs and shown in the DLP reports, even though only the most restrictive rule is applied.
+
+You can use a rule to meet a specific protection requirement, and then use a DLP policy to group together common protection requirements, such as all of the rules needed to comply with a specific regulation.
+
+For example, you might have a DLP policy that helps you detect the presence of information subject to the Health Insurance Portability and Accountability Act (HIPAA). This DLP policy could help protect HIPAA data (the what) across all SharePoint Online sites and all OneDrive for Business sites (the where) by finding any document containing this sensitive information that's shared with people outside your organization (the conditions) and then blocking access to the document and sending a notification (the actions). These requirements are stored as individual rules and grouped together as a DLP policy to simplify management and reporting.
+
+![Diagram shows that DLP policy contains locations and rules](../media/c006860c-2d00-42cb-aaa4-5b5638d139f7.png)
+
+#### Conditions
+
+Conditions are inclusive and are where you define what you want the rule to look for and context in which those items are being used. They tell the rule &#8212; when you find an item that looks like *this* and is being used like *that* &#8212; it's a match and the rest of the actions in the policy should be taken on it. You can use conditions to assign different actions to different risk levels. For example, sensitive content shared internally might be lower risk and require fewer actions than sensitive content shared with people outside the organization.
+
+> [!NOTE]
+> Users who have non-guest accounts in a host organization's Active Directory or Azure Active Directory tenant are considered as people inside the organization.
+
+##### Content contains
+
+ All locations support the **Content contains** contains condition. You can select multiple instances of each content type and further refine the conditions by using the **Any of these** (logical OR) or **All of these** (logical AND) operators:
+
+- [sensitive information types](sensitive-information-type-learn-about.md#learn-about-sensitive-information-types)
+- [sensitivity labels](sensitivity-labels.md)
+- [retention labels](retention.md#using-a-retention-label-as-a-condition-in-a-dlp-policy)
+
+depending on the [location(s)](#location-support-for-how-content-can-be-defined) you choose to apply the policy to.
+
+SITs have a pre-defined [**confidence level**](https://www.microsoft.com/videoplayer/embed/RE4Hx60) which you can alter if needed. For more information, see [More on confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels). SITs also have a pre-defined range of occurrences of a SIT that must be found to match the rule, for example, if the **Instance count** range is set from one to nine, the SIT must occur at least once and up to nine times for the rule to match.
+
+The rule will only look for the presence of any **sensitivity labels** and **retention labels** you pick.
+
+##### Condition context
+
+The available context options change depending on which location you choose. If you select multiple locations, only the conditions that the locations have in common are available.
+
+###### Conditions Exchange supports:
+
+- Content contains
+- Content is shared from Microsoft 365
+- Content is received from
+- Sender IP address is
+- Has sender overridden the policy tip
+- Sender is
+- Sender domain is
+- Sender address contains words
+- Sender address contains patterns
+- Sender AD Attribute contains words or phrases
+- Sender AD Attribute matches patterns
+- Sender is a member of
+- Any email attachment's content could not be scanned
+- Any email attachment's content didn't complete scanning
+- Attachment is password protected
+- File extension is
+- Recipient is member of
+- Recipient domain is
+- Recipient is
+- Recipient address contains words
+- Recipient address matches patterns
+- Recipient AD Attribute contains words or phrases
+- Recipient AD Attribute matches patterns
+- Document name contains words or phrases
+- Document name matches patterns
+- Document property is
+- Document size equals or is greater than
+- Document content contains words or phrases
+- Document content matches patterns
+- Subject contains words or phrases
+- Subject matches patterns
+- Subject or Body contains words or phrases
+- Subject or body matches patterns
+- Content character set contains words
+- Header contains words or phrases
+- Header matches patterns
+- Message size equals or is greater than
+- Message type is
+- Message importance is
+
+###### Conditions SharePoint supports
+
+- Content contains
+- Content is shared from Microsoft 365
+- File extension is
+- Document property is
+
+###### Conditions OneDrive accounts supports
+
+- Content contains
+- Content is shared from Microsoft 365
+- File extension is
+- Document property is
+
+###### Conditions Teams chat and channel messages support
+
+- Content contains
+- Content is shared from Microsoft 365
+
+###### Conditions Devices supports
+
+- content contains
+- See, [Endpoint activities you can monitor and take action on](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on)
+
+###### Conditions Microsoft Cloud App Security support
+
+- Content contains
+- Content is shared from Microsoft 365
+
+###### On-premises repositories
+
+- Content contains
+- File extension is
+- Document property is
+
+##### Condition groups
+
+Sometimes you need a rule to only identify one thing, like all content that contains a U.S. Social Security Number, which is defined by a single SIT. But in many scenarios, where the types of items you are trying to identify are more complex and therefore harder to define, more flexibility in defining conditions is required.
+
+For example, to identify content subject to the U.S. Health Insurance Act (HIPAA), you need to look for:
+
+- Content that contains specific types of sensitive information, such as a U.S. Social Security Number or Drug Enforcement Agency (DEA) Number.
+
+ AND
+
+- Content that's more difficult to identify, such as communications about a patient's care or descriptions of medical services provided. Identifying this content requires matching keywords from very large keyword lists, such as the International Classification of Diseases (ICD-9-CM or ICD-10-CM).
+
+You can identify this type of data by grouping conditions and using logical operators (AND, OR) between the groups.
+
+For the **U.S. Health Insurance Act (HIPPA)**, conditions are grouped like this:
+
+![HIPPA policy conditions](../media/dlp-rules-condition-groups-booleans.png)
+
+The first group contains the SITs that identify and individual and the second group contains the SITs that identify medical diagnosis.
+
+#### Exceptions
+
+In rules, exceptions define conditions that are used to exclude an item from the policy. Logically, exclusive conditions that are evaluated after the inclusive conditions and context. They tell the rule &#8212; when you find an item that looks like *this* and is being used like *that* its a match and the rest of the actions in the policy should be taken on it ***except if***... &#8212;
+
+For example, keeping with the HIPPA policy, we could modify the rule to exclude any item that contains a Belgium drivers license number, like this:
+
+![HIPPA policy with exclusions](../media/dlp-rule-exceptions.png)
+
+The exceptions conditions that are supported by location are identical to all the inclusion conditions with the only difference being the prepending of "Except if" to each supported condition.
+
+Just as all locations support the inclusive condition:
+
+- Content contains
+
+the exception would be:
+
+- **Except if** content contains
+
+#### Actions
+
+Any item that makes it through the inclusive ***conditions*** and exclusive ***exceptions*** filters will have any ***actions*** that are defined in the rule applied to it. You'll have to configure the required options to support the action. For example, if you select Exchange with the **Restrict access or encrypt the content in Microsoft 365 locations** action you need to choose from these options:
+
+- Block users from accessing shared SharePoint, OneDrive, and Teams content
+ - Block everyone. Only the content owner, last modifier, and site admin will continue to have access
+ - Block only people from outside your organization. Users inside your organization will continue to have access.
+- Encrypt email messages (applies only to content in Exchange)
+
+The actions that are available in a rule are dependent on the locations that have been selected. If you select only one location for the policy to be applied to, the available actions are listed below.
+
+> [!IMPORTANT]
+> For SharePoint Online and OneDrive for Business locations documents will be proactively blocked right after detection of sensitive information, irrespective of whether the document is shared or not, for all external users, while internal users will continue to have access to the document.
+
+##### Exchange location actions:
+
+- Restrict access or encrypt the content in Microsoft 365 locations
+- Set headers
+- Remove header
+- Redirect the message to specific users
+- Forward the message for approval to sender's manager
+- Forward the message for approval to specific approvers
+- Add recipient to the To box
+- Add recipient to the Cc box
+- Add recipient to the Bcc box
+- Add the sender's manager as recipient
+- Removed O365 Message Encryption and rights protection
+- Prepend Email Subject
+- Add HTML Disclaimer
+
+##### SharePoint sites location actions:
+
+- Restrict access or encrypt the content in Microsoft 365 locations
+
+##### OneDrive account locations:
+
+- Restrict access or encrypt the content in Microsoft 365 locations
+
+##### Teams Chat and Channel Messages
+
+- Restrict access or encrypt the content in Microsoft 365 locations
+
+##### Devices:
+
+- Audit or restrict activities on Windows devices
+
+> [!NOTE]
+> Devices gives the option to **Audit** an activity, **Block** an activity, or **Block with override** an activity.
+
+The devices location provide a number of sub-activities (conditions) and actions. To learn more, see [Endpoint activities you can monitor and take action on](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on).
+
+##### Microsoft Cloud App Security:
+
+- Restrict access or encrypt the content in Microsoft 365 locations
+- Restrict Third Party Apps
+
+##### On-premises repositories:
+
+- Restrict access or remove on-premises files
+
+##### Actions available when you combine locations
+
+If you select Exchange and any other single location for the policy to be applied to, the
+
+- Restrict access or encrypt the content in Microsoft 365 locations
+
+and
+
+- all actions for the non-Exchange location
+
+actions will be available.
+
+If you select two or more non-Exchange locations for the policy to be applied to, the
+
+- Restrict access or encrypt the content in Microsoft 365 locations
+
+AND
+
+- all actions for non-Exchange locations
+
+actions will be available.
+
+For example, if you select Exchange and Devices as locations, these actions will be available:
+
+- Restrict access or encrypt the content in Microsoft 365 locations
+- Audit or restrict activities on Windows devices
+
+If you select Devices and Microsoft Cloud App Security, these actions will be available:
+
+- Restrict access or encrypt the content in Microsoft 365 locations
+- Audit or restrict activities on Windows devices
+- Restrict Third Party Apps
+
+Whether actions take effect or not depends on how you configure the mode of the policy. You can choose to run the policy in test mode with or without showing policy tip by selecting the **Test it out first** option. You choose to run the policy as soon as an hour after it is created by selecting the **Turn it on right away** option, or you can choose to just save it and come back to it later by selecting the **Keep it off** option.
++
+<!-- This section needs to explain that the actions available depend on the locations selected AND that the observed behavior of a policy is produced through an interaction of the configured actions AND the configured status (off, test, apply) of a policy. It will detail the purpose of each of the available actions and the location/desired outcome interaction and provide examples eg. how to use the Restrict Third Party apps in the context of a policy that is applied to endpoints so that users can't use a upload content to a third party site or the interaction of on-premises scanner with restrict access or remove on-premises files. Also what happens when I select multiple locations? provide abundant examples for most common scenarios-->
++
+#### User notifications and policy tips
+
+<!--This section introduces the business need for user notifications, what they are, their benefit, how to use them, how to customize them, and links out to
+
+- https://docs.microsoft.com/en-us/microsoft-365/compliance/use-notifications-and-policy-tips?view=o365-worldwide
+- https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-policy-tips-reference?view=o365-worldwide
+
+for where they are used/expected behavior-->
+
+<!--You can use notifications and overrides to educate your users about DLP policies and help them remain compliant without blocking their work. For example, if a user tries to share a document containing sensitive information, a DLP policy can both send them an email notification and show them a policy tip in the context of the document library that allows them to override the policy if they have a business justification.-->
+
+When a user attempts an action on a sensitive item in a context that meets the conditions and exceptions of a rule, you can let them know about it through user notification emails and in context policy tips popups. These notifications are useful because they increase awareness and help educate people about your organization's DLP policies.
+
+For example, content like an Excel workbook on a OneDrive for Business site that contains personally identifiable information (PII) and is shared with an external user.
+
+![Message bar shows policy tip in Excel 2016](../media/7002ff54-1656-4a6c-993f-37427d6508c8.png)
+
+> [!NOTE]
+> Notification emails are sent unprotected.
+
+You can also give people the option to [override the policy](#user-overrides), so that they're not blocked if they have a valid business need or if the policy is detecting a false positive.
+
+The user notifications and policy tips configuration options vary depending on the monitoring locations you selected. If you selected:
+
+- Exchange
+- SharePoint
+- OneDrive
+- Teams Chat and Channel
+- MCAS
++
+You can enable/disable user notifications for various Microsoft apps, see [Data Loss Prevention policy tips reference](dlp-policy-tips-reference.md#data-loss-prevention-policy-tips-reference)
+- You can enable/disable **Notifying users in Office 365 service with a policy tip.
+ - email notifications to the user who sen, shared, or last modified the content
+ OR
+ - notify specific people
+
+as well as choosing to customize the email text, subject and the policy tip text.
+
+![User notification and policy tip configuration options that are available for Exchange, SharePoint, OneDrive, Teams Chat and Channel, and MCAS](../media/dlp-user-notification-non-devices.png)
+
+If you selected Devices only, you will get all the same options that are available for Exchange, SharePoint, OneDrive, Teams Chat and Channel and MCAS plus the option to customize the notification title and content that appears on the Windows 10 device.
+
+![User notification and policy tip configuration options that are available for Devices](../media/dlp-user-notification-devices.png)
+
+> [!NOTE]
+> User notifications and policy tips are not available for the On-premises location
+
+> [!NOTE]
+> Only the policy tip from the highest priority, most restrictive rule will be shown. For example, a policy tip from a rule that blocks access to content will be shown over a policy tip from a rule that simply sends a notification. This prevents people from seeing a cascade of policy tips.
+
+To learn more about user notification and policy tip configuration and use, including how to customize the notification and tip text, see
+- [Send email notifications and show policy tips for DLP policies](use-notifications-and-policy-tips.md#send-email-notifications-and-show-policy-tips-for-dlp-policies)
+- [Data Loss Prevention policy reference](dlp-policy-reference.md#data-loss-prevention-policy-reference)
++
+
+<!--The email can notify the person who sent, shared, or last modified the content and, for site content, the primary site collection administrator and document owner. In addition, you can add or remove whomever you choose from the email notification.
+
+In addition to sending an email notification, a user notification displays a policy tip:
+
+- In Outlook and Outlook on the web.
+
+- For the document on a SharePoint Online or OneDrive for Business site.
+
+- In Excel, PowerPoint, and Word, when the document is stored on a site included in a DLP policy.
+
+The email notification and policy tip explain why content conflicts with a DLP policy. If you choose, the email notification and policy tip can allow users to override a rule by reporting a false positive or providing a business justification. This can help you educate users about your DLP policies and enforce them without preventing people from doing their work. Information about overrides and false positives is also logged for reporting (see below about the DLP reports) and included in the incident reports (next section), so that the compliance officer can regularly review this information.
+
+Here's what a policy tip looks like in a OneDrive for Business account.
+
+![Policy tip for a document in a OneDrive account](../media/f9834d35-94f0-4511-8555-0fe69855ce6d.png)
+
+ To learn more about user notifications and policy tips in DLP policies, see [Use notifications and policy tips](use-notifications-and-policy-tips.md).
+
+> [!NOTE]
+> The default behavior of a DLP policy, when there is no alert configured, is not to alert or trigger. This applies only to default information types. For custom information types, the system will alert even if there is no action defined in the policy.
+-->
+
+#### User overrides
+
+The intent of **User overrides** is to give users a way to bypass, with justification, DLP policy blocking actions on sensitive items in Exchange, SharePoint, OneDrive or Teams so that they can continue their work. User overrides are enabled only when **Notify users in Office 365 services with a policy tip** is enabled, so user overrides go hand-in-hand with Notifications and Policy tips.
+
+![User override options for a DLP policy](../media/dlp-user-overrides.png)
+
+> [!NOTE]
+> User overrides are not available for the On-premises repositories location.
+
+Typically, user overrides are useful when your organization is first rolling out a policy. The feedback that you get from any override justifications and identifying false positives helps in tuning the policy.
+
+<!-- This section covers what they are and how to best use them in conjunction with Test/Turn it on right away and link out to where to find the business justification for the override (DLP reports? https://docs.microsoft.com/en-us/microsoft-365/compliance/view-the-dlp-reports?view=o365-worldwide) https://docs.microsoft.com/en-us/microsoft-365/compliance/view-the-dlp-reports?view=o365-worldwide#view-the-justification-submitted-by-a-user-for-an-override-->
+
+- If the policy tips in the most restrictive rule allow people to override the rule, then overriding this rule also overrides any other rules that the content matched.
+
+<!--![User notifications and user overrides sections of DLP rule editor](../media/37b560d4-6e4e-489e-9134-d4b9daf60296.png)-->
+
+To learn more about user overrides, see:
+
+- [View the justification submitted by a user for an override](view-the-dlp-reports.md#view-the-justification-submitted-by-a-user-for-an-override)
+
+#### Incident reports
+
+<!--DLP interacts with other M365 information protection services, like IR. Link this to a process outline for triaging/managing/resolving DLP incidents
++
+https://docs.microsoft.com/en-us/microsoft-365/compliance/view-the-dlp-reports?view=o365-worldwide
+https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-configure-view-alerts-policies?view=o365-worldwide-->
+
+When a rule is matched, you can send an incident report to your compliance officer (or any people you choose) with details of the event. This report includes information about the item that was matched, the actual content that matched the rule, and the name of the person who last modified the content. For email messages, the report also includes as an attachment the original message that matches a DLP policy.
+
+DLP feeds incident information to other Microsoft 365 information protection services, like [Insider Risk management in Microsoft 365](insider-risk-management.md#learn-about-insider-risk-management-in-microsoft-365). In order to get incident information to insider risk managment, you must set the **Incident reports** severity level to **High**.
+
+<!--![Page for configuring incident reports](../media/31c6da0e-981c-415e-91bf-d94ca391a893.png)-->
+
+You can choose between having an alert sent every time an activity matches a rule, which can be very noisy or you can aggregate incidents into fewer alerts based on number of matches or volume of items over a set period of time.
+
+![send an alert every time a rule matches or aggregate over time into fewer reports](../media/dlp-incident-reports-aggregation.png)
+
+DLP scans email differently from items in SharePoint Online or OneDrive for Business. In SharePoint Online and OneDrive for Business, DLP scans existing items as well as new ones and generates an incident report whenever a match is found. In Exchange Online, DLP only scans new email messages and generates a report if there is a policy match. DLP ***does not*** scan or match previously existing email items that are stored in a mailbox or archive.
+
+#### Additional options
+
+If you have multiple rules in a policy, you can use the **Additional options** to control further rule processing if there is a match to the rule you are editing as well as setting the priority for evaluation of the rule.
compliance Dlp Sensitivity Label As Condition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-sensitivity-label-as-condition.md
You can use [sensitivity labels](sensitivity-labels.md) as a condition in DLP po
Sensitivity labels appear as an option in the **Content contains** list. > [!div class="mx-imgBorder"]
-> ![sensitivity label as a condition](../media/dlp-sensitivity-label-as-a-condition.png)
+> ![sensitivity label as a condition.](../media/dlp-sensitivity-label-as-a-condition.png)
> [!IMPORTANT] > **Sensitivity Labels** as a condition will not be available if you have selected **Teams chat and channel messages** as a location to apply the DLP policy.
compliance Dlp Teams Default Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-teams-default-policy.md
Admins can view this policy in the [Compliance center](https://compliance.micros
> [!div class="mx-imgBorder"]
-> ![default Teams DLP policy](../media/default-teams-dlp-policy.png)
+> ![default Teams DLP policy.](../media/default-teams-dlp-policy.png)
## Edit or delete the default policy
compliance Dlp Use Policies Non Microsoft Cloud Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-use-policies-non-microsoft-cloud-apps.md
When you select a location for the DLP policy, turn on the **Microsoft Cloud App
- To select a specific app or instance, select **Choose instance**. - If you don't select an instance, the policy uses all connected apps in your Microsoft Cloud App Security tenant.
- ![Locations to apply the policy](../media/1-dlp-non-microsoft-cloud-app-choose-instance.png)
+ ![Locations to apply the policy.](../media/1-dlp-non-microsoft-cloud-app-choose-instance.png)
- ![Box-US and Box-General](../media/2-dlp-non-microsoft-cloud-app-box.png)
+ ![Box-US and Box-General.](../media/2-dlp-non-microsoft-cloud-app-box.png)
You can choose various actions for every supported non-Microsoft cloud app. For every app, there are different possible actions (depends on the cloud app API).
-![Create rule](../media/3-dlp-non-microsoft-cloud-app-create-rule.png)
+![Create rule.](../media/3-dlp-non-microsoft-cloud-app-create-rule.png)
When you create a rule in the DLP policy, you can select an action for non-Microsoft cloud apps. To restrict third-party apps, select **Restrict Third Party Apps**.
-![Restrict third-party apps](../media/4-dlp-non-microsoft-cloud-app-restrict-third-party-apps.png)
+![Restrict third-party apps.](../media/4-dlp-non-microsoft-cloud-app-restrict-third-party-apps.png)
> [!NOTE] > DLP policies applied to non-Microsoft apps use Microsoft Cloud App Security. When the DLP policy for a non-Microsoft app is created, the same policy will be automatically created in Microsoft Cloud App Security.
compliance Double Key Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/double-key-encryption.md
The following instructions are intended for inexperienced git or Visual Studio C
For example: > [!div class="mx-imgBorder"]
- > ![Clone the Double Key Encryption service repository from GitHub](../media/dke-clone.png)
+ > ![Clone the Double Key Encryption service repository from GitHub.](../media/dke-clone.png)
3. In Visual Studio Code, select **View** \> **Command Palette** and select **Git: Clone**. To jump to the option in the list, start typing `git: clone` to filter the entries and then select it from the drop-down. For example: > [!div class="mx-imgBorder"]
- > ![Visual Studio Code GIT:Clone option](../media/dke-vscode-clone.png)
+ > ![Visual Studio Code GIT:Clone option.](../media/dke-vscode-clone.png)
4. In the text box, paste the URL that you copied from Git and select **Clone from GitHub**.
The following instructions are intended for inexperienced git or Visual Studio C
The repository opens in Visual Studio Code, and displays the current Git branch at the bottom left. For example, The branch should be **main**. For example:
- ![Screenshot of the DKE repo in Visual Studio Code displaying the main branch](../media/dke-vscode-main-branch.jpg)
+ ![Screenshot of the DKE repo in Visual Studio Code displaying the main branch.](../media/dke-vscode-main-branch.jpg)
6. If you're not on the main branch, you'll need to select it. In Visual Studio Code, select the branch and choose **main** from the list of branches that displays.
Choose whether to use email or role authorization. DKE supports only one of thes
This image shows the **appsettings.json** file correctly formatted for email authorization.
- ![The appsettings.json file showing email authorization method](../media/dke-email-accesssetting.png)
+ ![The appsettings.json file showing email authorization method.](../media/dke-email-accesssetting.png)
##### To set key access settings for DKE using role authorization
This image shows the **appsettings.json** file correctly formatted for email aut
This image shows the **appsettings.json** file correctly formatted for role authorization.
- ![appsettings.json file showing role authorization method](../media/dke-role-accesssetting.png)
+ ![appsettings.json file showing role authorization method.](../media/dke-role-accesssetting.png)
#### Tenant and key settings
To generate keys:
The end results should look similar to the following.
- ![startup.cs file for public preview](../media/dke-startupcs-usetestkeys.png)
+ ![startup.cs file for public preview.](../media/dke-startupcs-usetestkeys.png)
Now you're ready to [build your DKE project](#build-the-project).
Use the following instructions to build the DKE project locally:
If there are no build tasks found, select **Configure Build Task** and create one for .NET core as follows.
- ![Configure missing build task for .NET](../media/dke-configurebuildtask.png)
+ ![Configure missing build task for .NET.](../media/dke-configurebuildtask.png)
1. Choose **Create tasks.json from template**.
- ![Create tasks.json file from template for DKE](../media/dke-createtasksjsonfromtemplate.png)
+ ![Create tasks.json file from template for DKE.](../media/dke-createtasksjsonfromtemplate.png)
2. From the list of template types, select **.NET Core**.
- ![Select the correct template for DKE](../media/dke-tasksjsontemplate.png)
+ ![Select the correct template for DKE.](../media/dke-tasksjsontemplate.png)
3. In the build section, locate the path to the **customerkeystore.csproj** file. If it's not there, add the following line:
To publish the key store, you'll create an Azure App Service instance to host yo
For example: > [!div class="mx-imgBorder"]
- > ![Add your App Service](../media/dke-azure-add-app-service.png)
+ > ![Add your App Service.](../media/dke-azure-add-app-service.png)
3. At the bottom of the page, select **Review + create**, and then select **Add**.
DKE is deployed and you can browse to the test keys you've created. Continue to
For example:
- ![Copy connection strings from the FTP dashboard](../media/dke-ftp-dashboard.png)
+ ![Copy connection strings from the FTP dashboard.](../media/dke-ftp-dashboard.png)
3. In the codebase for the key storage, go to the **customer-key-store\src\customer-key-store directory**.
To register the DKE service:
For example: > [!div class="mx-imgBorder"]
- > ![New App Registration](../media/dke-app-registration.png)
+ > ![New App Registration.](../media/dke-app-registration.png)
4. At the bottom of the page, select **Register** to create the new App Registration.
In the Microsoft 365 compliance center, create a new sensitivity label and apply
For example: > [!div class="mx-imgBorder"]
-> ![Select Use Double Key Encryption in the Microsoft 365 compliance center](../media/dke-use-dke.png)
+> ![Select Use Double Key Encryption in the Microsoft 365 compliance center.](../media/dke-use-dke.png)
Any DKE labels you add will start appearing for users in the latest versions of Microsoft 365 Apps for enterprise.
compliance Download Documents From Review Set https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/download-documents-from-review-set.md
Download offers a simple way to download content from a review set in native for
To download content from a review set in an Advanced eDiscovery case, start by selecting the files you want to download then select **Action items** > **Download**.
-![Download action in Advanced eDiscovery review set](../media/eDiscoDownload.png)
+![Download action in Advanced eDiscovery review set.](../media/eDiscoDownload.png)
compliance Download Export Jobs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/download-export-jobs.md
The first step is to create an export job to export documents out of a review se
6. Paste the container URL and the SAS token for your storage account in the corresponding fields.
- ![Paste the connection URL and the SAS token in the corresponding fields](../media/AzureStorageOutputOptions.png)
+ ![Paste the connection URL and the SAS token in the corresponding fields.](../media/AzureStorageOutputOptions.png)
7. Click **Export** to create the export job.
The next step is to obtain the SAS URL that's generated after you create the exp
3. On the flyout page, under **Locations**, copy the SAS URL that's displayed. If necessary, you can save it to a text file so you can access it in Step 3.
- ![Copy the SAS URL displayed under Locations](../media/eDiscoExportJob.png)
+ ![Copy the SAS URL displayed under Locations.](../media/eDiscoExportJob.png)
> [!TIP] > The SAS URL that's displayed in the export job is a concatenation of the container URL and the SAS token for your Azure Storage account. You can copy it from the export job or create it yourself by combining the URL and the SAS token.
The final step is to use the Azure Storage Explorer and the SAS URL to connect t
2. Click the **Open Connect Dialog** icon.
- ![Click the Add account icon](../media/AzureStorageConnect.png)
+ ![Click the Add account icon.](../media/AzureStorageConnect.png)
3. On the **Connect to Azure Storage** page, click **Blob container**.
The final step is to use the Azure Storage Explorer and the SAS URL to connect t
5. On the **Enter Connection Info** page, paste the SAS URL (that you obtained in the export job in Step 2) in the **Blob Container SAS URL** box.
- ![Paste the SAS URL in the URI box](../media/AzureStorageConnect3.png)
+ ![Paste the SAS URL in the URI box.](../media/AzureStorageConnect3.png)
Notice that the container name is displayed in the **Display name** box. You can edit this name.
The final step is to use the Azure Storage Explorer and the SAS URL to connect t
The **Blob containers** node (under **Storage Accounts** > **(Attached Containers)** \> is opened.
- ![Export jobs in the Blobs containers node](../media/AzureStorageConnect5.png)
+ ![Export jobs in the Blobs containers node.](../media/AzureStorageConnect5.png)
It contains a container named with the display name from step 5. This container contains a folder for each export job that you've downloaded to the container in your Azure Storage account. These folders are named with an ID that corresponds to the ID of the export job. You can find these export IDs (and the name of the export) under **Support information** on the flyout page for each **Preparing data for export** job listed on the **Jobs** tab in the Advanced eDiscovery case.
The final step is to use the Azure Storage Explorer and the SAS URL to connect t
A list of folders and export reports is displayed.
- ![The export folder contains exported files and export reports](../media/AzureStorageConnect6.png)
+ ![The export folder contains exported files and export reports.](../media/AzureStorageConnect6.png)
8. To export all contents from the export job, click the **Up** arrow to go back to the export job folder, and then click **Download**.
compliance Ediscovery Cjk Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-cjk-support.md
You can use CJK characters for [keyword searches](building-search-queries.md#key
We provide CJK support for all [search operators](keyword-queries-and-search-conditions.md#search-operators) and [search conditions](keyword-queries-and-search-conditions.md#search-conditions), including the boolean operators **AND**, **OR**, **NOT**, and **NEAR**.
-If you're certain that content locations or items contain CJK characters, but searches aren't returning any results, click the query language-country/region icon ![Query language-country/region icon in Content search](../media/8d4b60c8-e1f1-40f9-88ae-ee2a7eca0886.png) and select the corresponding language-country culture code value for the search. The default language/region is neutral.
+If you're certain that content locations or items contain CJK characters, but searches aren't returning any results, click the query language-country/region icon ![Query language-country/region icon in Content search.](../media/8d4b60c8-e1f1-40f9-88ae-ee2a7eca0886.png) and select the corresponding language-country culture code value for the search. The default language/region is neutral.
**Can I search for multiple languages at once?**
compliance Ediscovery Diagnostic Info https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-diagnostic-info.md
Get-ComplianceCase "<Core eDiscovery case name>"| %{$_|fl;"`t==Searches==";Get-C
The **Settings** tab in an Advanced eDiscovery case lets you quickly copy the diagnostic information for the case. The diagnostic information is saved to the clipboard so you can paste it to a text file and send to Microsoft Support.
-1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then click **Show all > eDiscovery > Advanced**.
+1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com/) and then click **eDiscovery > Advanced**.
2. Select a case and then click the **Settings** tab. 3. Under **Case Information**, click **Select**.
-4. On the flyout page, click **Copy diagnostic information** to copy the info to the clipboard.
+4. On the flyout page, click **Actions** > **Copy support information** to copy the information to the clipboard.
5. Open a text file (in Notepad) and then paste the information in the text file.
compliance Ediscovery Troubleshooting Common Issues https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-troubleshooting-common-issues.md
Check for duplicate users or distribution list with the same user ID.
An eDiscovery or content search may yield the following error: `This search completed with (#) errors. Would you like to retry the search on the failed locations?`
-![Search-specific location fails error screenshot](../media/edisc-tshoot-specific-location-search-fails.png)
+![Search-specific location fails error screenshot.](../media/edisc-tshoot-specific-location-search-fails.png)
### Resolution
When exporting search results from Core eDiscovery or Content search in the Micr
When running an eDiscovery search, if the search continually fails with error similar to "Internal server error (500) occurred", you may need rerun the search only on specific mailbox locations.
-![Internal server error 500 screenshot](../media/edisc-tshoot-error-500.png)
+![Internal server error 500 screenshot.](../media/edisc-tshoot-error-500.png)
### Resolution
compliance Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery.md
Electronic discovery, or eDiscovery, is the process of identifying and deliverin
Microsoft 365 provides three eDiscovery solutions: Content search, Core eDiscovery, and Advanced eDiscovery.
-![Key capabilities of Microsoft 365 eDiscovery tools](..\media\m365-ediscovery-solution-graphic.png)
+![Key capabilities of Microsoft 365 eDiscovery tools.](..\media\m365-ediscovery-solution-graphic.png)
- **Content search**. Use use the Content search tool to search for content across Microsoft 365 data sources and then export the search results to local computer.
The following table compares the key capabilities available in Content search, C
|Capability|Content search|Core eDiscovery|Advanced eDiscovery| |:|:-|:-|:-|
-|Search for content|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Keyword queries and search conditions|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Search statistics|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Export search results|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Role-based permissions|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Case management||![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Place content locations on legal hold||![Supported](../media/check-mark.png)|![Supported](../media/check-mark.png)|
-|Custodian management|||![Supported](../media/check-mark.png)|
-|Legal hold notifications|||![Supported](../media/check-mark.png)|
-|Advanced indexing|||![Supported](../media/check-mark.png)|
-|Error remediation|||![Supported](../media/check-mark.png)|
-|Review sets|||![Supported](../media/check-mark.png)|
-|Support for cloud attachments and SharePoint versions|||![Supported](../media/check-mark.png)|
-|Optical character recognition|||![Supported](../media/check-mark.png)|
-|Conversation threading|||![Supported](../media/check-mark.png)|
-|Collection statistics and reports|||![Supported](../media/check-mark.png)|
-|Review set filtering|||![Supported](../media/check-mark.png)|
-|Tagging|||![Supported](../media/check-mark.png)|
-|Analytics|||![Supported](../media/check-mark.png)|
-|Predictive coding models|||![Supported](../media/check-mark.png)|
-|Computed document metadata|||![Supported](../media/check-mark.png)|
-|Transparency of long-running jobs|||![Supported](../media/check-mark.png)|
-|Export to customer-owned Azure Storage location|||![Supported](../media/check-mark.png)|
+|Search for content|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Keyword queries and search conditions|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Search statistics|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Export search results|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Role-based permissions|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Case management||![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Place content locations on legal hold||![Supported.](../media/check-mark.png)|![Supported.](../media/check-mark.png)|
+|Custodian management|||![Supported.](../media/check-mark.png)|
+|Legal hold notifications|||![Supported.](../media/check-mark.png)|
+|Advanced indexing|||![Supported.](../media/check-mark.png)|
+|Error remediation|||![Supported.](../media/check-mark.png)|
+|Review sets|||![Supported.](../media/check-mark.png)|
+|Support for cloud attachments and SharePoint versions|||![Supported.](../media/check-mark.png)|
+|Optical character recognition|||![Supported.](../media/check-mark.png)|
+|Conversation threading|||![Supported.](../media/check-mark.png)|
+|Collection statistics and reports|||![Supported.](../media/check-mark.png)|
+|Review set filtering|||![Supported.](../media/check-mark.png)|
+|Tagging|||![Supported.](../media/check-mark.png)|
+|Analytics|||![Supported.](../media/check-mark.png)|
+|Predictive coding models|||![Supported.](../media/check-mark.png)|
+|Computed document metadata|||![Supported.](../media/check-mark.png)|
+|Transparency of long-running jobs|||![Supported.](../media/check-mark.png)|
+|Export to customer-owned Azure Storage location|||![Supported.](../media/check-mark.png)|
||||| Here's description of each eDiscovery capability.
compliance Email Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/email-encryption.md
For more information on how Microsoft 365 secures communication between servers,
## Comparing email encryption options available in Office 365
-|Email encryption technology|![Conceptual artwork that describes OME](../media/2bf27b5e-bbb3-46d1-95bf-884dc27a746c.png)|![Conceptual artwork that describes IRM](../media/9c0cc444-9448-40c6-b244-8fcc593a64e0.png)|![Conceptual artwork that describes SMIME](../media/ae4613a8-c17e-47e1-8e13-12e891e43744.png)|
+|Email encryption technology|![Conceptual artwork that describes OME.](../media/2bf27b5e-bbb3-46d1-95bf-884dc27a746c.png)|![Conceptual artwork that describes IRM](../media/9c0cc444-9448-40c6-b244-8fcc593a64e0.png)|![Conceptual artwork that describes SMIME](../media/ae4613a8-c17e-47e1-8e13-12e891e43744.png)|
|:--|:--|:--|:--| |What is it?|Office 365 Message Encryption (OME) is a service built on Azure Rights Management (Azure RMS) that lets you send encrypted email to people inside or outside your organization, regardless of the destination email address (Gmail, Yahoo! Mail, Outlook.com, etc.). <br/> As an admin, you can set up transport rules that define the conditions for encryption. When a user sends a message that matches a rule, encryption is applied automatically. <br/> To view encrypted messages, recipients can either get a one-time passcode, sign in with a Microsoft account, or sign in with a work or school account associated with Office 365. Recipients can also send encrypted replies. They don't need a Microsoft 365 subscription to view encrypted messages or send encrypted replies.|IRM is an encryption solution that also applies usage restrictions to email messages. It helps prevent sensitive information from being printed, forwarded, or copied by unauthorized people. <br/> IRM capabilities in Microsoft 365 use Azure Rights Management (Azure RMS).|S/MIME is a certificate-based encryption solution that allows you to both encrypt and digitally sign a message. The message encryption helps ensure that only the intended recipient can open and read the message. A digital signature helps the recipient validate the identity of the sender. <br/> Both digital signatures and message encryption are made possible through the use of unique digital certificates that contain the keys for verifying digital signatures and encrypting or decrypting messages. <br/> To use S/MIME, you must have public keys on file for each recipient. Recipients have to maintain their own private keys, which must remain secure. If a recipient's private keys are compromised, the recipient needs to get a new private key and redistribute public keys to all potential senders.| |What does it do?|OME: <br/> Encrypts messages sent to internal or external recipients. <br/> Allows users to send encrypted messages to any email address, including Outlook.com, Yahoo! Mail, and Gmail. <br/> Allows you, as an admin, to customize the email viewing portal to reflect your organization's brand. <br/> Microsoft securely manages and stores the keys, so you don't have to. <br/> No special client side software is needed as long as the encrypted message (sent as an HTML attachment) can be opened in a browser.|IRM: <br/> Uses encryption and usage restrictions to provide online and offline protection for email messages and attachments. <br/> Gives you, as an admin, the ability to set up transport rules or Outlook protection rules to automatically apply IRM to select messages. <br/> Lets users manually apply templates in Outlook or Outlook on the web (formerly known as Outlook Web App).|S/MIME addresses sender authentication with digital signatures, and message confidentiality with encryption.|
compliance Enable Archive Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-archive-mailboxes.md
You have to be assigned the Mail Recipients role in Exchange Online to enable or
4. In the list of mailboxes, select the user that you want to enable the archive mailbox for.
- ![Click Enable in the details pane of the selected user to enable the archive mailbox](../media/8b53cdec-d5c9-4c28-af11-611f95c37b34.png)
+ ![Click Enable in the details pane of the selected user to enable the archive mailbox.](../media/8b53cdec-d5c9-4c28-af11-611f95c37b34.png)
5. In the details pane for the selected user, click **Enable**.
You have to be assigned the Mail Recipients role in Exchange Online to enable or
6. Click **Yes** to enable the archive mailbox.
- It might take a few moments to create the archive mailbox. When it's created, **Archive mailbox: enabled** is displayed in the details pane for the selected user. You might have to click **Refresh** ![Refresh icon](../mediM-Policy-RefreshIcon.gif) to update the information in the details pane.
+ It might take a few moments to create the archive mailbox. When it's created, **Archive mailbox: enabled** is displayed in the details pane for the selected user. You might have to click **Refresh** ![Refresh icon.](../mediM-Policy-RefreshIcon.gif) to update the information in the details pane.
> [!TIP] > You can also bulk-enable archive mailboxes by selecting multiple users with disabled archive mailboxes (use the Shift or Ctrl keys). After selecting multiple mailboxes, click **Enable** in the details pane.
To disable an archive mailbox:
5. Click **Yes** to disable the archive mailbox.
- It might take a few moments to disable the archive mailbox. When it's disabled, **Archive mailbox: disabled** is displayed in the details pane for the selected user. You might have to click **Refresh** ![Refresh icon](../mediM-Policy-RefreshIcon.gif) to update the information in the details pane.
+ It might take a few moments to disable the archive mailbox. When it's disabled, **Archive mailbox: disabled** is displayed in the details pane for the selected user. You might have to click **Refresh** ![Refresh icon.](../mediM-Policy-RefreshIcon.gif) to update the information in the details pane.
> [!TIP] > You can also bulk-disable archive mailboxes by selecting multiple users with enabled archive mailboxes (use the Shift or Ctrl keys). After selecting multiple mailboxes, click **Disable** in the details pane.
compliance Enable Mailbox Auditing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-mailbox-auditing.md
The following table shows the mailbox types that are currently supported by mail
|Mailbox type|Supported| ||::|
-|User mailboxes|![Check mark](../media/checkmark.png)|
-|Shared mailboxes|![Check mark](../media/checkmark.png)|
-|Microsoft 365 Group mailboxes|![Check mark](../media/checkmark.png)|
+|User mailboxes|![Check mark.](../media/checkmark.png)|
+|Shared mailboxes|![Check mark.](../media/checkmark.png)|
+|Microsoft 365 Group mailboxes|![Check mark.](../media/checkmark.png)|
|Resource mailboxes|| |Public folder mailboxes|| |
Logon types classify the user that did the audited actions on the mailbox. The f
The following table describes the mailbox actions that are available in mailbox audit logging for user mailboxes and shared mailboxes. -- A check mark (![Check mark](../media/checkmark.png)) indicates the mailbox action can be logged for the logon type (not all actions are available for all logon types).
+- A check mark (![Check mark.](../media/checkmark.png)) indicates the mailbox action can be logged for the logon type (not all actions are available for all logon types).
- An asterisk ( <sup>\*</sup> ) after the check mark indicates the mailbox action is logged by default for the logon type. - Remember, an admin with Full Access permission to a mailbox is considered a delegate.
The following table describes the mailbox actions that are available in mailbox
|Mailbox action|Description|Admin|Delegate|Owner| |||::|::|::| |**AddFolderPermissions**|Although this value is accepted as a mailbox action, it's already included in the **UpdateFolderPermissions** action and isn't audited separately. In other words, don't use this value.||||
-|**ApplyRecord**|An item is labeled as a record.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**Copy**|A message was copied to another folder.|![Check mark](../media/checkmark.png)|||
-|**Create**|An item was created in the Calendar, Contacts, Notes, or Tasks folder in the mailbox (for example, a new meeting request is created). Creating, sending, or receiving a message isn't audited. Also, creating a mailbox folder is not audited.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)|
-|**FolderBind**|A mailbox folder was accessed. This action is also logged when the admin or delegate opens the mailbox. <br/><br/> **Note**: Audit records for folder bind actions performed by delegates are consolidated. One audit record is generated for individual folder access within a 24-hour period.|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|**HardDelete**|A message was purged from the Recoverable Items folder.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**ApplyRecord**|An item is labeled as a record.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|
+|**Copy**|A message was copied to another folder.|![Check mark.](../media/checkmark.png)|||
+|**Create**|An item was created in the Calendar, Contacts, Notes, or Tasks folder in the mailbox (for example, a new meeting request is created). Creating, sending, or receiving a message isn't audited. Also, creating a mailbox folder is not audited.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)|
+|**FolderBind**|A mailbox folder was accessed. This action is also logged when the admin or delegate opens the mailbox. <br/><br/> **Note**: Audit records for folder bind actions performed by delegates are consolidated. One audit record is generated for individual folder access within a 24-hour period.|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)||
+|**HardDelete**|A message was purged from the Recoverable Items folder.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|
|**MailboxLogin**|The user signed into their mailbox.|||![Check mark](../media/checkmark.png)|
-|**MailItemsAccessed**|**Note**: This value is available only for E5 or E5 Compliance add-on subscription users. For more information, see [Set up Advanced Audit in Microsoft 365](set-up-advanced-audit.md). <p> Mail data is accessed by mail protocols and clients.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**MailItemsAccessed**|**Note**: This value is available only for E5 or E5 Compliance add-on subscription users. For more information, see [Set up Advanced Audit in Microsoft 365](set-up-advanced-audit.md). <p> Mail data is accessed by mail protocols and clients.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
|**MessageBind**|**Note**: This value is available only for E3 users (users without E5 or E5 Compliance add-on subscriptions). <p> A message was viewed in the preview pane or opened by an admin.|![Check mark](../media/checkmark.png)||| |**ModifyFolderPermissions**|Although this value is accepted as a mailbox action, it's already included in the **UpdateFolderPermissions** action and isn't audited separately. In other words, don't use this value.||||
-|**Move**|A message was moved to another folder.|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|
-|**MoveToDeletedItems**|A message was deleted and moved to the Deleted Items folder.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**RecordDelete**|An item that's labeled as a record was soft-deleted (moved to the Recoverable Items folder). Items labeled as records can't be permanently deleted (purged from the Recoverable Items folder).|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|
+|**Move**|A message was moved to another folder.|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|
+|**MoveToDeletedItems**|A message was deleted and moved to the Deleted Items folder.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**RecordDelete**|An item that's labeled as a record was soft-deleted (moved to the Recoverable Items folder). Items labeled as records can't be permanently deleted (purged from the Recoverable Items folder).|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|
|**RemoveFolderPermissions**|Although this value is accepted as a mailbox action, it's already included in the **UpdateFolderPermissions** action and isn't audited separately. In other words, don't use this value.|||| |**SearchQueryInitiated**|**Note**: This value is available only for E5 or E5 Compliance add-on subscription users. For more information, see [Set up Advanced Audit in Microsoft 365](set-up-advanced-audit.md). <p> A person uses Outlook (Windows, Mac, iOS, Android, or Outlook on the web) or the Mail app for Windows 10 to search for items in a mailbox.|||![Check mark](../media/checkmark.png)|
-|**Send**|**Note**: This value is available only for E5 or E5 Compliance add-on subscription users. For more information, see [Set up Advanced Audit in Microsoft 365](set-up-advanced-audit.md). <p> The user sends an email message, replies to an email message, or forwards an email message.|![Check mark](../media/checkmark.png)<sup>\*</sup>||![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**SendAs**|A message was sent using the SendAs permission. This means another user sent the message as though it came from the mailbox owner.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>||
-|**SendOnBehalf**|A message was sent using the SendOnBehalf permission. This means another user sent the message on behalf of the mailbox owner. The message indicates to the recipient who the message was sent on behalf of and who actually sent the message.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>||
-|**SoftDelete**|A message was permanently deleted or deleted from the Deleted Items folder. Soft-deleted items are moved to the Recoverable Items folder.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**Update**|A message or any of its properties was changed.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**UpdateCalendarDelegation**|A calendar delegation was assigned to a mailbox. Calendar delegation gives someone else in the same organization permissions to manage the mailbox owner's calendar.|![Check mark](../media/checkmark.png)<sup>\*</sup>||![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**UpdateComplianceTag**|A different retention label is applied to a mail item (an item can only have one retention label assigned to it).|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|
-|**UpdateFolderPermissions**|A folder permission was changed. Folder permissions control which users in your organization can access folders in a mailbox and the messages located in those folders.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**UpdateInboxRules**|An inbox rule was added, removed, or changed. Inbox rules are used to process messages in the user's Inbox based on the specified conditions and take actions when the conditions of a rule are met, such as moving a message to a specified folder or deleting a message.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**Send**|**Note**: This value is available only for E5 or E5 Compliance add-on subscription users. For more information, see [Set up Advanced Audit in Microsoft 365](set-up-advanced-audit.md). <p> The user sends an email message, replies to an email message, or forwards an email message.|![Check mark.](../media/checkmark.png)<sup>\*</sup>||![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**SendAs**|A message was sent using the SendAs permission. This means another user sent the message as though it came from the mailbox owner.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>||
+|**SendOnBehalf**|A message was sent using the SendOnBehalf permission. This means another user sent the message on behalf of the mailbox owner. The message indicates to the recipient who the message was sent on behalf of and who actually sent the message.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>||
+|**SoftDelete**|A message was permanently deleted or deleted from the Deleted Items folder. Soft-deleted items are moved to the Recoverable Items folder.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**Update**|A message or any of its properties was changed.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**UpdateCalendarDelegation**|A calendar delegation was assigned to a mailbox. Calendar delegation gives someone else in the same organization permissions to manage the mailbox owner's calendar.|![Check mark.](../media/checkmark.png)<sup>\*</sup>||![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**UpdateComplianceTag**|A different retention label is applied to a mail item (an item can only have one retention label assigned to it).|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|
+|**UpdateFolderPermissions**|A folder permission was changed. Folder permissions control which users in your organization can access folders in a mailbox and the messages located in those folders.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**UpdateInboxRules**|An inbox rule was added, removed, or changed. Inbox rules are used to process messages in the user's Inbox based on the specified conditions and take actions when the conditions of a rule are met, such as moving a message to a specified folder or deleting a message.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
| > [!IMPORTANT]
Remember, an admin with Full Access permission to a Microsoft 365 Group mailbox
|Mailbox action|Description|Admin|Delegate|Owner| |||::|::|::| |**Create**|Creation of a calendar Item. Creating, sending, or receiving a message isn't audited.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>||
-|**HardDelete**|A message was purged from the Recoverable Items folder.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**MoveToDeletedItems**|A message was deleted and moved to the Deleted Items folder.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**HardDelete**|A message was purged from the Recoverable Items folder.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**MoveToDeletedItems**|A message was deleted and moved to the Deleted Items folder.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
|**SendAs**|A message was sent using the SendAs permission.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|| |**SendOnBehalf**|A message was sent using the SendOnBehalf permission.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>||
-|**SoftDelete**|A message was permanently deleted or deleted from the Deleted Items folder. Soft-deleted items are moved to the Recoverable Items folder.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
-|**Update**|A message or any of its property was changed.|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**SoftDelete**|A message was permanently deleted or deleted from the Deleted Items folder. Soft-deleted items are moved to the Recoverable Items folder.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
+|**Update**|A message or any of its property was changed.|![Check mark.](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|![Check mark](../media/checkmark.png)<sup>\*</sup>|
| ### Verify that default mailbox actions are being logged for each logon type
compliance Enable Unlimited Archiving https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-unlimited-archiving.md
Keep the following things in mind after you enable auto-expanding archiving:
- Similarly, the values for the *ArchiveQuota* and *ArchiveWarningQuota* mailbox properties aren't changed when you enable auto-expanding archiving. In fact, when you enable auto-expanding archiving for a user mailbox and the *AutoExpandingArchiveEnabled* property is set to `True`, the *ArchiveQuota* and *ArchiveWarningQuota* properties are ignored. Here's an example of these mailbox properties after auto-expanding archiving is enabled for a user's mailbox.
- ![ArchiveQuota and ArchiveWarningQuota properties are ignored after you enable auto-expanding archiving](../media/6a1c1b69-5c4c-4267-aac8-53577667f03e.png)
+ ![ArchiveQuota and ArchiveWarningQuota properties are ignored after you enable auto-expanding archiving.](../media/6a1c1b69-5c4c-4267-aac8-53577667f03e.png)
## More information
compliance Encryption Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-sensitivity-labels.md
When you use this encryption solution, the **super user** feature ensures that a
1. Follow the general instructions to [create or edit a sensitivity label](create-sensitivity-labels.md#create-and-configure-sensitivity-labels) and make sure **Files & emails** is selected for the label's scope:
- ![Sensitivity label scope options for files and emails](../media/filesandemails-scope-options-sensitivity-label.png)
+ ![Sensitivity label scope options for files and emails.](../media/filesandemails-scope-options-sensitivity-label.png)
2. Then, on the **Choose protection settings for files and emails** page, make sure you select **Encrypt files and emails**
- ![Sensitivity label protection options for files and emails](../media/protection-options-sensitivity-label.png)
+ ![Sensitivity label protection options for files and emails.](../media/protection-options-sensitivity-label.png)
4. On the **Encryption** page of the wizard, select one of the following options:
When you use this encryption solution, the **super user** feature ensures that a
- **Configure encryption settings**: Turns on encryption and makes the encryption settings visible:
- ![Sensitivity label options for encryption](../media/encrytion-options-sensitivity-label.png)
+ ![Sensitivity label options for encryption.](../media/encrytion-options-sensitivity-label.png)
Instructions for these settings are in the following [Configure encryption settings](#configure-encryption-settings) section.
Alternatively, if you have a sensitivity label named **Business Contracts**, and
Choosing whether to assign permissions now or let users assign permissions:
-![Option to add user or admin defined permissions](../media/sensitivity-label-user-or-admin-defined-permissions.png)
+![Option to add user or admin defined permissions.](../media/sensitivity-label-user-or-admin-defined-permissions.png)
## Assign permissions now
Use the following options to control who can access email or documents to which
Settings for access control for encrypted content:
-![Settings for admin defined permissions](../media/sensitivity-encryption-settings-for-admin-defined-permissions.png)
+![Settings for admin defined permissions.](../media/sensitivity-encryption-settings-for-admin-defined-permissions.png)
### Rights Management use license for offline access
You can grant permissions to specific people so that only they can interact with
Assigning permissions:
-![Options to assign permissions to users](../media/Sensitivity-Assign-permissions-settings.png)
+![Options to assign permissions to users.](../media/Sensitivity-Assign-permissions-settings.png)
#### Add users or groups
When you choose which permissions to allow for those users or groups, you can se
For more information to help you select the appropriate permissions, see [Usage rights and descriptions](/azure/information-protection/configure-usage-rights#usage-rights-and-descriptions).
-![Options to choose preset or custom permissions](../media/Sensitivity-Choose-permissions-settings.png)
+![Options to choose preset or custom permissions.](../media/Sensitivity-Choose-permissions-settings.png)
Note that the same label can grant different permissions to different users. For example, a single label can assign some users as Reviewer and a different user as Co-author, as shown in the following screenshot. To do this, add users or groups, assign them permissions, and save those settings. Then repeat these steps, adding users and assigning them permissions, saving the settings each time. You can repeat this configuration as often as necessary, to define different permissions for different users.
-![Different users with different permissions](../media/Sensitivity-Multiple-users-permissions.png)
+![Different users with different permissions.](../media/Sensitivity-Multiple-users-permissions.png)
#### Rights Management issuer (user applying the sensitivity label) always has Full Control
A sensitivity label that lets users assign permissions must be applied to conten
Configuring the user-assigned permissions:
-![Encryption settings for user-defined permissions](../media/sensitivity-encryption-settings-for-user-defined-permissions.png)
+![Encryption settings for user-defined permissions.](../media/sensitivity-encryption-settings-for-user-defined-permissions.png)
### Outlook restrictions In Outlook, when a user applies a sensitivity label that lets them assign permissions to a message, you can choose the **Do Not Forward option** or **Encrypt-Only**. The user will see the label name and description at the top of the message, which indicates the content's being protected. Unlike Word, PowerPoint, and Excel (see the [next section](#word-powerpoint-and-excel-permissions)), users aren't prompted to select specific permissions.
-![Sensitivity label applied to message in Outlook](../media/sensitivity-label-outlook-protection-applied.png)
+![Sensitivity label applied to message in Outlook.](../media/sensitivity-label-outlook-protection-applied.png)
When either of these options are applied to an email, the email is encrypted and recipients must be authenticated. Then, the recipients automatically have restricted usage rights:
For example, with the Azure Information Protection unified labeling client, user
- Select users, groups, or organizations. This can include people both inside or outside your organizations. - Set an expiration date, after which the selected users cannot access the content. For more information, see the above section [Rights Management use license for offline access](#rights-management-use-license-for-offline-access).
-![Options for user to protect with custom permissions](../media/sensitivity-aip-custom-permissions-dialog.png)
+![Options for user to protect with custom permissions.](../media/sensitivity-aip-custom-permissions-dialog.png)
For built-in labeling, users see the same dialog box if they select the following:
For built-in labeling, users see the same dialog box if they select the followin
For each example that follows, do the configuration from the **Encryption** page of the wizard when **Configure encryption settings** is selected:
-![Apply encryption option in the sensitivity label wizard](../media/apply-encryption-option.png)
+![Apply encryption option in the sensitivity label wizard.](../media/apply-encryption-option.png)
### Example 1: Label that applies Do Not Forward to send an encrypted email to a Gmail account
compliance Endpoint Dlp Configure Proxy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-configure-proxy.md
The static proxy is configurable through Group Policy (GP). The group policy can
2. Set it to **Enabled** and select **Disable Authenticated Proxy usage**:
- ![Image of group policy settings 1](../media/atp-gpo-proxy1.png)
+ ![Image of group policy settings 1.](../media/atp-gpo-proxy1.png)
3. Open **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**: Configure the proxy
- ![Image of group policy settings 2](../media/atp-gpo-proxy2.png)
+ ![Image of group policy settings 2.](../media/atp-gpo-proxy2.png)
The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DataCollection`.
compliance Endpoint Dlp Getting Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-getting-started.md
In this deployment scenario, you'll onboard devices that have not been onboarded
2. Open the Compliance Center settings page and choose **Onboard devices**. > [!div class="mx-imgBorder"]
- > ![enable device management](../media/endpoint-dlp-learn-about-1-enable-device-management.png)
+ > ![enable device management.](../media/endpoint-dlp-learn-about-1-enable-device-management.png)
> [!NOTE] > While it usually takes about 60 seconds for device onboarding to be enabled, please allow up to 30 minutes before engaging with Microsoft support.
In this deployment scenario, you'll onboard devices that have not been onboarded
5. Choose the way you want to deploy to these additional devices from the **Deployment method** list and then **download package**. > [!div class="mx-imgBorder"]
- > ![deployment method](../media/endpoint-dlp-getting-started-3-deployment-method.png)
+ > ![deployment method.](../media/endpoint-dlp-getting-started-3-deployment-method.png)
6. Follow the appropriate procedures in [Onboarding tools and methods for Windows 10 machines](/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). This link takes you to a landing page where you can access Microsoft Defender for Endpoint procedures that match the deployment package you selected in step 5:
In this scenario, Microsoft Defender for Endpoint is already deployed and there
3. Choose **Device management** to open the **Devices** list. You should see the list of devices that are already reporting in to Microsoft Defender for Endpoint. > [!div class="mx-imgBorder"]
- > ![device management](../media/endpoint-dlp-getting-started-2-device-management.png)
+ > ![device management.](../media/endpoint-dlp-getting-started-2-device-management.png)
4. Choose **Onboarding** if you need to onboard additional devices.
Once done and endpoint is onboarded, it should be visible under the **Devices**
2. Refer to the procedures in [Get started with Activity explorer](data-classification-activity-explorer.md) to access and filter all the data for your Endpoint devices. > [!div class="mx-imgBorder"]
- > ![activity explorer filter for endpoint devices](../media/endpoint-dlp-4-getting-started-activity-explorer.png)
+ > ![activity explorer filter for endpoint devices.](../media/endpoint-dlp-4-getting-started-activity-explorer.png)
## Next steps
compliance Endpoint Dlp Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-learn-about.md
There are a few extra concepts that you need to be aware of before you dig into
Device management is the functionality that enables the collection of telemetry from devices and brings it into Microsoft 365 compliance solutions like Endpoint DLP and [Insider Risk management](insider-risk-management.md). You'll need to onboard all devices you want to use as locations in DLP policies. > [!div class="mx-imgBorder"]
-> ![enable device management](../media/endpoint-dlp-learn-about-1-enable-device-management.png)
+> ![enable device management.](../media/endpoint-dlp-learn-about-1-enable-device-management.png)
Onboarding and offboarding are handled via scripts you download from the Device management center. The center has custom scripts for each of these deployment methods:
Onboarding and offboarding are handled via scripts you download from the Device
- VDI onboarding scripts for non-persistent machines > [!div class="mx-imgBorder"]
-> ![device onboarding page](../media/endpoint-dlp-learn-about-3-device-onboarding-page.png)
+> ![device onboarding page.](../media/endpoint-dlp-learn-about-3-device-onboarding-page.png)
Use the procedures in [Getting started with Microsoft 365 Endpoint DLP](endpoint-dlp-getting-started.md) to onboard devices. If you have onboarded devices through [Microsoft Defender for Endpoint](/windows/security/threat-protection/), those devices will automatically show up in the list of devices. > [!div class="mx-imgBorder"]
-> ![managed devices list](../media/endpoint-dlp-learn-about-2-device-list.png)
+> ![managed devices list.](../media/endpoint-dlp-learn-about-2-device-list.png)
### Viewing Endpoint DLP data You can view alerts related to DLP policies enforced on endpoint devices by going to the [DLP Alerts Management Dashboard](dlp-configure-view-alerts-policies.md). > [!div class="mx-imgBorder"]
-> ![Alert info](../media/Alert-info-1.png)
+> ![Alert info.](../media/Alert-info-1.png)
You can also view details of the associated event with rich metadata in the same dashboard > [!div class="mx-imgBorder"]
-> ![event info](../media/Event-info-1.png)
+> ![event info.](../media/Event-info-1.png)
Once a device is onboarded, information about audited activities flows into Activity explorer even before you configure and deploy any DLP policies that have devices as a location. > [!div class="mx-imgBorder"]
-> ![endpoint dlp events in activity explorer](../media/endpoint-dlp-learn-about-4-activity-explorer.png)
+> ![endpoint dlp events in activity explorer.](../media/endpoint-dlp-learn-about-4-activity-explorer.png)
Endpoint DLP collects extensive information on audited activity.
For example, if a file is copied to removable USB media, you'd see these attribu
- removable media device serial number > [!div class="mx-imgBorder"]
-> ![copy to usb activity attributes](../media/endpoint-dlp-learn-about-5-activity-attributes.png)
+> ![copy to usb activity attributes.](../media/endpoint-dlp-learn-about-5-activity-attributes.png)
## Next steps
compliance Endpoint Dlp Using https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-using.md
Or
- If you want to exclude noisy file paths from monitoring > [!div class="mx-imgBorder"]
- > ![DLP settings](../media/endpoint-dlp-1-using-dlp-settings.png)
+ > ![DLP settings.](../media/endpoint-dlp-1-using-dlp-settings.png)
### File path exclusions
These scenarios require that you already have devices onboarded and reporting in
5. Scroll down to the **Incident reports** section and set **Send an alert to admins when a rule match occurs** to **On**. Email alerts will be automatically sent to the administrator and anyone else you add to the list of recipients. > [!div class="mx-imgBorder"]
- > ![turn-on-incident-reports](../media/endpoint-dlp-2-using-dlp-incident-reports.png)
+ > ![turn-on-incident-reports.](../media/endpoint-dlp-2-using-dlp-incident-reports.png)
6. For the purposes of this scenario, choose **Send alert every time an activity matches the rule**.
These scenarios require that you already have devices onboarded and reporting in
5. Scroll down to the **Audit or restrict activities on Windows device** section and for each activity set the corresponding action to **Block with override**. > [!div class="mx-imgBorder"]
- > ![set block with override action](../media/endpoint-dlp-6-using-dlp-set-blocked-with-override.png)
+ > ![set block with override action.](../media/endpoint-dlp-6-using-dlp-set-blocked-with-override.png)
6. Choose **Save**.
These scenarios require that you already have devices onboarded and reporting in
You'll see a popup like this on the client device: > [!div class="mx-imgBorder"]
- > ![endpoint dlp client blocked override notification](../media/endpoint-dlp-3-using-dlp-client-blocked-override-notification.png)
+ > ![endpoint dlp client blocked override notification.](../media/endpoint-dlp-3-using-dlp-client-blocked-override-notification.png)
10. Check Activity explorer for the event.
will leave a .txt file that contains this message
4. Copy the file you just created to your OneDrive synchronization folder. A user notification toast should appear telling you that the action is not allowed and that the file will be quarantined. For example, for user name *Isaiah Langer*, and a document titled *auto-quarantine doc 1.docx* you would see this message:
-![Data loss prevention user notification popup stating that the OneDrive synchronization action is not allowed for the specified file and that the file will be quarantined](../media/auto-quarantine-user-notification-toast.png)
+![Data loss prevention user notification popup stating that the OneDrive synchronization action is not allowed for the specified file and that the file will be quarantined.](../media/auto-quarantine-user-notification-toast.png)
The message reads:
compliance Error Remediation When Processing Data In Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/error-remediation-when-processing-data-in-advanced-ediscovery.md
Use the following workflow to remediate files with errors in Advanced eDiscovery
1. On the **Processing** tab in the Advanced eDiscovery case, select **Errors** in the **View** drop-down menu and then select a review set or the entire case in the **Scope** drop-down menu. This section displays all errors from the case or error from a specific review set.
- ![Error remediation](../media/8c2faf1a-834b-44fc-b418-6a18aed8b81a.png)
+ ![Error remediation.](../media/8c2faf1a-834b-44fc-b418-6a18aed8b81a.png)
2. Select the errors you want to remediate by clicking the radio button next to either the error type or file type. In the following example, we're remediating a password protected file.
Use the following workflow to remediate files with errors in Advanced eDiscovery
The error remediation workflow starts with a preparation stage where the files with errors are copied to a Microsoft-provided Azure Storage location so that you can download them to your local computer to remediate.
- ![Preparing error remediation](../media/390572ec-7012-47c4-a6b6-4cbb5649e8a8.png)
+ ![Preparing error remediation.](../media/390572ec-7012-47c4-a6b6-4cbb5649e8a8.png)
4. After the preparation is complete, click **Next: Download files** to proceed with download.
- ![Download files](../media/6ac04b09-8e13-414a-9e24-7c75ba586363.png)
+ ![Download files.](../media/6ac04b09-8e13-414a-9e24-7c75ba586363.png)
5. To download files, specify the **Destination path for download**. This is a path to the parent folder on your local computer where the file will be downloaded. The default path, %USERPROFILE%\Downloads\errors, points to the logged-in user's downloads folder. You can change this path if desired. If you do change it, we recommend that you use a local file path for the best performance. Don't use a remote network path. For example, you could use the path **C:\Remediation**.
Use the following workflow to remediate files with errors in Advanced eDiscovery
6. Copy the predefined command by clicking **Copy to clipboard**. Open a Windows Command Prompt, paste the AzCopy command, and then press **Enter**.
- ![Prepare for error remediation](../media/f364ab4d-31c5-4375-b69f-650f694a2f69.png)
+ ![Prepare for error remediation.](../media/f364ab4d-31c5-4375-b69f-650f694a2f69.png)
> [!NOTE] > You must use AzCopy v8.1 to successfully use the command that's provided on the **Download files** page. You also must use AzCopy v8.1 to upload the files in step 10. To install this version of AzCopy, see [Transfer data with the AzCopy v8.1 on Windows](/previous-versions/azure/storage/storage-use-azcopy). If the supplied AzCopy command fails, please see [Troubleshoot AzCopy in Advanced eDiscovery](troubleshooting-azcopy.md).
Use the following workflow to remediate files with errors in Advanced eDiscovery
8. Return to Advanced eDiscovery and the error remediation wizard and then click **Next: Upload files**. This moves to the next page where you can now upload the files.
- ![Upload Files](../media/af3d8617-1bab-4ecd-8de0-22e53acba240.png)
+ ![Upload Files.](../media/af3d8617-1bab-4ecd-8de0-22e53acba240.png)
9. Specify the parent folder where the remediated files are located in the **Path to location of files** text box. Again, the parent folder must have the same subfolder structure that was created when you downloaded the files.
Use the following workflow to remediate files with errors in Advanced eDiscovery
10. Copy the predefined command by clicking **Copy to clipboard**. Open a Windows Command Prompt, paste the AzCopy command, and then press **Enter**. upload the files.
- ![Results of successful upload of remediated files in Azcopy](../media/ff2ff691-629f-4065-9b37-5333f937daf6.png)
+ ![Results of successful upload of remediated files in Azcopy.](../media/ff2ff691-629f-4065-9b37-5333f937daf6.png)
11. After you run the AzCopy command, click **Next: Process files**.
compliance Event Driven Retention https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/event-driven-retention.md
A retention label based on an event has the same capabilities as any retention l
To successfully use event-based retention, it's important to understand the relationship between event types, retention labels, events, and asset IDs as illustrated in the diagrams and the explanation that follows:
-![Diagram 1 of 2: Event type, labels, events, and asset IDs](../media/a5141a6b-61ca-4a60-9ab0-24e6bb45bbdb.png)
+![Diagram 1 of 2: Event type, labels, events, and asset IDs.](../media/a5141a6b-61ca-4a60-9ab0-24e6bb45bbdb.png)
-![Diagram 2 of 2: Event type, labels, events, and asset IDs](../media/ce89a91f-49aa-4b5a-933c-ac3a13dccd5d.png)
+![Diagram 2 of 2: Event type, labels, events, and asset IDs.](../media/ce89a91f-49aa-4b5a-933c-ac3a13dccd5d.png)
1. You create retention labels for different types of content and then associate them with a type of event. For example, retention labels for different types of product files and records are associated with an event type named Product Lifetime because those records must be retained for 10 years from the time the product reaches its end of life.
Finally, remember that each retention label has its own retention settings. In t
High-level workflow for event-driven retention:
-![Diagram of workflow for setting up event-driven retention](../media/event-based-retention-process.png)
+![Diagram of workflow for setting up event-driven retention.](../media/event-based-retention-process.png)
> [!TIP] > See [Use retention labels to manage the lifecycle of documents stored in SharePoint](auto-apply-retention-labels-scenario.md) for a detailed scenario about using managed properties in SharePoint to auto-apply retention labels and implement event-driven retention.
High-level workflow for event-driven retention:
To create and configure your retention label, see the instructions for [Create retention labels](./create-apply-retention-labels.md#step-1-create-retention-labels). But specific to event-based retention, on the **Define retention settings** page of the Create retention label wizard, after **Start the retention period based on**, select one of the default event types from the dropdown list, or create your own by selecting **Create new event type**:
-![Create a new event type for a retention label](../media/SPRetention6.png)
+![Create a new event type for a retention label.](../media/SPRetention6.png)
An event type is simply a general description of an event that you want to associate with a retention label.
After an event-based label is applied to content, you can enter an asset ID for
Asset ID is simply another document property that's available in SharePoint and OneDrive. Your organization might already use other document properties and IDs to classify content. If so, you can also use those properties and values when you create an eventΓÇösee step 6 that follows. The important point is that you must use some *property:value* combination in the document properties to associate that item with an event type.
-![Text box to enter an Asset ID](../media/6d31628e-7162-4370-a8d7-de704aafa350.png)
+![Text box to enter an Asset ID.](../media/6d31628e-7162-4370-a8d7-de704aafa350.png)
### Step 5: Create an event When a particular instance of that event type occurs, such as a product reaches its end of life, go to the **Records management** > **Events** page in the Microsoft 365 compliance center, and select **+ Create** to create an event. You trigger the event by creating it, here.
-![Create an event to trigger start of retention for event-based retention labels](../media/create-event-records-management.png)
+![Create an event to trigger start of retention for event-based retention labels.](../media/create-event-records-management.png)
Up to one million events are supported per tenant.
Up to one million events are supported per tenant.
When you create the event, choose the same event type specified in the retention label settings in step 2. For example, if you selected **Product Lifetime** as your event type for the label settings, select **Product Lifetime** when you create the event. Only content with retention labels applied to it of that event type will have its retention period triggered.
-![Option in Event settings to choose an event type](../media/choose-event-type-records-management.png)
+![Option in Event settings to choose an event type.](../media/choose-event-type-records-management.png)
Alternatively, if you need to create an event for multiple retention labels that have different event types, select the **Choose Existing Labels** option. Then, select the labels that are configured for the event types you want to associate with this event.
Your organization might have applied other properties and IDs to the documents r
Finally, choose the date when the event occurred; this date is used as the start of the retention period. After you create an event, that event date is synchronized to all the content with a retention label of that event type, asset ID, and keywords or queries. As with any retention label, this synchronization can take up to seven days.
-![Event settings page](../media/40d3c9db-f624-49a5-b38a-d16bcce20231.png)
+![Event settings page.](../media/40d3c9db-f624-49a5-b38a-d16bcce20231.png)
After creating an event, the retention settings take effect for the content that's already labeled and indexed. If the retention label is added to new content after the event is created, you must create a new event with the same details.
The events that get automatically created can be confirmed by viewing them in th
Create a flow that creates an event using the Microsoft 365 REST API:
-![Using Power Automate to create an event](../media/automate-event-driven-retention-flow-1.png)
+![Using Flow to create an event.](../media/automate-event-driven-retention-flow-1.png)
-![Using Power Automate to call the REST API](../media/automate-event-driven-retention-flow-2.png)
+![Using flow to call the REST API.](../media/automate-event-driven-retention-flow-2.png)
#### Create an event
compliance Export A Content Search Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/export-a-content-search-report.md
The first step is to prepare the report for downloading to your computer exporti
2. On the **Actions** menu at the bottom of the search flyout page, click **Export report**.
- ![Export report option in Actions menu](../media/ActionMenuExportReport.png)
+ ![Export report option in Actions menu.](../media/ActionMenuExportReport.png)
The **Export report** flyout page is displayed. The export report options available to export information about the search depend on whether search results are located in mailboxes or sites or a combination of both. 3. Under **Output options**, choose one of the following options:
- ![Export output options](../media/ExportOutputOptions.png)
+ ![Export output options.](../media/ExportOutputOptions.png)
- **All items, excluding ones that have unrecognized format, are encrypted, or weren't indexed for other reasons**. This option only exports information about indexed items.
The next step is to download the report from the Azure Storage area to your loca
6. In the **eDiscovery Export Tool**, do the following:
- ![eDiscovery Export Tool](../media/eDiscoveryExportTool.png)
+ ![eDiscovery Export Tool.](../media/eDiscoveryExportTool.png)
1. Paste the export key that you copied in step 3 in the appropriate box.
compliance Export Content In Core Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/export-content-in-core-ediscovery.md
After a search associated with a Core eDiscovery case is successfully run, you c
5. On the **Actions** menu at the bottom of the flyout page, click **Export results**.
- ![Export results option in Actions menu](../media/ActionMenuExportResults.png)
+ ![Export results option in Actions menu.](../media/ActionMenuExportResults.png)
The workflow to export the results of a search associated with a Core eDiscovery case is that same as exporting the search results for a search on the **Content search** page. For step-by-step instructions, see [Export content search results](export-search-results.md).
After a search associated with a Core eDiscovery case is successfully run, you c
6. Click the **Exports** tab in the case to display the list of export jobs.
- ![Export jobs on the Export tab in Core eDiscovery case](../media/CoreeDiscoveryExport.png)
+ ![Export jobs on the Export tab in Core eDiscovery case.](../media/CoreeDiscoveryExport.png)
You may have to click **Refresh** to update the list of export jobs so that it shows the export job you created. Export jobs have the same name as the corresponding search with **_Export** appended to the search name.
compliance Export Documents From Review Set https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/export-documents-from-review-set.md
To export documents from a review set:
The Export tool displays the flyout page with the settings to configure the export. Some options are selected by default, but you can change these. See the following section for descriptions of the export options that you can configure.
- ![Configuration options for exporting items from a review set](../media/bcfc72c7-4a01-4697-9e16-2965b7f04fdb.png)
+ ![Configuration options for exporting items from a review set.](../media/bcfc72c7-4a01-4697-9e16-2965b7f04fdb.png)
3. After you configure the export, click **Export** to start the export process. Depending on the option that you selected in **Output options** section, you can access the export files by direct download or in your organization's Azure Storage account.
compliance Export Search Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/export-search-results.md
The first step is to prepare the search results for exporting. When you prepare
2. On the **Actions** menu at the bottom of the flyout page, click **Export results**.
- ![Export results option in Actions menu](../media/ActionMenuExportResults.png)
+ ![Export results option in Actions menu.](../media/ActionMenuExportResults.png)
The **Export results** flyout page is displayed. The export options available to export content depend on whether search results are located in mailboxes or sites or a combination of both. 3. Under **Output options**, choose one of the following options:
- ![Export output options](../media/ExportOutputOptions.png)
+ ![Export output options.](../media/ExportOutputOptions.png)
- **All items, excluding ones that have unrecognized format, are encrypted, or weren't indexed for other reasons**. This option exports only indexed items.
The first step is to prepare the search results for exporting. When you prepare
4. Under **Export Exchange content as**, choose one of the following options:
- ![Exchange options](../media/ExchangeExportOptions.png)
+ ![Exchange options.](../media/ExchangeExportOptions.png)
- **One PST file for each mailbox**: Exports one PST file for each user mailbox that contains search results. Any results from the user's archive mailbox are included in the same PST file. This option reproduces the mailbox folder structure from the source mailbox.
The first step is to prepare the search results for exporting. When you prepare
5. Configure the following additional options:
- ![Configure other export options](../media/OtherExportOptions.png)
+ ![Configure other export options.](../media/OtherExportOptions.png)
1. Select the **Enable de-duplication for Exchange content** checkbox to exclude duplicate messages.
The next step is to download the search results from the Azure Storage location
6. In the **eDiscovery Export Tool**, do the following:
- ![eDiscovery Export Tool](../media/eDiscoveryExportTool.png)
+ ![eDiscovery Export Tool.](../media/eDiscoveryExportTool.png)
1. Paste the export key that you copied in step 3 in the appropriate box.
For information about limits when exporting content search results, see the "Exp
To export partially indexed items from all content locations for a search, configure the search to return all items (by removing any keywords from the search query) and then export only partially indexed items when you export the search results.
- ![Use the third export option to export only unindexed items](../media/5d7be338-a0e5-425f-8ba5-92769c24bf75.png)
+ ![Use the third export option to export only unindexed items.](../media/5d7be338-a0e5-425f-8ba5-92769c24bf75.png)
- When exporting search results from SharePoint or OneDrive for Business sites, the ability to export unindexed items also depends on the export option that you select and whether a site that was searched contains an indexed item that matches the search criteria. For example, if you search specific SharePoint or OneDrive for Business sites and no search results are found, then no unindexed items from those sites will be exported if you choose the second export option to export both indexed and unindexed items. If an indexed item from a site does match the search criteria, then all unindexed items from that site will be exported when exporting both indexed and unindexed items. The following illustration describes the export options based on whether a site contains an indexed item that matches the search criteria.
- ![Choose the export option based on whether a site contains an indexed item that matches the search criteria](../media/94f78786-c6bb-42fb-96b3-7ea3998bcd39.png)
+ ![Choose the export option based on whether a site contains an indexed item that matches the search criteria.](../media/94f78786-c6bb-42fb-96b3-7ea3998bcd39.png)
a. Only indexed items that match the search criteria are exported. No partially indexed items are exported.
compliance Export View Audit Log Records https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/export-view-audit-log-records.md
The first step is to search the audit log and then export the results in a comma
2. Click **Export results** and select **Download all results**.
- ![Click Download all results](../media/ExportAuditSearchResults.png)
+ ![Click Download all results.](../media/ExportAuditSearchResults.png)
This option to exports all the audit records from the audit log search you ran in step 1, and downloads the raw data from the audit log to a CSV file.
The first step is to search the audit log and then export the results in a comma
3. Click **Save > Save as** and save the CSV file to your local computer. It takes a while to download many search results. This is typically the case when searching for all activities or a broad date range. A message at the bottom of the windows is displayed when the CSV file is finished downloading.
- ![Message displayed when the CSV file is finished downloading](../media/ExportAuditSearchResultsFinish.png)
+ ![Message displayed when the CSV file is finished downloading.](../media/ExportAuditSearchResultsFinish.png)
> [!NOTE] > You can download a maximum of 50,000 entries to a CSV file from a single audit log search. If 50,000 entries are downloaded to the CSV file, you can probably assume there are more than 50,000 events that met the search criteria. To export more than this limit, try using a date range to reduce the number of audit log records. You might have to run multiple searches with smaller date ranges to export more than 50,000 entries.
The next step is to use the JSON transform feature in the Power Query Editor in
2. On the **Data** tab, in the **Get & Transform Data** ribbon group, click **From Text/CSV**.
- ![On the Data tab, click From Text/CSV](../media/JSONTransformOpenCSVFile.png)
+ ![On the Data tab, click From Text/CSV.](../media/JSONTransformOpenCSVFile.png)
3. Open the CSV file that you downloaded in Step 1. 4. In the window that's displayed, click **Transform Data**.
- ![Click Transform Data](../media/JSONOpenPowerQuery.png)
+ ![Click Transform Data.](../media/JSONOpenPowerQuery.png)
The CSV file is opened in the **Query Editor**. There are four columns: **CreationDate**, **UserIds**, **Operations**, and **AuditData**. The **AuditData** column is a JSON object that contains multiple properties. The next step is to create a column for each property in the JSON object. 5. Right-click the title in the **AuditData** column, click **Transform**, and then click **JSON**.
- ![Right-click the AuditData column, click Transform, and then select JSON](../media/JSONTransform.png)
+ ![Right-click the AuditData column, click Transform, and then select JSON.](../media/JSONTransform.png)
6. In the upper-right corner of the **AuditData** column, click the expand icon.
- ![In the AuditData column, click the expand icon](../media/JSONTransformExpandIcon.png)
+ ![In the AuditData column, click the expand icon.](../media/JSONTransformExpandIcon.png)
A partial list of the properties in the JSON objects in the **AuditData** column is displayed. 7. Click **Load more** to display all properties in the JSON objects in the **AuditData** column.
- ![Click Load more to display all properties in JSON object](../media/JSONTransformLoadJSONProperties.png)
+ ![Click Load more to display all properties in JSON object.](../media/JSONTransformLoadJSONProperties.png)
You can unselect the checkbox next to any property that you don't want to include. Eliminating columns that aren't useful for your investigation is a good way to reduce the amount of data displayed in the audit log.
compliance File Plan Manager https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/file-plan-manager.md
In the Microsoft 365 compliance center, go to **Solutions** > **Records manageme
If **Records management** doesn't display in the navigation pane, first scroll down, and select **Show all**.
-![File plan page](../media/compliance-file-plan.png)
+![File plan page.](../media/compliance-file-plan.png)
## Navigating your file plan
To get you started, there are some out-of-box values for the following file plan
Example of file plan descriptors when you create or edit a retention label:
-![File plan descriptors when you create or edit a retention label](../media/file-plan-descriptors.png)
+![File plan descriptors when you create or edit a retention label.](../media/file-plan-descriptors.png)
When you select **Choose** for each of these optional descriptors, you can select one of the out-of-box values, or create your own and then select it. For example:
-![Create new file plan descriptor for provision/citation](../media/file-plan-descriptors-create.png)
+![Create new file plan descriptor for provision/citation.](../media/file-plan-descriptors-create.png)
## Export all retention labels to analyze or enable offline reviews
From your file plan, you can export the details of all retention labels into a .
To export all retention labels: On the **File plan** page, click **Export**:
-![Option to export file plan](../media/compliance-file-plan-export-labels.png)
+![Option to export file plan.](../media/compliance-file-plan-export-labels.png)
A *.csv file that contains all existing retention labels opens. For example:
-![CSV file showing all retention labels](../media/file-plan-csv-file.png)
+![CSV file showing all retention labels.](../media/file-plan-csv-file.png)
## Import retention labels into your file plan
In file plan, you can bulk-import new retention labels by using a .csv file with
1. On the **File plan** page, click **Import** to use the **Fill out and import your file plan** page:
- ![Option to import file plan](../media/compliance-file-plan-import-labels.png)
+ ![Option to import file plan.](../media/compliance-file-plan-import-labels.png)
- ![Option to download a blank file plan template](../media/file-plan-blank-template-option.png)
+ ![Option to download a blank file plan template.](../media/file-plan-blank-template-option.png)
2. Download a blank template as instructed:
- ![Blank file plan template opens in Excel](../media/file-plan-blank-template.png)
+ ![Blank file plan template opens in Excel.](../media/file-plan-blank-template.png)
3. Fill out the template, using the following information that describes the properties and valid values for each property. For import, some values have a maximum length:
In file plan, you can bulk-import new retention labels by using a .csv file with
Here's an example of the template containing the information about retention labels.
- ![File plan template with information filled in](../media/file-plan-filled-out-template.png)
+ ![File plan template with information filled in.](../media/file-plan-filled-out-template.png)
4. Under step 3 on the **Fill out and import your file plan** page, click **Browse for files** to upload the filled-out template, and then select **Next**. File plan uploads the file and validates the entries, displaying the import statistics.
- ![File plan import statistics](../media/file-plan-import-statistics.png)
+ ![File plan import statistics.](../media/file-plan-import-statistics.png)
5. Depending on the validation results:
compliance Filter Data When Importing Pst Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/filter-data-when-importing-pst-files.md
Use the new Intelligent Import feature in the Microsoft 365 Import service to fi
The following graphic shows the Intelligent Import process, and highlights the tasks you perform and the tasks performed by Office 365.
-![The Intelligent Import process in Office 365](../media/f2ec309b-11f5-48f2-939c-a6ff72152d14.png)
+![The Intelligent Import process in Office 365.](../media/f2ec309b-11f5-48f2-939c-a6ff72152d14.png)
## Create a PST import job
The following graphic shows the Intelligent Import process, and highlights the t
- [Use drive shipping to import PST files to Office 365](use-drive-shipping-to-import-pst-files-to-office-365.md) -- After you create an import job by using network upload, the status for the import job on the Import page in the Microsoft 365 compliance center is set to **Analysis in progress**, which means that Microsoft 365 is analyzing the data in the PST files that you uploaded. Click **Refresh**![refresh](../media/165fb3ad-38a8-4dd9-9e76-296aefd96334.png) to update the status for the import job.
+- After you create an import job by using network upload, the status for the import job on the Import page in the Security & Compliance Center is set to **Analysis in progress**, which means that Microsoft 365 is analyzing the data in the PST files that you uploaded. Click **Refresh**![refresh.](../media/165fb3ad-38a8-4dd9-9e76-296aefd96334.png) to update the status for the import job.
- For drive shipping import jobs, the data will be analyzed by Microsoft 365 after Microsoft datacenter personnel receive your hard drive and upload the PST files to the Azure storage area for your organization.
After you've created a PST import job, follow these steps to filter the data bef
The import jobs for your organization are listed on the **Import** tab. The **Analysis completed** value in the **Status** column indicates the import jobs that have been analyzed by Microsoft 365 and are ready for you to import.
- ![Analysis complete status indicates Microsoft 365 has analyzed the data in PST files](../media/de5294f4-f0ba-4b92-a48a-a4b32b6da490.png)
+ ![Analysis complete status indicates Microsoft 365 has analyzed the data in PST files.](../media/de5294f4-f0ba-4b92-a48a-a4b32b6da490.png)
3. Select the import job that you want to complete and click **Import to Office 365**.
After you've created a PST import job, follow these steps to filter the data bef
The **Filter your data** page is displayed. It contains data insights about the data in the PST files for the import job, including information about the age of the data.
- ![The Filter your data page shows data insights of the PST files for the import job](../media/3b537ec0-25a4-45a4-96d5-a429e2a33128.png)
+ ![The Filter your data page shows data insights of the PST files for the import job.](../media/3b537ec0-25a4-45a4-96d5-a429e2a33128.png)
5. Based on whether or not you want to trim the data that's imported to Microsoft 365, under **Do you want to filter your data?**, do one of the following:
After you've created a PST import job, follow these steps to filter the data bef
The **Import data to Office 365 page** page is displayed with detailed data insights from the analysis that Microsoft 365 performed.
- ![Microsoft 365 displays detailed data insights from its analysis of the PST files](../media/4881205f-0288-4c32-a440-37e2160295f2.png)
+ ![Microsoft 365 displays detailed data insights from its analysis of the PST files.](../media/4881205f-0288-4c32-a440-37e2160295f2.png)
The graph on this page shows the amount of data that will be imported. Information about each message type found in the PST files is displayed in the graph. You can hover the cursor over each bar to display specific information about that message type. There is also a drop-down list with different age values based on the analysis of the PST files. When you select an age in the drop-down list, the graph is updated to show how much data will be imported for the selected age. b. To configure addition filters to reduce the amount of data that's imported, click **More filtering options**.
- ![Configure the filters on the More options page to trim the data that's imported](../media/3f8d68c3-3fe2-4b4e-9488-b368b98fa9fe.png)
+ ![Configure the filters on the More options page to trim the data that's imported.](../media/3f8d68c3-3fe2-4b4e-9488-b368b98fa9fe.png)
You can configure these filters:
After you've created a PST import job, follow these steps to filter the data bef
- **Type** - This section shows all the message types that were found in the PST files for the import job. You can uncheck a box next to a message type that you want to exclude. You can't exclude the Other message type. See the [More information](#more-information) section for a list of mailbox items that are included in the Other category.
- - **Users** - You can exclude messages that are sent or received by specific people. To exclude people who appear in the From: field, To: field, or the Cc: field of messages, click **Exclude users** next to that recipient type. Type the email address (SMTP address) of the person, click **Add**![New icon](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) to add them to the list of excluded users for that recipient type, and then click **Save** to save the list of excluded users.
+ - **Users** - You can exclude messages that are sent or received by specific people. To exclude people who appear in the From: field, To: field, or the Cc: field of messages, click **Exclude users** next to that recipient type. Type the email address (SMTP address) of the person, click **Add**![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) to add them to the list of excluded users for that recipient type, and then click **Save** to save the list of excluded users.
> [!NOTE] > Microsoft 365 doesn't show data insights that result from setting the **People** filter. However, if you set this filter to exclude messages sent or received by specific people, those messages will be excluded during the actual import process.
After you've created a PST import job, follow these steps to filter the data bef
The data insights on the **Import data to Office 365** page are updated based on your filter settings, including the total amount of data that will be imported based on the filter settings. A summary of the filter settings is also shown. You can click **Edit** next to a filter to change the setting if necessary.
- ![The data insights are updated based on your filter settings](../media/897e20fb-3b13-44c3-9d56-9f330750f2a3.png)
+ ![The data insights are updated based on your filter settings.](../media/897e20fb-3b13-44c3-9d56-9f330750f2a3.png)
d. Click **Next**.
After you've created a PST import job, follow these steps to filter the data bef
b. On the **Import data to Office 365** page, click **Import data** to start the import. The total amount of data that will be imported is displayed.
-6. On the **Import** tab, click **Refresh** ![refresh](../media/165fb3ad-38a8-4dd9-9e76-296aefd96334.png). The status for the import job is displayed in the **Status** column.
+6. On the **Import** tab, click **Refresh** ![refresh.](../media/165fb3ad-38a8-4dd9-9e76-296aefd96334.png). The status for the import job is displayed in the **Status** column.
7. Click the import the job to display more detailed information, such as the status for each PST file and the filter settings that you configured.
compliance Form A Query To Find Sensitive Data Stored On Sites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/form-a-query-to-find-sensitive-data-stored-on-sites.md
Users often store sensitive data, such as credit card numbers, social security n
There are three parts that make up a basic DLP query: SensitiveType, count range, and confidence range. As illustrated in the following graphic, **SensitiveType:"\<type\>"** is required, and both **|\<count range\>** and **|\<confidence range\>** are optional.
-![Example query divided into required and optional](../media/DLP-query-example-text.png)
+![Example query divided into required and optional.](../media/DLP-query-example-text.png)
### Sensitive type - required
compliance Get Started Core Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-core-ediscovery.md
If you create a case in Step 3 and you're the only person who will use the case,
To get you started using core eDiscovery, here's a simple workflow of creating eDiscovery holds for people of interest, searching for content that relevant to your investigation, and then exporting that data for further review. In each of these steps, we'll also highlight some extended Core eDiscovery functionality that you can explore.
-![Core eDiscovery workflow](../media/CoreEdiscoveryWorkflow.png)
+![Core eDiscovery workflow.](../media/CoreEdiscoveryWorkflow.png)
1. **[Create an eDiscovery hold](create-ediscovery-holds.md)**. The first step after creating a case is placing a hold (also called an *eDiscovery hold*) on the content locations of the people of interest in your investigation. Content locations include Exchange mailboxes, SharePoint sites, OneDrive accounts, and the mailboxes and sites associated with Microsoft Teams and Office 365 Groups. While this step is optional, creating an eDiscovery hold preserves content that may be relevant to the case during the investigation. When you create an eDiscovery hold you can preserve all content in specific content locations or you can create a query-based hold to preserve only the content that matches a hold query. In addition to preserving content, another good reason to create eDiscovery holds is to quickly search the content locations on hold (instead of having to select each location to search) when you create and run searches in the next step. After you complete your investigation, you can release any hold that you created.
compliance Get Started With Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-advanced-ediscovery.md
Advanced eDiscovery in Microsoft 365 provides an end-to-end workflow to preserve
This article discusses the following steps necessary to set up Advanced eDiscovery.
-![Steps to set up Advanced eDiscovery](../media/set-up-advanced-ediscovery.png)
+![Steps to set up Advanced eDiscovery.](../media/set-up-advanced-ediscovery.png)
This includes ensuring the proper licensing required to access Advanced eDiscovery and add custodians to cases, and assigning permissions to your legal and investigation team so they can access and manage cases.
compliance Get Started With Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-sensitivity-labels.md
When you're ready to start protecting your organization's data by using sensitiv
The basic flow for deploying and applying sensitivity labels:
-![Diagram showing workflow for sensitivity labels](../media/Sensitivity-label-flow.png)
+![Diagram showing workflow for sensitivity labels.](../media/Sensitivity-label-flow.png)
## Subscription and licensing requirements for sensitivity labels
compliance Get Started With Service Trust Portal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-service-trust-portal.md
When you sign up for either a free trial, or a subscription, you must enable Azu
The Service Trust Portal features and content are accessible from the main menu.
-![Service Trust Portal menu](../media/STPMenus1.png)
+![Service Trust Portal menu.](../media/STPMenus1.png)
The following sections describe each item in the main menu.
Go to **More > Admin** to access administrative functions that are only availabl
Click the magnifying glass in the upper right-hand corner of the Service Trust Portal page to expand the box, enter your search terms, and press **Enter**. The **Search** page is displayed, with the search term displayed in the search box and the search results listed below.
-![Service Trust Portal - Search on Documents with filter applied](../media/86b754e1-c63c-4514-89ac-d014bf334140.png)
+![Service Trust Portal - Search on Documents with filter applied.](../media/86b754e1-c63c-4514-89ac-d014bf334140.png)
By default, the search returns document results. You can filter the results by using the dropdown lists to refine the list of documents displayed. You can use multiple filters to narrow the list of documents. Filters include the specific cloud services, categories of compliance or security practices, regions, and industries. Click the document name link to download the document. To list controls from Assessments in Compliance Manager (classic) related your search terms, click **Compliance Manager**. The search results show the date the assessment was created, the name of the assessment grouping, the applicable Microsoft Cloud service, and whether the control is Microsoft or Customer Managed. Click the name of the control to view the control in the Assessment in Compliance Manager (classic).
-![Service Trust Portal - Search on Compliance Manager Controls](../media/bafb811a-68ce-40b5-ad16-058498fe5439.png)
+![Service Trust Portal - Search on Compliance Manager Controls.](../media/bafb811a-68ce-40b5-ad16-058498fe5439.png)
> [!NOTE] > Service Trust Portal reports and documents are available to download for at least 12 months after publishing or until a new version of document becomes available.
To access these starter packs, go to **Service Trust Portal > Industries & Regio
The Service Trust Portal enables you to view the page content in different languages. To change the page language, simply click on the globe icon in the lower left corner of the page and select the language of your choice.
-![Service Trust Portal - Localized content options](../media/b50c677e-a886-4267-9eca-915d880ead7a.png)
+![Service Trust Portal - Localized content options.](../media/b50c677e-a886-4267-9eca-915d880ead7a.png)
## Give feedback
We can help with questions about the Service Trust Portal, or errors you experie
Your feedback is important to us. Click on the Feedback button at the bottom of the page to send us comments about what you did or did not like, or suggestions you may have for improving our products or product features.
-![What kind of feedback do you have](../media/5a949f4c-cd2d-4258-aa33-394f3f9feb7b.jpg)
+![What kind of feedback do you have.](../media/5a949f4c-cd2d-4258-aa33-394f3f9feb7b.jpg)
compliance Get Started With The Default Dlp Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/get-started-with-the-default-dlp-policy.md
Before you even create your first data loss prevention (DLP) policy, DLP is help
You can use this widget to quickly view when and how much sensitive information was shared, and then refine the default DLP policy in just a click or two. You can also edit the default DLP policy at any time because it's fully customizable. Note that if you don't see the recommendation at first, try clicking **+More** at the bottom of the **Recommended for you** section.
-![Widget named Further protect shared content](../media/2bae6dbc-cc92-4f35-b54c-c36e60226b5b.png)
+![Widget named Further protect shared content.](../media/2bae6dbc-cc92-4f35-b54c-c36e60226b5b.png)
## View the report and refine the default DLP policy
For more information on incident reports or restricting access, see [Data loss p
If you want to change these options later, you can edit the default DLP policy at any time - see the next section.
-![Settings for widget named Further protect shared content](../media/dad30a84-2715-4c0a-a5c5-44d85492363e.png)
+![Settings for widget named Further protect shared content.](../media/dad30a84-2715-4c0a-a5c5-44d85492363e.png)
## Edit the default DLP policy
This policy is named **Default DLP policy** and appears under **Data loss preven
This policy is fully customizable, the same as any DLP policy that you create yourself from scratch. You can also turn off or delete the policy, so that your users no longer receive policy tips or email notifications.
-![DLP policy named Default DLP policy](../media/260731e8-4d57-4c98-abec-07b052ec48d5.png)
+![DLP policy named Default DLP policy.](../media/260731e8-4d57-4c98-abec-07b052ec48d5.png)
## When the widget does and does not appear
compliance How Dlp Works Between Admin Centers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/how-dlp-works-between-admin-centers.md
In Microsoft 365, you can create a data loss prevention (DLP) policy in two diff
DLP polices created in these admin centers work side by side - this topic explains how.
-![DLP pages in Security and Compliance Center and Exchange admin center](../media/d3eaa7e7-3b16-457b-bd9c-26707f7b584f.png)
+![DLP pages in Security and Compliance Center and Exchange admin center.](../media/d3eaa7e7-3b16-457b-bd9c-26707f7b584f.png)
## How DLP in the Security & Compliance Center works with DLP and mail flow rules in the Exchange admin center
compliance Import Hr Data US Government https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-hr-data-US-government.md
The next step is to create an HR connector in the Microsoft 365 compliance cente
5. On the **File mapping** page, type the names of the three column headers (also called *parameters*) from the CSV file that you created in Step 2 in each of the appropriate boxes. The names are not case-sensitive. As previously explained, the names that you type in these boxes must match the parameter names in your CSV file. For example, the following screenshot shows the parameter names from the example in sample CSV file shown in Step 2.
- ![Column heading names match the ones in the CSV file](../media/HRConnectorWizard3.png)
+ ![Column heading names match the ones in the CSV file.](../media/HRConnectorWizard3.png)
6. On the **Review** page, review your settings and then click **Finish** to create the connector. A status page is displayed that confirms the connector was created. This page contains two important things that you need to complete the next step to run the sample script to upload your HR data.
- ![Review page with job ID and link to github for sample script](../media/HRConnector_Confirmation.png)
+ ![Review page with job ID and link to github for sample script.](../media/HRConnector_Confirmation.png)
1. **Job ID.** You'll need this job ID to run the script in the next step. You can copy it from this page or from the connector flyout page.
The next step is to create an HR connector in the Microsoft 365 compliance cente
8. Click the HR connector that you just created to display the flyout page, which contains properties and other information about the connector.
- ![Flyout page for new HR connector](../media/HRConnectorWizard7.png)
+ ![Flyout page for new HR connector.](../media/HRConnectorWizard7.png)
If you haven't already done so, you can copy the values for the **Azure App ID** and **Connector job ID**. You'll need these to run the script in the next step. You can also download the script from the flyout page (or download it using the link in the next step.)
After you create the HR connector and run the script to upload your HR data, you
2. Click the **Connectors** tab and then select the HR connector to display the flyout page. This page contains the properties and information about the connector.
- ![HR connector flyout page with properties and status](../media/HRConnectorFlyout1.png)
+ ![HR connector flyout page with properties and status.](../media/HRConnectorFlyout1.png)
3. Under **Progress**, click the **Download log** link to open (or save) the status log for the connector. This log contains information about each time the script runs and uploads the data from the CSV file to the Microsoft cloud.
- ![HR connector log file displays number rows from CSV file that were uploaded](../media/HRConnectorLogFile.png)
+ ![HR connector log file displays number rows from CSV file that were uploaded.](../media/HRConnectorLogFile.png)
The `RecordsSaved` field indicates the number of rows in the CSV file that uploaded. For example, if the CSV file contains four rows, then the value of the `RecordsSaved` fields is 4, if the script successfully uploaded all the rows in the CSV file.
You can user the Task Scheduler app in Windows to automatically run the script e
7. Select the **Actions** tab, click **New**, and then do the following things:
- ![Action settings to create a new scheduled task for the HR connector script](../media/HRConnectorScheduleTask1.png)
+ ![Action settings to create a new scheduled task for the HR connector script.](../media/HRConnectorScheduleTask1.png)
1. In the **Action** dropdown list, make sure that **Start a program** is selected.
You can user the Task Scheduler app in Windows to automatically run the script e
The new task is displayed in the Task Scheduler Library.
- ![The new task is displayed in the Task Scheduler Library](../media/HRConnectorTaskSchedulerLibrary.png)
+ ![The new task is displayed in the Task Scheduler Library.](../media/HRConnectorTaskSchedulerLibrary.png)
The last time the script ran and the next time it's scheduled to run is displayed. You can double-click the task to edit it.
compliance Import Hr Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-hr-data.md
After you complete this step, be sure to copy the job ID that's generated when y
A status page is displayed that confirms the connector was created. This page contains two important things that you need to complete the next step to run the sample script to upload your HR data.
- ![Review page with job ID and link to github for sample script](../media/HRConnector_Confirmation.png)
+ ![Review page with job ID and link to github for sample script.](../media/HRConnector_Confirmation.png)
1. **Job ID.** You'll need this job ID to run the script in the next step. You can copy it from this page or from the connector flyout page.
After you complete this step, be sure to copy the job ID that's generated when y
10. Click the HR connector that you just created to display the flyout page, which contains properties and other information about the connector.
- ![Flyout page for new HR connector](../media/HRConnectorWizard7.png)
+ ![Flyout page for new HR connector.](../media/HRConnectorWizard7.png)
If you haven't already done so, you can copy the values for the **Azure App ID** and **Connector job ID**. You'll need these to run the script in the next step. You can also download the script from the flyout page (or download it using the link in the next step.)
After you create the HR connector and run the script to upload your HR data, you
2. Click the **Connectors** tab and then select the HR connector to display the flyout page. This page contains the properties and information about the connector.
- ![HR connector flyout page with properties and status](../media/HRConnectorFlyout1.png)
+ ![HR connector flyout page with properties and status.](../media/HRConnectorFlyout1.png)
3. Under **Progress**, click the **Download log** link to open (or save) the status log for the connector. This log contains information about each time the script runs and uploads the data from the CSV file to the Microsoft cloud.
- ![HR connector log file displays number rows from CSV file that were uploaded](../media/HRConnectorLogFile.png)
+ ![HR connector log file displays number rows from CSV file that were uploaded.](../media/HRConnectorLogFile.png)
The `RecordsSaved` field indicates the number of rows in the CSV file that uploaded. For example, if the CSV file contains four rows, then the value of the `RecordsSaved` fields is 4, if the script successfully uploaded all the rows in the CSV file.
You can user the Task Scheduler app in Windows to automatically run the script e
7. Select the **Actions** tab, click **New**, and then do the following things:
- ![Action settings to create a new scheduled task for the HR connector script](../media/HRConnectorScheduleTask1.png)
+ ![Action settings to create a new scheduled task for the HR connector script.](../media/HRConnectorScheduleTask1.png)
1. In the **Action** dropdown list, make sure that **Start a program** is selected.
You can user the Task Scheduler app in Windows to automatically run the script e
The new task is displayed in the Task Scheduler Library.
- ![The new task is displayed in the Task Scheduler Library](../media/HRConnectorTaskSchedulerLibrary.png)
+ ![The new task is displayed in the Task Scheduler Library.](../media/HRConnectorTaskSchedulerLibrary.png)
The last time the script ran and the next time it's scheduled to run is displayed. You can double-click the task to edit it.
compliance Import Physical Badging Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-physical-badging-data.md
After you create the physical badging connector and push your physical badging d
2. Click the **Connectors** tab and then select the physical badging connector to display the flyout page. This page contains the properties and information about the connector.
- ![Status flyout page for physical badging connector](..\media\PhysicalBadgingStatusFlyout.png)
+ ![Status flyout page for physical badging connector.](..\media\PhysicalBadgingStatusFlyout.png)
3. Under **Last import**, click the **Download log** link to open (or save) the status log for the connector. This log contains information about each time the script runs and uploads the data from the CSV file to the Microsoft cloud.
- ![Physical badging connector log file displays number rows from JSON file that were uploaded](..\media\PhysicalBadgingConnectorLogFile.png)
+ ![Physical badging connector log file displays number rows from JSON file that were uploaded.](..\media\PhysicalBadgingConnectorLogFile.png)
The **RecordsSaved** field indicates the number of rows in the CSV file that uploaded. For example, if the CSV file contains four rows, then the value of the **RecordsSaved** fields is 4, if the script successfully uploaded all the rows in the CSV file.
You can user the Task Scheduler app in Windows to automatically run the script e
7. Select the **Actions** tab, click **New**, and then do the following things:
- ![Action settings to create a new scheduled task for the physical badging connector script](..\media\SchedulePhysicalBadgingScript1.png)
+ ![Action settings to create a new scheduled task for the physical badging connector script.](..\media\SchedulePhysicalBadgingScript1.png)
1. In the **Action** dropdown list, make sure that **Start a program** is selected.
You can user the Task Scheduler app in Windows to automatically run the script e
The new task is displayed in the Task Scheduler Library.
- ![The new task is displayed in the Task Scheduler Library](..\media\SchedulePhysicalBadgingScript2.png)
+ ![The new task is displayed in the Task Scheduler Library.](..\media\SchedulePhysicalBadgingScript2.png)
The last time the script ran and the next time it's scheduled to run is displayed. You can double-click the task to edit it.
compliance Importing Pst Files To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/importing-pst-files-to-office-365.md
description: Learn how to use the Import service in the Microsoft 365 compliance
You can use the Import service in the Microsoft 365 compliance center to quickly bulk-import PST files to Exchange Online mailboxes in your organization. There are two ways y