-The Usage Summary Reports Reader role will have to be assigned through PowerShell cmdlets until it becomes assignable from the Microsoft 365 admin center later in 2020.

-To assign the Usage Summary Reports Reader role with PowerShell:

-```powershell

-Connect-AzureAD

-Enable-AzureADDirectoryRole -RoleTemplateId '75934031-6c7e-415a-99d7-48dbd49e875e'

-$role=Get-AzureADDirectoryRole -Filter "roleTemplateId eq '75934031-6c7e-415a-99d7-48dbd49e875e'"

-Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId

-$u=Get-AzureADUser -ObjectId <user upn>

-Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $u.ObjectId

-```

-2. Un-check the box that says **Allow Microsoft 365 usage data to be used for people experiences insights**. To understand how to modify data-sharing settings for Endpoint Analytics in the Intune configuration manager, select **Learn more**.

-3. Select **Save**.

-|Conditions: Trainable classifiers|Yes |No |

-When you select the **Sensitive info types** option, you see the same list of sensitive information types as when you create a data loss prevention (DLP) policy. So you can, for example, automatically apply a Highly Confidential label to any content that contains customers' personal information, such as credit card numbers, social security numbers, or passport numbers:

- The rules use conditions that include sensitive information types and sharing options:

- - For sensitive information types, you can select both built-in and custom sensitive information types.

- - For the shared options, you can choose **only with people inside my organization** or **with people outside my organization**.

-Modern attachments are files sourced from [OneDrive](/onedrive/plan-onedrive-enterprise#modern-attachments) or [SharePoint](/sharepoint/dev/solution-guidance/modern-experience-customizations) sites that are included in Teams messages. Text is automatically extracted from these attachments for automated processing and potential matches with active communication compliance policy conditions and classifiers. There isn't any additional configuration necessary for Modern attachment detection and processing. Text is only extracted for attachments matching policy conditions. Text isn't extracted for attachments for messages with policy matches, even if the attachment also has a policy match.

-For Azure Active Directory data locations, please visit [Data residency in Azure](https://azure.microsoft.com/global-infrastructure/data-residency/#overview).

-If Customer's billing address is outside Europe and Customer has an Office 365 Education subscription, then notwithstanding the "Location of Customer Data at Rest for Core Online Services" section of the OST, Microsoft may provision Customer's Office 365 tenant in, transfer Customer Data to, and store Customer Data at rest anywhere within Europe or North America. If Customer's billing address is in Europe and Customer has an Office 365 Education subscription, then notwithstanding the "Location of Customer Data at Rest for Core Online Services" section of the OST, Microsoft may provision Customer's Office 365 tenant in, transfer Customer Data to, and store Customer Data at rest anywhere within the European Union.

-|Sweden |November 16, 2021 |May 31, 2022 |

- Verify that ```New-CsBatchTeamsDeployment``` and ```Get-CsBatchTeamsDeployment``` are listed.

- Get-CsBatchTeamsDeployment -OrchestrationId "OrchestrationId"

-<!--USGovDoD endpoints version 2022062900-->

-<!--File generated 2022-06-29 08:00:20.3239-->

-12 | Default<BR>Required | Yes | `*.dod.cdn.office365.us`<BR>`52.181.164.39/32, 52.182.95.191/32` | **TCP:** 443

-<!--Worldwide endpoints version 2022072800-->

-<!--File generated 2022-07-29 08:00:03.8046-->

-3 | Default<BR>Required | No | `r1.res.office365.com, r3.res.office365.com, r4.res.office365.com` | **TCP:** 443, 80

-8 | Default<BR>Required | No | `*.outlook.com, attachments.office.net` | **TCP:** 443, 80

-31 | Optimize<BR>Required | Yes | `<tenant>.sharepoint.com, <tenant>-my.sharepoint.com`<BR>`13.107.136.0/22, 40.108.128.0/17, 52.104.0.0/14, 104.146.128.0/17, 150.171.40.0/22, 2603:1061:1300::/40, 2620:1ec:8f8::/46, 2620:1ec:908::/46, 2a01:111:f402::/48` | **TCP:** 443, 80

-39 | Default<BR>Required | No | `*.gr.global.aa-rt.sharepoint.com, *.svc.ms, <tenant>-admin.sharepoint.com, <tenant>-files.sharepoint.com, <tenant>-myfiles.sharepoint.com` | **TCP:** 443, 80

-26 | Default<BR>Required | No | `*.msedge.net, compass-ssl.microsoft.com` | **TCP:** 443

-47 | Default<BR>Required | No | `*.cdn.office.net, contentstorage.osi.office.net` | **TCP:** 443

-50 | Default<BR>Optional<BR>**Notes:** OneNote notebooks (wildcards) | No | `*.microsoft.com, *.office.net` | **TCP:** 443

-66 | Default<BR>Required | No | `*.portal.cloudappsecurity.com, suite.office.net` | **TCP:** 443

-70 | Default<BR>Required | No | `*.o365weve.com, amp.azure.net, appsforoffice.microsoft.com, assets.onestore.ms, auth.gfx.ms, c1.microsoft.com, dgps.support.microsoft.com, docs.microsoft.com, msdn.microsoft.com, platform.linkedin.com, prod.msocdn.com, shellprod.msocdn.com, support.content.office.net, support.microsoft.com, technet.microsoft.com, videocontent.osi.office.net, videoplayercdn.osi.office.net` | **TCP:** 443

-71 | Default<BR>Required | No | `*.office365.com` | **TCP:** 443

-78 | Default<BR>Optional<BR>**Notes:** Some Office 365 features require endpoints within these domains (including CDNs). Many specific FQDNs within these wildcards have been published recently as we work to either remove or better explain our guidance relating to these wildcards. | No | `*.microsoft.com, *.msocdn.com, *.office.net, *.onmicrosoft.com` | **TCP:** 443, 80

-88 | Default<BR>Required | No | `insertmedia.bing.office.net` | **TCP:** 443, 80

-128 | Default<BR>Required | No | `*.config.office.net, *.manage.microsoft.com` | **TCP:** 443

-149 | Default<BR>Required | No | `workplaceanalytics.cdn.office.net` | **TCP:** 443, 80

-1. In the left navigation pane in Lighthouse, select **Users** > **Search users**.

-2. On the **Risky Users** tab, select the set of users you want to take action on.

-Azure Active Directory (Azure AD) Multi-Factor Authentication (MFA) helps safeguard access to data and applications, providing another layer of security by using a second form of authentication. The Multifactor Authentication tab provides detailed information on the status of MFA enablement across your tenants. Select any tenant in the list to see more details for that tenant, including which Conditional Access policies requiring MFA are already configured and which users haven't yet registered for MFA.

-2. On the **Multifactor Authentication** tab, look for a tenant currently not using MFA, and then select that tenant to open the tenant details pane.

-2. On the **Multifactor Authentication** tab, look for tenants with users not registered for MFA, and then select the tenant to open the tenant details pane.

-The Password reset tab provides an overview of the tenants that have enabled SSPR through the recommended settings, the number of users who haven't registered for SSPR, and a detailed breakdown by tenant of the SSPR deployment progress across the organizations that you manage.

-2. On the **Password reset** tab, select a tenant from the list to open the details pane.

-2. On the **Password reset** tab, select a tenant from the list to open the details pane.

-1. In the left navigation pane in Lighthouse, select **Users** > **Search users**.

-2. On the **Risky Users** tab, select a risky user from the list.

-1. In the left navigation pane in Lighthouse, select **Users** > **Search users**.

-## Search users tab

-From the Search users tab, you can quickly search across tenants for specific users and perform common user management tasks like updating user account information, resetting passwords, assigning licenses, and managing a user's groups, mailbox, or OneDrive.

-## Risky Users tab

-The Risky Users tab shows user accounts across your tenants that have been flagged for risky behavior. Select any of the users to view more information on a detected risk or to mitigate a risk by resetting a user's password or blocking sign-in. For more information about risk types and detection, see [What is risk?](/azure/active-directory/identity-protection/concept-identity-protection-risks).

-The Risky Users tab also includes the following options:

-## Multifactor Authentication tab

-The Multifactor Authentication tab provides detailed information on the status of multifactor authentication (MFA) enablement across your tenants. Select any tenant in the list to see more details for that tenant, including which Conditional Access policies requiring MFA are already configured and which users haven't yet registered for MFA.

-## Password reset tab

-The Password reset tab shows detailed information on the status of self-service password reset enablement across your tenants. It also provides insights into users who are enabled but still need to register before they can reset their password on their own.

-2. On the **Risky Users** tab, review the users in the list with a risk state of **At risk**.

-2. On the **Risky Users** tab, select the set of users you want to take action on.

-| Microsoft Defender for Business (standalone) | Microsoft 365 Business Premium |

-| Antivirus, antimalware, and ransomware protection capabilities for devices include: <ul><li>[Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) (antivirus/antimalware protection on devices together with cloud protection)</li><li>[Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) (network protection, firewall, and attack surface reduction rules) ^[[a](#fna)]</li><li>[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) (behavior-based detection and manual response actions)</li><li>[Automated investigation and response](../defender/m365d-autoir.md) (with self-healing for detected threats)</li><li>[Microsoft Defender Vulnerability Management](mdb-view-tvm-dashboard.md) (view exposed devices and recommendations)</li><li>[Cross-platform support for devices](mdb-onboard-devices.md) (Windows, Mac, iOS, and Android) ^[[b](#fnb)]</li><li>[Centralized management and reporting](mdb-get-started.md) (Microsoft 365 Defender portal)</li><li>[APIs for integration](../defender-endpoint/management-apis.md) (for Microsoft partners or your custom tools and apps)</li></ul><br/><br/><br/><br/><br/><br/><br/> | Productivity and security capabilities include:<ul><li>[Microsoft 365 Business Standard](../../admin/admin-overview/what-is-microsoft-365-for-business.md) (Office apps and services, and Microsoft Teams)</li><li>[Shared computer activation](/deployoffice/overview-shared-computer-activation) (for deploying Microsoft 365 Apps)</li><li>[Windows 10/11 Business](../../business-premium/m365bp-upgrade-windows-10-pro.md) (upgrade from previous versions of Windows Pro)</li><li>[Windows Autopilot](/mem/autopilot/windows-autopilot) (for setting up and configuring Windows devices)</li><li>[Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md) (antiphishing, antispam, antimalware, and spoof intelligence for email)</li><li>[Defender for Business](mdb-overview.md) (everything listed in the "Defender for Business (standalone)" column) </li><li>[Microsoft Defender for Office 365 Plan 1](../office-365-security/overview.md) (advanced antiphishing, real-time detections, Safe Attachments, Safe Links)</li><li>[Auto-expanding archiving](../../compliance/autoexpanding-archiving.md) (for email)</li><li>[Azure Active Directory Premium Plan 1](/azure/active-directory/fundamentals/active-directory-whatis) (identity management)</li><li>[Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (device onboarding and management)</li><li>[Azure Information Protection Premium Plan 1](/azure/information-protection/what-is-information-protection) (protection for sensitive information)</li><li>[Azure Virtual Desktop](/azure/virtual-desktop/overview) (centrally managed, secure virtual machines in the cloud)</li></ul> |

-|[Centralized management](../defender-endpoint/manage-atp-post-migration.md) |Yes ^[[1](#fn1)]|Yes|Yes|

-|[Simplified client configuration](mdb-simplified-configuration.md)|Yes|No|No|

-|[Microsoft Defender Vulnerability Management](../defender-endpoint/next-gen-threat-and-vuln-mgt.md)|Yes|No|Yes|

-|[Attack surface reduction capabilities](../defender-endpoint/overview-attack-surface-reduction.md)|Yes|Yes|Yes|

-|[Next-generation protection](../defender-endpoint/next-generation-protection.md)|Yes|Yes|Yes|

-|[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md)|Yes ^[[2](#fn2)]|No|Yes|

-|[Automated investigation and response](../defender-endpoint/automated-investigations.md)|Yes ^[[3](#fn3)]|No|Yes|

-|[Threat hunting](../defender-endpoint/advanced-hunting-overview.md) and six months of data retention |No ^[[4](#fn4)]|No|Yes|

-|[Threat analytics](../defender-endpoint/threat-analytics.md)|Yes ^[[5](#fn5)]|No|Yes|

-|[Cross-platform support](../defender-endpoint/minimum-requirements.md) <br/>(Windows, Mac, iOS, and Android OS)|Yes ^[[6](#fn6)]|Yes|Yes|

-|[Microsoft Threat Experts](../defender-endpoint/microsoft-threat-experts.md)|No|No|Yes|

-|Partner APIs|Yes|Yes|Yes|

-|[Microsoft 365 Lighthouse integration](../../lighthouse/m365-lighthouse-overview.md) <br/>(For viewing security incidents across customer tenants)|Yes |Yes ^[[7](#fn7)]|Yes ^[[7](#fn7)]|

-(<a id="fn3">3</a>) In Defender for Business, automated investigation and response is turned on by default, tenant wide. If you turn off automated investigation and response, that affects real-time protection. See [Review settings for advanced features](mdb-configure-security-settings.md#review-settings-for-advanced-features).

-###### [Automated Investigation]()

-#### 1.2 Limitations

-### 1.3 Parameters

-### 1.4 HTTP request

-#### 2.2 Limitations

-### 2.3 Parameters

-### 2.4 HTTP request

-Application|Software.Read.All|\'Read Threat and Vulnerability Management vulnerability information\'

-Delegated (work or school account)|Software.Read|\'Read Threat and Vulnerability Management vulnerability information\'

-Application|Software.Read.All|\'Read Threat and Vulnerability Management vulnerability information\'

-Delegated (work or school account)|Software.Read|\'Read Threat and Vulnerability Management vulnerability information\'

-#### 2.1.2 Limitations

-Application|Vulnerability.Read.All|\'Read "threat and vulnerability management" vulnerability information\'

-Delegated (work or school account)|Vulnerability.Read|\'Read "threat and vulnerability management" vulnerability information\'

-#### Limitations

-Application|Software.Read.All|\'Read Threat and Vulnerability Management vulnerability information\'

-Delegated (work or school account)|Software.Read|\'Read Threat and Vulnerability Management vulnerability information\'

-Application|Software.Read.All|\'Read Threat and Vulnerability Management vulnerability information\'

-Delegated (work or school account)|Software.Read|\'Read Threat and Vulnerability Management vulnerability information\'

- - m365solution-mcafeemigrate

- - m365solution-symantecmigrate

- - m365solution-mcafeemigrate

- - m365solution-symantecmigrate

- :::image type="content" source="../../media/advanced-hunting-take-actions-email.png" alt-text="The Take actions option in the Microsoft 365 Defender portal" lightbox="../../media/advanced-hunting-take-actions-email.png":::

-description: Steps for the set up for a Microsoft 365 Defender trial lab or pilot environment. Test and experience how the security solution is designed to protect devices, identity, data, and apps in your organization.

-This article outlines the process to enable and pilot Microsoft Defender for Endpoint. Before starting this process, be sure you've reviewed the overall process for [evaluating Microsoft 365 Defender](eval-overview.md) and you have [created the Microsoft 365 Defender evaluation environment](eval-create-eval-environment.md).

-|[Step 2. Enable the evaluation environment](eval-defender-endpoint-enable-eval.md) | Follow the steps to setup the evaluation environment. |

-This article outlines the process to enable and pilot Microsoft Defender for Office 365. Before starting this process, be sure you've reviewed the overall process for [evaluating Microsoft 365 Defender](eval-overview.md) and you have [created the Microsoft 365 Defender evaluation environment](eval-create-eval-environment.md).

-|2|[Enable the evaluation environment](eval-defender-office-365-enable-eval.md) | Follow the steps to setup the evaluation environment. |

-In Septemeber 2022, Microsoft Defender for Office 365 Plan 2 customers can access BCL from [advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview). This feature allows admins to look at all bulk senders who sent mail to their organization, along with the corresponding BCL values and the email volume received. You can drill down into the bulk senders by using other columns in **EmailEvents** table in the **Email & collaboration** schema. For more information, see [EmailEvents](/microsoft-365/security/defender/advanced-hunting-emailevents-table).

-Organizations without Defender for Office 365 Plan 2 can use the [Threat protection status report](view-email-security-reports.md#threat-protection-status-report) to identify wanted and unwanted bulk senders:

-1. Go to Threat protection status report at <https://security.microsoft.com/reports/URLProtectionActionReport> and filter by **View data by Email** \> **Spam**.

-

-Admins can follow the recommeded bulk threshold values or choose a bulk threshold value that suits the needs of their organization.

-|[Teams for Healthcare ](/MicrosoftTeams/expand-teams-across-your-org/healthcare/teams-in-hc) | Microsoft Teams offers a number of telemedicine features useful for hospitals and other Healthcare organizations. <br>- Virtual visits and Electronic Healthcare Record (EHR) integration<br>- Teams policy packages<br>- Secure messaging<br>- Teams templates<br>- Care coordination and collaboration |

-| | |

-|[Teams for Retail ](/microsoftteams/expand-teams-across-your-org/teams-for-retail-landing-page) | Microsoft 365 and Microsoft Teams offer several capabilities that can help retail organizations with their daily operations and digital transformation. <br>- In-store and cross-store communication <br>- Virtual fittings and consultations <br>- Simplify business processes <br>- Corporate communications <br>- Onboarding new employees |

-| | |