+<!--

+Microsoft Entra rebrand: Please do not submit pull requests containing branding updates from Azure Active Directory, Azure AD, AAD, etc, to their respective Microsoft Entra equivalents at this time.

+Microsoft Entra rebranding is being coordinated across the Learn platform and will be applied to this repo automatically when we receive confirmation that product UIs have been updated. If you have questions regarding the rebrand project, contact dstrome.

+This text can be deleted.

+-->

+Defender TI provides proprietary reputation scores for any Host, Domain, or IP Address. Whether validating the reputation of a known or unknown entity, this score helps users quickly understand any detected ties to malicious or suspicious infrastructure. The platform provides quick information about the activity of these entities, such as First and Last Seen timestamps, ASN, country/region, associated infrastructure, and a list of rules that impact the reputation score when applicable.

+ - **Country** where the services will be used. You **won't** be able to change the country/region later, even during the sign-up process; you'll have to restart the sign-up wizard.

+Users with permissions to the shared mailbox can send as or send on behalf of the mailbox email address, if the administrator has given that user permissions to do that. This is especially useful for help and support mailboxes because users can send emails from "Contoso Support" or "Building A Reception Desk."

+> - As of January 26, 2021, new bank accounts are no longer supported for customers in Belgium, France, Italy, Luxembourg, Portugal, Spain, and the United States. If you're an existing customer in one of those countries/regions, you can continue paying for your subscription with an existing bank account that is in good standing. However, you can't add new subscriptions to the bank account.

+|Tax Rate|The tax rate applicable to the product based on the country/region of billing.|

+The tax rate applied to the invoice depends on the country/region of billing. You can check the invoice recon file for the tax rate applied to each

+This section shows the billing account used for the proposal. If you need to change any information, select the **Edit** link. You can also use the **Edit** link to add your organization's Tax ID. The Tax ID must be related to the country/region listed in the **Sold to** section. If you have a tax exemption, you must open a support ticket to request tax-exempt status.

+2. Through a meet-me location in Hong Kong Special Administrative Region for the people in Hong Kong SAR.

+2. Through a meet-me location in Hong Kong Special Administrative Region for the people in Hong Kong SAR.

+## Remaining Countries/regions in the Move Program

+> Even though the Move Program is officially ending, we still have some in-flight geographies that we will see through to completion, based on the original 24-month migration commitment. Please refer to the table below for the remaining countries/regions and their migration deadlines.

+Teams files are stored in SharePoint Online and Teams chat files are stored in OneDrive for Business. Voicemail, calendar, and contacts are stored in Exchange Online. In many cases, Exchange Online, SharePoint Online, and OneDrive for Business are already used by the customer in the local datacenter geo and are also part of the Microsoft 365 migration program for eligible customer countries/regions.

+Yes. Microsoft maintains a large global network with public Internet connections in more than 130 locations in 35 countries/regions around the world with peering agreements with more than 2,700 Internet Service Providers (ISPs). Users will be able to access the datacenters from wherever they are on the Internet.

+|Macro Region Geography 2 - Asia Pacific <br/> |Data centers in Hong Kong Special Administrative Region, Japan, Malaysia, Singapore, South Korea <br/> |

+|Default Geography <br/> |When an _AAD Tenant_ is created, a country/region is provided by the customer during the sign-up process. This country/region determines the default Geography for all Microsoft 365 services. In some cases, not all services are able to provision in this single _Default Geography_. See _Microsoft 365 Service provisioning mapping_ below for a description. <br/> |

+Microsoft 365 Cloud services run on our data centers around the world and provide services to customers around the world. Customer data may be stored in multiple data centers. Data residency refers to the geographic location where customer data is stored at rest. Data residency is important for government, public sector, education and regulated commercial entities to help ensure protection of personal and/or sensitive information. In many countries/regions, customers are expected to comply with laws, regulations or industry standards that explicitly govern the location of data storage.

+When a customer creates a new AAD _Tenant_, the customer enters a country/region during the creation process. This country/region is what defines the _Default Geography_ for the _Tenant_. There are multiple paths to creating _Tenants_. They can be created through AAD forms, they can be created when trying out new Microsoft 365 services (trials), etc. Once a _Tenant_ is created, the _Default Geography_ cannot be changed.

+**Example 1:** For a _Tenant_ with the sign-up country/region as "France" that has a new subscription that includes Exchange Online, SharePoint Online and Microsoft Teams, then the customer data for those services will be provisioned into the French _Local Region Geography_. Why? Because those services are deployed into the French data centers and the _Tenant_ has a France sign up country/region.

+**Example 2:** For a _Tenant_ with the sign-up country/region as "Belgium" that has a new subscription that includes Exchange Online, SharePoint Online and Microsoft Teams, then the customer data for those services will be provisioned into the _Macro Region Geography 1 ΓÇô EMEA_. Why? Because there are no Microsoft 365 data centers in Belgium and the closest Geography is _Macro Region Geography 1 - EMEA_.

+**Example 3:** For a _Tenant_ with the sign-up country/region as "Japan" that has a new subscription that includes Microsoft Forms, then the customer data for Forms will be provisioned into the _Macro Region Geography 3 - Americas_. Why? Because Forms is only deployed in _Macro Region Geography 3 - Americas_ and _Macro Region Geography 1 ΓÇô EMEA_ (EU _Tenants_ only).

+**Example 4a:** For a _Tenant_ with the sign-up country/region as "Sweden" that has a new subscription that includes Microsoft Viva Engage, then the customer data for Viva Engage will be provisioned into the _Macro Region Geography 1 - EMEA_. Why? Because Viva Engage is deployed in _Macro Region Geography 1 - EMEA_ and Swedish _Tenants_ are best served out of that _Geography_.

+**Example 4b:** For a _Tenant_ with the sign-up country/region as "Sweden" that has a subscription that includes Microsoft Viva Engage from before Viva Engage was deployed to _Macro Regional Geography 1 - EMEA_, then the customer data for Viva Engage will be located in _Macro Region Geography 3 - Americas_. Why? Because, at that time, Viva Engage only had a single deployment for all customers in _Macro Region Geography 3 - Americas_.

+1. If a _Tenant_ has sign up country/region as a _Local Region Geography_ and has a subscription to the _Advanced Data Residency_ service add-on, then the _Tenant_ data for the included services will be migrated from the _Regional Geography_ to the relevant _Local Region Geography_.

+1. Only available in the following countries/regions: Australia, Brazil, Canada, France, Germany, India, Japan, Poland, Qatar, South Korea, Norway, South Africa, Sweden, Switzerland, United Arab Emirates, United Kingdom, European Union and the United States.

+1. Only available for _Local Region Geography_ and _Expanded Local Region Geography_ (when the future data center is launced) countries/regions.

+**Table 3: Available Data Residency by Country/Region**

+| Country/Region | Exchange Online | SharePoint Online | Teams | MDO P1 | Office for the web | Viva Connections | Viva Topics | Purview |

+|Macro Region Geography 2 - Asia Pacific | Hong Kong SAR, Japan, Malaysia, Singapore, South Korea |

+|Country/Region |Datacenter Location |

+| HK | Hong Kong SAR | APC²| APC²| APC²|

+| MO | Macao, SAR | APC²| APC²| APC²|

+- _Tenant_ has a sign up country/region included in _Local Region Geography_, the European Union or the United States.

+1. _Tenant_ has a sign up country/region included in _Local Region Geography_ or _Expanded Local Region Geography_.

+> _Fig 1: Azure AD cross tenant synchronization illustration_

+When you click the *Run test* button, we show the running test page and identify the office location. You can type in your location by city, state, and country/region or choose to have it detected for you. If you detect the office location, the tool requests the latitude and longitude from the web browser and limits the accuracy to 300 meters by 300 meters before use. It's not necessary to identify the location more accurately than the building to measure network performance.

+- -city &lt;city&gt; For the city, state, and country/region fields the specified value will be used if provided. If not provided then Windows Location Services (WLS) will be queried. If WLS fails the location will be detected fromthe machines network egress

+The commandline tool uses Windows Location Services to find the users City State Country/region information for determining some distances. If Windows Location Services is disabled in the control panel then user location based assessments will be blank. In Windows Settings "Location services" must be on and "Let desktop apps access your location" must also be on.

+audience: admin

+In your firewall, open all the URLs where the geography column is WW. For rows where the geography column isn't WW, open the URLs to your specific data location. To verify your data location setting, see [Verify data storage location and update data retention settings for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/data-retention-settings).

+> If you have found any issues in this article, you can report it directly to a Windows Server/Windows Client partner or use the Microsoft technical support numbers for your country/region.

+|[ServiceNow vulnerability response](https://go.microsoft.com/fwlink/?linkid=2243580)| ServiceNow | Use the Microsoft Threat and vulnerability management integration to import third-party scanner data about your assets and vulnerabilities. You can then view reports about vulnerabilities and vulnerable items on the Vulnerability Response dashboards.

+ - **Are there unusual events with uncommon properties?** Unique properties for an impacted user, like unusual ISP, country/region, or city, might indicate suspicious sign-in patterns.

+ - **Check whether the user received other alerts before the password spray activity.** Having these alerts indicate that the user account might be compromised. Examples include impossible travel alert, activity from infrequent country/region, and suspicious email deletion activity, among others.

+ **Check whether the user received other alerts preceding the password spray activity.** Having these alerts indicate that the user account might be compromised. Examples include impossible travel alert, activity from infrequent country/region, and suspicious email deletion activity, among others.

+Run this query to check whether the country/region is common for the user by looking at the history of the user.

+The number of potential victims is significant, given the popularity of some apps. A case occurred where a free file compression app was poisoned and deployed to customers in a country/region where it was the top utility app.

+At Microsoft, we believe that the development of new technologies and self-regulation requires the support of effective government policy and legal frameworks. The worldwide spam proliferation has spurred numerous legislative bodies to regulate commercial email. Many countries/regions now have spam-fighting laws in place. The United States has both federal and state laws governing spam, and this complementary approach is helping to curtail spam while enabling legitimate e-commerce to prosper. The CAN-SPAM Act expands the tools available for curbing fraudulent and deceptive email messages.

+- Activity from infrequent country/region

+> [!NOTE]

+> Quarantine isn't available in Microsoft 365 operated by 21Vianet.

+### Find who deleted a quarantined message

+By default, many security policy verdicts allow users to delete their quarantined messages (messages where they're a recipient). For more information, see the table at [Manage quarantined messages and files as a user](quarantine-end-user.md).

+Admins can search the audit log to find events for messages that were deleted from quarantine by using the following procedures:

+1. In the Defender portal at <https://security.microsoft.com>, go to **Audit**. Or, to go directly to the **Audit** page, use <https://security.microsoft.com/auditlogsearch>.

+ > [!TIP]

+ > You can also get to the **Audit** page in the Microsoft Purview compliance portal at <https://compliance.microsoft.com/auditlogsearch>

+2. On the **Audit** page, verify that the **New Search** tab is selected, and then configure the following settings:

+ - **Date and time range (UTC)**

+ - **Activities - friendly names**: Click in the box, start typing "quarantine" in the :::image type="icon" source="../../media/m365-cc-sc-search-icon.png" border="false"::: **Search** box that appears, and then select **Deleted Quarantine message** from the results.

+ - **Users**: If know who deleted the message from quarantine, you can further filter the results by user.

+3. When you're finished entering the search criteria, select **Search** to generate the search.

+For complete instructions for audit log searches, see [Audit New Search](/purview/audit-new-search).

+- **In the details flyout of the selected message**: Select :::image type="icon" source="../../media/m365-cc-sc-more-actions-icon.png" border="false"::: **More options** \> :::image type="icon" source="../../media/m365-cc-sc-edit-icon.png" border="false"::: **Request release**.

+> [!TIP]

+> Admins can find out who deleted a quarantined message by searching the admin audit log. For instructions, see [Find who deleted a quarantined message](quarantine-admin-manage-messages-files.md#find-who-deleted-a-quarantined-message).

+The Block senders action adds the message sender to the Blocked Senders list in your mailbox. For more information about blocking senders, see [Block a mail sender](https://support.microsoft.com/office/b29fd867-cac9-40d8-aed1-659e06a706e4).

+When a potentially malicious chat message is detected in Microsoft Teams, zero-hour auto purge (ZAP) removes the message and quarantines it. Users can now view and manage these quarantined Teams messages in the Microsoft 365 Defender portal. Quarantine notifications aren't supported for quarantined Teams messages.

+- **Quarantine reason**: Available options are **High confidence phish** and **Malware**.

+If you don't release or remove a message, it's automatically deleted from quarantine after the date shown in the **Expires** column.

+- Whether users receive periodic (every four hours, daily, or weekly) notifications about their quarantined messages via [quarantine notifications](quarantine-quarantine-notifications.md).

+- Quarantine isn't available in Microsoft 365 operated by 21Vianet.

+ > [!NOTE]

+ > The language value **English** maps to every English language code except en-US. If you have users with en-US mailboxes only, use the value **Default**. If you have a mix of mailboxes with en-US and other English languages codes (en-GB, en-CA, en-AU, etc.), use the language value **Default** in one customized quarantine notification, and the language value **English** in another customized quarantine notification.

+> [!TIP]

+> Admins can find out who deleted a quarantined message by searching the admin audit log. For instructions, see [Find who deleted a quarantined message](quarantine-admin-manage-messages-files.md#find-who-deleted-a-quarantined-message).

+> [!NOTE]

+> Quarantine isn't available in Microsoft 365 operated by 21Vianet.

+Admins can also use the global settings in quarantine policies to customize quarantine notifications in the following ways:

+- Add translations in up to three languages.

+- Customize the sender and logo that's used in the notification.

+- Notification frequency (every four hours, daily, or weekly).

+For instructions, see [Configure global quarantine notification settings](quarantine-policies.md#configure-global-quarantine-notification-settings-in-the-microsoft-365-defender-portal).

+- Quarantine isn't available in Microsoft 365 operated by 21Vianet.

+|**From these countries** (_EnableRegionBlockList_ and _RegionBlockList_)|**Off** (`$false` and Blank)|**Off** (`$false` and Blank)|**Off** (`$false` and Blank)|We have no specific recommendation for this setting. You can block messages from specific countries/regions based on your business needs.|

+Use the outbound settings to specify which users or groups from your organization can access resources in the external organization.

+ Title: 'Test against Windows monthly security updates'

+description: This section shows you how to set up your own scheduled tests against Windows monthly security updates

+search.appverid: MET150

+audience: Software-Vendor

+ms.localizationpriority: medium

+f1.keywords: NOCSH

+# Test against Windows monthly security updates

+Test Base provides scheduled automatic tests against these fixed issues in a proactive way, so that you can get more assurance and have a chance to fix the issue before any damage happens, and your organization or your users can stay productive and protected.

+This section shows you how to set up your own scheduled tests against Windows monthly security updates.

+## Prepare your package

+1. **Define content:** Depending on your package type, you may select below instructions:

+- [Creating and Testing Binary Files on Test Base](testapplication.md)

+- [Test your Intune application on Test Base](testintuneapplication.md)

+- [Uploading a pre-built zip package](uploadapplication.md)

+2. **Configure test:** Both *Out-of-Box* test and *Functional* test are supported. Selecting *Out-of-Box* leverages the officially suggested test flow and automatically generate install / uninstall / launch / close test scripts for you; *Functional* tests allow you more flexibility to set up your own test flow. You may also select both.

+3. **Edit package:** Edit test scripts and test flow as you need.

+ > [!NOTE]

+ > To better mimic the update process, Test Base allows you to update from previous monthΓÇÖs OS (or your own image, see in [Custom Image documentation](https://aka.ms/tbcustomimage)). If you have selected Functional tests in the Configure test step, you may further decide when you would like the Windows update to happen in your test flow.

+## Sign-up for Windows monthly security updates

+Scheduled tests against Windows monthly updates are set in the **Test matrix** step. By selecting **Security update**, your package would be tested against incremental churns of Windows monthly security updates.

+Then, you may specify the Windows product(s) you want to test against from the dropdown list of ΓÇ£*OS versions to test*ΓÇ¥.

+> [!div class="mx-imgBorder"]

+> [](Media/validate-monthly-security-updates-1.png#lightbox)

+Your selection registers your application for automatic test runs against the B release of Windows monthly security updates of selected product(s).

+- For customers who have Default Access customers on Test Base, their applications are validated against the final release version of the B release security updates, starting from Patch Tuesday.

+- For early validation before the official release, you may request to become a Full Access customer on Test Base. Your applications would be validated against the pre-release versions of the B release security updates, starting up to 3-weeks before prior to Patch Tuesday. This allows more lead time to take proactive steps in resolving any issues found during testing before in advance of the final release on Patch Tuesday. (How to become a Full Access customer? Please refer to [Request to change access level \| Microsoft Docs](accesslevel.md))

+- To protect your devices from unpatched vulnerabilities, Microsoft also offers more types of update releases other than B release security updates (See in [Update release cycle for Windows clients](/windows/deployment/update/release-cycle)). If you would like to test against optional non-security preview releases, please contact us via [testbasepreview@microsoft.com](mailto:testbasepreview@microsoft.com).

+- If the OS youΓÇÖre looking for didnΓÇÖt show up in our current supported product list, feel free to [Let us know your request](https://forms.office.com/r/ZeGihXBXHk)).

+## Check test results for monthly security updates

+A test run will be executed after the package passes the validation. On a monthly basis, an automated run will be scheduled on each patch Tuesday when the latest Windows security update gets released. (For Full Access customer, your tests will be triggered more frequently when there is a new release available.)

+You can view the results of the test runs under the **Test summary** page by clicking the link on the package name.

+> [!div class="mx-imgBorder"]

+> [](Media/validate-monthly-security-updates-2.png#lightbox)

+You may use the release number / release version / KB number to map with the update version pushed to your organization. You will not only get the detailed script execution results with test logs but also compare regressively with previousΓÇÖ monthΓÇÖs execution result to deep dive into any further performance risks. In case you might need to reproduce the failure and see in detail the execution process in video, you may click on **Re-run test**.

+> [!div class="mx-imgBorder"]

+> [](Media/validate-monthly-security-updates-3.png#lightbox)

+For on-demand tests against certain OS version, you may also go to Package catalog \> Manage packages \> Run on request.

+> [!div class="mx-imgBorder"]

+> [](Media/validate-monthly-security-updates-4.png#lightbox)