+By default, guest access for Microsoft 365 groups is turned on for your organization. Admins can control whether to allow guest access to groups for their whole organization or for individual groups.

+## Understanding guest accounts in Microsoft 365

+Being able to easily share files and documents with the right people while preventing oversharing requires planning. The following resources provide more background to help you create a secure guest sharing environment in Microsoft 365.

+- Plan external collaboration

+- Create a secure guest sharing environment

+- Set up secure file and document sharing and collaboration with Teams in Microsoft 365

+- Guest access in Microsoft Teams

+In addition to Microsoft Teams and SharePoint, Microsoft 365 also supports guest access in other applications. The following Microsoft 365 products support guest access.

+- Power Apps (Canvas apps) - Share a canvas app with guest users.

+- Lists - External or guest sharing in OneDrive, SharePoint, and Lists.

+- OneDrive - External or guest sharing in OneDrive, SharePoint, and Lists.

+- Planner ΓÇô Applies to Web and mobile platforms. Guest access in Microsoft Planner.

+- Microsoft 365 groups - Manage guest access in Microsoft 365 groups.

+- Yammer - Work with external groups in Yammer networks not aligned to native mode.

+For Microsoft Office applications like Microsoft Word and Excel, guest access is controlled by the location of the output file, for example, Microsoft SharePoint, Teams, and OneDrive.

+## Next steps: Add guests in Azure Active Directory

+To add guests in the Azure Active Directory, see [add guest users](/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal).

+After you add a user you can also assign them to a group, or give them access to an app in your organization. Once you've added a user in the Azure AD portal, that user will also be listed on the **Guest users** page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2074830" target="_blank">Microsoft 365 admin center</a>.

+See [add guests in bulk](/azure/active-directory/b2b/tutorial-bulk-invite) to invite multiple guests to collaborate with your organization.

+## Related content

+[Manage guest access in Microsoft 365 groups](../create-groups/manage-guest-access-in-groups.md)\

+[Prevent guests from being added to a specific Microsoft 365 group or Microsoft Teams](../../solutions/per-group-guest-access.md)\

+[Organization switcher in the Microsoft 365 admin center](https://techcommunity.microsoft.com/t5/microsoft-365-blog/new-organization-switcher-in-the-microsoft-365-admin-center/ba-p/1165543) (article)

+2. Select the group you want to add the guest to, and select **View all and manage members** on the **Members** tab.

+3. Select **Add members**, and choose the name of the guest you want to add.

+4. Select **Save**.

+## Remove a guest

+Once you're done collaborating with a guest user, you can remove them, and they'll no longer have access to your organization.

+1. In the Microsoft 365 admin center, expand **Users** and then choose <a href="https://go.microsoft.com/fwlink/p/?linkid=2074830" target="_blank">**Guest users**</a>.

+1. On the **Guest users** page, choose the user you want to remove and then choose **Delete a user**.

+To remove users in the Azure AD portal, see [remove a guest user and resources](/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal#clean-up-resources).

+The task before you is this: let Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following missions:

+| Mission | Description |

+|||

+| **Fortify your environment** | These are tasks your admin completes. |

+| [**1. Sign in and set up your environment**](m365bp-setup-overview.md). | Complete the basic setup process for Microsoft 365 for your business or campaign. |

+| [**2. Bump up security protection**](m365bp-security-overview.md). | Set up critical front-line security measures to prevent cyberattacks. |

+| **Train your team** | These are tasks everyone does. |

+| [**3. Set up unmanaged (BYOD) devices**](m365bp-protect-pcs-macs.md). | Set up all the unmanaged ("bring your own device," also referred to as BYOD) devices so they are safely part of the ecosystem. |

+| [**4. Use email securely**](m365bp-protect-email-overview.md). | Know what to watch for, and take the necessary steps to protect yourself from attacks through email systems. |

+| [**5. Collaborate and share securely**](m365bp-collaborate-share-securely.md). | Learn how to share files with others and collaborate more securely with Microsoft Teams, SharePoint, and OneDrive. |

+| **Safeguard managed devices** | These are tasks your admin or security team does. |

+| [**6. Set up and secure managed devices**](m365bp-protect-devices.md). | Enroll and secure company devices so they monitored and protected from threats. |

+Completing all six missions is the most effective way to thwart hackers, protect against ransomware, and help ensure your organizationΓÇÖs future is safeguarded with the best cybersecurity defenses. Let's get started!

+> [!TIP]

+> If you're new to cybersecurity, or if a term is unclear, see the [glossary of terms](m365bp-glossary.yml).

+The guidance in these missions is based upon the zero trust methodology and helps your business achieve the goals described in the Harvard Kennedy School [Cybersecurity Campaign Playbook](https://go.microsoft.com/fwlink/p/?linkid=2015598). A summary is available for you to download ([Get the PDF here](https://download.microsoft.com/download/9/c/1/9c167271-8209-492e-acc2-38a39d1834c2/m365bp-cybersecurity-playbook.pdf)).

+[:::image type="content" source="media/m365bp-cyber-security-playbook.png" alt-text="Cybersecurity playbook. Download this guide.":::](https://download.microsoft.com/download/9/c/1/9c167271-8209-492e-acc2-38a39d1834c2/m365bp-cybersecurity-playbook.pdf)

+Proceed to [Fortify your environment](m365bp-setup-overview.md).

+After you have [subscribed to Microsoft 365 for Campaigns](get-microsoft-365-campaigns.md), your next step is to get everything set up.

+| Operating systems (client) | **Windows**: Windows 11, Windows 10, Windows 8.1<br/>**macOS**: One of the three most recent versions of macOS

+| Operating systems (servers) | Windows Server or Linux Server <br/>- Requires Microsoft Defender for Business servers (currently in preview)<br/>- See [How to get Microsoft Defender for Business servers (preview)](../security/defender-business/get-defender-business-servers.md). |

+Proceed to [bump up security](m365bp-security-overview.md).

+Now that you're protected by the Microsoft 365 Business Premium Office apps, your next mission is to set up secure file sharing and communication. The best way to do collaborate and share securely is to use Microsoft Teams. With Microsoft Teams, all your files and communications are in a protected environment and aren't being stored in unsafe ways outside of it. Your organization depends on protecting your data and information, which means that you want to protect your files by all means possible.

+Your objectives are to:

+Once you've achieved these objectives, proceed to [Set up and secure managed devices](m365bp-protect-devices.md).

+[Protect your administrator accounts in Microsoft 365 Business Premium](m365bp-protect-admin-accounts.md)

+Every device is a possible attack avenue into your network and must be monitored and managed properly, even those devices that are personally owned but used for work. In this critical mission, train everyone to protect their bring-your-own devices (BYODs). Unmanaged devices can pose a risk to your organization. It's important to help everyone get their devices protected as soon as possible.

+Your objectives are to:

+Once you've achieved these objectives, proceed to [Use email securely](m365bp-protect-email-overview.md).

+- [Next objective](#next-objective) (securing unmanaged devices)

+## Next objective

+Okay, now let's [**set up those unmanaged (BYOD) devices**](m365bp-devices-overview.md).

+When MFA is enforced, the authenticator app serves as a second form of authentication. We also recommend that everyone install and use the Outlook app to access their Microsoft 365 email on their devices. See [Download Microsoft Outlook for iOS and Android](https://www.microsoft.com/microsoft-365/outlook-mobile-for-android-and-ios).

+Proceed to [install Office applications](m365bp-install-office-apps.md).

+[Increase threat protection for Microsoft 365 Business Premium](m365bp-increase-protection.md)

+Welcome to your final critical mission. Here, you'll onboard and implement protection for all the managed devices in your organization. [Onboard your devices to Defender for Business](../security/defender-business/mdb-onboard-devices.md) to help ensure those devices are protected from ransomware, malware, phishing, and other threats. You can also make sure Windows devices are protected and ready for Office deployment. When you're done, you can rest assured, knowing you've done what you can to protect your organization when these objectives have been achieved!

+Your objectives are to:

+- [Set up a security operations process](m365bp-security-incident-quick-start.md).

+- [Learn about security incident management](m365bp-security-incident-management.md).

+- [Learn how to maintain your environment](m365bp-maintain-environment.md).

+ Title: "Use email securely"

+description: "Know what to watch for in email. Train your team to guard against malware, phishing, and other malicious cyberattacks, using the cybersecurity tools included with Microsoft 365 Business Premium."

+Your objectives are to:

+Once you've achieved these objectives, proceed to [Collaborate and share securely](m365bp-collaborate-share-securely.md).

+In this mission, you boost your security defenses. You begin by enforcing multifactor authentication (MFA) requirements by using either security defaults or Conditional Access. You'll set up the different admin roles and specific levels of security for them. Admin account access is a high-value target for the enemy hackers, and protecting those accounts is critical because the access and control they provide can impact the entire system. And, you'll protect your email content and devices.

+Stay vigilant - the safety and reliability of the system relies upon you.

+Your objectives are to:

+- [Turn on security defaults](m365bp-conditional-access.md) (MFA).

+Once you've achieved these objectives, proceed to [Set up unmanaged (BYOD) devices](m365bp-devices-overview.md).

+description: "Start the setup process of Microsoft 365 Business Premium or Microsoft 365 for Campaigns."

+# Fortify your environment with Microsoft 365 Business Premium

+Now that you have Microsoft 365 Business Premium, your first critical mission is to complete your initial setup process right away. Let's get you going!

+Once you've achieved this objective, proceed to [bump up security protection](m365bp-security-overview.md).

+| Operating systems (client) | **Windows**: Windows 11, Windows 10, Windows 8.1<br/>**macOS**: One of the three most recent versions of macOS

+| Operating systems (servers) | Windows Server or Linux Server <br/>- Requires Microsoft Defender for Business servers (currently in preview)<br/>- See [How to get Microsoft Defender for Business servers (preview)](../security/defender-business/get-defender-business-servers.md). |

+Microsoft 365 Business Premium includes a guided process. The following video shows the guided setup process for Microsoft 365 Business Standard, which also applies to Microsoft 365 Business Premium. <br/><br/>

+As soon as you've completed the guided setup process, make sure to proceed to [bump up security](m365bp-security-overview.md).

+## Next objective

+Proceed to [Bump up security](m365bp-security-overview.md).

+|**Administrative action submitted by an Administrator**|Admins can take manual email actions on email entities using various surfaces. For example, Threat Explorer, advanced hunting or through custom detection. When the remediation starts, it generates an alert. This alert shows up in the alerts queue with the name **Administrative action submitted by an Administrator** to indicate that an admin took the action of remediating an entity. The alert contains details like the action type, supporting investigation link, time, etc. It's helpful to know whenever a sensitive action like remediation is performed on entities. This policy has an **Informational** severity setting.|Threat management|Yes|E5/ Microsoft Defender for Office 365 P2 add-on subscription|

+Even though both versions can coexist, we highly recommend that you edit your old mail flow rules that use the rule action **Apply the previous version of OME** to use Microsoft Purview Message Encryption. Update these rules to use the mail flow rule action **Apply Office 365 Message Encryption and rights protection**, select "Encrypt" in the RMS template list. For instructions, see [Define mail flow rules to encrypt email messages](define-mail-flow-rules-to-encrypt-email.md).

+|[PDF support](#pdf-support) | Preview: Rolling out to [Beta Channel](https://office.com/insider)| Under review | Under review | Under review | Under review |

+Outlook doesn't currently support PDF attachments inheriting encryption from a labeled message. However, Outlook now does support warning or blocking users from printing to PDF, as described next.

+ If users select this option, they are warned that the document or email will lose the protection of the label, and encryption (if applied), and must confirm to continue. If your sensitivity label policy requires justification to remove a label or lower its classification, they see this prompt.

+- `Users`: Specifies the users or groups who get this filter applied to the search actions they perform. For compliance boundaries, this parameter specifies the role groups (that you created in Step 2) in the agency that you're creating the filter for. Note this is a multi-value parameter so you can include one or more role groups, separated by commas.

+description: Use Microsoft Teams classes with Blackboard Learn Ultra.

+ Title: Use Microsoft Teams meetings with Blackboard Learn

+audience: admin

+- M365-modern-desktop

+- m365initiative-edu

+ms.localizationpriority: medium

+description: Learn how to set up Microsoft Teams meetings with Blackboard Learn.

+# Use Microsoft Teams meetings with Blackboard Learn

+This guide provides the IT admin steps for registering the Teams Meetings LTI app on Blackboard Learn.

+## Add the Blackboard Learn Teams Meetings LTI 1.3 Tool

+1. From the Blackboard Administrator Panel, select **LTI Tool Providers**.

+2. Select **Register LTI 1.3 Tool**.

+3. In the *Client ID* field, type or copy and paste this ID: `027328b7-c2e3-4c9e-aaa1-07802dae6c89`.

+4. Review the pre-populated settings and **Tool Status**, then select **Enabled**.

+5. In *Institution Policies*, select **Role in Course**, **Name**, and **Email Address**.

+6. Select **Yes** for both **Allow grade service access** and **Allow Membership Service Access**.

+Educators and students can now access the tool in their Blackboard courses in both *Blackboard Learn Ultra* and *Blackboard Learn Original Experience*.

+- M365-security-compliance

+Microsoft Endpoint Manager ([1](#fn1))|Use the [Endpoint Protection point site system role](/mem/configmgr/protect/deploy-use/endpoint-protection-site-role) and [enable Endpoint Protection with custom client settings](/mem/configmgr/protect/deploy-use/endpoint-protection-configure-client).|With [default and customized antimalware policies](/microsoft-365/security/office-365-security/configure-anti-malware-policies) and client management.|With the default [Configuration Manager Monitoring workspace](/mem/configmgr/apps/deploy-use/monitor-applications-from-the-console) and email alerts.

+Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Microsoft Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [configure update options for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/manage-protection-update-schedule-microsoft-defender-antivirus) and [configure Windows Defender features](/microsoft-365/security/defender-endpoint/configure-microsoft-defender-antivirus-features).|Endpoint reporting is not available with Group Policy. You can generate a list of Group Policies to determine if any settings or policies are not applied.

+PowerShell|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference] and [Update-MpSignature] cmdlets available in the Defender module.|Use the appropriate [Get- cmdlets available in the Defender module](/powershell/module/defender).

+Windows Management Instrumentation|Deploy with Group Policy, Microsoft Endpoint Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class](/previous-versions/windows/desktop/defender/set-msft-mppreference) and the [Update method of the MSFT_MpSignature class](/previous-versions/windows/desktop/defender/update-msft-mpsignature).|Use the [MSFT_MpComputerStatus](/previous-versions/windows/desktop/defender/msft-mpcomputerstatus) class and the get method of associated classes in the [Windows Defender WMIv2 Provider](/windows/win32/wmisdk/wmi-providers).

+Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Microsoft Defender for Cloud](/azure/defender-for-cloud/endpoint-protection-recommendations-technical).|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe).|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the Possibly infected devices report, and configure an SIEM tool to report on [Microsoft Defender Antivirus events][/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus] and add that tool as an app in AAD.

+1. Select the link in the email to go to the corresponding alert context in the dashboard tagged with **Defender Experts**.

+### Filter to view just the Endpoint Attack Notifications

+You can filter your incidents and alerts if you want to only see the Defender Experts Notifications amongst the many alerts. To do so:

+1. On the navigation menu, go to **Incidents & alerts** > **Incidents** > select the  icon.

+2. Scroll down to the **Tags** field > select the **Defender Experts** check box.

+3. Select **Apply**.

+> - You need to have the **Manage security settings in security center** permission in the Microsoft 365 Defender portal to submit an inquiry through the **Ask Defender Experts** form.

+2. From the top menu, select **? Ask Defender Experts**. A flyout screen will open. The header will indicate if you are on a trial subscription, or a full Microsoft Threat Experts - Experts on Demand subscription. The **Investigation topic** field will already be populated with the link to the relevant page for your request.

+- We received Endpoint Attack Notifications from Microsoft Threat Experts. We don't have our own incident response team. What can we do now, and how can we contain the incident?

+## To proactively hunt threats across endpoints, Office 365, cloud applications, and identity, refer to:

+- [Microsoft Defender Experts for Hunting overview](defender-experts-for-hunting.md)

+keywords: managed threat hunting service, managed threat hunting, managed detection and response (MDR) service, MTE, Microsoft Threat Experts, endpoint attack notification, Endpoint Attack Notification

+The Endpoint Attack Notification capability provides proactive hunting for the most important threats to your network. Our Defender Experts hunt for human adversary intrusions, hands-on-keyboard attacks, and advanced attacks, such as cyberespionage. These notifications will show up as a new alert. The managed hunting service includes:

+Select **Ask Defender Experts** directly inside the Microsoft 365 security portal. Experts can provide insight to better understand the complex threats your organization might face. Ask Defender Experts to:

+The option to **Ask Defender Experts** is available in several places throughout the portal:

+Whiteboard currently stores content securely in Azure. Data might be stored in different locations, depending on the country and when Whiteboard switched to storing new content in those locations. To check where new data is created, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations).

+If you want to retain a deleted userΓÇÖs whiteboards, *before* you delete the account, you can transfer ownership. You can transfer a single whiteboard or all of them to another user.

+Ensure that any deletion process or script handles this change. If you're fine with the whiteboards being deleted, then no action is required.

+### Controls for OneDrive for Business storage

+[Deploy Whiteboard on Windows](deploy-on-windows-organizations.md)

+> [!NOTE]

+> This guidance applies to US Government Community Cloud (GCC) High environments. The sharing experience differs based on the device and client being used.

+When you share a whiteboard in a Teams meeting, Whiteboard creates a sharing link. This link is accessible by anyone within the organization. The whiteboard is also shared with any in-tenant users in the meeting. Whiteboards are shared using company-shareable links, regardless of the default setting. Support for the default sharing link type is planned.

+There's more capability for temporary collaboration by most external and shared device accounts during a meeting. Users can temporarily view and collaborate on whiteboards when they're shared in a Teams meeting, similar to PowerPoint Live sharing.

+In this case, Whiteboard provides temporary viewing and collaboration on the whiteboard during the Teams meeting only. A share link isn't created and Whiteboard doesn't grant access to the file.

+If you have external sharing enabled for OneDrive for Business, no further action is required.

+If you restrict external sharing for OneDrive for Business, you can keep it restricted, and just enable a new setting in order for external and shared device accounts to work. To do so, follow these steps:

+1. Ensure that Whiteboard is enabled for your organization. For more information, see [Manage access to Whiteboard](manage-whiteboard-access-gcc-high.md).

+2. Using PowerShell, connect to your tenant and ensure the SharePoint Online module is updated by running the following command:

+ ```powershell

+ Update-Module -Name Microsoft.Online.SharePoint.PowerShell

+ ```

+3. Then run the following **Set-SPOTenant** command:

+ ```powershell

+ Set-SPOTenant -AllowAnonymousMeetingParticipantsToAccessWhiteboards On

+ ```

+This setting applies only to whiteboards and replaces the previously shared settings: **OneDriveLoopSharingCapability** and **CoreLoopSharingCapability**. Those settings are no longer applicable and can be disregarded.

+> [!NOTE]

+> This applies only to guests and federated users. It does not apply to anonymous meeting users at this time.

+These changes should take approximately 60 minutes to apply across your tenancy.

+|Scenario|Storage and ownership|Sharing settings|Sharing experience|

+|||||

+|Start the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Enabled|In-tenant users: Can create, view, and collaborate<br><br>External users: Can view and collaborate during the meeting only (the button to share a whiteboard won't appear for external users)<br><br>Shared device accounts: Can view and collaborate during the meeting only|

+|Start the whiteboard from a Surface Hub or Microsoft Teams Rooms|Not yet available|||

+When you add a whiteboard as a tab in a Teams channel or chat, Whiteboard will create a sharing link that's accessible by anyone in the organization.

+|Scenario|Storage and ownership|Sharing settings|Sharing experience|

+|||||

+|Add the whiteboard to a channel or chat from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Not applicable|In-tenant users: Can initiate, view, and collaborate<br><br>External users: Not supported|

+When you share a whiteboard from the web, desktop, or mobile clients, you can choose specific people. You can also create a sharing link that's accessible by anyone in the organization.

+|Scenario|Storage and ownership|Sharing settings|Sharing experience|

+|||||

+|Create the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Not applicable|In-tenant users: Can share within their organization<br><br>External users: Sharing with external users isn't supported at this time|

+|Create the whiteboard from a Surface Hub|Storage: Local<br><br>Owner: None|Not applicable|In-tenant users (coming soon): User will be able to sign in to save and share the board<br><br>External users: Sharing with external users isn't supported at this time|

+|Create the whiteboard from Microsoft Teams Rooms|Not yet available|||

+The sharing experience differs based on whether you're in a Teams meeting, if you're using a shared device, or what tenant-level sharing settings are enabled. The following scenarios apply only to new whiteboards created after Whiteboard switches to using OneDrive for Business storage. There's no change to previously created boards still stored in Azure.

+When you share a whiteboard in a Teams meeting, Whiteboard creates a sharing link. This link is accessible by anyone within the organization. The whiteboard is also shared with any in-tenant users in the meeting. Whiteboards are shared using company-shareable links, regardless of the default setting. Support for the default sharing link type is planned.

+There's more capability for temporary collaboration by external and shared device accounts during a Teams meeting. Users can temporarily view and collaborate on whiteboards that are shared in a meeting, in a similar way to PowerPoint Live sharing.

+In this case, Whiteboard provides temporary viewing and collaboration on the whiteboard during the Teams meeting only. A share link isn't created and Whiteboard doesn't grant access to the file.

+If you restrict external sharing for OneDrive for Business, you can keep it restricted, and just enable a new setting in order for external and shared device accounts to work. To do so, follow these steps:

+1. Ensure that Whiteboard is enabled for your organization. For more information, see [Manage access to Whiteboard](manage-whiteboard-access-organizations.md).

+2. Using PowerShell, connect to your tenant and ensure the SharePoint Online module is updated by running the following command:

+ ```powershell

+ Update-Module -Name Microsoft.Online.SharePoint.PowerShell

+ ```

+3. Then run the following **Set-SPOTenant** command:

+ ```powershell

+ Set-SPOTenant -AllowAnonymousMeetingParticipantsToAccessWhiteboards On

+ ```

+4. Ensure that the Teams meeting setting **Anonymous users can interact with apps in meetings** is enabled. If you've disabled it, any anonymous users (as opposed to guests or federated users) won't have access to the whiteboard during the meeting.

+This setting applies only to whiteboards and replaces the previously shared settings: **OneDriveLoopSharingCapability** and **CoreLoopSharingCapability**. Those settings are no longer applicable and can be disregarded.

+> [!NOTE]

+> By default, the Teams meeting setting **Anonymous users can interact with apps in meetings** is enabled. If you have disabled it, any anonymous users (as opposed to guests or federated users) won't have access to the whiteboard during the meeting.

+These changes should take approximately 60 minutes to apply across your tenancy.

+|Scenario|Storage and ownership|Sharing settings|Sharing experience|

+|||||

+|Start the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Enabled|In-tenant users: Can create, view, and collaborate<br><br>External users: Can view and collaborate during the meeting only (the button to share a whiteboard won't appear for external users)<br><br>Shared device accounts: Can view and collaborate during the meeting only|

+|Start the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Disabled|In-tenant users: Can initiate, view, and collaborate<br><br>External users: Can't view or collaborate<br><br>Shared device accounts: Can't view or collaborate|

+|Start the whiteboard from a Surface Hub or Microsoft Teams Rooms|Storage: Azure (Whiteboard files will be moved to OneDrive for Business in the future)<br><br>Owner: Meeting participant|Not applicable|In-tenant users: Can initiate, view, and collaborate<br><br>External users: Can view and collaborate during the meeting only<br><br> Shared device accounts: Can view and collaborate during the meeting only|

+When you add a whiteboard as a tab in a Teams channel or chat, Whiteboard will create a sharing link that's accessible by anyone in the organization.

+|Scenario|Storage and ownership|Sharing settings|Sharing experience|

+|||||

+|Add the whiteboard to a channel or chat from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Not applicable (only applies to meetings)|In-tenant users: Can initiate, view, and collaborate<br><br>External users: Not supported<br><br>Teams guests: Can view and collaborate<br><br>Shared device accounts: Not applicable|

+When you share whiteboards from the web, desktop, or mobile clients, you can choose specific people. You can also create a sharing link that's accessible by anyone in the organization.

+> [!NOTE]

+> External sharing during a Teams meeting isn't yet available but will be added in a future release.

+|Scenario|Storage and ownership|Sharing settings|Sharing experience|

+|||||

+|Create the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Not applicable (only applies to meetings)|In-tenant users: Can share within their organization<br><br>External users: Sharing with external users isn't supported at this time|

+|Create the whiteboard from a Surface Hub|Storage: Local<br><br>Owner: None (Unless user sign ins to save and share the board, which saves to OneDrive for Business. Easy share will be added back in the future.|Not applicable (only applies to meetings)|In-tenant users: User must sign in to save and share the board (Easy share will be added in the future)<br><br>External users: Sharing with external users isn't supported at this time outside of a Teams meeting|

+|Create the whiteboard from Microsoft Teams Rooms|Not yet supported|Not applicable (only applies to meetings)|Not yet supported|

+[Deploy Whiteboard on Windows](deploy-on-windows-organizations.md)