Updates from: 09/01/2022 02:28:25
Category Microsoft Docs article Related commit history on GitHub Change details
business-premium M365bp Trial Playbook Microsoft Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium.md
Title: "Microsoft Defender for Business Premium trial playbook"
+ Title: "Microsoft 365 Business Premium trial playbook"
f1.keywords: - NOCSH
search.appverid:
description: "Make the most of your Microsoft 365 Business Premium trial. Try out some of the key productivity and security capabilities."
-# Trial playbook: Microsoft Business Premium
+# Trial playbook: Microsoft 365 Business Premium
Welcome to the Microsoft Business Premium trial playbook. This playbook will help you make the most of your 30-day free trial by experiencing how Microsoft 365 Business Premium increases productivity and helps safeguard your organization with advanced security capabilities. Using Microsoft recommendations, learn how you can set up your threat protection features, analyze detected threats, and respond to cyberattacks.
Microsoft 365 Business Premium includes Defender for Business, a new security so
## See also - [Microsoft 365 Business Premium - cybersecurity for small business](index.md)-- [What is Microsoft Defender for Business?](../security/defender-business/mdb-overview.md)
+- [What is Microsoft Defender for Business?](../security/defender-business/mdb-overview.md)
compliance Endpoint Dlp Using https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-using.md
Here are some examples:
1. Select **Add a new group of sensitive service domains**. 1. Name the group. 1. Select the **Match type** you want. You can select from **URL**, **IP address**, **IP address range**.
-1. Type in the appropriate value in the **Add new service domains to this group**. You can add multiple websites to a group and use wildcards to cover subdomains. For example, www.contoso.com for just the top level website or *.contoso.com for corp.contoso.com, hr.contoso.com, fin.contoso.com
+1. Type in the appropriate value in the **Add new service domains to this group**. You can add multiple websites to a group and use wildcards to cover subdomains. For example, `www.contoso.com` for just the top level website or \*.contoso.com for corp.contoso.com, hr.contoso.com, fin.contoso.com
1. Select **Save**. 1. Select **Policies**. 1. Create and scope a policy that is applied only to **Devices**. See, [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md) for more information on how to create a policy.
compliance Search And Delete Teams Chat Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-and-delete-Teams-chat-messages.md
description: "Use eDiscovery (Premium) and the Microsoft Graph Explorer to searc
You can use eDiscovery (Premium) and the Microsoft Graph Explorer to search for and delete chat messages in Microsoft Teams. This can help you find and remove sensitive information or inappropriate content. This search and purge workflow will also help you respond to a data spillage incident, when content containing confidential or malicious information is released through Teams chat messages.
-> [!NOTE]
-> This article applies to Microsoft 365 Enterprise organizations. Support for the US Government cloud (including GCC, GCC High, and DoD) is coming soon.
- ## Before you search and purge chat messages - To create an eDiscovery (Premium) case and use collections to search for chat messages, you have to be a member of the **eDiscovery Manager** role group in the Microsoft Purview compliance portal. To delete chat messages, you have to be assigned the **Search And Purge** role. This role is assigned to the Data Investigator and Organization Management role groups by default. For more information, see [Assign eDiscovery permissions](assign-ediscovery-permissions.md).
For information about using Graph Explorer, see [Use Graph Explorer to try Micro
3. Copy the corresponding Id (or copy and paste it to a text file). You'll use this Id in the next task to purge the chat messages.
+> [!TIP]
+> Instead of using the previous procedure to obtain the collection Id, you can open the case in the Microsoft Purview compliance portal. Open the case and navigate to the Jobs tab. Select the relevant collection and under Support information, find the job ID (the job ID displayed here is the same as the collection ID).
+ ### Purge the chat messages 1. In Graph Explorer, run the following POST request to purge the items returned by the collection that you created in Step 2. Use the value `https://graph.microsoft.com/beta/compliance/ediscovery/cases('caseId')/sourceCollections('collectionId')/purgeData` in the address bar of the request query, where caseId and collectionId are the Ids that you obtained in the previous procedures. Be sure to surround the Id values with parentheses and single quotation marks.
For information about using Graph Explorer, see [Use Graph Explorer to try Micro
For more information on purgeData, see [sourceCollection: purgeData](/graph/api/ediscovery-sourcecollection-purgedata).
+> [!NOTE]
+> Because Microsoft Graph Explorer is not available in the US Government cloud (GCC, GCC High, and DOD), you must use PowerShell to accomplish these tasks.
+
+You can also purge chat messages using PowerShell. For example, to purge messages in the US Government cloud you could use a command similar to:
+
+``
+Connect-MgGraph -Scopes "ediscovery.ReadWrite.All" -Environment USGov
+``
+
+``Invoke-MgGraphRequest -Method POST -Uri '/beta/security/cases/ediscoveryCases/<case ID>/searches/<collection ID>/purgeData'
+``
+
+For more information on using PowerShell to purge chat messages, see [ediscoverySearch: purgeData](/graph/api/security-ediscoverysearch-purgedata).
+ ## Step 6: Verify chat messages are purged After you run the POST request to purge chat messages, these messages are removed from the Teams client and replaced with an automatically generated stating that an admin has removed the message. For an example of this message, see the [End-user experience](#end-user-experience) section in this article. Purged chat messages are moved to the SubstrateHolds folder, which is a hidden mailbox folder. Purged chat messages are stored there for at least 1 day, and then are permanently deleted the next time the timer job runs (typically between 1-7 days). For more information, see [Learn about retention for Microsoft Teams](retention-policies-teams.md).
+> [!NOTE]
+> Because Microsoft Graph Explorer is not available in the US Government cloud (GCC, GCC High, and DOD), you must use PowerShell to accomplish these tasks.
+ ## Step 7: Reapply holds and retention policies to data sources After you verify that chat messages are purged and removed from the Teams client, you can reapply the holds and retention policies that you removed in Step 4.
compliance Sensitivity Labels Aip https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-aip.md
Some features are only supported by built-in labeling for Office apps, and won't
- Access to intelligent classification services that include [trainable classifiers](classifier-learn-about.md), [exact data match (EDM)](sit-learn-about-exact-data-match-based-sits.md), and [named entities](named-entities-learn.md) - Detection of sensitive information as users type - In Word, users can review and remove the identified sensitive content-- [PDF support](sensitivity-labels-office-apps.md#pdf-support) (in preview)
+- [PDF support](sensitivity-labels-office-apps.md#pdf-support)
- For labels that let users assign permissions, different permissions (Read or Change) can be granted to users or groups - Encrypt-Only for emails - Visibility of labels on the status bar
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application versions required for each
|[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /> - Using sensitive info types | Current Channel: 2009+ <br /><br> Monthly Enterprise Channel: 2009+ <br /><br> Semi-Annual Enterprise Channel: 2102+ | 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /> - Using trainable classifiers | Current Channel: 2105+ <br /><br> Monthly Enterprise Channel: 2105+ <br /><br> Semi-Annual Enterprise Channel: 2108+ | 16.49+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Support co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for labeled and encrypted documents | Current Channel: 2107+ <br /><br> Monthly Enterprise Channel: 2107+ <br /><br> Semi-Annual Enterprise Channel: 2202+ | 16.51+ | 2.58+ | 16.0.14931+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
-|[PDF support](#pdf-support)| Preview: [Current Channel (Preview)](https://office.com/insider) | Under review | Under review | Under review | Under review |
+|[PDF support](#pdf-support)| Current Channel: 2208+ <br /><br> Monthly Enterprise Channel: 2208+ <br /><br> Semi-Annual Enterprise Channel: Under review| Under review | Under review | Under review | Under review |
### Sensitivity label capabilities in Outlook
contentunderstanding Prebuilt Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/prebuilt-overview.md
Note the following differences about Microsoft Office text-based files and OCR-s
## See also
-[Use a prebuilt model to extract info from invoices or receipts](prebuilt-overview.md)
+[Use a prebuilt model to extract information from invoices or receipts](prebuilt-models.md)
enterprise Cross Tenant Identity Mapping https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-identity-mapping.md
+
+ Title: Cross-Tenant Identity Mapping (preview)
+description: How to map identities across Microsoft 365 organizations when preparing for cross-tenant migrations.
++++ Last updated : 07/18/2022++++
+# Cross-Tenant Identity Mapping (preview)
+
+Cross-Tenant Identity Mapping is a feature that can be used during migrations from one Microsoft 365 organization to another (commonly referred to as a cross-tenant migration). It provides a secure method of establishing one-to-one object relationships across organization boundaries and automatically prepares the target objects for a successful migration.
+
+>[!NOTE]
+>Cross-Tenant Identity Mapping is in a private preview stage of development. As an unfinished project any information or availability is subject to change at any time. Support for private-preview customers will be handled via email. Cross-Tenant Identity Mapping is covered by the **preview terms** of the [Microsoft Universal License Terms for Online Services](https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all).
+
+## Benefits of using Cross-Tenant Identity Mapping
+
+Cross-Tenant Identity Mapping removes the need to export large data sets from a source organization for the sole purpose of configuring Mail Enabled User objects in the target organization.
+
+With Cross-Tenant Identity Mapping, data remains within the Microsoft security boundary and is securely copied directly from the source organization to the target organization using specially configured **Organization Relationships** serving as a unidirectional trust.
+
+Using Cross-Tenant Identity Mapping will reduce the potential for mistakes when configuring what could potentially be thousands of target objects for a migration by automatically configuring values such as _ExchangeGuid_, _ArchiveGuid_, and all necessary _X500 proxy addresses_.
+
+Some additional benefits of using Cross-Tenant Identity Mapping:
+
+- Reduces the number of manual processes where a mistake may result in failed migrations
+- Automates identification of objects within scope to migrate from the source organization to the target organization
+- Establishes a 1:1 map of a Mailbox User object in the source organization to a pre-existing Mail Enabled User object in the target organization
+- Automates population of required attributes from the source organization Mailbox User to the target organization Mail Enabled User
+- Provides a list of objects prepared and ready for [cross-tenant mailbox migration](cross-tenant-mailbox-migration.md) based on the source organization users' primarySMTPAddress value
+
+## FAQ about Cross-Tenant Identity Mapping
+
+We would like to provide information commonly asked so you may evaluate if you would like to participate in the private preview.
+
+- The feature is only intended to be used with [Cross-tenant mailbox migration (preview)](cross-tenant-mailbox-migration.md), and not with any third-party non-Microsoft migration solutions.
+- Data processing (storage, compute, transfer, etc.) is currently within the United States of America, and within the Exchange Online home region of the organizations participating in the migration.
+ - For Multi-Geo enabled organizations, the organization's home geo for Exchange Online will be used.
+- This feature can currently only be enabled in the worldwide Microsoft 365 offering. It doesn't work in GCC, GCC High, DoD, Office 365 by 21 Vianet, etc.
+- Some familiarity with PowerShell is currently required as the feature is PowerShell-based
+- The feature communicates over an encrypted connection to a REST endpoint.
+- The feature currently requires the Global Administrator role for initial setup. This behavior may change in a future update.
+- Organizational Relationships are used as a dual handshake approach to ensure both organizations have authorized this transaction type to take place.
+- It works with cloud-only or hybrid organizations.
+- Target organizations in a hybrid configuration will require an on-premises Exchange server to modify any Mail Enabled User objects synchronized from the on-premises directory. We haven't tested support for the new Exchange Management Tool feature released in Exchange Server 2019 CU12.
+
+## What does participating in the private preview entail?
+
+We're looking for customers willing to both try Cross-Tenant Identity Mapping and to provide feedback based on their experience. Did it make the migration easier for you compared to earlier migrations you've performed? Are there features you feel are missing? All constructive feedback is welcomed.
+
+## How to participate
+
+If you would like to participate or you have more questions, please email [CTIMPreview@service.microsoft.com](mailto:CTIMPreview@service.microsoft.com) and provide some basic information about the migration you would like to use Cross-Tenant Identity Mapping with.
+
+## Next steps
+
+We recommend reviewing the current Cross-Tenant Mailbox Migration steps related to preparing target user objects for migration as this preparation is what Cross-Tenant Identity Mapping will automate.
+
+- [Review Cross-Tenant Mailbox Migration (preview)](cross-tenant-mailbox-migration.md#prepare-target-user-objects-for-migration)
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
Users migrating must be present in the target tenant and Exchange Online system
Ensure the following objects and attributes are set in the target organization.
+>[!TIP]
+>Microsoft is developing a feature to provide a secure automated method to set many of the attributes in the following section. This feature, named Cross-Tenant Identity Mapping, is currently looking for customers willing to participate in a small private preview. For more information about this pre-release feature and how it can simplify your cross-tenant migration processes, see the article **[Cross-Tenant Identity Mapping](cross-tenant-identity-mapping.md)**.
+ 1. For any mailbox moving from a source organization, you must provision a MailUser object in the Target organization: - The Target MailUser must have these attributes from the source mailbox or assigned with the new User object:
enterprise Modern Desktop Deployment And Management Lab https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/modern-desktop-deployment-and-management-lab.md
There are two versions of the lab available for free download:
|Windows 10 Lab|Windows 11 Lab| |||
-|[Win 10 lab environment](https://download.microsoft.com/download/8/5/e/85e007b0-1f3e-460c-bd0a-5a8c6ec490b5/Win10_21H2_lab.zip)|[Win 11 lab environment](https://download.microsoft.com/download/5/0/b/50bbe36a-9291-4339-9dcc-2a444fcd1659/Microsoft365DeviceLabKit.zip)|
-|[Win 10 lab guides](https://download.microsoft.com/download/b/d/4/bd4f430b-8cd1-4a07-97b1-c32100fce7ae/Win_10_21H2_lab_guides.zip)|[Win 11 lab guides](https://download.microsoft.com/download/5/0/b/50bbe36a-9291-4339-9dcc-2a444fcd1659/Win11_SetUp_Guide_08.05.zip)|
+|[Windows 10 lab environment](https://download.microsoft.com/download/8/5/e/85e007b0-1f3e-460c-bd0a-5a8c6ec490b5/Win10_21H2_lab.zip)|[Windows 11 lab environment](https://download.microsoft.com/download/5/0/b/50bbe36a-9291-4339-9dcc-2a444fcd1659/Microsoft365DeviceLabKit.zip)|
+|[Windows 10 lab guides](https://download.microsoft.com/download/b/d/4/bd4f430b-8cd1-4a07-97b1-c32100fce7ae/Win_10_21H2_lab_guides.zip)|[Windows 11 lab guides](https://download.microsoft.com/download/5/0/b/50bbe36a-9291-4339-9dcc-2a444fcd1659/Win11_SetUp_Guide_08.05.zip)|
## A complete lab environment
frontline Deploy Teams At Scale https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/deploy-teams-at-scale.md
Title: Deploy teams at scale for frontline workers in Microsoft Teams
+ Title: Deploy Teams at scale for frontline workers
audience: admin search.appverid: MET150
-description: Learn how to deploy teams at scale for the frontline workers in your organization.
+description: Learn how to deploy Teams at scale for the frontline workers in your organization.
ms.localizationpriority: high - M365-collaboration
appliesto:
-# Deploy teams at scale for frontline workers in Microsoft Teams
-
-> [!NOTE]
-> This feature is currently in public preview. If you'd like to participate, reach out to us at [dscale@microsoft.com](mailto:dscale@microsoft.com).
+# Deploy Teams at scale for frontline workers
## Overview
-
-Your organization may have a lot of teams that you use to drive communication and collaboration among your frontline workforce, who are spread across different stores, locations, and roles. Currently, there isn't an easy solution to deploy, set up, and manage these teams and users at scale.
-We're building a solution to enable admins to deploy and manage teams at scale.
+Does your organization use a large number of teams to drive communication and collaboration among your frontline workforce? This article is for you if you need to create and manage teams at scale.
-Here's an overview of the capabilities available today for creating and managing large numbers of teams at a time and what we're planning for the near future.
+You can use PowerShell to deploy up to 500 teams and add up to 25 users per team at a time. You can also add and remove users from existing teams at scale. Use this solution to meet your organization's scale needs and significantly reduce deployment time.
-||Available today |Later in 2022 |
-||||
-|**Number of teams you can create per batch**|Up to 100 |Up to 500|
-|**Number of users you can add per team**|Up to 25|Up to 25|
-
-Deploying teams at scale allows you to:
+Deploying Teams at scale enables you to:
- Create teams using pre-built templates or your own custom templates. - Add users to teams as owners or members. - Manage teams at scale by adding or removing users from existing teams. - Stay notified through email, including completion, status, and errors (if any). You can choose to notify up to five people about the status of each batch of teams you deploy. Team owners and members are automatically notified when they're added to a team.
-## How to deploy teams at scale
+This article walks you through how to deploy Teams at scale.
++
+## Set up and deploy your teams
> [!NOTE] > Before you deploy your teams, make sure that all teams owners have a Teams license.
-Follow these steps to deploy a large number of teams at a time.
+Follow these steps to deploy up to 500 teams at a time.
### Step 1: Prepare your CSV files
Use the following examples to help you create your CSV files. Here, we've named
|Sydney Mattos|sydneym@contoso.com|Contoso Store 9|AddMember|Member| |Violet Martinez|violetm@contoso.com|Contoso Store 10|AddMember|Member|
-### Step 2: Deploy your teams
-
-Now that you've created your CSV files, you're ready to set up your environment and deploy your teams.
+### Step 2: Set up your environment
-You use the ```New-CsBatchTeamsDeployment``` cmdlet to submit a batch of teams to create. An orchestration ID is generated for each batch. You can then use the ```Get-CsBatchTeamsDeployment``` cmdlet to track the progress and status of each batch.
+Follow these steps to install and connect to the latest version of the Teams PowerShell module.
1. Install PowerShell version 7 or later. For step-by-step guidance, see [Installing PowerShell on Windows](/powershell/scripting/install/installing-powershell-on-windows). 1. Run PowerShell in administrator mode.
You use the ```New-CsBatchTeamsDeployment``` cmdlet to submit a batch of teams t
``` If you get an error message, you're already set. Go to the next step.
-1. Download and install the [latest preview version of the Teams PowerShell module](https://www.powershellgallery.com/packages/MicrosoftTeams). You must be running version 4.3.1 (preview) or a later preview version.
+1. Download and install the [latest version of the Teams PowerShell module](https://www.powershellgallery.com/packages/MicrosoftTeams). You must be running version 4.3.1 (preview) or a later version.
1. Run the following to connect to Teams.
You use the ```New-CsBatchTeamsDeployment``` cmdlet to submit a batch of teams t
Verify that ```New-CsBatchTeamsDeployment``` and ```Get-CsBatchTeamsDeploymentStatus``` are listed.
+### Step 3: Deploy your teams
+
+Now that you've created your CSV files and set up your environment, you're ready to deploy your teams.
+
+You use the ```New-CsBatchTeamsDeployment``` cmdlet to submit a batch of teams to create. An orchestration ID is generated for each batch. You can then use the ```Get-CsBatchTeamsDeploymentStatus``` cmdlet to track the progress and status of each batch.
+ 1. Run the following to deploy a batch of teams. In this command, you specify the path to your CSV files and the email addresses of up to five recipients to notify about this deployment. ```powershell New-CsBatchTeamsDeployment -TeamsFilePath "Your CSV file path" -UsersFilePath "Your CSV file path" -UsersToNotify "Email addresses" ```
+ The recipients will receive email notifications about deployment status. The email contains the orchestration ID for the batch you submitted and any errors that may have occurred.
+ For example: ```powershell New-CsBatchTeamsDeployment -TeamsFilePath "C:\dscale\Teams.csv" -UsersFilePath "C:\dscale\Users.csv" -UsersToNotify "adminteams@contoso.com,adelev@contoso.com" ```
- The recipients will receive email notifications about deployment status. The email contains the orchestration ID for the batch you submitted and any errors that may have occurred.
- 1. Run the following to check the status of the batch you submitted. ```powershell Get-CsBatchTeamsDeploymentStatus -OrchestrationId "OrchestrationId" ```
-## Send us feedback
-
-We value your feedback. Usability, reliability, performance&mdash;we welcome it all!
-
-Email [dscale@microsoft.com](mailto:dscale@microsoft.com) and include your orchestration ID and error file, if you have it.
- ## Related articles - [Teams PowerShell Overview](/microsoftteams/teams-powershell-overview)
+- [Learn where to start with a frontline deployment](flw-deploy-overview.md)
frontline Flw Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-overview.md
Safeguard your business with best-in-class security and compliance features. Mic
|Capability |License availability | |--|| |[Frontline worker onboarding wizard](flw-onboarding-wizard.md) |Enterprise, F1, F3 |
-|[Deploy Teams at scale](deploy-teams-at-scale.md) |Enterprise, F1, F3 |
+|[Deploy Teams at scale for frontline workers](deploy-teams-at-scale.md) |Enterprise, F1, F3 |
|[Teams policy packages for frontline workers](/microsoftteams/policy-packages-flw) |Enterprise, F1, F3 | ### Secure endpoints and apps across device types and operating systems
frontline Flw Setup Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-setup-microsoft-365.md
To set up Microsoft 365 for frontline workers, follow this overall process:
1. **[Identify your scenarios](#step-1-identify-your-scenarios)**: Which scenarios do you want to implement for your frontline workers? After you have determined which scenarios you want, use the table below to identify the required apps and services for each scenario that you want to implement. 1. **[Set up your environment and core Microsoft 365](#step-2-set-up-your-environment-and-core-microsoft-365)**: Follow the Setup Guides in the Microsoft 365 admin center to set up Microsoft 365. Keep reading to learn how to access these guides. 1. **[Set up Microsoft Teams](#step-3-set-up-microsoft-teams)**: Use either the onboarding wizard or the Deploy teams at scale process to configure the service and create your teams.
-1. **[Set up any other services needed for your scenario](#step-4-set-up-other-services)**: Follow the instructions in the sections below to setup these services.
+1. **[Set up any other services needed for your scenario](#step-4-set-up-other-services)**: Follow the instructions in the sections below to set up these services.
1. **[Configure apps](#step-5-configure-apps-for-your-scenario)**: After everything is set up and configured in the admin center, you can follow the guidance for your scenarios to further configure the apps you need for each scenario. 1. **[Devices](#step-6-set-up-devices)**: Set up shared and personal devices to work with Microsoft 365 and Microsoft Teams and to allow your frontline workers to communicate more securely within your organization.
The Microsoft 365 admin center has a set of [Setup guides](/microsoft-365/enterp
For a pilot project, you can use the Frontline worker onboarding wizard to set up a single team, configured for your frontline workers. For step-by-step guidance, see [Use the Frontline Worker onboarding wizard to get your frontline workforce up and running](flw-onboarding-wizard.md).
-For full deployments, follow the guidance in [Deploy teams at scale for frontline workers](deploy-teams-at-scale.md).
+For full deployments, follow the guidance in [Deploy Teams at scale for frontline workers](deploy-teams-at-scale.md).
## Step 4: Set up other services
lighthouse M365 Lighthouse Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-whats-new.md
We've added a Microsoft Edge policy deployment task to the default baseline. Thi
For more information, see [Microsoft Edge security for your business](/deployedge/ms-edge-security-for-business).
-### Deployment status reporting
-
-Microsoft 365 Lighthouse now provides a deployment status for each deployment plan to help you optimize and prioritize your deployment efforts accordingly.
-
-### Enhanced deployment insights for licensing
-
-Microsoft 365 Lighthouse now provides insights around which deployment tasks can't be completed for which users due to insufficient licensing. These insights help you adjust the licensing or the deployment plan accordingly to complete your deployment plan.
-
-### Enhanced baseline deployment with direct links to existing configurations
-
-We've enhanced the baseline deployment experience to make it faster and easier to ensure your customer tenants are healthy and secure. We've added links to detected customer tenant configurations, so you can easily find, review, and modify these tenant configurations in the applicable management portal.
- ## July 2022 ### Enhanced baseline deployment
security Mdb Partners https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-partners.md
Title: Microsoft Defender for Business and Microsoft partner resources
-description: Learn about resources available for managed service providers and Microsoft Defender for Business.
+description: Learn about partner resources, such as MSP PSA and RMM integration with Defender for Business, and Microsoft 365 Lighthouse.
search.appverid: MET150
ms.prod: m365-security ms.technology: mdb ms.localizationpriority: medium Previously updated : 08/03/2022 Last updated : 08/31/2022 f1.keywords: NOCSH
Microsoft partners have access to resources, programs, and tools that empower partners to enable customers to succeed. This article provides an overview of resources that are available for Microsoft partners who serve customers using [Defender for Business](mdb-overview.md) or [Microsoft 365 Business Premium](../../business-premium/index.md).
-## Resources for partners to learn about Defender for Business and Microsoft 365 Business Premium
-
-| Resource | Description |
-|:|:|
-| [Microsoft Partner Network](https://partner.microsoft.com) | Visit the Microsoft Partner Network to learn how to become a Microsoft partner and join the Microsoft Partner Network. |
-| [Microsoft 365 Business Premium and Defender for Business partner webinar series](https://aka.ms/M365MDBseries) | This webinar series provides: <ul><li>Practical guidance about how to have conversations with your customers about security and drive upsell to Microsoft 365 Business Premium. </li><li>Demos and deep dive walkthroughs for Microsoft 365 Lighthouse and Defender for Business. </li><li>A panel of experts to help answer your questions.</li></ul> |
-| [Microsoft 365 Business Premium partner playbook and readiness series](https://aka.ms/M365BPPartnerPlaybook) | Practical guidance on building a profitable managed services practice, with: <ul><li>Examples of successful managed service offers from industry experts and peers. </li><li>Technical enablement and checklists from Microsoft experts. </li><li>Sales enablement and customer conversation aids to help you market your solution. </li></ul> |
-| [Defender for Business partner kit](https://aka.ms/MDBPartnerKit) | The Defender for Business partner kit provides you with practical guidance, technical information, and customer-ready resources to market and sell Defender for Business to small and medium-sized businesses. |
- ## Resources for Microsoft managed service providers to build cybersecurity capabilities Most managed service providers (MSPs) offer a sophisticated stack of capabilities. For example, many MSPs offer software and services that include backup & recovery, network management, line of business apps, and cybersecurity capabilities. Small and medium-sized businesses recognize security as a key component to their success, but often don't have the capacity or expertise to have a dedicated security operations team. These customers often need help with managing the security of their endpoints and network, and addressing alerts or detected threats.
-If you're a Microsoft MSP and you want to integrate Microsoft endpoint security capabilities with your remote monitoring and management (RMM) tools and your professional service automation (PSA) software, you can use the [Defender for Endpoint APIs](../defender-endpoint/management-apis.md). Using the Defender for Endpoint APIs, with your RMM tools and PSA software, you can:
+**If you're a Microsoft MSP and you want to integrate Microsoft endpoint security capabilities with your remote monitoring and management (RMM) tools and your professional service automation (PSA) software, you can use the [Defender for Endpoint APIs](../defender-endpoint/management-apis.md)**. Using the Defender for Endpoint APIs, with your RMM tools and PSA software, you can:
- Get access to your customers' Microsoft 365 Defender portal to [address alerts and incidents](mdb-respond-mitigate-threats.md). - Get [email notifications](mdb-email-notifications.md) about new alerts or vulnerabilities across your customers' tenants.
Use the following resources to learn more:
## Resources for Cloud Solution Providers
-Microsoft Cloud Solution Providers (CSPs) can go beyond reselling licenses and be more involved in customers' business. For example, CSPs can use Microsoft 365 Lighthouse to manage small and medium-sized business customers' security settings and capabilities. CSPs can also view and manage detected threats, including running antivirus scans on devices.
+Microsoft Cloud Solution Providers (CSPs) can go beyond reselling licenses and be more involved in customers' business. For example, CSPs can use Microsoft 365 Lighthouse to manage small and medium-sized business customers' security settings and capabilities. CSPs can also view and manage detected threats, and initiate antivirus scans on devices.
| Resource | Description | |:|:| | [Microsoft 365 Lighthouse and Microsoft Defender for Business](mdb-lighthouse-integration.md) | Describes how Defender for Business integrates with Microsoft 365 Lighthouse and includes links to additional information. |
+## Resources for partners to learn about Defender for Business and Microsoft 365 Business Premium
+
+| Resource | Description |
+|:|:|
+| [Microsoft Partner Network](https://partner.microsoft.com) | Visit the Microsoft Partner Network to learn how to become a Microsoft partner and join the Microsoft Partner Network. |
+| [Microsoft 365 Business Premium and Defender for Business partner webinar series](https://aka.ms/M365MDBseries) | This webinar series provides: <ul><li>Practical guidance about how to have conversations with your customers about security and drive upsell to Microsoft 365 Business Premium. </li><li>Demos and deep dive walkthroughs for Microsoft 365 Lighthouse and Defender for Business. </li><li>A panel of experts to help answer your questions.</li></ul> |
+| [Microsoft 365 Business Premium partner playbook and readiness series](https://aka.ms/M365BPPartnerPlaybook) | Practical guidance on building a profitable managed services practice, with: <ul><li>Examples of successful managed service offers from industry experts and peers. </li><li>Technical enablement and checklists from Microsoft experts. </li><li>Sales enablement and customer conversation aids to help you market your solution. </li></ul> |
+| [Defender for Business partner kit](https://aka.ms/MDBPartnerKit) | The Defender for Business partner kit provides you with practical guidance, technical information, and customer-ready resources to market and sell Defender for Business to small and medium-sized businesses. |
security Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/alerts.md
## Methods
-<br>
-
-****
- |Method|Return Type|Description| |||| |[Get alert](get-alert-info-by-id.md)|[Alert](alerts.md)|Get a single [alert](alerts.md) object.|
|[List related IPs](get-alert-related-ip-info.md)|IP collection|List IPs that are associated with the alert.| |[Get related machines](get-alert-related-machine-info.md)|[Machine](machine.md)|The [machine](machine.md) that is associated with the [alert](alerts.md).| |[Get related users](get-alert-related-user-info.md)|[User](user.md)|The [user](user.md) that is associated with the [alert](alerts.md).|
-|
## Properties
-<br>
-
-****
- |Property|Type|Description| |||| |id|String|Alert ID.|
|detectorId|String|The ID of the detector that triggered the alert.| |comments|List of Alert comments|Alert Comment object contains: comment string, createdBy string, and createTime date time.| |Evidence|List of Alert evidence|Evidence related to the alert. See example below.|
-|
>[!NOTE] >Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.
security Api Power Bi https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-power-bi.md
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) --- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Microsoft Defender for Endpoint API URIs for US Government](../../includes/microsoft-defender-api-usgov.md)]
In this section you will learn to create a Power BI report on top of Defender for Endpoint APIs.
-The first example demonstrates how to connect Power BI to Advanced Hunting API and the second example demonstrates a connection to our OData APIs, such as Machine Actions or Alerts.
+The first example demonstrates how to connect Power BI to Advanced Hunting API, and the second example demonstrates a connection to our OData APIs, such as Machine Actions or Alerts.
## Connect Power BI to Advanced Hunting API -- Open Microsoft Power BI.--- Click **Get Data** \> **Blank Query**.-
- :::image type="content" source="images/power-bi-create-blank-query.png" alt-text="The Blank Query option under the Get Data menu item" lightbox="images/power-bi-create-blank-query.png":::
+1. Open Microsoft Power BI.
-- Click **Advanced Editor**.
+2. Select **Get Data** \> **Blank Query**.
+ :::image type="content" source="images/power-bi-create-blank-query.png" alt-text="The Blank Query option under the Get Data menu item" lightbox="images/power-bi-create-blank-query.png":::
- :::image type="content" source="images/power-bi-open-advanced-editor.png" alt-text="The Advanced Editor menu item" lightbox="images/power-bi-open-advanced-editor.png":::
+3. Select **Advanced Editor**.
+ :::image type="content" source="images/power-bi-open-advanced-editor.png" alt-text="The Advanced Editor menu item" lightbox="images/power-bi-open-advanced-editor.png":::
-- Copy the below and paste it in the editor:
+4. Copy the below and paste it in the editor:
``` let
The first example demonstrates how to connect Power BI to Advanced Hunting API a
in Table ``` -- Click **Done**.--- Click **Edit Credentials**.-
- :::image type="content" source="images/power-bi-edit-credentials.png" alt-text="The Edit Credentials menu item" lightbox="images/power-bi-edit-credentials.png":::
-
--- Select **Organizational account** \> **Sign in**.
+5. Select **Done**.
- :::image type="content" source="images/power-bi-set-credentials-organizational.png" alt-text="The Sign in option in the Organizational account menu item" lightbox="images/power-bi-set-credentials-organizational.png":::
+6. Select **Edit Credentials**.
+ :::image type="content" source="images/power-bi-edit-credentials.png" alt-text="The Edit Credentials menu item" lightbox="images/power-bi-edit-credentials.png":::
-- Enter your credentials and wait to be signed in.
+7. Select **Organizational account** \> **Sign in**.
+ :::image type="content" source="images/power-bi-set-credentials-organizational.png" alt-text="The Sign in option in the Organizational account menu item" lightbox="images/power-bi-set-credentials-organizational.png":::
-- Click **Connect**.
+8. Enter your credentials and wait to be signed in.
- :::image type="content" source="images/power-bi-set-credentials-organizational-cont.png" alt-text="The sign-in confirmation message in the Organizational account menu item" lightbox="images/power-bi-set-credentials-organizational-cont.png":::
+9. Select **Connect**. </br>
+ :::image type="content" source="images/power-bi-set-credentials-organizational-cont.png" alt-text="The sign-in confirmation message in the Organizational account menu item" lightbox="images/power-bi-set-credentials-organizational-cont.png":::
-- Now the results of your query will appear as a table and you can start to build visualizations on top of it!
+Now the results of your query will appear as a table and you can start to build visualizations on top of it!
-- You can duplicate this table, rename it and edit the Advanced Hunting query inside to get any data you would like.
+You can duplicate this table, rename it, and edit the Advanced Hunting query inside to get any data you would like.
## Connect Power BI to OData APIs -- The only difference from the above example is the query inside the editor.
+The only difference from the previous example is the query inside the editor. Follow steps 1-3 above.
-- Copy the below and paste it in the editor to pull all **Machine Actions** from your organization:
+At step 4, instead of the code in that example, copy the code below and paste it in the editor to pull all **Machine Actions** from your organization:
``` let
The first example demonstrates how to connect Power BI to Advanced Hunting API a
Source ``` -- You can do the same for **Alerts** and **Machines**.-- You also can use OData queries for queries filters, see [Using OData Queries](exposed-apis-odata-samples.md).
+You can do the same for **Alerts** and **Machines**.
+You also can use OData queries for queries filters, see [Using OData Queries](exposed-apis-odata-samples.md).
## Power BI dashboard samples in GitHub
View the Microsoft Defender for Endpoint Power BI report samples. For more infor
## Related topics -- [Defender for Endpoint APIs](apis-intro.md)-- [Advanced Hunting API](run-advanced-query-api.md)
+- [Defender for Endpoint APIs](apis-intro.md)
+- [Advanced Hunting API](run-advanced-query-api.md)
- [Using OData Queries](exposed-apis-odata-samples.md)
security Automated Investigations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/automated-investigations.md
ms.pagetype: security
ms.localizationpriority: medium Last updated : 08/31/2022 audience: ITPro
Currently, AIR only supports the following OS versions:
- Windows 10, version [1803](/windows/release-information/status-windows-10-1809-and-windows-server-2019) or later - Windows 11
+> [!NOTE]
+> Automated investigation and response on Windows Server 2012 R2 and Windows Server 2016 requires the [Unified Agent](/microsoft-365/security/defender-endpoint/configure-server-endpoints#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution) to be installed.
+ ## Next steps - [Learn more about automation levels](automation-levels.md)
security Enable Microsoft Defender For Iot Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration.md
ms.technology: mde
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-enablesiem-abovefoldlink)
-Microsoft Defender for Endpoint now seamlessly integrates with Microsoft Defender for IoT. This integration extends your device discovery capabilities with the agentless monitoring capabilities provided by Defender for IoT. This will help secure enterprise IoT devices connected to IT networks, such as Voice over Internet Protocol (VoIP) devices, printers, and cameras. It allows organizations to take advantage of a single integrated solution that secures all of their IoT, and Operational Technology (OT) infrastructure. For more information, see [Enterprise IoT network protection](/azure/defender-for-iot/organizations/overview-eiot).
+Microsoft Defender for Endpoint now seamlessly integrates with Microsoft Defender for IoT. This integration extends your device discovery capabilities with the agentless monitoring capabilities provided by Defender for IoT. The Defender for IoT integration provides increased visibility to help locate, identify, and secure the enterprise IoT devices in your network, such as Voice over Internet Protocol (VoIP) devices, printers, and cameras.
-Once you've defined a Defender for IoT plan and set up an Enterprise IoT network sensor, device data automatically starts streaming into both the Defender for Endpoint and Defender for IoT portals.
+This allows organizations to take advantage of a single integrated solution that secures all of their IoT, and Operational Technology (OT) infrastructure. For more information, see [Enterprise IoT network protection](/azure/defender-for-iot/organizations/overview-eiot).
-The Defender for IoT integration provides increased visibility to help locate, identify, and secure the IoT devices in your network. This will give you a single unified view of your complete OT/IoT inventory alongside the rest of your IT devices (workstations, servers, and mobile).
-
-Customers who've onboarded to Defender for IoT also have security recommendations for vulnerability assessments and misconfigurations for IoT devices.
+The Defender for IoT integration gives you a single unified view of your complete OT/IoT inventory alongside the rest of your IT devices (workstations, servers, and mobile). Customers who've onboarded to Defender for IoT will also get information on alerts, vulnerabilities and security recommendations for their IoT devices.
## Prerequisites
To modify settings for your Defender for Endpoint integration, the user must hav
1. In the navigation pane of the [https://security.microsoft.com](https://security.microsoft.com/) portal, select **Settings** \> **Device discovery** \> **Enterprise IoT**.
-1. Select the following options for your plan:
+2. Select the following options for your plan:
- Select the Azure subscription from the list of available subscriptions in your Azure Active Directory tenant where you'd like to add a plan. - Select a pricing plan, either a monthly or annual commitment, or a trial. Microsoft Defender for IoT provides a 30-day free trial for the first 1,000 committed devices for evaluation purposes. For more information, see the [Microsoft Defender for IoT pricing page](https://azure.microsoft.com/pricing/details/iot-defender/).
-
- - Select the number of committed devices you'll want to monitor. If you selected a trial, this section doesn't appear as you have a default of 1000 devices.
-## Set up a network sensor
+ - Select the number of committed devices you'll want to monitor. If you selected a trial, this section doesn't appear as you have a default of 1000 devices.
-To set up a network sensor your Azure subscription must have a Defender for IoT plan with Enterprise IoT devices added, as described [above](#onboard-a-defender-for-iot-plan).
+3. Accept the **terms and conditions** and select **Save**.
-To add a network sensor, under **Set up network sensors** choose the **Microsoft Defender for IoT** link. This brings you to the Onboard sensor setup process in the Azure portal. For more information, see [Get started with Enterprise IoT](/azure/defender-for-iot/organizations/tutorial-getting-started-eiot-sensor).
+> [!NOTE]
+> Setting up an Enterprise IoT network sensor is currently in public preview. For more information, see [Shared device inventory](#shared-device-inventory).
## Managing your IoT devices
To view and manage your IoT devices in the [Microsoft 365 Defender portal](https
For information on how to view the devices in Defender for IoT, see [Manage your IoT devices with the device inventory for organizations](/azure/defender-for-iot/organizations/how-to-manage-device-inventory-for-organizations). - ## View devices, alerts, recommendations, and vulnerabilities
-After defining your plan and setting up a network sensor, view detected data and security assessments in the following locations:
+After onboarding to a Defender for IoT plan, view detected data and security assessments in the following locations:
- View device data in Defender for Endpoint or Defender for IoT-- View alerts, recommendations, and vulnerabilities in Defender for Endpoint
+- View [alerts](alerts-queue-endpoint-detection-response.md), [recommendations](../defender-vulnerability-management/tvm-security-recommendation.md), and [vulnerabilities](../defender-vulnerability-management/tvm-weaknesses.md) in the [Microsoft 365 Defender portal](https://security.microsoft.com).
+
+### Shared device inventory
-For more information, see the [Defender for IoT pricing page](https://azure.microsoft.com/pricing/details/iot-defender/).
+Defender for Endpoint customers can also set up the Enterprise IoT network sensor (currently in **Public Preview**) to gain more visibility into additional IoT segments of the corporate network that were not previously covered by Defender for Endpoint. Customers that have set up an Enterprise IoT network sensor will be able to see all discovered devices in the **Device inventory** in either Defender for Endpoint or Defender for IoT.
+
+To add a network sensor, in the navigation pane of the [https://security.microsoft.com](https://security.microsoft.com/) portal:
+
+1. Select **Settings** \> **Device discovery** \> **Enterprise IoT**
+2. Under **Set up network sensors** choose the **Microsoft Defender for IoT** link
+
+This brings you to the sensor setup process in the Azure portal. For more information, see [Get started with Enterprise IoT](/azure/defender-for-iot/organizations/tutorial-getting-started-eiot-sensor).
+
+> [!IMPORTANT]
+> Setting up an Enterprise IoT Network sensor is currently in PREVIEW. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
## Cancel your Defender for IoT plan Cancel your Defender for IoT plan from the Defender for Endpoint settings page in the [https://security.microsoft.com](https://security.microsoft.com/) portal. Once you cancel your plan, the integration stops and you'll no longer get security assessment value in Defender for Endpoint, or detect new devices in Defender for IoT.
+For more details about plan cancellation and data considerations, please see [Cancel a Defender for IoT plan](/azure/defender-for-iot/organizations/how-to-manage-subscriptions#cancel-a-defender-for-iot-plan-from-a-subscription) in the Defender for IoT documentation.
+ ## See also - [Device discovery overview](configure-device-discovery.md)
security Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine.md
## Methods
-<br>
-
-****
- |Method|Return Type|Description| |||| |[List machines](get-machines.md)|[machine](machine.md) collection|List set of [machine](machine.md) entities in the org.|
|[Get missing KBs](get-missing-kbs-machine.md)|KB collection|Get a list of missing KBs associated with the machine ID| |[Set device value](set-device-value.md)|[machine](machine.md) collection|Set the [value of a device](tvm-assign-device-value.md).| |[Update machine](update-machine-method.md)|[machine](machine.md) collection|Get the update status of a machine.|
-|
## Properties
-<br>
-
-****
- |Property|Type|Description| |||| |id|String|[machine](machine.md) identity.|
|deviceValue|Nullable Enum|The [value of the device](tvm-assign-device-value.md). Possible values are: 'Normal', 'Low' and 'High'.| |ipAddresses|IpAddress collection|Set of ***IpAddress*** objects. See [Get machines API](get-machines.md).| |osArchitecture|String|Operating system architecture. Possible values are: "32-bit", "64-bit". Use this property instead of osProcessor.|
-|
security Network Protection Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection-linux.md
Also, make sure that in **Microsoft Defender** > **Settings** > **Endpoints** >
> [!NOTE] > If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment. > Pro tip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy.
-4. [Integrate Microsoft Defender for Endpoint with Cloud App Security](/defender-cloud-apps/mde-integration.md) and your network protection-enabled macOS devices will have endpoint policy enforcement capabilities.
+4. [Integrate Microsoft Defender for Endpoint with Defender for Cloud Apps](/defender-cloud-apps/mde-integration) and your network protection-enabled macOS devices will have endpoint policy enforcement capabilities.
> [!NOTE] > Discovery and other features are currently not supported on these platforms.
security Network Protection Macos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection-macos.md
plutil -lint com.microsoft.wdav.xml
> [!NOTE] > If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment. > Pro tip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy.
-4. [Integrate Microsoft Defender for Endpoint with Cloud App Security](/defender-cloud-apps/mde-integration) and your network protection-enabled macOS devices will have endpoint policy enforcement capabilities.
+4. [Integrate Microsoft Defender for Endpoint with Defender for Cloud Apps](/defender-cloud-apps/mde-integration) and your network protection-enabled macOS devices will have endpoint policy enforcement capabilities.
> [!NOTE] > Discovery and other features are currently not supported on these platforms.
security Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection.md
Network protection helps protect devices from Internet-based events. Network pro
Network protection extends the protection in [Web protection](web-protection-overview.md) to the operating system level. It provides the web protection functionality found in Microsoft Edge to other supported browsers and non-browser applications. Network protection also provides visibility and blocking of indicators of compromise (IOCs) when used with [Endpoint detection and response](overview-endpoint-detection-response.md). For example, network protection works with your [custom indicators](manage-indicators.md) that you can use to block specific domains or host names.
+> [!NOTE]
+> For processes other than Microsoft Edge and Internet Explorer, web protection scenarios leverage Network Protection for inspection and enforcement:
+>
+> - IP is supported for all three protocols (TCP, HTTP, and HTTPS (TLS)).
+> - Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators.
+> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge).
+> - Encrypted URLs (FQDN only) can be blocked in third party browsers (i.e. other than Internet Explorer, Edge).
+> - Full URL path blocks can be applied for unencrypted URLs.
+>
+> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
+ Watch this video to learn how Network protection helps reduce the attack surface of your devices from phishing scams, exploits, and other malicious content. > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4r4yZ]
Network protection requires Windows 10 or 11 (Pro or Enterprise), Windows Server
Network protection is a part of the attack surface reduction group of solutions in Microsoft Defender for Endpoint. Network protection enables layer the network layer of blocking URLs and IP addresses. Network protection can block URLs from being accessed by using certain browsers and standard network connections. By default, network protection guards your computers from known malicious URLs using the SmartScreen feed, which blocks malicious URLs in a manner similar to SmartScreen in Microsoft Edge browser. The network protection functionality can be extended to: - Block IP/URL addresses from your own threat intelligence ([indicators](indicator-ip-domain.md))-- Block unsanctioned services from [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps) (formerly known as Microsoft Cloud App Security)
+- Block unsanctioned services from [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps)
- Block sites based on category ([Web content filtering](web-content-filtering.md)) Network protection is a critical part of the Microsoft protection and response stack.
A user visits a website:
### Network protection: C2 detection and remediation + In its initial form, ransomware is a commodity threat, pre-programmed and focused on limited, specific outcomes (for example, encrypting a computer). However, ransomware has evolved into a sophisticated threat that is human-driven, adaptive, and focused on larger scale and more widespread outcomes; like holding an entire organization's assets or data for ransom. Support for Command and Control servers (C2) is a key part of this ransomware evolution and is what enables these attacks to adapt to the environment they target. Breaking the link to the command-and-control infrastructure stops the progression of an attack to its next stage.
The following example includes the blocked actions:
```kusto DeviceEvents
-|Where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
+|where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
```
security Web Protection Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-overview.md
ms.technology: mde
- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) - > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-main-abovefoldlink&rtc=1) - ## About web protection Web protection in Microsoft Defender for Endpoint is a capability made up of [Web threat protection](web-threat-protection.md), [Web content filtering](web-content-filtering.md), and [Custom indicators](manage-indicators.md). Web protection lets you secure your devices against web threats and helps you regulate unwanted content. You can find Web protection reports in the Microsoft 365 Defender portal by going to **Reports > Web protection**.
Web threat protection includes:
- Investigation capabilities over web-related threat activity through alerts and comprehensive profiles of URLs and the devices that access these URLs. - A full set of security features that track general access trends to malicious and unwanted websites.
+> [!NOTE]
+> For processes other than Microsoft Edge and Internet Explorer, web protection scenarios leverage Network Protection for inspection and enforcement:
+>
+> - IP is supported for all three protocols (TCP, HTTP, and HTTPS (TLS)).
+> - Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators.
+> - Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge).
+> - Encrypted URLs (FQDN only) can be blocked in third party browsers (i.e. other than Internet Explorer, Edge).
+> - Full URL path blocks can be applied for unencrypted URLs.
+>
+> There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.
+ For more information, see [Web threat protection](web-threat-protection.md). ### Custom indicators
security Whats New In Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
For more information on what's new with other Microsoft Defender security produc
- [What's new in Microsoft 365 Defender](../defender/whats-new.md) - [What's new in Microsoft Defender for Office 365](../office-365-security/whats-new-in-defender-for-office-365.md) - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)-- [What's new in Microsoft Cloud App Security](/cloud-app-security/release-notes)
+- [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
For more information on Microsoft Defender for Endpoint on other operating systems:
security Tvm Supported Os https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/tvm-supported-os.md
SUSE Linux Enterprise Server 12 or higher|Yes|Yes|Yes|Yes|Yes
Linux Debian 9 or higher|Yes|Yes|Yes|Yes|Yes Android 6.0 or higher|Yes|Yes|Not supported|Not supported|Not supported iOS 12.0 or higher|Yes|Not supported|Not supported|Not supported|Not supported
+Fedora 33 or higher|Yes|Yes|Yes|Yes|Yes
+Amazon Linux 2|Yes|Yes|Yes|Yes|Yes
> [!NOTE] > Some features are not available for down-level Operating System, check the Microsoft 365 Defender Portal for more details on supported OS.
security Whats New In Microsoft Defender Vulnerability Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/whats-new-in-microsoft-defender-vulnerability-management.md
For more information on what's new with other Microsoft Defender security produc
- [What's new in Microsoft 365 Defender](../defender/whats-new.md) - [What's new in Microsoft Defender for Office 365](../office-365-security/whats-new-in-defender-for-office-365.md) - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)-- [What's new in Microsoft Cloud App Security](/cloud-app-security/release-notes)
+- [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
security Advanced Hunting Alertinfo Table https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-alertinfo-table.md
Title: AlertInfo table in the advanced hunting schema description: Learn about alert generation events in the AlertInfo table of the advanced hunting schema
-keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, AlertInfo, alert, severity, category, MITRE, ATT&CK, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Cloud App Security, MCAS, and Microsoft Defender for Identity
+keywords: advanced hunting, threat hunting, cyber threat hunting, Microsoft 365 Defender, microsoft 365, m365, search, query, telemetry, schema reference, kusto, table, column, data type, description, AlertInfo, alert, severity, category, MITRE, ATT&CK, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity
search.product: eADQiWindows 10XVcnh search.appverid: met150
security Configure Microsoft Threat Experts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/configure-microsoft-threat-experts.md
You can filter your incidents and alerts if you want to only see the Defender Ex
## Subscribe to Microsoft Threat Experts - Experts on Demand > [!NOTE]
-> Experts on Demand is not a security incident response service. ItΓÇÖs intended to provide a better understanding of complex threats affecting your organization. Engage with your own security incident response team to address urgent security incident response issues. If you don't have your own security incident response team and would like Microsoft's help, create a support request in the [Premier Services Hub](/services-hub/).![image](https://user-images.githubusercontent.com/11750124/187275455-b62fd01d-ad23-46c8-a11d-e5c0a50e92a8.png)
+> Experts on Demand is not a security incident response service. ItΓÇÖs intended to provide a better understanding of complex threats affecting your organization. Engage with your own security incident response team to address urgent security incident response issues. If you don't have your own security incident response team and would like Microsoft's help, create a support request in the [Premier Services Hub](/services-hub/).
If you're already a Microsoft Defender for Endpoint customer, you can contact your Microsoft representative to subscribe to Microsoft Threat Experts - Experts on Demand.
security Custom Roles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/custom-roles.md
Title: Custom roles for role-based access control description: Learn how to manage custom roles in the Microsoft 365 Defender portal
-keywords: access, permissions, Microsoft 365 Defender, M365, security, MCAS, Cloud App Security, Microsoft Defender for Endpoint, scope, scoping, RBAC, roles-based access, custom roles-based access, roles-based auth, RBAC in MDO, roles, rolegroups, permissions inheritance, fine-grained permissions
+keywords: access, permissions, Microsoft 365 Defender, M365, security, Defender for Cloud Apps, Microsoft Defender for Endpoint, scope, scoping, RBAC, roles-based access, custom roles-based access, roles-based auth, RBAC in MDO, roles, rolegroups, permissions inheritance, fine-grained permissions
search.product: eADQiWindows 10XVcnh
security Deploy Supported Services https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/deploy-supported-services.md
Title: Deploy services supported by Microsoft 365 Defender description: Learn about the Microsoft security services that can be integrated by Microsoft 365 Defender, their licensing requirements, and deployment procedures
-keywords: deploy, licenses, supported services, provisioning, configuration Microsoft 365 Defender, M365, license eligibility, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Cloud App Security, MCAS, E5, A5, EMS
+keywords: deploy, licenses, supported services, provisioning, configuration Microsoft 365 Defender, M365, license eligibility, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, MCAS, E5, A5, EMS
search.product: eADQiWindows 10XVcnh
security M365d Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/m365d-permissions.md
Title: Manage access to Microsoft 365 Defender data in the Microsoft 365 Defender portal description: Learn how to manage permissions to data in Microsoft 365 Defender
-keywords: access, permissions, Microsoft 365 Defender, M365, security, MCAS, Cloud App Security, Microsoft Defender for Endpoint, scope, scoping, RBAC
+keywords: access, permissions, Microsoft 365 Defender, M365, security, Defender for Cloud Apps, Microsoft Defender for Endpoint, scope, scoping, RBAC
search.product: eADQiWindows 10XVcnh
security Onboarding Defender Experts For Hunting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/onboarding-defender-experts-for-hunting.md
The option to **Ask Defender Experts** is available in several places throughout
- We recently saw a blog post about a threat that is targeting our industry. Can you help us understand what protection Microsoft 365 Defender provides against this threat actor? - We recently observed a phishing campaign conducted against our organization. Can you tell us if this was targeted specifically to our company or vertical?
-### Microsoft Defender Experts for Hunting' alert communications
+### Microsoft Defender Experts for Hunting alert communications
- Can your incident response team help us address the Defender Experts Notification that we got? - We received this Defender Experts Notification from Microsoft Defender Experts for Hunting. We don't have our own incident response team. What can we do now, and how can we contain the incident?
security Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md
The security operations team can view all actions pending approval, and the stip
- [CloudAppEvents table](advanced-hunting-cloudappevents-table.md)
- Find information about events in various cloud apps and services covered by Microsoft Cloud App Security. This table also includes information previously available in the `AppFileEvents` table.
+ Find information about events in various cloud apps and services covered by Microsoft Defender for Cloud Apps. This table also includes information previously available in the `AppFileEvents` table.
security Allow Block Email Spoof https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/allow-block-email-spoof.md
For instructions, see [Report questionable email to Microsoft](admin-submission.
#### Use the Microsoft 365 Defender portal to create block entries for domains and email addresses in the Tenant Allow/Block List
-You create block entries for domains and email addresses directly in the Tenant Allow/Block List.
+You can create block entries for domains and email addresses directly in the Tenant Allow/Block List.
+
+Email messages from these senders are marked as *high confidence spam* (SCL = 9). What happens to the messages is determined by the [anti-spam policy](configure-your-spam-filter-policies.md) that detected the message for the recipient. In the default anti-spam policy and new custom policies, messages that are marked as high confidence spam are delivered to the Junk Email folder by default. In Standard and Strict [preset security policies](preset-security-policies.md), high confidence spam messages are quarantined.
> [!NOTE]
-> Email messages from these senders are marked as *high confidence spam* (SCL = 9). What happens to the messages is determined by the [anti-spam policy](configure-your-spam-filter-policies.md) that detected the message for the recipient. In the default anti-spam policy and new custom policies, messages that are marked as high confidence spam are delivered to the Junk Email folder by default. In Standard and Strict [preset security policies](preset-security-policies.md), high confidence spam messages are quarantined.
->
> Users in the organization can't send email to these blocked domains and addresses. They'll receive the following non-delivery report (also known as an NDR or bounce message): `5.7.1 Your message can't be delivered because one or more recipients are blocked by your organization's tenant allow/block list policy.` 1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block List** page, use <https://security.microsoft.com/tenantAllowBlockList>. 2. On the **Tenant Allow/Block List** page, verify that the **Domains & addresses** tab is selected.
-3. **Domains & addresses** tab, click ![Block icon.](../../media/m365-cc-sc-create-icon.png) **Block**.
+3. On the **Domains & addresses** tab, click ![Block icon.](../../media/m365-cc-sc-create-icon.png) **Block**.
4. In the **Block domains & addresses** flyout that appears, configure the following settings:
For detailed syntax and parameter information, see [Set-TenantAllowBlockListItem
3. On **Domains & addresses** tab, do one of the following steps: - Select the check box of the entry that you want to remove, and then click the ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) **Delete** icon that appears.
- - Select the entry that you want to remove by click anywhere in the row other than the check box. In the details flyout that appears, click ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) **Delete**.
+ - Select the entry that you want to remove by clicking anywhere in the row other than the check box. In the details flyout that appears, click ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) **Delete**.
4. In the warning dialog that appears, click **Delete**.
Adding a domain pair only allows or blocks the *combination* of the spoofed user
For example, you add an allow entry for the following domain pair: - **Domain**: gmail.com-- **Infrastructure**: tms.mx.com
+- **Sending infrastructure**: tms.mx.com
Only messages from that domain *and* sending infrastructure pair are allowed to spoof. Other senders attempting to spoof gmail.com aren't allowed. Messages from senders in other domains originating from tms.mx.com are checked by spoof intelligence. > [!NOTE]
-> You can't use wildcards in the sending infrastructure.
+> You can specify wildcards in the sending infrastructure or in the spoofed user, but not in both at the same time. For example, `*, *` is not permitted.
## About impersonated domains or senders
security Allow Block Files https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/allow-block-files.md
For instructions, see [Report questionable email attachments to Microsoft](admin
### Use the Microsoft 365 Defender portal to create block entries for files in the Tenant Allow/Block List
-You create block entries for files directly in the Tenant Allow/Block List.
+You can create block entries for files directly in the Tenant Allow/Block List.
-> [!NOTE]
-> Email messages that contain these blocked files are blocked as *malware*.
+Email messages that contain these blocked files are blocked as *malware*.
1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block List** page, use <https://security.microsoft.com/tenantAllowBlockList>.
For detailed syntax and parameter information, see [Set-TenantAllowBlockListItem
3. On the **Files** tab, do one of the following steps: - Select the check box of the entry that you want to remove, and then click the ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) **Delete** icon that appears.
- - Select the entry that you want to remove by click anywhere in the row other than the check box. In the details flyout that appears, click ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) **Delete**.
+ - Select the entry that you want to remove by clicking anywhere in the row other than the check box. In the details flyout that appears, click ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) **Delete**.
4. In the warning dialog that appears, click **Delete**.
security Allow Block Urls https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/allow-block-urls.md
For instructions, see [Report questionable URLs to Microsoft](admin-submission.m
### Use the Microsoft 365 Defender portal to create block entries for URLs in the Tenant Allow/Block List
-You create block entries for URLs directly in the Tenant Allow/Block List.
+You can create block entries for URLs directly in the Tenant Allow/Block List.
-> [!NOTE]
-> Email messages that contain these blocked URLs are blocked as *high confidence phishing*.
+Email messages that contain these blocked URLs are blocked as *high confidence phishing*.
1. In the Microsoft 365 Defender portal at <https://security.microsoft.com>, go to **Policies & rules** \> **Threat Policies** \> **Rules** section \> **Tenant Allow/Block Lists**. Or, to go directly to the **Tenant Allow/Block List** page, use <https://security.microsoft.com/tenantAllowBlockList>.
For detailed syntax and parameter information, see [Set-TenantAllowBlockListItem
3. On the **URLs** tab, do one of the following steps: - Select the check box of the entry that you want to remove, and then click the ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) **Delete** icon that appears.
- - Select the entry that you want to remove by click anywhere in the row other than the check box. In the details flyout that appears, click ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) **Delete**.
+ - Select the entry that you want to remove by clicking anywhere in the row other than the check box. In the details flyout that appears, click ![Delete icon.](../../media/m365-cc-sc-delete-icon.png) **Delete**.
4. In the warning dialog that appears, click **Delete**.
security Remediate Malicious Email Delivered Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/remediate-malicious-email-delivered-office-365.md
ms.localizationpriority: medium
search.appverid: MET150 description: Threat remediation++ # Remediate malicious email delivered in Office 365
security Remove Blocked Connectors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/remove-blocked-connectors.md
- M365-security-compliance description: Learn how to remove blocked connectors in Microsoft 365 Defender.++ # Remove blocked connectors from the Restricted entities portal
security Removing User From Restricted Users Portal After Spam https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam.md
description: Admins can learn how to remove users from the Restricted users page in the Microsoft 365 Defender portal. Users are added to the Restricted users portal for sending outbound spam, typically as a result of account compromise. - seo-marvel-apr2020++ # Remove blocked users from the Restricted users portal in Microsoft 365
security Report False Positives And False Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-false-positives-and-false-negatives.md
ms.localizationpriority: medium
- M365-security-compliance description: Learn how to report false positives and false negatives in Outlook using the Report Message feature.++ # Report false positives and false negatives in Outlook
security Report Junk Email Messages To Microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft.md
ms.assetid: c31406ea-2979-4fac-9288-f835269b9d2f
- M365-security-compliance description: How do I report a suspicious email or file to Microsoft? Report messages, URLs, email attachments and files to Microsoft for analysis. Learn to report spam email and phishing emails.++ # How do I report a suspicious email or file to Microsoft?
security Reporting And Message Trace In Exchange Online Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reporting-and-message-trace-in-exchange-online-protection.md
ms.assetid: f40253f2-50a1-426e-9979-be74ba74cb61
- seo-marvel-apr2020 description: In this article, you'll learn about reports and troubleshooting tools available to Microsoft Exchange Online Protection (EOP) admins.++ # Reporting and message trace in EOP
security Reports And Insights In Security And Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance.md
- M365-security-compliance description: Learn about the smart reports and insights, and how to use them to view and explore data and take quick actions. ++ # Smart reports and insights in the Security & Compliance Center
security Respond Compromised Connector https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/respond-compromised-connector.md
- M365-security-compliance description: Learn how to recognize and respond to a compromised connector in Microsoft 365.++ # Respond to a compromised connector
security Responding To A Compromised Email Account https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/responding-to-a-compromised-email-account.md
ms.localizationpriority: high
search.appverid: - MET150 description: Learn how to recognize and respond to a compromised email account using tools available in Microsoft 365.++ # Responding to a Compromised Email Account
security Safe Attachments https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-attachments.md
- m365initiative-defender-office365 - seo-marvel-apr2020 description: Admins can learn about the Safe Attachments feature in Microsoft Defender for Office 365.++ # Safe Attachments in Microsoft Defender for Office 365
security Safe Docs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-docs.md
ms.assetid:
- M365-security-compliance description: Learn about Safe Documents in Microsoft 365 A5 or E5 Security.++ # Safe Documents in Microsoft 365 A5 or E5 Security
security Safe Links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links.md
search.appverid:
- ZWD160 ms.assetid: dd6a1fef-ec4a-4cf4-a25a-bb591c5811e3 description: Learn about Safe Links protection in Defender for Office 365 to protect an organization from phishing and other attacks that use malicious URLs. Discover Teams Safe Links, and see graphics of Safe Links messages.++ # Safe Links in Microsoft Defender for Office 365
security Secure By Default https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-by-default.md
search.appverid:
- M365-security-compliance description: Learn more about the secure by default setting in Exchange Online Protection (EOP)++ # Secure by default in Office 365
security Secure Email Recommended Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/secure-email-recommended-policies.md
description: Describes the policies for Microsoft recommendations about how to a
+ audience: Admin f1.keywords:
- m365solution-scenario - zerotrust-solution - highpri+ # Policy recommendations for securing email
security Security Dashboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/security-dashboard.md
- seo-marvel-apr2020 description: Use the new Security Dashboard to review Office 365 Threat Protection Status, and view and act on security alerts.++ # Security dashboard in the Security & Compliance Center
security Security Recommendations For Priority Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/security-recommendations-for-priority-accounts.md
- highpri description: Admins can learn how to elevate the security settings and use reports, alerts, and investigations for priority accounts in their Microsoft 365 organizations.++ # Security recommendations for priority accounts in Microsoft 365
security Security Roadmap https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/security-roadmap.md
search.appverid:
- MET150 ms.assetid: 28c86a1c-e4dd-4aad-a2a6-c768a21cb352 description: Top recommendations from Microsoft's cybersecurity team for implementing security capabilities to protect your Microsoft 365 environment.++ # Security roadmap - Top priorities for the first 30 days, 90 days, and beyond
security Sending Mail To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/sending-mail-to-office-365.md
- seo-marvel-apr2020 description: Learn as a guest sender, how can you increase the ability to deliver email to users in Microsoft 365. Also learn how to report junk email & phishing attempts as a guest.++ # Sending mail to Microsoft 365
security Services For Non Customers https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/services-for-non-customers.md
ms.assetid: 19fd3e0f-8dbf-4049-a810-2c8ee6cefd48
- M365-security-compliance description: To help maintain user trust in the use of email, Microsoft has put in place various policies and technologies to help protect our users.++ # Services for non-customers sending mail to Microsoft 365
security Set Up Anti Phishing Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-anti-phishing-policies.md
- seo-marvel-apr2020 description: Admins can learn about the anti-phishing policies that are available in Exchange Online Protection (EOP) and Microsoft Defender for Office 365.++ # Anti-phishing policies in Microsoft 365
security Set Up Safe Attachments Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-safe-attachments-policies.md
- M365-security-compliance description: Learn about how to define Safe Attachments policies to protect your organization from malicious files in email. ++ # Set up Safe Attachments policies in Microsoft Defender for Office 365
security Set Up Safe Links Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-safe-links-policies.md
- M365-security-compliance description: Admins can learn how to view, create, modify, and delete Safe Links policies and global Safe Links settings in Microsoft Defender for Office 365.++ # Set up Safe Links policies in Microsoft Defender for Office 365
security Set Up Spf In Office 365 To Help Prevent Spoofing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help-prevent-spoofing.md
- seo-marvel-apr2020 description: Learn how to update a Domain Name Service (DNS) record to use Sender Policy Framework (SPF) with your custom domain in Office 365.++ # Set up SPF to help prevent spoofing
For advanced examples, a more detailed discussion about supported SPF syntax, sp
For advanced examples and a more detailed discussion about supported SPF syntax, see [How SPF works to prevent spoofing and phishing in Office 365](how-office-365-uses-spf-to-prevent-spoofing.md#HowSPFWorks).
-[Use trusted ARC Senders for legitimate mailflows](/microsoft-365/security/office-365-security/use-arc-exceptions-to-mark-trusted-arc-senders?view=o365-21vianet&branch=tracyp_emailauth)
+[Use trusted ARC Senders for legitimate mailflows](/microsoft-365/security/office-365-security/use-arc-exceptions-to-mark-trusted-arc-senders)
*Select 'This page' under 'Feedback' if you have feedback on this documentation.*
security Sharepoint File Access Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/sharepoint-file-access-policies.md
description: Describes the policies for Microsoft recommendations about how to s
+ audience: Admin f1.keywords:
- m365solution-scenario - zerotrust-solution - highpri+ # Policy recommendations for securing SharePoint sites and files
security Siem Integration With Office 365 Ti https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/siem-integration-with-office-365-ti.md
- M365-security-compliance description: Integrate your organization's SIEM server with Microsoft Defender for Office 365 and related threat events in the Office 365 Activity Management API. ++ # SIEM integration with Microsoft Defender for Office 365
security Whats New In Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365.md
f1.keywords: NOCSH
ms.localizationpriority: medium Previously updated : 08/11/2022 Last updated : 08/30/2022 audience: ITPro
For more information on what's new with other Microsoft Defender security produc
- [What's new in Microsoft 365 Defender](../defender/whats-new.md) - [What's new in Microsoft Defender for Endpoint](../defender-endpoint/whats-new-in-microsoft-defender-endpoint.md) - [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)-- [What's new in Microsoft Cloud App Security](/cloud-app-security/release-notes)
+- [What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
-## August 2022
+## September 2022
**Automatic redirection from Office 365 Security and Compliance Center to Microsoft 365 Defender portal:** Automatic redirection begins for users accessing the security solutions in Office 365 Security and Compliance center (protection.office.com) to the appropriate solutions in Microsoft 365 Defender portal (security.microsoft.com). This is for all security workflows like: Alerts, Threat Management, and Reports. - Redirection URLs:
whiteboard Manage Clients Gcc High https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-clients-gcc-high.md
description: Learn which clients are currently supported for Whiteboard.
> [!NOTE] > This guidance applies to US Government Community Cloud (GCC) High environments.
-Whiteboard clients are currently being updated to support OneDrive for Business.
+Whiteboard clients are currently being updated to support OneDrive for Business.
## Clients supported
whiteboard Manage Clients Gcc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-clients-gcc.md
The following clients are currently supported in Whiteboard:
- Standalone Whiteboard web application at [https://whiteboard.office365.us](https://whiteboard.office365.us) - Microsoft Teams meetings, chats, and channels using Teams desktop and web - Standalone Whiteboard application for mobile
+- Standalone Whiteboard applications for Windows 10
## Clients planned The following clients are planned for future releases of Whiteboard: -- Standalone Whiteboard application for Windows 10 or later versions-- Standalone Whiteboard application for Surface Hub (currently can be used in anonymous mode) - Whiteboard in the Office.com app launcher-- Whiteboard in Teams meetings on Surface Hub and Teams meeting rooms-- Whiteboard in 1:1 calls in Teams
+- Whiteboard in Teams meeting room
-> [!NOTE]
-> While users can install the Windows client, they won't be able to sign in until the client is updated.
## See also
-[Manage access to Whiteboard - GCC High](manage-whiteboard-access-gcc-high.md)
+[Manage access to Whiteboard - GCC](manage-whiteboard-access-gcc.md)
-[Manage data for Whiteboard - GCC High](manage-data-gcc-high.md)
+[Manage data for Whiteboard - GCC](manage-data-gcc.md)
-[Manage sharing for Whiteboard - GCC High](manage-sharing-gcc-high.md)
+[Manage sharing for Whiteboard - GCC](manage-sharing-gcc.md)
whiteboard Manage Data Gcc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-data-gcc.md
Data is stored as .whiteboard files in OneDrive for Business. An average whiteboard might be anywhere from 50 KB to 1 MB in size and located wherever your OneDrive for Business content resides. To check where new data is created, see [Where your Microsoft 365 customer data is stored](/microsoft-365/enterprise/o365-data-locations). Look at the location for OneDrive for Business. All properties that apply to general files in OneDrive for Business also apply to Whiteboard, except for external sharing.
-In order to manage data, you must first ensure that Whiteboard is enabled for your organization. For more information, see [Manage access to Whiteboard in GCC High environments](manage-whiteboard-access-gcc-high.md).
- You can manage Whiteboard data using existing OneDrive for Business controls. For more information, see [OneDrive guide for enterprises](/onedrive/plan-onedrive-enterprise). You can use existing OneDrive for Business tooling to satisfy data subject requests (DSRs) for General Data Protection Regulation (GDPR). Whiteboard files can be moved in the same way as other content in OneDrive for Business. However, share links and permissions might not move.
+In order to manage data, you must first ensure that Whiteboard is enabled for your organization. For more information, see [Manage access to Whiteboard in GCC environments](manage-whiteboard-access-gcc.md).
+ ## Data controls supported The following data controls are currently supported in Whiteboard: - Retention policies - Quota-- DLP-- eDiscovery - Legal hold
+- Data Loss Prevention (DLP)
+- Basic eDiscovery: Whiteboards are stored as .whiteboard files in the creator's OneDrive for Business. They're indexed for keyword and file type search, but aren't available to preview/review. Upon export, an admin needs to upload the file back to OneDrive for Business to view the content. More support is planned for the future.
## Data controls planned The following data controls are planned for future releases of Whiteboard: - Sensitivity labels-- Auditing - Analytics
+- More eDiscovery support
- Storing whiteboards in SharePoint sites ## See also
-[Manage access to Whiteboard - GCC High](manage-whiteboard-access-gcc-high.md)
+[Manage access to Whiteboard - GCC](manage-whiteboard-access-gcc.md)
-[Manage sharing for Whiteboard - GCC High](manage-sharing-gcc-high.md)
+[Manage sharing for Whiteboard - GCC](manage-sharing-gcc.md)
-[Manage clients for Whiteboard - GCC High](manage-clients-gcc-high.md)
+[Manage clients for Whiteboard - GCC](manage-clients-gcc.md)
whiteboard Manage Sharing Gcc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-sharing-gcc.md
# Manage sharing for Microsoft Whiteboard in GCC environments > [!NOTE]
-> This guidance applies to US Government Community Cloud (GCC) environments. The sharing experience differs based on the device and client being used.
+> This guidance applies to US Government Community Cloud (GCC) environments. The sharing experience differs based on the device and and what tenant-level sharing settings are enabled.
## Share in Teams meetings
If you have external sharing enabled for OneDrive for Business, no further actio
If you restrict external sharing for OneDrive for Business, you can keep it restricted, and just enable a new setting in order for external and shared device accounts to work. To do so, follow these steps:
-1. Ensure that Whiteboard is enabled for your organization. For more information, see [Manage access to Whiteboard](manage-whiteboard-access-gcc-high.md).
+1. Ensure that Whiteboard is enabled for your organization. For more information, see [Manage access to Whiteboard in GCC environments](manage-whiteboard-access-gcc.md).
2. Using PowerShell, connect to your tenant and ensure the SharePoint Online module is updated by running the following command:
If you restrict external sharing for OneDrive for Business, you can keep it rest
This setting applies only to whiteboards and replaces the previously shared settings: **OneDriveLoopSharingCapability** and **CoreLoopSharingCapability**. Those settings are no longer applicable and can be disregarded. > [!NOTE]
-> This applies only to guests and federated users. It does not apply to anonymous meeting users at this time.
+> By default, the Teams meeting setting **Anonymous users can interact with apps in meetings** is enabled by default. If you have disabled it, any anonymous users (as opposed to guests or federated users) will not have access to the whiteboard during the meeting
These changes should take approximately 60 minutes to apply across your tenancy. |Scenario|Storage and ownership|Sharing settings|Sharing experience| |||||
-|Start the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Enabled|In-tenant users: Can create, view, and collaborate<br><br>External users: Can view and collaborate during the meeting only (the button to share a whiteboard won't appear for external users)<br><br>Shared device accounts: Can view and collaborate during the meeting only|
+|Start the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Enabled|In-tenant users: Can create, view, and collaborate<br><br>External users (coming soon): Can view and collaborate during the meeting only<br><br>Shared device accounts (coming soon): Can view and collaborate during the meeting only|
+|Start the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Disabled|In-tenant users: Can initiate, view and collaborate<br><br>External users: Can't view or collaborate<br><br>Shared device accounts: Can't view or collaborate|
|Start the whiteboard from a Surface Hub or Microsoft Teams Rooms|Not yet available||| ## Add as a tab in Teams channels and chats
When you add a whiteboard as a tab in a Teams channel or chat, Whiteboard will c
|Scenario|Storage and ownership|Sharing settings|Sharing experience| |||||
-|Add the whiteboard to a channel or chat from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Not applicable|In-tenant users: Can initiate, view, and collaborate<br><br>External users: Not supported|
+|Add the whiteboard to a channel or chat from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Not applicable (only applies to meetings)|In-tenant users: Can initiate, view, and collaborate<br><br>External users: Not supported<br><br>Teams guests: Can view and collaborate<br><br>Shared device accounts: Not applicable|
## Create and share in Whiteboard native clients
-When you share a whiteboard from the web, desktop, or mobile clients, you can choose specific people. You can also create a sharing link that's accessible by anyone in the organization.
-
->[!NOTE]
-> External sharing during a Teams meeting is not yet available, but will be added in a future release.
+When you share a whiteboard from the web, desktop, or mobile clients, you can choose specific people. You can also create a sharing link that's accessible by anyone in the organization. Share links for external users outside of the organization are not yet available.
|Scenario|Storage and ownership|Sharing settings|Sharing experience| |||||
-|Create the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Not applicable|In-tenant users: Can share within their organization<br><br>External users: Sharing with external users isn't supported at this time|
-|Create the whiteboard from a Surface Hub|Storage: Local<br><br>Owner: None|Not applicable|In-tenant users (coming soon): User will be able to sign in to save and share the board<br><br>External users: Sharing with external users isn't supported at this time|
+|Create the whiteboard from a desktop or mobile device|Storage: OneDrive for Business<br><br>Owner: User who creates the whiteboard|Not applicable (only applies to meetings)|In-tenant users: Can share within their organization<br><br>External users: Sharing with external users isn't supported at this time|
+|Create the whiteboard from a Surface Hub|Storage: Local<br><br>Owner: None|Not applicable (only applies to meetings)|In-tenant users (coming soon): User will be able to sign in to save and share the board<br><br>External users: Sharing with external users isn't supported at this time outside of a Teams meeting|
|Create the whiteboard from Microsoft Teams Rooms|Not yet available||| ## See also
-[Manage access to Whiteboard - GCC High](manage-whiteboard-access-gcc-high.md)
+[Manage access to Whiteboard - GCC](manage-whiteboard-access-gcc.md)
-[Manage data for Whiteboard - GCC High](manage-data-gcc-high.md)
+[Manage data for Whiteboard - GCC](manage-data-gcc.md)
-[Manage clients for Whiteboard - GCC High](manage-clients-gcc-high.md)
+[Manage clients for Whiteboard - GCC](manage-clients-gcc.md)
whiteboard Manage Whiteboard Access Gcc High https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-whiteboard-access-gcc-high.md
You can control access to Whiteboard in the following ways:
- Require conditional access policies for accessing Whiteboard using the Azure Active Directory admin center. >[!NOTE]
-> Whiteboard on OneDrive for Business doesn't appear in the Microsoft 365 admin center. Teams meeting policy only hides Whiteboard entry points, it doesn't prevent users from using Whiteboard. Conditional access ploicies prevent access to Whiteboard, but doesn't hide the entry points.
+> Whiteboard on OneDrive for Business doesn't appear in the Microsoft 365 admin center. Teams meeting policy only hides Whiteboard entry points, it doesn't prevent users from using Whiteboard. Conditional access policies prevent access to Whiteboard, but doesn't hide the entry points.
## Enable or disable Whiteboard
whiteboard Manage Whiteboard Access Gcc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-whiteboard-access-gcc.md
You can control access to Whiteboard in the following ways:
- Enable or disable Whiteboard for your entire tenant using the [SharePoint Online PowerShell module](/microsoft-365/enterprise/manage-sharepoint-online-with-microsoft-365-powershell). -- Show or hide Whiteboard for specific users in meetings using a Teams meeting policy. It will still be visible via the web, native clients, and the Teams tab app.
+- Show or hide Whiteboard for specific users in meetings using a Microsoft Teams meeting policy. It will still be visible via the web, native clients, and the Teams tab app.
- Require conditional access policies for accessing Whiteboard using the Azure Active Directory admin center. >[!NOTE]
-> Whiteboard on OneDrive for Business doesn't appear in the Microsoft 365 admin center. Teams meeting policy only hides Whiteboard entry points, it doesn't prevent users from using Whiteboard. Conditional access ploicies prevent access to Whiteboard, but doesn't hide the entry points.
+> Teams meeting policy only hides Whiteboard entry points. It doesn't prevent users from using Whiteboard. Conditional access policies prevent access to Whiteboard, but doesn't hide the entry points.
## Enable or disable Whiteboard
To enable or disable Whiteboard for your tenant, do the following steps:
The change should take approximately 60 minutes to apply across your tenancy. If you don't see this option, you'll need to update the module.
->[!NOTE]
-> By default, Whiteboard is enabled. If it has been disabled in the Azure Active Directory enterprise applications, then Whiteboard on OneDrive for Business will not work.
- ## Show or hide Whiteboard To show or hide Whiteboard in meetings, see [Meeting policy settings](/microsoftteams/meeting-policies-content-sharing). ## See also
-[Manage data for Whiteboard - GCC High](manage-data-gcc-high.md)
-
-[Manage sharing for Whiteboard - GCC High](manage-sharing-gcc-high.md)
-
-[Manage clients for Whiteboard - GCC High](manage-clients-gcc-high.md)
--
+[Manage data for Whiteboard - GCC](manage-data-gcc.md)
+[Manage sharing for Whiteboard - GCC](manage-sharing-gcc.md)
+[Manage clients for Whiteboard - GCC](manage-clients-gcc.md)