Updates from: 09/11/2021 03:35:54
Category Microsoft Docs article Related commit history on GitHub Change details
admin Sharepoint Site Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
Microsoft 365 Reports in the admin center is not supported for GCC High and DoD
1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page. 2. From the dashboard homepage, click on the **View more** button on the SharePoint card.+
+## Show user details in the reports
+
+Reports provide information about your organizationΓÇÖs usage data. By default, reports display information with identifiable names for users, groups, and sites. Starting September 1, 2021, we are hiding user information by default for all reports as part of our ongoing commitment to help companies support their local privacy laws.
+
+Your user list will look like this:
+
+![Reports - anonymized user list.](../../media/2ed99bce-4978-4ee3-9ea2-4a8db26eef02.png)
+
+Global administrators can revert this change for their tenant and show identifiable user information if their organization's privacy practices allow it. It can be achieved in the Microsoft 365 admin center by following these steps:
+
+1. In the admin center, go to the **Settings** \> **Org Settings** \> **Services** page.
+
+2. Select **Reports**.
+
+3. Uncheck the statement **In all reports, display de-identified names for users, groups, and sites**, and then save your changes.
## Interpret the SharePoint site usage report
You can also export the report data into an Excel .csv file by selecting the **E
|Secure link for guest count <br/> |The number of times documents or folders are shared using "specific people" on the site. <br/>| |Secure link for member count <br/> |The number of times documents or folders are shared using "specific people" on the site. <br/>| |Root Web Template <br/> |The template used for creating the site. <br/> NOTE: If you want to filter the data by different site types, then export the data and use the Root Web Template column. |
-|||
+|||
admin Room And Equipment Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/room-and-equipment-mailboxes.md
Open the meeting you scheduled in Outlook and then remove the room or equipment
### Does a room mailbox or equipment mailbox need a product license?
-No. While most people in your organization need a license to use Microsoft 365, you don't need to assign a license to a room mailbox or equipment mailbox.
+No. While most people in your organization need a license to use Microsoft 365, you don't need to assign a license to a room mailbox or equipment mailbox, in case the resource mailbox needs to have a size bigger than 50 GB, or, in case some features are needed (Retention policies from Security and Compliance, or, Hold from Exchange Online), or, in case the resource mailbox doesn't need an Online Archive attached to it.
### Do I need an owner in charge of booking the rooms or equipment?
- No, you don't need someone in charge of the room mailbox or equipment mailbox.
+ No, you don't need someone in charge of the room mailbox or equipment mailbox.
admin Priority Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/priority-accounts.md
The **Priority account protection** feature that's described in this topic is av
The **Premium Mail Flow Monitoring** feature that's described in this topic is available only to organizations that meet the following requirements: - Your organization needs to have a license count of at least 5,000, from either one of, or a combination of the following products: Office 365 E3, Microsoft 365 E3, Office 365 E5, Microsoft 365 E5. For example, your organization can have 3,000 Office 365 E3 licenses and 2,500 Microsoft 365 E5, for a total of 5,500 licenses from the qualifying products.-- Your organization needs to have at least 50 monthly active Exchange Online users.
+- Your organization needs to have at least 50 monthly active users for one or more core workloads ΓÇô Teams, One Drive for Business, SharePoint Online, Exchange Online and Office apps.
> [!NOTE] > You can monitor up to 250 priority accounts.
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
And if you'd like to know what's new with other Microsoft cloud
### Microsoft 365 admin center search
-You can now search for incident IDs in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2166757" target="_blank">Microsoft 365 admin center</a>. You may learn about current incidents through social media, industry publications or from other admins. You can now go to the admin center to look up more details about the incident and to understand the impact to your organization. Just search for the incident ID in the admin center.
+You can now search for incident IDs in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2091030" target="_blank">Microsoft 365 admin center</a>. You may learn about current incidents through social media, industry publications or from other admins. You can now go to the admin center to look up more details about the incident and to understand the impact to your organization. Just search for the incident ID in the admin center.
:::image type="content" source="../media/incident-id.png" alt-text="Screenshot: Searching for incident ID in the admin center":::
bookings Turn Bookings On Or Off https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/turn-bookings-on-or-off.md
audience: Admin + localization_priority: Normal ms.assetid: 5382dc07-aaa5-45c9-8767-502333b214ce description: "Learn how to get access to Microsoft Bookings in Microsoft 365."
Bookings can be turned on or off for your entire organization or for specific us
1. Sign in to the Microsoft 365 admin center as a global admin.
-2. In the admin center, go toΓÇ»**Settings**ΓÇ»\> **Org Settings** and select **Bookings**.
+2. In the admin center, go toΓÇ»**Settings**ΓÇ»\> <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Org settings**</a>.
3. Select the checkbox for **Allow your organization to use Bookings** to enable or disable Bookings for your organization.
To turn Bookings on or off for your organization using the PowerShell cmdlet [Se
You can disable Bookings for individual users.
-1. Go to the Microsoft 365 admin center, then select **Users** \> **Active users**.
+1. Go to the Microsoft 365 admin center, then select **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
1. Select the desired user, then select **Licenses and Apps**.
You can disable Bookings for individual users.
## Require staff approvals before sharing free/busy information
-Admins can require employees in their organization to opt-in before their availability information is shared through Bookings and before they can be bookable through a booking page. This setting is available in the Microsoft 365 admin center under **Settings** \> **Settings** \> **Bookings**.
+Admins can require employees in their organization to opt-in before their availability information is shared through Bookings and before they can be bookable through a booking page. This setting is available in the Microsoft 365 admin center under **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Org settings**</a> \> **Bookings**.
When this setting is enabled, employees added as staff in booking calendars will find an Approve/Reject link in the email notification they receive. ## Block social sharing options
-Admins can control how booking pages are shared on social networks. This setting is available in the Microsoft 365 admin center under **Settings** \> **Settings** \> **Bookings**.
+Admins can control how booking pages are shared on social networks. This setting is available in the Microsoft 365 admin center under **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Org settings**</a> \> **Bookings**.
## Allow only selected users to create Bookings calendars
business-video Add Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-admin.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
When you sign up for Microsoft 365 Business, you automatically become a global a
### Add an existing employee as an admin 1. When you sign up for Microsoft 365 Business, you automatically become a global admin. To help manage the business, you can make other people admins as well.
-1. In the Microsoft 365 admin center, select **Users**, and then **Active users**.
+1. In the Microsoft 365 admin center, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
1. Choose the user you want to make an admin, and then select **Manage roles**. 1. On the **Manage roles** pane, clear the user's current role check box, and select the new role that you want to assign to the user. 1. Select **Save changes**, and then close the **Admin roles updated** confirmation pane.
When you sign up for Microsoft 365 Business, you automatically become a global a
If there's an external IT person who will help manage your business, you can add them as a global admin.
-1. In the Microsoft 365 admin center, select **Users**, **Active users**, and then **Add a user**.
+1. In the Microsoft 365 admin center, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>, and then **Add a user**.
1. On the **Set up the basics** page, enter the user's name, display name, and username. 1. Select the **Send password in email upon completion** check box to have the user's password emailed to them. Type their email address. Separate multiple addresses with semicolons. Select **Next**. 1. In the **Select location** drop-down list, choose the user's location.
business-video Add Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-domain.md
- AdminSurgePortfolio - adminvideo - AdminTemplateSet
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
Your company might need multiple domain names for different purposes. For exampl
## Try it!
-1. In the Microsoft 365 admin center, choose **Setup**.
+1. In the Microsoft 365 admin center, choose <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>.
1. Under **Get your custom domain set up**, select **View**. 1. Choose **Manage**, and then **Add domain**. 1. Enter the new domain name that you want to add, and then select **Next**.
Your company might need multiple domain names for different purposes. For exampl
To receive email at your new domain, you'll need to add a new email alias for each user:
-1. Select **Users**, **Active users**, and then select the user who will be assigned the new alias.
+1. Select **Users**, <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>, and then select the user who will be assigned the new alias.
1. Choose **Manage email aliases**, and then **Add an alias**. 1. Enter the username, and then choose the new domain from the drop-down list. 1. Select **Save changes**, and then close the window.
business-video Add User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/add-user.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
When a new person joins your company, you need to add them to your Microsoft 365
## Try it!
-1. In the Microsoft 365 admin center, go to **User management**, and select Add user.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, go to **User management**, and select Add user.
1. Enter the new user's **First name** and **Last name**. The **Display name** is filled in automatically, but you can change it. 1. Enter a **Username**. This will be the new user's email address. If you have more than one domain, select the correct domain from the drop-down list. 1. To have a password created automatically, select **Auto-generate password**.
When a new person joins your company, you need to add them to your Microsoft 365
1. If you want the user to be an administrator, expand **Role**s, clear the **User (no administrator access)** check box, and select an admin role from the list. For more information about admin roles and how to set them up, see [What is an admin](what-is-admin.md)? 1. Under **Profile info**, enter details about the user's job, department, office, and so on. (You or the new user can always add this information later.) Select **Next**. 1. Review the user details. If you need to purchase an additional license for this user, you will see a notification on the review page. Select **Finish adding**, and then select **Close**.
-1. Verify that the user has been created successfully: in the Microsoft 365 admin center, in the left navigation pane, select**Users**, then **Active users**. The new user should be listed, along with their assigned license.
+1. Verify that the user has been created successfully: in the Microsoft 365 admin center, in the left navigation pane, select**Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">Active users</a>. The new user should be listed, along with their assigned license.
business-video Admin Center Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/admin-center-overview.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
description: "Use either simplified view in Microsoft 365 to manage common tasks
- [The admin center in simplified view](#watch-the-admin-center-in-simplified-view) - [The admin center in dashboard view](#watch-the-admin-center-in-dashboard-view)
-The Microsoft 365 admin center has two views: simplified view helps smaller organizations manage their most common tasks. Dashboard view includes more complex settings and tasks. You can switch between them from a button at the top of the admin center.
+The <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> has two views: simplified view helps smaller organizations manage their most common tasks. Dashboard view includes more complex settings and tasks. You can switch between them from a button at the top of the admin center.
## Watch: The admin center in simplified view > [!VIDEO https://www.microsoft.com/videoplayer/embed/RWD3sq?autoplay=false]
-With the Microsoft 365 admin center, you can reset passwords, view your invoice, add or remove users, and much more all in one place.
+With the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, you can reset passwords, view your invoice, add or remove users, and much more all in one place.
Sign in to Office.com with your work account, and select the app launcher.
If you need assistance, select **Help & support**. Search for topic you want hel
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWfvDL?autoplay=false]
-The Microsoft 365 admin center is where you manage your business in the cloud. You can complete such tasks as adding and removing users, changing licenses, and resetting passwords.
+The <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> is where you manage your business in the cloud. You can complete such tasks as adding and removing users, changing licenses, and resetting passwords.
Specialist workspaces, like Security or Device management, allow for more granular control. For more information about how the admin centers work together, see [What about the specific types of IT roles and other workspaces like Security, Device Management, or Exchange?](#what-about-the-specific-types-of-it-roles-and-other-workspaces-like-security-device-management-or-exchange) in this article.
By default, the person who signs up for and buys an Microsoft 365 for business s
If you get the message "**You don't have permission to access this page or perform this action**," you aren't an admin. ### Who has admin permissions in my business?
-<a name="bkmk_admin"> </a>
When looking for your admin to reset your password, delete an account, or do other tasks, here's who you should contact:
If you have no idea who to contact at your work or school for help, try asking t
## Turn on Targeted release
-1. Sign in at [admin.microsoft.com](https://admin.microsoft.com), go to the navigation pane and select **Settings** \> **Organization profile**.
+1. Sign in at [admin.microsoft.com](https://admin.microsoft.com), go to the navigation pane and select **Settings** > **Org settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2067339" target="_blank">**Organization profile** tab</a>.
2. Go to the **Release preferences** card, and then select **Edit**.
You can also give feedback from outside of the admin center on our UserVoice for
### What about the specific types of IT roles and other workspaces like Security, Device Management, or Exchange?
-The Microsoft 365 admin center is the common entry point for all teams and roles managing Microsoft 365. The experience, information, and controls are tailored and customizable for each admin and role. Additionally, specialist workspaces allow for deep, granular control. These specialist workspaces include SharePoint, Teams &amp; Skype, Exchange, Security, Compliance, Device Management, and Azure Active Directory. You can find the specialist workspaces from the navigation pane in the Microsoft 365 admin center at [https://admin.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2024339).
+The <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> is the common entry point for all teams and roles managing Microsoft 365. The experience, information, and controls are tailored and customizable for each admin and role. Additionally, specialist workspaces allow for deep, granular control. These specialist workspaces include SharePoint, Teams &amp; Skype, Exchange, Security, Compliance, Device Management, and Azure Active Directory. You can find the specialist workspaces from the navigation pane in the Microsoft 365 admin center at [https://admin.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2024339).
### What language options are available the Admin Center?
business-video Anti Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/anti-malware.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
description: "Learn how to Turn on malware protection."
## Try it!
-1. From the [Microsoft 365 admin center](https://admin.microsoft.com), choose S**how more**, **Admin centers**, and then **Security & Compliance**.
+1. From the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, choose **Show more**, **Admin centers**, and then **Security & Compliance**.
1. Choose **Threat management**, and then **Policy**. 1. From the policies available, choose **Anti-malware**. 1. On the Anti-malware page, double-click the **Default** policy to open it, and then choose **settings**.
business-video Buy Licenses https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/buy-licenses.md
- AdminSurgePortfolio - adminvideo - commerce_purchase
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
As you add new users, you will need to purchase more Microsoft 365 licenses for
## Try it!
-1. In the Microsoft 365 admin center, choose **Billing**, **Your Products**, then select your subscription.
+1. In the Microsoft 365 admin center, choose **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">**Your Products**</a>, and then select your subscription.
1. Choose **Buy licenses**. 1. Enter the number of licenses you want to buy. 1. Select **Save**.
business-video Change Subscription https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/change-subscription.md
- AdminSurgePortfolio - adminvideo - commerce_subscriptions
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
As your users change roles, they may need features that aren't available in thei
### Add a new subscription
-1. In the Microsoft 365 admin center, in the left navigation pane, select **Billing**, and then **Purchase services**.
+1. In the Microsoft 365 admin center, in the left navigation pane, select **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=868433" target="_blank">**Purchase services**</a>.
1. Choose the subscription you would like to add, and then select **Buy**. 1. Choose how you want to pay and the number of licenses you need, and then select **Check out now**. 1. Review your order, and then choose **Next**.
As your users change roles, they may need features that aren't available in thei
### Change the license assigned to a user
-1. In the Microsoft 365 admin center, in the left navigation pane, select **Users**, and then **Active users**.
+1. In the Microsoft 365 admin center, in the left navigation pane, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
1. Select the name of the user, and then select **Licenses and app**s. 1. Under **Licenses**, you'll see your new subscription. Select the check box next to the new subscription, and clear the check box next to the old subscription. 1. Select **Save changes**. The license for the new subscription is now assigned to this user. ### Remove an unused license
-1. In the Microsoft 365 admin center, select **Billing**, and then **Products & services**.
+1. In the Microsoft 365 admin center, select **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">**Your products**</a>.
1. Select the subscription you want to change, and then select **Add/remove licenses**. 1. Use the down arrow to reduce the number of licenses for this subscription, and then select **Submit change**. You now have the right number of licenses for your users.
business-video Change User Name Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/change-user-name-email.md
- AdminSurgePortfolio - adminvideo - AdminTemplateSet
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
Occasionally, you may need to change a user's name or email address. You can do
### Change a user's display name
-1. In the Microsoft 365 admin center, select **Users**, and then **Active users**.
+1. In the Microsoft 365 admin center, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
1. Select the user from the list of active users. 1. Select **Manage contact information**. 1. Change the display name, and select **Save changes**.
Occasionally, you may need to change a user's name or email address. You can do
### Add an email alias
-1. In the Microsoft 365 admin center, select **Users**, and then **Active users**.
+1. In the Microsoft 365 admin center, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
1. Select the user from the list of active users. 1. Select **Manage email aliases**. 1. Enter the new alias, verify the domain, and select **Save changes**. ### Change a username
-1. In the Microsoft 365 admin center, select **Users**, and then **Active users**.
+1. In the Microsoft 365 admin center, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
1. Select the user from the list of active users. 1. Select **Manage username**. 1. Enter the new username, verify the domain, and select **Save changes**.
business-video Company Wide Signature https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/company-wide-signature.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
A company-wide email signature appears on every email sent by people in your org
## Try it!
-1. In the Microsoft 365 admin center, select **Exchange**.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, select **Exchange**.
1. Select **Mail flow**. 1. Select **Add +**, and then select **Apply disclaimers**. 1. On the **New rule** page:
business-video Get Help Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/get-help-support.md
- AdminSurgePortfolio - adminvideo - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
Severity B/C: 9:00 ~24:00 (Beijing Time) a day, 365 days.
### Open an online request
-Save time by starting your service request online. In the Microsoft 365 admin center, choose **Support** \> **New service request**.
+Save time by starting your service request online. In the 1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, choose **Support** \> **New service request**.
### Call support
business-video Add Google Domain https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/add-google-domain.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
Add your Google Workspace domain to Microsoft 365 for business so you can keep u
## Try it! 1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com).
-1. In the Microsoft 365 Admin Center, in the left nav, select **Show all**, **Settings** and then **Domains**.
+1. In the Microsoft 365 admin center, in the left nav, select **Show all** > **Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>.
1. Choose **Add domain**, enter your domain name then select **Use this domain**. 1. Choose, **Add a TXT record to the domains DNS records**, select **Continue**, and copy the TXT value. 1. Go back to the [Google Admin Console](https://admin.google.com), choose **Domains**, **Manage domains**, **View Details**, **Manage domain**, **DNS**, and then scroll down to **Custom resource records**. 1. Open the record type drop-down, choose **TXT**, paste the TXT value you copied then select **Add**. The update usually takes a fact within a few minutes but may take up to 48 hours.
-1. Return to the Microsoft 365 Admin Center, select **Verify**,and then **Close**.
-1. To set your domain as the primary email for your users, in the left nav, select **Users** > **Active users**.
+1. Return to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">admin center</a>, select **Verify**,and then **Close**.
+1. To set your domain as the primary email for your users, in the left nav, select **Users** > [**Active users**](https://go.microsoft.com/fwlink/p/?linkid=834822).
1. Choose a user, select **Manage username and email**, **Edit**, select your domain from the dropdown, then select **Done** and **Save changes**. 1. Repeat this process for each user.
business-video Connect Domain Tom365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/connect-domain-tom365.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
First you will need to delete existing DNS records from Google, then we can add
1. Scroll down to **Synthetic records**, open **Google Workspace**, select **Delete**, then **Delete** again. 1. Scroll down to **Custom resource records** and delete any existing DNS records that appear, including any you may have created previously for Microsoft 365. 1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com).
-1. In the left nav, choose, **Show all**, **Settings**, **Domains**.
+1. In the left nav, choose, **Show all** > **Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>.
1. Then choose your default domain. 1. Select **Continue setup**, then, to connect your domain, choose **Continue**. 1. Scroll down to view the DNS records that need to be copied to Google.
First you will need to delete existing DNS records from Google, then we can add
1. In the **Data** field, paste the record you copied. 1. Then select **Add**. 1. Repeat the process for CNAME and TXT records and add the values in the Google DNS management page.
-1. Return to the Microsoft 365 Admin center and select **Continue**.
+1. Return to the Microsoft 365 admin center and select **Continue**.
Your domain setup is complete.
business-video Migrate Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/migrate-email.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
The migration process takes several steps and can take from several hours to a c
1. Navigate to the [APIs page](https://console.developers.google.com/apis/library). 1. In the search bar, enter **Gmail API**. 1. Select it and then choose **Enable**.
-1. Repeat this process for Google Calendar API and Contacts API.
+1. Repeat this process for Google Calendar API, People API, and Contacts API.
### Grant access to the service account
The migration process takes several steps and can take from several hours to a c
Domain verification usually takes just a few minutes, but it can take up to 48 hours. 1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com).
-1. In the **Microsoft 365 admin center**, in the left nav, select **Show all**, **Settings**, **Domains**, and then **Add domain**.
+1. In the Microsoft 365 admin center, in the left nav, select **Show all** > **Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">**Domains**</a>, and then **Add domain**.
1. Enter the subdomain you previously created, then select **Use this domain**. 1. To connect the domain, select **Continue**. 1. Scroll down and take note of the MX records, CNAME records, and TXT records.
The migration process takes several steps and can take from several hours to a c
It may take some time for these changes to take effect.
-1. Return to where you left off in **Microsoft 365 admin center**, and select **Continue**.
+1. Return to where you left off in Microsoft 365 admin center, and select **Continue**.
Your domain is now set up.
Before migration can begin, you need to create email aliases for your users with
Once youΓÇÖve finished, youΓÇÖre ready to migrate.
-1. In the left nav of the **Microsoft 365 admin center**, scroll down to **Admin centers**,and select **Exchange**.
+1. In the left nav of the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, scroll down to **Admin centers**,and select **Exchange**.
1. Under **recipients**, choose **migration**, select **New**, **Migrate to Exchange Online**, choose **G Suite migration**, and then **Next**. 1. Create a CSV file with a list of the mailboxes you want to migrate. Make sure the file follows this format:
Once youΓÇÖve finished, youΓÇÖre ready to migrate.
1. If you want, you can select **View details** for more information about the migration. 1. Select **Close**. 1. Open Outlook to verify that all the emails from Google Workspace were successfully migrated.
-You can repeat this for calendar items and contacts as well.
+You can repeat this for calendar items and contacts as well.
business-video Reset User Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/reset-user-passwords.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
In Microsoft 365 for business, you can reset passwords for users. You can also l
## Try it! 1. When a user requests a new password, you'll receive a password reset request in email. To reset the password, open the app launcher and select **Admin**.
-1. In the Microsoft 365 admin center, select **Users**, **Active users**, and then select the key icon next to the user who requested the reset.
+1. In the Microsoft 365 admin center, select **Users**, <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>, and then select the key icon next to the user who requested the reset.
1. Select **Auto-generate password** to have a random password automatically created. 1. Select **Reset**. 1. Select the **Send password in email** check box.
business-video Secure Office On Ios https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/secure-office-on-ios.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
You can set up a user access policy that requires mobile users to enter a PIN or
## Try it!
-1. Sign in to the Microsoft 365 admin center.
+1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
1. Under **Policies**, choose **Add policy**. 1. In the **Add policy** pane, enter a name under **Policy name**, and choose the policy type that you want under **Policy type**. 1. Turn on **Manage how users access Office files on mobile devices**, and then make sure the following three settings are turned on:
business-video Secure Win 10 Pro Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/secure-win-10-pro-devices.md
You can use Microsoft 365 Business to ensure that Windows Defender Antivirus is
## Try it!
-1. Sign in to the Microsoft 365 admin center.
+1. Sign in to the 1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
1. Under **Policies**, choose Add policy. 1. In the **Add policy** pane, enter a name under **Policy name**, and then select **Windows 10 Device Configuration** under **Policy type**. 1. Choose **Secure Windows 10 devices** to see the sub-settings.
business-video Secure Win10 Pcs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/secure-win10-pcs.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
description: "Learn how to set up Windows 10 protection policies with Microsoft
After you set up device protection in Microsoft 365 Business, follow these steps to protect your Windows 10 computers.
-1. In the Microsoft 365 admin center, choose **Setup**.
+1. In the Microsoft 365 admin center, choose <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>.
2. Under **Secure your Windows computers** , select **View**. 3. Review the information on the **Secure your Windows 10 computers** page so that you understand the policies and how they affect your users. 4. Select **Get started**.
business-video Set Up Self Serve Password Reset https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up-self-serve-password-reset.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
To let your users reset their own passwords without having to contact you each t
## Try it!
-1. In the Microsoft 365 admin center, in the left navigation pane, select **Settings** and then **Security & privacy**.
+1. In the Microsoft 365 admin center, in the left navigation pane, select **Settings** > **Org settings**, and then <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & privacy**</a>.
1. Under **Let your people reset their own passwords**, select**Azure AD admin center**. 1. In the left navigation pane, select **Users**, and then on the **Users - all users** page, select **Password reset**. 1. Select **All** to enable self-service password reset, and then select **Save**.
business-video Set Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/set-up.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
description: "Learn how to set up Microsoft 365 Business Premium."
## Try it!
-1. Sign in to the Microsoft 365 admin center, and select **Go to setup**. The setup wizard will start.
+1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, and select **Go to setup**. The setup wizard will start.
2. On the **Install your Office apps** page, you can choose to install Office apps on your computer, or select **Continue**. 3. On the **Your domain is your business identity** page, enter the domain name for your business and then select **Use this domain**. If you use a common registrar like WordPress or GoDaddy, your records will be added automatically on this page. 4. On the **Verify your domain** page, select **Verify** to verify ownership of your domain, and then sign in to your domain registrar account. To let Microsoft add a TXT record for account verification, select **Confirm**.
business-video Sign Up https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/sign-up.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
Follow these steps to sign up for Microsoft 365 Business Premium (previously cal
8. Enter the number of users, choose a billing plan, and then select **Next**. 9. Enter your company&#39;s address, and then **Next**. 10. Enter your credit card information, and then **Place order**. After a few moments, your account will be created.
-11. At this point you can select **Continue to set up account** , or you can sign in to the Microsoft 365 admin center and complete setup later.
+11. At this point you can select **Continue to set up account** , or you can sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> and complete setup later.
business-video Stop Email Auto Forward https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/stop-email-auto-forward.md
- AdminSurgePortfolio - adminvideo - AdminTemplateSet
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
If a hacker gains access to a user's mailbox, they can auto-forward the user's e
## Try it!
-1. From the Microsoft 365 admin center, select **Exchange**, **mail flow**, and on the **rules** tab, select the plus sign and choose **create a new rule**.
+1. From the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, select **Exchange**, **mail flow**, and on the **rules** tab, select the plus sign and choose **create a new rule**.
1. Select **More options**. Name your new rule. 1. Then open the drop-down for **apply this rule if**, select **the sender**, and then **is external internal**. 1. Select **Inside the organization**, and then **OK**.
business-video View Bill https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/view-bill.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
monikerRange: 'o365-worldwide' search.appverid: - BCS160
In Microsoft 365 Business, you can review your monthly subscription bill, and do
## Try it!
-1. In the Microsoft 365 admin center, select **Billing** in the left navigation pane, and then select **Bills & Payments**.
+1. In the Microsoft 365 admin center, select **Billing** in the left navigation pane, and then select the <a href="https://go.microsoft.com/fwlink/p/?linkid=2102895" target="_blank">**Invoices** tab</a>.
1. Select an invoice to view it. If you don't see an invoice, select **Filter by: Last 6 months** from the drop-down list. 1. To view the invoice details, select **Download PDF** in the top-right corner of the invoice. 1. After you review the PDF, you can download and save it or print it. Select the download icon or the print icon in the top-right corner of your screen.
business-video What Is Admin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/what-is-admin.md
- AdminSurgePortfolio - adminvideo
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
Here's how to change a user role to an administrator role:
1. While signed into Microsoft 365, select the app launcher. If you see the Admin button, then you're an admin. 1. Select **Admin** to go to the Microsoft 365 admin center.
-1. In the left navigation pane, select **Users**, then **Active users**.
+1. In the left navigation pane, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
1. Select the person who you want to make an admin. The user's details appear in the right dialog box. 1. Choose **Manage roles**. 1. Clear the **User (no administrator access)** check box, and then select one of the admin roles. To learn more about a role, hover over the exclamation mark (!) and read the tool tip. To give the user the same role as yours, select **Global administrator**.
You can also create a dedicated admin account for an IT person or service:
1. While signed into Microsoft 365, select the app launcher. 1. Select **Admin** to go to the Microsoft 365 admin center.
-1. In the left navigation pane, select **Users**, then **Active users**.
+1. In the left navigation pane, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
1. Select **Add a user**. 1. Enter the user's **First name** and **Last name**, **Display name**, and **Username**, and then select **Next**. 1. Choose **Create user without product license**. This adds a new user, but you don't have to pay for a monthly subscription. Select **Next**.
campaigns M365 Campaigns Increase Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/campaigns/m365-campaigns-increase-protection.md
- Adm_O365 - MiniMaven - MSB365
+- admindeeplinkMAC
search.appverid: - BCS160 - MET150
For more information, see [Microsoft Secure Score](../security/defender/microsof
Your Office 365 or Microsoft 365 environment includes protection against malware, but you can increase this protection by blocking attachments with file types that are commonly used for malware. To bump up malware protection in email:
-1. Go to <https://protection.office.com> and sign in with your admin account credentials.
+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and sign in with your admin account credentials.
-2. In the Security & Compliance Center, in the left navigation pane, under **Threat management**, choose **Policy** \> **Anti-Malware**.
+2. In the left navigation pane, under **Threat management**, choose **Policy** \> **Anti-Malware**.
3. Double-click the default policy to edit this company-wide policy.
Hackers who gain access to a user's mailbox can steal your mail by setting the m
To create a mail transport rule, either watch [this short video](https://support.office.com/article/f9d693ba-5c78-47c0-b156-8e461e062aa7) or follow these steps:
-1. In the Microsoft 365 admin center, click **Admin centers** \> **Exchange**.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, click **Admin centers** \> **Exchange**.
2. In the **mail flow** category, click **rules**.
We recommend that you get started with this protection by creating a policy to p
To create an anti-phishing policy in Defender for Office 365, watch [this short training video](https://support.office.com/article/86c425e1-1686-430a-9151-f7176cce4f2c), or complete the following steps:
-1. Go to <https://protection.office.com>.
+1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a>.
-2. In the Security & Compliance Center, in the left navigation pane, under **Threat management**, choose **Policy**.
+2. In the left navigation pane, under **Threat management**, choose **Policy**.
3. On the **Policy** page, choose **Anti-phishing**.
People regularly send, receive, and share attachments, such as documents, presen
To create an Safe Attachment policy, either watch [this short video](https://support.office.com/article/e7e68934-23dc-4b9c-b714-e82e27a8f8a5), or complete the following steps:
-1. Go to <https://protection.office.com> and sign in with your admin account.
+1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and sign in with your admin account.
-2. In the Security & Compliance Center, in the left navigation pane, under **Threat management**, choose **Policy**.
+2. In the left navigation pane, under **Threat management**, choose **Policy**.
3. On the Policy page, choose **Safe Attachments**.
We recommend that you do the following:
To set up Safe Links, watch [this short training video](https://support.office.com/article/61492713-53c2-47da-a6e7-fa97479e97fa), or complete the following steps:
-1. Go to <https://protection.office.com> and sign in with your admin account.
+1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077143" target="_blank">Office 365 Security & Compliance Center</a> and sign in with your admin account.
-2. In the Security & Compliance Center, in the left navigation pane, under **Threat management**, choose **Policy**.
+2. In the left navigation pane, under **Threat management**, choose **Policy**.
3. On the Policy page, choose **Safe Links**.
The following figure shows the default policies that are included with Microsoft
You can prevent people in your organization from sharing their calendars, or you can also manage what they can share. For example, you can restrict the sharing to free/busy times only.
-1. Go to the admin center at <https://admin.microsoft.com> and choose **Settings** \> **Org Settings**.
-2. On the **Services** page, choose **Calendar**, and choose whether people in your organization can share their calendars with people outside who have Office 365 or Exchange, or with anyone.
+1. Go to the admin center at <https://admin.microsoft.com> and choose **Settings** \> **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Services**</a>.
+
+1. Choose **Calendar**, and choose whether people in your organization can share their calendars with people outside who have Office 365 or Exchange, or with anyone.
If you choose the share with anyone option, you can decide to also only share free/busy information.
commerce Manage Billing Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/manage-billing-accounts.md
- AdminSurgePortfolio - commerce_billing - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: MET150 description: "Learn about billing accounts and how they're used to manage account settings, invoices, payment methods, and purchases." Last updated 03/17/2021
Last updated 03/17/2021
A billing account is created when you sign up to try or buy Microsoft products. You use your billing account to manage your account settings, invoices, payment methods, and purchases. You can have access to multiple billing accounts. For example, you signed up for Microsoft 365 directly, or you have access to your organization's Enterprise Agreement, Microsoft Product & Services Agreement or Microsoft Customer Agreement. For each of these scenarios, you would have a separate billing account.
-The Microsoft 365 admin center currently supports the following type of billing accounts:
+The <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> currently supports the following type of billing accounts:
- Microsoft Online Services Program: This billing account is created when you sign up for a Microsoft 365 subscription directly. - Microsoft Products & Services Agreement (MPSA) Program: This billing account is created when your organization signs an MPSA Volume Licensing agreement to purchase software and online services.
This section lists the shipping addresses associated with your billing account.
## Understand access to billing accounts
-You can provide others with access to the billing account in the Microsoft 365 admin center through roles and permissions. Only a billing account owner can grant access to a billing account. You can assign one of the following roles to users:
+You can provide others with access to the billing account in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> through roles and permissions. Only a billing account owner can grant access to a billing account. You can assign one of the following roles to users:
- **Billing account owner** &mdash; Can assign permissions, edit accounts, sign agreements, and view accounts. - **Billing account contributor** &mdash; Can edit accounts, sign agreements, and view accounts.
commerce Manage Partners https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/manage-partners.md
- AdminSurgePortfolio - commerce_subscriptions
+- admindeeplinkMAC
search.appverid: MET150 description: "Learn how to work with Microsoft-certified solution providers (partners) to purchase and manage products and services for your organization or school." Last updated 04/13/2021
The partner contacts you and gives you a chance to learn more about them. If you
After you find a partner and decide to work with them, they send you an email invitation.
-1. In the email, select the link to go to the Microsoft 365 admin center.
+1. In the email, select the link to go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
2. On the **Accept agreement & authorize partner** page, select the link for the **Microsoft Customer Agreement**, and read the document. 3. Check the box to acknowledge that you read the agreement. 4. Select **Accept & Authorize**.
commerce Manage Saas Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/manage-saas-apps.md
- AdminSurgePortfolio - commerce_subscriptions
+- admindeeplinkMAC
search.appverid: MET150 description: Learn how to activate and manage third-party apps in Microsoft 365 admin center. Last updated 04/15/2021
Last updated 04/15/2021
# Manage third-party app subscriptions for your organization
-You can manage licenses and billing for third-party apps in the new Microsoft 365 admin center. Updated features include enhanced subscription management, improved access to billing information, and improved flexibility for managing bills. Subscription management is based on MicrosoftΓÇÖs updated commerce platform. This applies to software-as-a-service apps that customers purchase directly, or from a third-party provider.
+You can manage licenses and billing for third-party apps in the new <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. Updated features include enhanced subscription management, improved access to billing information, and improved flexibility for managing bills. Subscription management is based on MicrosoftΓÇÖs updated commerce platform. This applies to software-as-a-service apps that customers purchase directly, or from a third-party provider.
## How to get software-as-a-service apps
commerce Important Information E4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/important-information-e4.md
- customer-email - commerce_subscriptions
+- admindeeplinkMAC
search.appverid: MET150 description: "Important information about upgrading or changing plans for customers with an Office 365 E4 subscription."
Last updated 08/14/2020
# Important information for Office 365 E4 customers
-The Office 365 E4 plan was retired in 2015. As a Microsoft 365 global admin, youΓÇÖll receive email updates and see posts in the message center (part of the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339)) with information about when you need to take action.
+The Office 365 E4 plan was retired in 2015. As a Microsoft 365 global admin, youΓÇÖll receive email updates and see posts in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2070717" target="_blank">message center</a> (part of the Microsoft 365 admin center) with information about when you need to take action.
## Compare your options for upgrading or changing plans
commerce Upgrade Office 365 E4 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-Office-365-E4.md
- customer-email - commerce_subscriptions
+- admindeeplinkMAC
search.appverid: MET150 description: "Learn how to upgrade from an Office 365 E4 subscription." Last updated 08/14/2020
This article steps you through the process of upgrading from an Office 365 E4 to
## What are my options for how to upgrade?
-The easiest way to upgrade your plan is to use the **Upgrade** tab in the Microsoft 365 admin center. However, using the **Upgrade** tab isnΓÇÖt supported in all situations. If your scenario isnΓÇÖt supported, you might be able to upgrade plans manually.
+The easiest way to upgrade your plan is to use the **Upgrade** tab in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. However, using the **Upgrade** tab isnΓÇÖt supported in all situations. If your scenario isnΓÇÖt supported, you might be able to upgrade plans manually.
## What is the Upgrade tab?
Before moving on to the next step, itΓÇÖs important to make sure that all the se
### Step 3: Reassign licenses to users
-You can use the Microsoft 365 admin center to reassign licenses for up to 20 users at a time. To learn how, see [Move users to a different subscription](move-users-different-subscription.md).
+You can use the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339) to reassign licenses for up to 20 users at a time. To learn how, see [Move users to a different subscription](move-users-different-subscription.md).
> [!TIP] > If you have a lot of users, you can [use Office 365 PowerShell to assign user licenses in bulk](../../enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell.md).
commerce Upgrade From Teams Free https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/upgrade-from-teams-free.md
Use the underlying work or school account that you recovered and your new admin
Now that you have a new Microsoft 365 for business subscription, you can assign licenses to the existing users in your Microsoft Teams Free organization.
-1. In the admin center, go to **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">Active users</a>.
+1. In the admin center, go to **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
2. Select the users to whom you want to assign Microsoft 365 for business licenses, then select **Manage product licenses**. 3. In the **Manage product licenses** pane, select **Replace existing license assignments**. 4. In the **Replace existing products** pane, find the Microsoft 365 for business product that you bought, and switch the toggle to **On**.
commerce Verify Academic Eligibility https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/subscriptions/verify-academic-eligibility.md
- AdminSurgePortfolio - commerce_subscriptions
+- admindeeplinkMAC
search.appverid: MET150 description: "Learn how to verify your school's eligibility for Microsoft 365 Education academic pricing." Last updated 07/21/2020
If your academic eligibility is denied, see [My school isn't eligible. What do I
After you have a Microsoft 365 Education trial, you can check the status of your school's academic eligibility at any time.
-1. Go to the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339).
+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
2. On the home page, find the **Billing** card.\ The **Billing** card indicates the status of the verification process. The card shows one of the following statuses: approved, pending, declined, or add your domain.
commerce Try Or Buy Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/try-or-buy-microsoft-365.md
- AdminSurgePortfolio - commerce_purchase - AdminTemplateSet
+- admindeeplinkMAC
search.appverid: GEA150 description: "Sign up for a free 30-day trial for Microsoft 365 Business Standard, Microsoft 365 Business Premium, or Microsoft 365 Apps for business." Last updated 08/07/2020
period ends, go to the Microsoft 365 admin center and [turn off Recurring billi
If you already have a Microsoft 365 for business subscription, you can use the Microsoft 365 admin center to try a different subscription.
-When you add a subscription through the Microsoft 365 admin center, the new
+When you add a subscription through the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>], the new
subscription is associated with the same organization (domain namespace) as your existing subscription. This association makes it easier to move users in your organization between subscriptions, or to assign them a license for
the additional products they need.
If you already have a Microsoft 365 for business subscription, you can go through the Microsoft 365 admin center to buy a different subscription for your organization.
-When you buy another subscription through the admin center, the new
+When you buy another subscription through the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, the new
subscription is associated with the same organization (domain name space) as your existing subscription. This makes it easier to move users in your organization between subscriptions or assign them a license for
compliance Add Your Organization Brand To Encrypted Messages https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages.md
- seo-marvel-apr2020 - seo-marvel-jun2020
+- admindeeplinkMAC
description: Learn how Office 365 global administrators can apply your organization's branding to encrypted email messages & contents of the encryption portal.
For information on how to create an Exchange mail flow rule that applies encrypt
2. Choose the **Admin** tile.
-3. In the Microsoft 365 admin center, choose **Admin centers** \> **Exchange**.
+3. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, choose **Admin centers** \> **Exchange**.
4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
compliance App Governance Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-get-started.md
audience: Admin
+ localization_priority: Priority search.appverid: - MOE150
For additional information about each role, see [Administrator role permissions]
If you did not participate in private preview and would like to cancel your trial of app governance, you can communicate with your CXE contact, or use these steps:
-1. In the Microsoft 365 admin center, navigate to **Billing** > **Your products**.
+1. In the Microsoft 365 admin center, go to **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842054" target="_blank">**Your products**</a>.
1. Navigate to the app governance trial, click the three dots, and select **Cancel subscription**. 1. In the resulting fly-out pane, provide a reason for cancellation, any additional feedback, and select **Cancel subscription**. 1. Select **Cancel subscription** in the resulting pop up screen. Your trial is cancelled, you will lose access to app governance, and your app governance data will be deleted (log data that is used to create the app governance insights and detections - no emails or other files will be affected).
compliance Apply Sensitivity Label Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
localization_priority: Priority
- M365-security-compliance + search.appverid: - MOE150 - MET150
The auto-labeling settings for Office apps are available when you [create or edi
![Sensitivity label scope options for files and emails.](../media/filesandemails-scope-options-sensitivity-label.png)
-As you move through the wizard, you see the **Auto-labeling for files and emails** page where you can choose from a list of sensitive info types or trainable classifiers:
+As you move through the configuration, you see the **Auto-labeling for files and emails** page where you can choose from a list of sensitive info types or trainable classifiers:
![Label conditions for auto-labeling in Office apps.](../media/sensitivity-labels-conditions.png)
Finally, you can use simulation mode to provide an approximation of the time nee
### Creating an auto-labeling policy
-1. In the [Microsoft 365 compliance center](https://compliance.microsoft.com/), navigate to sensitivity labels:
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>, navigate to sensitivity labels:
- **Solutions** > **Information protection**
Finally, you can use simulation mode to provide an approximation of the time nee
> [!NOTE] > If you don't see the **Auto-labeling** tab, this functionality isn't currently available in your region.
-3. Select **+ Create auto-labeling policy**. This starts the New policy wizard:
+3. Select **+ Create auto-labeling policy**. This starts the New policy configuration:
- ![New policy wizard for auto-labeling.](../media/auto-labeling-wizard.png)
+ ![New policy configuration for auto-labeling.](../media/auto-labeling-wizard.png)
4. For the page **Choose info you want this label applied to**: Select one of the templates, such as **Financial** or **Privacy**. You can refine your search by using the **Show options for** dropdown. Or, select **Custom policy** if the templates don't meet your requirements. Select **Next**.
Finally, you can use simulation mode to provide an approximation of the time nee
6. For the page **Choose locations where you want to apply the label**: Select and specify locations for Exchange, SharePoint, and OneDrive. If you don't want to keep the default of **All** for your chosen locations, select the link to choose specific instances. Then select **Next**.
- ![Choose locations page auto-labelingwizard.](../media/locations-auto-labeling-wizard.png)
+ ![Choose locations page for auto-labeling configuration.](../media/locations-auto-labeling-wizard.png)
To specify individual OneDrive accounts, the URL for a user's OneDrive is usually in the following format. For the user principal name (UPN), any special characters such as a period, comma, space, and the at sign ("@") are converted to underscores ("_"): `https://<tenant name>-my.sharepoint.com/personal/<user principal name>`
- For example, for a user in the Contoso tenant who has a UPN of "rsimone@contoso.onmicrosoft.com": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_onmicrosoft_com`. However, numbers or GUIDs can be appended when conflicts are detected.
+ For example, for a user in the Contoso tenant who has a UPN of "rsimone@contoso.onmicrosoft.com": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_onmicrosoft_com`.
- It's always best to confirm a user's URL for their OneDrive account, which you can do with the Microsoft 365 admin center, or PowerShell. For more information, see [Get a list of all user OneDrive URLs in your organization](/onedrive/list-onedrive-urls).
+ Or, if you're using a custom domain name so the UPN is "rsimone@contoso.com": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_com`
+
+ However, numbers or GUIDs can be appended to the URL when conflicts are detected, so it's always best to confirm a user's URL for their OneDrive account. To confirm the URL, you can use the Microsoft 365 admin center, or PowerShell. For more information, see [Get a list of all user OneDrive URLs in your organization](/onedrive/list-onedrive-urls).
+
+ > [!NOTE]
+ > When you specify individual OneDrive accounts, be aware that unless OneDrive accounts are [pre-provisioned](/onedrive/pre-provision-accounts), the URL isn't created until a user accesses their OneDrive for the first time.
+ >
+ > Also, the OneDrive URL will [automatically change](/onedrive/upn-changes) if there is a change in the user's UPN. For example, a name-changing event such as marriage. Or a domain name change to support an organization's rename or business restructuring. If the UPN changes, you will need to update the OneDrive URLs you specify here.
7. For the **Set up common or advanced rules** page: Keep the default of **Common rules** to define rules that identify content to label across all your selected locations. If you need different rules per location, select **Advanced rules**. Then select **Next**.
Finally, you can use simulation mode to provide an approximation of the time nee
10. For the **Decide if you want to test out the policy now or later** page: Select **Run policy in simulation mode** if you're ready to run the auto-labeling policy now, in simulation mode. Otherwise, select **Leave policy turned off**. Select **Next**:
- ![Test out the policy auto-labeling wizard.](../media/simulation-mode-auto-labeling-wizard.png)
+ ![Test out the configured auto-labeling policy.](../media/simulation-mode-auto-labeling-wizard.png)
-11. For the **Summary** page: Review the configuration of your auto-labeling policy and make any changes that needed, and complete the wizard.
+11. For the **Summary** page: Review the configuration of your auto-labeling policy and make any changes that needed, and complete the configuration.
Now on the **Information protection** > **Auto-labeling** page, you see your auto-labeling policy in the **Simulation** or **Off** section, depending on whether you chose to run it in simulation mode or not. Select your policy to see the details of the configuration and status (for example, **Policy simulation is still running**). For policies in simulation mode, select the **Matched items** tab to see which emails or documents matched the rules that you specified.
compliance Archive Rogers Network Archiver Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-rogers-network-archiver-data.md
The following overview explains the process of using a connector to archive Roge
- The user who creates a Rogers Network Archiver connector in Step 3 must be assigned the Mailbox Import Export role in Exchange Online. This is required to add connectors in the **Data connectors** page in the Microsoft 365 compliance center. By default, this role isn't assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
+- This data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore are not covered by the Microsoft 365 compliance and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.
+ ## Create a Rogers Network Archiver connector After you've completed the prerequisites described in the previous section, you can create the Rogers Network Archiver connector in the Microsoft 365 compliance center. The connector uses the information you provide to connect to the TeleMessage site and transfer Rogers SMS/MMS data to the corresponding user mailbox boxes in Microsoft 365.
compliance Archive Youtube Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-youtube-data.md
+
+ Title: "Set up a connector to archive YouTube data in Microsoft 365"
+f1.keywords:
+- NOCSH
+++ Last updated :
+audience: Admin
++
+localization_priority: Normal
+
+description: "Admins can set up a connector to import and archive YouTube data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, eDiscovery, and retention policies to manage third-party data."
++
+# Set up a connector to archive YouTube data (preview)
+
+Use a Veritas connector in the Microsoft 365 compliance center to import and archive data from YouTube to user mailboxes in your Microsoft 365 organization. Veritas provides a connector that is configured to capture items from a third-party data source and import those items to Microsoft 365. The connector converts content such as chats, attachments, tasks, notes, and posts from YouTube to an email message format and then imports those items to the user mailboxes in Microsoft 365.
+
+After YouTube data is stored in user mailboxes, you can apply Microsoft 365 compliance features such as Litigation Hold, eDiscovery, retention policies and retention labels. Using a YouTube connector to import and archive data in Microsoft 365 can help your organization stay compliant with government and regulatory policies.
+
+## Overview of archiving YouTube data
+
+The following overview explains the process of using a connector to archive the YouTube data in Microsoft 365.
+
+![Archiving workflow for YouTube data.](../media/YouTubeConnectorWorkflow.png)
+
+1. Your organization works with YouTube to set up and configure a YouTube site.
+
+2. Once every 24 hours, YouTube items are copied to the Veritas Merge1 site. The connector also converts YouTube items to an email message format.
+
+3. The YouTube connector that you create in the Microsoft 365 compliance center connects to the Veritas Merge1 site every day, and transfers the YouTube content to a secure Azure Storage location in the Microsoft cloud.
+
+4. The connector imports the converted items to the mailboxes of specific users using the value of the *Email* property of the automatic user mapping as described in [Step 3](#step-3-map-users-and-complete-the-connector-setup). A subfolder in the Inbox folder named **YouTube** is created in the user mailboxes, and items are imported to that folder. The connector determines which mailbox to import items to by using the value of the *Email* property. Every YouTube item contains this property, which is populated with the email address of every participant of the item.
+
+## Before you set up a connector
+
+- Create a Merge1 account for Microsoft connectors. To create this account, contact [Veritas Customer Support](https://www.veritas.com/form/requestacall/ms-connectors-contact). You need to sign into this account when you create the connector in Step 1.
+
+- Create a YouTube application to fetch data from your YouTube account. For step-by step instructions about creating the application, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20YouTube%20User%20Guide.pdf).
+
+- The user who creates the YouTube connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
+
+## Step 1: Set up the YouTube connector
+
+The first step is to access to the **Data Connectors** page in the Microsoft 365 compliance center and create a connector for YouTube data.
+
+1. Go to <https://compliance.microsoft.com> and then click **Data connectors** > **YouTube**.
+
+2. On the **YouTube** product description page, click **Add connector**.
+
+3. On the **Terms of service** page, click **Accept**.
+
+4. Enter a unique name that identifies the connector, and then click **Next**.
+
+5. Sign in to your Merge1 account to configure the connector.
+
+## Step 2: Configure the YouTube on the Veritas Merge1 site
+
+The second step is to configure the YouTube connector on the Veritas Merge1 site. For information about how to configure the YouTube connector, see [Merge1 Third-Party Connectors User Guide](https://docs.ms.merge1.globanetportal.com/Merge1%20Third-Party%20Connectors%20YouTube%20User%20Guide.pdf).
+
+After you click **Save & Finish,** the **User mapping** page in the connector wizard in the Microsoft 365 compliance center is displayed.
+
+## Step 3: Map users and complete the connector setup
+
+To map users and complete the connector setup in the Microsoft 365 compliance center, follow these steps:
+
+1. On the **Map YouTube users to Microsoft 365 users** page, enable automatic user mapping. The YouTube items include a property called *Email*, which contains email addresses for users in your organization. If the connector can associate this address with a Microsoft 365 user, the items are imported to that userΓÇÖs mailbox.
+
+2. Click **Next**, review your settings, and then go to the **Data connectors** page to see the progress of the import process for the new connector.
+
+## Step 4: Monitor the YouTube connector
+
+After you create the YouTube connector, you can view the connector status in the Microsoft 365 compliance center.
+
+1. Go to <https://compliance.microsoft.com/> and click **Data connectors** in the left nav.
+
+2. Click the **Connectors** tab and then select the **YouTube** connector to display the flyout page, which contains the properties and information about the connector.
+
+3. Under **Connector status with source**, click the **Download log** link to open (or save) the status log for the connector. This log contains data that has been imported to the Microsoft cloud.
+
+## Known issues
+
+- At this time, we don't support importing attachments or items that are larger than 10 MB. Support for larger items will be available at a later date.
compliance Archiving Third Party Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archiving-third-party-data.md
Before you can archive third-party data in Microsoft 365, you have to work with
|[Reuters Dealing](archive-reutersdealing-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| |[Reuters Eikon](archive-reuterseikon-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| |[Reuters FX](archive-reutersfx-data.md)|![Check mark.](../media/checkmark.png)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
-|[RingCentral](archive-ringcentral-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
+|[RingCentral](archive-ringcentral-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|[Salesforce Chatter](archive-salesforcechatter-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||| |[ServiceNow](archive-servicenow-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
-|[Skype for Business](archive-skypeforbusiness-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
+|[Skype for Business](archive-skypeforbusiness-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|[Slack eDiscovery](archive-slack-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| |[Symphony](archive-symphony-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| |[Text-delimited](archive-text-delimited-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|||
Before you can archive third-party data in Microsoft 365, you have to work with
|[XIP](archive-xip-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| |[XSLT/XML](archive-xslt-xml-data.md)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||| |[Yieldbroker](archive-yieldbroker-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
+|[YouTube](archive-youtube-data.md)|![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)||
|[Zoom Meetings](archive-zoommeetings-data.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| ||||||||
Some data connectors are available in the US Government cloud. The following sec
|Bell SMS/MMS Network Archiver | Yes | No | No | |Enterprise Number Archiver | Yes | No | No | |O2 SMS and Voice Network Archiver | Yes | No | No |
+|Rogers Network Archiver | Yes | No | No |
|Signal Archiver | Yes | No | No | |Telegram Archiver | Yes | No | No | |TELUS SMS Network Archiver | Yes | No | No |
compliance Assign Ediscovery Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/assign-ediscovery-permissions.md
search.appverid:
- MET150 ms.assetid: 5b9a067b-9d2e-4aa5-bb33-99d8c0d0b5d7 description: "Assign the permissions required to perform eDiscovery-related tasks using the Microsoft 365 compliance center."-+
+- seo-marvel-apr2020
+- admindeeplinkMAC
# Assign eDiscovery permissions in the Microsoft 365 compliance center
The primary eDiscovery-related role group in Microsoft 365 compliance center is
## Assign eDiscovery permissions
-1. Go to <https://compliance.microsoft.com> and sign in using an account that can assign permissions.
+1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a> and sign in using an account that can assign permissions.
-2. In the left pane of the Microsoft 365 compliance center, select **Permissions**.
+2. In the left pane, select **Permissions**.
3. On the **Permissions & Roles** page, under **Compliance center**, click **Roles**.
This role lets users perform bulk removal of data matching the criteria of a con
Add-RoleGroupMember "eDiscovery Manager" -Member <name of security group> ```
- Exchange distribution groups and Microsoft 365 Groups aren't supported. You must use a mail-enabled security group, which you can create in Exchange Online PowerShell by running `New-DistributionGroup -Type Security`. You can also create a mail-enabled security group (and add members) in the Exchange admin center or in the Microsoft 365 admin center. It might take up to 60 minutes after you create it for a new mail-enabled security to be available to add to the eDiscovery Managers role group.
+ Exchange distribution groups and Microsoft 365 Groups aren't supported. You must use a mail-enabled security group, which you can create in Exchange Online PowerShell by running `New-DistributionGroup -Type Security`. You can also create a mail-enabled security group (and add members) in the Exchange admin center or in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339). It might take up to 60 minutes after you create it for a new mail-enabled security to be available to add to the eDiscovery Managers role group.
Also as previously stated, you can't make a mail-enabled security group an eDiscovery Administrator by using the **Add-eDiscoveryCaseAdmin** cmdlet in Security & Compliance Center PowerShell. You can only add individual users as eDiscovery Administrators.
compliance Bulk Import External Contacts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/bulk-import-external-contacts.md
After you run the command in Step 2, the external contacts are created, but they
4. To verify that the properties were added to the contacts:
-1. In the EAC, go to **Recipients** \> **Contacts**.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2059104" target="_blank">Exchange admin center</a>, go to **Recipients** \> **Contacts**.
2. Click a contact and then click **Edit** ![Edit icon.](../media/ebd260e4-3556-4fb0-b0bb-cc489773042c.gif) to display the contact's properties.
compliance Classifier Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-learn-about.md
- M365-security-compliance - m365solution-mip - m365initiative-compliance+ search.appverid: - MOE150 - MET150
Microsoft 365 comes with five pre-trained classifiers:
- **Discrimination**: detects explicit discriminatory language and is particularly sensitive to discriminatory language against the African American/Black communities when compared to other communities. > [!IMPORTANT]
-> The Discrimination trainable classifier is only available as public preview to customers whose Microsoft 365 tenants are homed in North America data centers. To see where your Microsoft 365 tenant is homed open the Microsoft 365 Admin center and navigate to **Settings** > **Org settings** > **Organizational profile** > **Data location**.
+> The Discrimination trainable classifier is only available as public preview to customers whose Microsoft 365 tenants are homed in North America data centers. To see where your Microsoft 365 tenant is homed open the Microsoft 365 admin center and navigate to **Settings** > **Org settings** > [**Organization profile** tab](https://go.microsoft.com/fwlink/p/?linkid=2067339) > **Data location**.
These appear in the **Microsoft 365 compliance center** > **Data classification** > **Trainable classifiers** view with the status of `Ready to use`.
compliance Communication Compliance Case Study https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-case-study.md
audience: Admin + f1_keywords: - 'ms.o365.cc.SupervisoryReview'
They must also confirm that users included in communication compliance policies
Contoso IT administrators take the following steps to verify the licensing support for Contoso:
-1. IT administrators sign in to the **Microsoft 365 admin center** <https://admin.microsoft.com> and navigate to **Microsoft 365 admin center** > **Billing** > **Licenses**.
+1. IT administrators sign in to the Microsoft 365 admin center <https://admin.microsoft.com> and go to Microsoft 365 admin center > **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842264" target="_blank">**Licenses**</a>.
2. Here they confirm that they have one of the [license options](communication-compliance-configure.md#subscriptions-and-licensing) that includes support for communication compliance.
The quickest way to access the solution is to sign in directly to the **Communic
### Starting from the Microsoft 365 compliance center
-Another easy way for Contoso IT administrators and compliance specialists to access the communication compliance solution is to sign in directly to the **Microsoft 365 compliance center** [(https://compliance.microsoft.com)](https://compliance.microsoft.com). After signing in, users simply need to select the **Show all** control to display all the compliance solutions and then select the **Communication compliance** solution to get started.
+Another easy way for Contoso IT administrators and compliance specialists to access the communication compliance solution is to sign in directly to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>. After signing in, users simply need to select the **Show all** control to display all the compliance solutions and then select the **Communication compliance** solution to get started.
![Compliance center.](../media/communication-compliance-case-center.png)
Contoso IT administrators and compliance specialists could also choose to access
### Starting from the Microsoft 365 admin center
-To access communication compliance when starting from the Microsoft 365 admin center, Contoso IT administrators and compliance specialists sign in to the Microsoft 365 admin center [(https://admin.microsoft.com)](https://admin.microsoft.com) and navigate to **Microsoft 365 admin center** > **Compliance**.
+To access communication compliance when starting from the Microsoft 365 admin center, Contoso IT administrators and compliance specialists sign in to the Microsoft 365 admin center [(https://admin.microsoft.com)](https://admin.microsoft.com) and go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>.
![Communication compliance link.](../media/communication-compliance-case-compliance-link.png)
Contoso compliance specialists want to add all users to the communication policy
They need to create a new group to include all Contoso users, so they take the following steps:
-1. Contoso IT administrators IT sign in to the **Microsoft 365 admin center** [(https://admin.microsoft.com)](https://admin.microsoft.com) and navigate to **Microsoft 365 admin center** > **Groups** > **Groups**.
+1. Contoso IT administrators IT sign in to the Microsoft 365 admin center [(https://admin.microsoft.com)](https://admin.microsoft.com) and go to Microsoft 365 admin center > **Groups** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
2. They select **Add a group** and complete the wizard to create a new *Microsoft 365 group* or *Distribution group*. ![Groups.](../media/communication-compliance-case-all-employees.png)
compliance Compliance Manager Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates.md
audience: Admin + localization_priority: Normal
Templates will display an activation status as either active or inactive:
If you link any assessments to a purchased premium template, that template will be active for one year. Your purchase will automatically renew unless you cancel.
-You may also try premium templates on a trial basis. Trial licenses are good for up to 25 templates for 30 days. Once your trial begins, the templates should become available in your tenant within 48 hours. Trials can be activated through the Microsoft 365 admin center.
+You may also try premium templates on a trial basis. Trial licenses are good for up to 25 templates for 30 days. Once your trial begins, the templates should become available in your tenant within 48 hours. Trials can be activated through the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
#### Activated templates counter
compliance Content Search Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/content-search-reference.md
search.appverid:
- MET150 - seo-marvel-apr2020
+- admindeeplinkMAC
description: "This article contains reference information about the Content search eDiscovery tool in the Microsoft 365 compliance center to help you learn the many details about Content search."
Keep the following things in mind when searching for content in Microsoft Teams
- When a user's mailbox is searched, any team or Microsoft 365 Group that the user is a member of won't be searched. Similarly, when you search a team or a Microsoft 365 Group, only the group mailbox and group site that you specify is searched. The mailboxes and OneDrive for Business accounts of group members aren't searched unless you explicitly add them to the search. -- To get a list of the members of a team or a Microsoft 365 Group, you can view the properties on the **Home \> Groups** page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell:
+- To get a list of the members of a team or a Microsoft 365 Group, you can view the properties on the **Home** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a> page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell:
```powershell Get-UnifiedGroupLinks <group or team name> -LinkType Members | FL DisplayName,PrimarySmtpAddress
compliance Create A Dlp Policy From A Template https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-dlp-policy-from-a-template.md
You can also choose the Custom template, which has no default rules, and configu
10. Choose **Next**.
-11. On the **Protection actions** page if you want, you can customize the policy tip notifications and notification emails. Enable **When content matches the policy conditions, show policy tips to users and sen them an email notification**, then choose **Customize the tip and email**.
-1. c
-1.
-1.
-1.
-1. hoose **Next**.
+11. On the **Protection actions** page if you want, you can customize the policy tip notifications and notification emails. Enable **When content matches the policy conditions, show policy tips to users and send them an email notification**, then choose **Customize the tip and email**.
+12. Choose **Next**.
<!-- In this example, the U.S. PII Data template includes two predefined rules:
compliance Create A Litigation Hold https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-litigation-hold.md
Here are the steps to place a mailbox on Litigation hold using the Microsoft 365
1. Go to <https://admin.microsoft.com> and sign in.
-2. In the navigation pane of the admin center, click **Users > Active users**.
+2. In the navigation pane of the admin center, click **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
3. Select the user that you want to place on Litigation hold.
compliance Create And Manage Inactive Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-and-manage-inactive-mailboxes.md
search.appverid:
ms.assetid: 296a02bd-ebde-4022-900e-547acf38ddd7 - seo-marvel-apr2020
+- admindeeplinkMAC
description: "Retain the contents of deleted mailboxes by using the inactive mailboxes feature in Microsoft 365."
For step-by-step procedures for placing a mailbox on Litigation Hold or applying
### Step 2: Delete the mailbox
-After the mailbox is placed on hold or a retention policy is applied to it, the next step is to delete the mailbox. The best way to delete a mailbox is to delete the corresponding user account in the Microsoft 365 admin center. For information about deleting user accounts, see [Delete a user from your organization](../admin/add-users/delete-a-user.md).
+After the mailbox is placed on hold or a retention policy is applied to it, the next step is to delete the mailbox. The best way to delete a mailbox is to delete the corresponding user account in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. For information about deleting user accounts, see [Delete a user from your organization](../admin/add-users/delete-a-user.md).
> [!NOTE] > You can also delete the mailbox by using the **Remove-Mailbox** cmdlet in Exchange Online PowerShell. For more information, see [Delete or restore user mailboxes in Exchange Online](/exchange/recipients-in-exchange-online/delete-or-restore-mailboxes).
After the mailbox is placed on hold or a retention policy is applied to it, the
To view a list of the inactive mailboxes in your organization:
-1. Go to <https://compliance.microsoft.com> and sign in using the credentials for an Global administrator or a Compliance administrator account in your organization.
+1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a> and sign in using the credentials for an Global administrator or a Compliance administrator account in your organization.
-2. In the left navigation pane of the Microsoft 365 compliance center, click **Show all**, and then click **Information governance > Retention**.
+2. In the left navigation pane, click **Show all**, and then click **Information governance** > **Retention**.
![Click the Inactive Mailbox button on the Retention page.](../media/MCCInactiveMailboxes1.png)
compliance Create Ediscovery Holds https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-ediscovery-holds.md
- Strat_O365_IP - M365-security-compliance - SPO_Content+ search.appverid: - MOE150 - MET150
When you create a hold, you have the following options to scope the content that
To create an eDiscovery hold that's associated with a Core eDiscovery case:
-1. Go to [https://compliance.microsoft.com](https://compliance.microsoft.com) and sign in using the credentials for user account that has been assigned the appropriate eDiscovery permissions.
+1. Go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a> and sign in using the credentials for user account that has been assigned the appropriate eDiscovery permissions.
-2. In the left navigation pane of the Microsoft 365 compliance center, click **Show all**, and then click **eDiscovery > Core**.
+2. In the left navigation pane, click **Show all**, and then click **eDiscovery > Core**.
3. On the **Core eDiscovery** page, click the name of the case that you want to create the hold in.
Keep the following things in mind when placing both Teams and Office 365 Groups
- When a user's mailbox is searched, any Team or Office 365 Group that the user is a member of won't be searched. Similarly, when you place a Team or Office 365 Group on eDiscovery hold, only the group mailbox and group site are placed on hold. The mailboxes and OneDrive for Business sites of group members aren't placed on hold unless you explicitly add them to the eDiscovery hold. So if you have to place a Team or Office 365 Group on hold for a legal reason, consider adding the mailboxes and OneDrive accounts of team or group members on the same hold. -- To get a list of the members of a Team or Office 365 Group, you can view the properties on the **Groups** page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell:
+- To get a list of the members of a Team or Office 365 Group, you can view the properties on the <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a> page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell:
```powershell Get-UnifiedGroupLinks <group or team name> -LinkType Members | FL DisplayName,PrimarySmtpAddress
compliance Create Retention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md
search.appverid: - MOE150 - MET150+ description: "Use a retention policy to efficiently keep control of the content that users generate with email, documents, and conversations. Keep what you want and get rid of what you don't."
When you have more than one retention policy, and when you also use retention la
### Retention policy for Teams locations
-1. From the [Microsoft 365 compliance center](https://compliance.microsoft.com/), select **Policies** > **Retention**.
+1. From the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>, select **Policies** > **Retention**.
2. Select **New retention policy** to start the Create retention policy configuration, and name your new retention policy.
It's possible that a retention policy that's applied to Microsoft 365 groups, Sh
> > To use this feature, your Yammer network must be [Native Mode](/yammer/configure-your-yammer-network/overview-native-mode), not Hybrid Mode.
-1. From the [Microsoft 365 compliance center](https://compliance.microsoft.com/), select **Policies** > **Retention**.
+1. From the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>, select **Policies** > **Retention**.
2. Select **New retention policy** to create a new retention policy.
Use the following instructions for retention policies that apply to any of these
- Microsoft 365 groups - Skype for Business
-1. From the [Microsoft 365 compliance center](https://compliance.microsoft.com/), select **Policies** > **Retention**.
+1. From the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>, select **Policies** > **Retention**.
2. Select **New retention policy** to start the Create retention policy configuration, and name your new retention policy.
When you specify your locations for SharePoint sites or OneDrive accounts, you d
To specify individual OneDrive accounts to include or exclude, the URL for a user's OneDrive is usually in the following format. For the user principal name (UPN), any special characters such as a period, comma, space, and the at sign ("@") are converted to underscores ("_"): `https://<tenant name>-my.sharepoint.com/personal/<user principal name>`
-For example, for a user in the Contoso tenant who has a UPN of "rsimone@contoso.onmicrosoft.com": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_onmicrosoft_com`. However, numbers or GUIDs can be appended when conflicts are detected.
+For example, for a user in the Contoso tenant who has a UPN of "rsimone@contoso.onmicrosoft.com": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_onmicrosoft_com`
-It's always best to confirm a user's URL for their OneDrive account, which you can do with the Microsoft 365 admin center, or PowerShell. For more information, see [Get a list of all user OneDrive URLs in your organization](/onedrive/list-onedrive-urls).
+Or, if you're using a custom domain name so the UPN is "rsimone@contoso.com": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_com`
+
+However, numbers or GUIDs can be appended to the URL when conflicts are detected, so it's always best to confirm a user's URL for their OneDrive account. To confirm the URL, you can use the Microsoft 365 admin center, or PowerShell. For more information, see [Get a list of all user OneDrive URLs in your organization](/onedrive/list-onedrive-urls).
+
+> [!NOTE]
+> When you specify individual OneDrive accounts to include or exclude, be aware that unless OneDrive accounts are [pre-provisioned](/onedrive/pre-provision-accounts), the URL isn't created until a user accesses their OneDrive for the first time.
+>
+> Also, the OneDrive URL will [automatically change](/onedrive/upn-changes) if there is a change in the user's UPN. For example, a name-changing event such as marriage. Or a domain name change to support an organization's rename or business restructuring. If the UPN changes, you will need to update the OneDrive URLs you specify here.
### Configuration information for Microsoft 365 Groups
compliance Customer Lockbox Requests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customer-lockbox-requests.md
search.appverid:
- BCS160 - MET150 - MOE150+ description: "Learn about Customer Lockbox requests that allow you to control how a Microsoft support engineer can access your data when you run into an issue."
You can turn on Customer Lockbox controls in the Microsoft 365 admin center. Whe
1. Using a work or school account that has either the global administrator or the **Customer Lockbox access approver** role assigned, go to [https://admin.microsoft.com](https://admin.microsoft.com) and sign in.
-2. Choose **Settings > Org Settings**.
+2. Choose **Settings** > **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & Privacy**</a>.
-3. Select **Security & Privacy** > **Customer Lockbox** > **Edit**, and then move the toggle to **On** or **Off** to turn the feature on or off.
+3. Select **Customer Lockbox** > **Edit**, and then move the toggle to **On** or **Off** to turn the feature on or off.
![Require approval for Customer Lockbox.](../media/CustomerLockbox4.png)
Audit records that correspond to the Customer Lockbox requests are logged in the
Before you can use the audit log to track requests for Customer Lockbox, there are some steps you need to take to set up audit logging. For more information, see [Search the audit log in the Security & Compliance Center](/office365/securitycompliance/search-the-audit-log-in-security-and-compliance#before-you-begin). Once you've completed setup, use these steps to create an audit log search query to return audit records related to Customer Lockbox:
-1. Go to [https://protection.office.com](https://protection.office.com).
+1. Go to [Security & compliance](https://protection.office.com).
2. Sign in using your work or school account.
Global administrators and anyone assigned the Customer Lockbox access approver a
#### How do I opt in to Customer Lockbox?
-A global administrator can enable and configure Customer Lockbox in the Microsoft 365 or Microsoft 365 admin center.
+A global administrator can enable and configure Customer Lockbox in the Microsoft 365 or <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
#### If I approve a Customer Lockbox request, what can the engineer do and how will I know what the Microsoft engineer did?
After you approve a Customer Lockbox request, the Microsoft engineer granted the
#### How do I know that Microsoft follows the approval process?
-You can cross-reference the email approval notifications sent to admins and approvers in your organization with the Customer Lockbox request history in the Microsoft 365 admin center.
+You can cross-reference the email approval notifications sent to admins and approvers in your organization with the Customer Lockbox request history in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339).
Customer Lockbox is included in the latest [SOC 1 SSAE 16 audit report](https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide?command=Download&downloadType=Document&downloadId=91592749-e86a-43ac-801e-121382614681&docTab=4ce99610-c9c0-11e7-8c2c-f908a777fa4d_SOC%20%2F%20SSAE%2016%20Reports). For more details, you can find the latest reports in the [Microsoft Service Trust Portal](https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide?command=Download&downloadType=Document&downloadId=91592749-e86a-43ac-801e-121382614681&docTab=4ce99610-c9c0-11e7-8c2c-f908a777fa4d_SOC%20%2F%20SSAE%2016%20Reports).
Currently, the maximum period for the access permissions granted to the Microsof
#### How can I get a history of all Customer Lockbox requests?
-All Customer Lockbox requests are viewed in the Microsoft 365 admin center.
+All Customer Lockbox requests are viewed in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339).
#### How do I correlate the content access requests with the related audit logs?
compliance Define Mail Flow Rules To Encrypt Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email.md
search.appverid:
ms.assetid: 9b7daf19-d5f2-415b-bc43-a0f5f4a585e8 - M365-security-compliance+ description: "Admins can learn to create mail flow rules (transport rules) to encrypt and decrypt messages using Office 365 Message Encryption."
You can define mail flow rules for triggering message encryption with the new OM
2. Choose the **Admin** tile.
-3. In the Microsoft 365 admin center, choose **Admin centers** \> **Exchange**.
+3. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, choose **Admin centers** \> **Exchange**.
4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
You can define mail flow rules for triggering message encryption with the new OM
2. Choose the **Admin** tile.
-3. In the Microsoft 365 admin center, choose **Admin centers** \> **Exchange**.
+3. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, choose **Admin centers** \> **Exchange**.
4. In the EAC, go to **Mail flow** \> **Rules**.
You can remove encryption that is applied by your organization.
2. Choose the **Admin** tile.
-3. In the Microsoft 365 admin center, choose **Admin centers** \> **Exchange**.
+3. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, choose **Admin centers** \> **Exchange**.
4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
You can remove encryption that is applied by your organization.
If you haven't yet moved your organization to the new OME capabilities, Microsoft recommends that you make a plan to move to the new OME capabilities as soon as it is reasonable for your organization. For instructions, see [Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection](set-up-new-message-encryption-capabilities.md). Otherwise, see [Defining mail flow rules for Office 365 Message Encryption that don't use the new OME capabilities](legacy-information-for-message-encryption.md#defining-mail-flow-rules-for-office-365-message-encryption-that-dont-use-the-new-ome-capabilities).
-## Related Topics
+## Related content
[Encryption in Office 365](encryption.md)
compliance Disposition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/disposition.md
localization_priority: Priority - M365-security-compliance+ search.appverid: - MOE150 - MET150
Additionally:
- In preview: By default, each person that accesses the **Disposition** page sees only items that they are assigned to review. For a records management administrator to see all items assigned to all users, and all retention labels that are configured for disposition review: Navigate to **Records management settings** > **General** > **Security group for records manager** to select and then enable a mail-enabled security group that contains the administrator accounts.
- Microsoft 365 groups and security groups that aren't mail-enabled doesn't support this feature and wouldn't be displayed in the list to select. If you need to create a new mail-enabled security group, use the link to the Microsoft 365 admin center to create the new group.
+ Microsoft 365 groups and security groups that aren't mail-enabled doesn't support this feature and wouldn't be displayed in the list to select. If you need to create a new mail-enabled security group, use the link to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> to create the new group.
> [!IMPORTANT] > After you have enabled the group, you can't change it in the compliance center. See the next section for how to enable a different group by using PowerShell.
compliance Email Threading In Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/email-threading-in-advanced-ediscovery.md
# Email threading in Advanced eDiscovery
-Consider an email conversation that has been going on for a while. In most cases, the last email on the thread will include the contents of all the preceding emails; reviewing the last email will give a complete context of the conversation that happened in the thread. Email threading identifies such emails so that reviewers can review a fraction of collected documents without losing any context.
+Consider an email conversation that has been going on for a while. In most cases, the last message in the email thread will include the contents of all the preceding messages. Therefore, reviewing the last message will give a complete context of the conversation that happened in the thread. Email threading identifies such messages so that reviewers can review a fraction of collected documents without losing any context.
## What does email threading do?
-Email threading parses each email and deconstructs it to individual messages; each email is a chain of individual messages. Then, it analyzes all emails in the review set to determine whether an email has unique content or if the chain is wholly contained in a different email. In the end emails are divided into four categories:
+Email threading parses each email thread and deconstructs it to individual messages. Each email thread is a chain of individual messages. Advanced eDiscovery analyzes all email messaes in the review set to determine whether an email message has unique content or if the chain (parent messages) are wholly contained in the final message in the email thread. Email messages are divided into four inclusive values:
-- **Inclusive**: the last message in the email has unique content, and the email has all of the attachments that were included in other emails of which the content is wholly contained in this email.
+- **Inclusive**: An *Inclusive* email is the final email message in an email thread and contains all the previous content of that email thread.
-- **Inclusive minus**: the last message in the email has unique content, but the email does not contain some of the attachments that were included in other emails of which the content is wholly contained in this email.
+- **Inclusive minus**: An email message is designated as *Inclusive minus* if there are one or more attachments associated with the specific message within the email thread. A reviewer can use the Inclusive minus value to determine which specific email message within the thread has associated attachments.
-- **Inclusive copy**: an exact copy of an inclusive/inclusive minus email
+- **Inclusive copy**: An email message is considered an *Inclusive copy* if it is an exact copy of an Inclusive or Inclusive minus message.
-- **None**: The content of this email is wholly contained in at least one email that is marked as inclusive/inclusive minus.
+- **None**: The *None* value indicates that the content of the message is wholly contained in at least one other email message that is marked as Inclusive or Inclusive minus.
## How is it different from conversations in Outlook?
compliance Endpoint Dlp Using https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-using.md
The message reads:
9. Check Activity explorer for the event.
-### Scenario 5: Configure a policy to use the customized business justification
--- ## See also - [Learn about Endpoint data loss prevention](endpoint-dlp-learn-about.md)
compliance Importing Pst Files To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/importing-pst-files-to-office-365.md
search.appverid: MET150
ms.assetid: ba688e0a-0fcb-4bd7-8e57-2b669564ea84 - seo-marvel-apr2020
+- admindeeplinkMAC
description: Learn how to use the Import service in the Microsoft 365 compliance center to bulk-import email data (PST files) to user mailboxes.
description: Learn how to use the Import service in the Microsoft 365 compliance
> [!NOTE] > This article is for administrators. Are you trying to import PST files to your own mailbox? See [Import email, contacts, and calendar from an Outlook .pst file](https://go.microsoft.com/fwlink/p/?LinkID=785075).
-You can use the Import service in the Microsoft 365 compliance center to quickly bulk-import PST files to Exchange Online mailboxes in your organization. There are two ways you can import PST files to Office 365:
+You can use the Import service in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a> to quickly bulk-import PST files to Exchange Online mailboxes in your organization. There are two ways you can import PST files to Office 365:
- **Network upload** ![Cloud upload.](../media/54ab16ee-3822-4551-abef-3d926f4e1c01.png) - Upload the PST files over the network to a temporary Azure Storage location in the Microsoft cloud. Then you use the Office 365 Import service to import the PST data to mailboxes in your organization.
Network upload is currently available in these regions: United States, Canada, B
Using network upload to import PST files is free.
-This also means that after PST files are deleted from the Azure Storage area, they're no longer displayed in the list of files for a completed import job in the Microsoft 365 admin center. Although an import job might still be listed on the **Import data to Office 365** page, the list of PST files might be empty when you view the details of older import jobs.
+This also means that after PST files are deleted from the Azure Storage area, they're no longer displayed in the list of files for a completed import job in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339). Although an import job might still be listed on the **Import data to Office 365** page, the list of PST files might be empty when you view the details of older import jobs.
#### What version of the PST file format is supported for importing to Office 365?
compliance Investigating Partially Indexed Items In Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/investigating-partially-indexed-items-in-ediscovery.md
So in the previous example, 7% of the total size of mailbox items are from parti
## Working with partially indexed items
-In cases when you need to examine partially items to validate that they don't contain relevant information, you can [export a content search report](export-a-content-search-report.md) that contains information about partially indexed items. When you export a content search report, be sure to choose one of the export options that includes partially indexed items.
+In cases when you need to examine partially indexed items to validate that they don't contain relevant information, you can [export a content search report](export-a-content-search-report.md) that contains information about partially indexed items. When you export a content search report, be sure to choose one of the export options that includes partially indexed items.
![Choose the second or third option to export partially indexed items.](../media/PartiallyIndexedItemsExportOptions.png)
compliance Legacy Information For Message Encryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/legacy-information-for-message-encryption.md
- M365-security-compliance - seo-marvel-apr2020
+- admindeeplinkMAC
description: Understand how to transition legacy files to Office 365 Message Encryption (OME) for your organization.
For more information about how to create Exchange mail flow rules, see [Define R
2. Choose the **Admin** tile.
-3. In the Microsoft 365 admin center, choose **Admin centers** \> **Exchange**.
+3. In the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339), choose **Admin centers** \> **Exchange**.
4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
When your email users send encrypted messages, recipients of those messages can
2. Choose the **Admin** tile.
-3. In the Microsoft 365 admin center, choose **Admin centers** \> **Exchange**.
+3. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, choose **Admin centers** \> **Exchange**.
4. In the EAC, go to **Mail flow** \> **Rules** and select **New** ![New icon.](../media/457cd93f-22c2-4571-9f83-1b129bcfb58e.gif) \> **Create a new rule**. For more information about using the EAC, see [Exchange admin center in Exchange Online](/exchange/exchange-admin-center).
compliance Managing Holds https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/managing-holds.md
search.appverid:
- MOE150 - MET150 ms.assetid: - description: Learn how to place holds on custodians and their data sources to preserve relevant content for your Advanced eDiscovery case.-+
+- seo-marvel-mar2020
+- admindeeplinkMAC
# Manage holds in Advanced eDiscovery
When you create a hold, you have the following options to scope the content that
To create a non-custodial hold for an Advanced eDiscovery case:
-1. In the Microsoft 365 compliance center, click **eDiscovery > Advanced** to display the list of cases in your organization.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077149" target="_blank">Microsoft 365 compliance center</a>, click **eDiscovery > Advanced** to display the list of cases in your organization.
2. Click **Open** next to the case that you want to create the holds in.
Microsoft Teams are built on Office 365 Groups. Therefore, placing them on hold
- When a user's mailbox is searched, any Microsoft 365 Group or Microsoft Team that the user is a member of won't be searched. Similarly, when you place an Microsoft 365 Group or Microsoft Team hold, only the group mailbox and group site are placed on hold; the mailboxes and OneDrive for Business sites of group members aren't placed on hold unless you explicitly add them as custodians or place their data sources hold. Therefore, if you the need to place an Microsoft 365 Group or Microsoft Team on hold for a specific custodian, consider mapping the group site and group mailbox to the custodian (See Managing Custodians in Advanced eDiscovery). If the Microsoft 365 Group or Microsoft Team is not attributable to a single custodian, consider adding the source to a non-custodial hold.
+ - To get a list of the members of a Microsoft 365 Group or Microsoft Team, you can view the properties on the **Home** > [**Groups**](https://go.microsoft.com/fwlink/p/?linkid=2052855) page in the Microsoft 365 admin center. Alternatively, you can run the following command in Exchange Online PowerShell:
```powershell Get-UnifiedGroupLinks <group or team name> -LinkType Members | FL DisplayName,PrimarySmtpAddress
compliance Privileged Access Management Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/privileged-access-management-configuration.md
- Ent_Solutions - seo-marvel-apr2020
+ - admindeeplinkMAC
ms.assetid: description: Use this article to learn more about enabling and configuring privileged access management in Office 365. # Get started with privileged access management
-This topic guides you through enabling and configuring privileged access management in your organization. You can use either the Microsoft 365 admin center or Exchange Management PowerShell to manage and use privileged access.
+This topic guides you through enabling and configuring privileged access management in your organization. You can use either the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> or Exchange Management PowerShell to manage and use privileged access.
## Before you begin
After approval is granted, the requesting user can execute the intended task and
1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com) using credentials for an admin account in your organization.
-2. In the Admin Center, go to **Groups** > **Add a group**.
+2. In the admin center, go to <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a> > **Add a group**.
3. Select **mail-enabled security group** and then complete the **Name**, **Group email address**, and **Description** fields for the new group.
After approval is granted, the requesting user can execute the intended task and
1. Sign into the [Microsoft 365 Admin Center](https://admin.microsoft.com) using credentials for an admin account in your organization.
-2. In the Admin Center, go to **Settings** > **Org Settings** > **Security & Privacy** > **Privileged access**.
+2. In the admin center, go to **Settings** > **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & Privacy**</a> > **Privileged access**.
3. Enable the **Require approvals for privileged tasks** control.
You can create and configure up to 30 privileged access policies for your organi
1. Sign into the [Microsoft 365 Admin Center](https://admin.microsoft.com) using credentials for an admin account in your organization.
-2. In the Admin Center, go to **Settings** > **Org Settings** > **Security & Privacy** > **Privileged access**.
+2. In the Admin Center, go to **Settings** > **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & Privacy**</a> > **Privileged access**.
3. Select **Manage access policies and requests**.
Requests for privileged access are valid for up to 24 hours after the request is
1. Sign into the [Microsoft 365 Admin Center](https://admin.microsoft.com) using your credentials.
-2. In the Admin Center, go to **Settings** > **Org Settings** > **Security & Privacy** > **Privileged access**.
+2. In the Admin Center, go to **Settings** > **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & Privacy**</a> > **Privileged access**.
3. Select **Manage access policies and requests**.
After an approval request is created, elevation request status can be reviewed i
1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com) with your credentials.
-2. In the admin center, go to **Settings** > **Org Settings** > **Security & Privacy** > **Privileged access**.
+2. In the admin center, go to **Settings** > **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & Privacy**</a> > **Privileged access**.
3. Select **Manage access policies and requests**.
When an approval request is created, members of the relevant approver group rece
1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com) with your credentials.
-2. In the admin center, go to **Settings** > **Org Settings** > **Security & Privacy** > **Privileged access**.
+2. In the admin center, go to **Settings** > **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & Privacy**</a> > **Privileged access**.
3. Select **Manage access policies and requests**.
If it is no longer needed in your organization, you can delete a privileged acce
1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com) using credentials for an admin account in your organization.
-2. In the admin center, go to **Settings** > **Org Settings** > **Security & Privacy** > **Privileged access**.
+2. In the admin center, go to **Settings** > **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & Privacy**</a> > **Privileged access**.
3. Select **Manage access policies and requests**.
If needed, you can disable privileged access management for your organization. D
1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com) with credentials for an admin account in your organization.
-2. In the Admin Center, go to **Settings** > **Org Settings** > **Security & Privacy** > **Privileged access**.
+2. In the Admin Center, go to **Settings** > **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & Privacy**</a> > **Privileged access**.
3. Enable the **Require approvals for privileged access** control.
compliance Protect Documents That Have Fci Or Other Properties https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties.md
- M365-security-compliance - seo-marvel-apr2020
+- admindeeplinkMAC
description: Learn how to use a data loss prevention (DLP) policy to protect documents that have properties from a third-party system.
You first need to upload a document with the property that you want to reference
### Step 2: Create a managed property
-1. Sign in to the Microsoft 365 admin center.
+1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
2. In the left navigation, choose **Admin centers** \> **SharePoint**. You're now in the SharePoint admin center.
compliance Search The Audit Log In Security And Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance.md
search.appverid:
- MET150 ms.assetid: 0d4d0f35-390b-4518-800e-0c7ec95e946c description: "Use the Microsoft 365 compliance center to search the unified audit log to view user and administrator activity in your organization."-+
+- seo-marvel-apr2020
+- admindeeplinkMAC
# Search the audit log in the compliance center
Be sure to read the following items before you start searching the audit log.
|Microsoft Forms|![Check mark.](../media/checkmark.png)|| |||| -- Azure Active Directory (Azure AD) is the directory service for Office 365. The unified audit log contains user, group, application, domain, and directory activities performed in the Microsoft 365 admin center or in the Azure management portal. For a complete list of Azure AD events, see [Azure Active Directory Audit Report Events](/azure/active-directory/reports-monitoring/concept-audit-logs).
+- Azure Active Directory (Azure AD) is the directory service for Office 365. The unified audit log contains user, group, application, domain, and directory activities performed in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> or in the Azure management portal. For a complete list of Azure AD events, see [Azure Active Directory Audit Report Events](/azure/active-directory/reports-monitoring/concept-audit-logs).
- Audit logging for Power BI isn't enabled by default. To search for Power BI activities in the audit log, you have to enable auditing in the Power BI admin portal. For instructions, see the "Audit logs" section in [Power BI admin portal](/power-bi/service-admin-portal#audit-logs).
The following table lists the activities that can be logged by mailbox audit log
### User administration activities
-The following table lists user administration activities that are logged when an admin adds or changes a user account by using the Microsoft 365 admin center or the Azure management portal.
+The following table lists user administration activities that are logged when an admin adds or changes a user account by using the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339) or the Azure management portal.
> [!NOTE] > The operation names listed in the **Operation** column in the following table contain a period ( `.` ). You must include the period in the operation name if you specify the operation in a PowerShell command when searching the audit log, creating audit retention policies, creating alert policies, or creating activity alerts. Also be sure to use double quotation marks (`" "`) to contain the operation name.
The following table lists user administration activities that are logged when an
### Azure AD group administration activities
-The following table lists group administration activities that are logged when an admin or a user creates or changes a Microsoft 365 group or when an admin creates a security group by using the Microsoft 365 admin center or the Azure management portal. For more information about groups in Office 365, see [View, create, and delete Groups in the Microsoft 365 admin center](../admin/create-groups/create-groups.md).
+The following table lists group administration activities that are logged when an admin or a user creates or changes a Microsoft 365 group or when an admin creates a security group by using the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339) or the Azure management portal. For more information about groups in Office 365, see [View, create, and delete Groups in the Microsoft 365 admin center](../admin/create-groups/create-groups.md).
> [!NOTE] > The operation names listed in the **Operation** column in the following table contain a period ( `.` ). You must include the period in the operation name if you specify the operation in a PowerShell command when searching the audit log, creating audit retention policies, creating alert policies, or creating activity alerts. Also be sure to use double quotation marks (`" "`) to contain the operation name.
The following table lists application admin activities that are logged when an a
### Role administration activities
-The following table lists Azure AD role administration activities that are logged when an admin manages admin roles in the Microsoft 365 admin center or in the Azure management portal.
+The following table lists Azure AD role administration activities that are logged when an admin manages admin roles in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339) or in the Azure management portal.
> [!NOTE] > The operation names listed in the **Operation** column in the following table contain a period ( `.` ). You must include the period in the operation name if you specify the operation in a PowerShell command when searching the audit log, creating audit retention policies, creating alert policies, or creating activity alerts. Also be sure to use double quotation marks (`" "`) to contain the operation name.
The following table lists Azure AD role administration activities that are logge
### Directory administration activities
-The following table lists Azure AD directory and domain-related activities that are logged when an administrator manages their organization in the Microsoft 365 admin center or in the Azure management portal.
+The following table lists Azure AD directory and domain-related activities that are logged when an administrator manages their organization in the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339) or in the Azure management portal.
> [!NOTE] > The operation names listed in the **Operation** column in the following table contain a period ( `.` ). You must include the period in the operation name if you specify the operation in a PowerShell command when searching the audit log, creating audit retention policies, creating alert policies, or creating activity alerts. Also be sure to use double quotation marks (`" "`) to contain the operation name.
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application version required for each
|Capability |Windows<sup>\*</sup> |Mac |iOS |Android |Web | ||-||-|-|| |[Manually apply, change, or remove label](https://support.microsoft.com/en-us/office/apply-sensitivity-labels-to-your-files-and-email-in-office-2f96e7cd-d5a4-403b-8bd7-4cc636bae0f9)| 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
-|[Apply a default label](sensitivity-labels.md#what-label-policies-can-do) | 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
+|[Apply a default label](sensitivity-labels.md#what-label-policies-can-do) to new documents | 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
+|[Apply a default label](sensitivity-labels.md#what-label-policies-can-do) to existing documents | Preview: Rolling out to [Beta Channel](https://office.com/insider) | Preview: Rolling out to [Beta Channel](https://office.com/insider) | Under review | Under review | Rolling out: [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
|[Require a justification to change a label](sensitivity-labels.md#what-label-policies-can-do) | 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Provide help link to a custom help page](sensitivity-labels.md#what-label-policies-can-do) | 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Mark the content](sensitivity-labels.md#what-sensitivity-labels-can-do) | 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
-|[Dynamic markings with variables](#dynamic-markings-with-variables) | 2010+ | 16.42+ | 2.42+ | 16.0.13328+ | Rolling out |
+|[Dynamic markings with variables](#dynamic-markings-with-variables) | 2010+ | 16.42+ | 2.42+ | 16.0.13328+ | Rolling out: [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
|[Assign permissions now](encryption-sensitivity-labels.md#assign-permissions-now) | 1910+ | 16.21+ | 2.21+ | 16.0.11231+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Let users assign permissions: <br /> - Prompt users](encryption-sensitivity-labels.md#let-users-assign-permissions) |2004+ | 16.35+ | Under review | Under review | Under review | |[Audit label-related user activity](data-classification-activity-explorer.md) | 2011+ | 16.43+ | 2.46+ | 16.0.13628+ | Yes <sup>\*\*</sup> |
For guidance about when to use this setting, see the information about [policy s
> [!NOTE] > If you use the default label policy setting for documents and emails in addition to mandatory labeling: >
-> The default label always takes priority over mandatory labeling. However, for documents, the Azure Information Protection unified labeling client applies the default label to all unlabeled documents whereas built-in labeling applies the default label to new documents and not to existing documents that are unlabeled. This difference in behavior means that when you use mandatory labeling with the default label setting, users will be prompted to apply a sensitivity label more often when they use built-in labeling than when they use the Azure Information Protection unified labeling client.
+> The default label always takes priority over mandatory labeling. However, for documents, the Azure Information Protection unified labeling client applies the default label to all unlabeled documents whereas built-in labeling applies the default label to new documents and not to existing documents that are unlabeled. This difference in behavior means that when you use mandatory labeling with the default label setting, users will probably be prompted to apply a sensitivity label more often when they use built-in labeling than when they use the Azure Information Protection unified labeling client.
+>
+> Now rolling out: Office apps that use built-in labeling and support a default label for existing documents. For details, see the [capabilities table](sensitivity-labels-office-apps.md#sensitivity-label-capabilities-in-word-excel-and-powerpoint) for Word, Excel, and PowerPoint.
## Outlook-specific options for default label and mandatory labeling
compliance Sensitivity Labels Teams Groups Sites https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-teams-groups-sites.md
You can also change and apply a label from this page:
2. Select the **Policies** tab, and then select **Edit** for the **Sensitivity** setting.
-3. From the **Edit sensitivity setting** pane, select the sensitivity label you want to apply to the site, and then select **Save**.
+3. From the **Edit sensitivity setting** pane, select the sensitivity label you want to apply to the site. Unlike user apps, where sensitivity labels can be assigned to specific users, the admin center displays all sensitivity labels for your tenant. After you've chosen a label, select **Save**.
## Support for sensitivity labels
+When you use admin centers that support sensitivity labels, you see all sensitivity labels for your tenant. In comparison, user apps and services that filter sensitivity labels according to publishing policies can result in you seeing a subset of those labels.
+ The following apps and services support sensitivity labels configured for sites and group settings: - Admin centers:
The following apps and services support sensitivity labels configured for sites
- SharePoint admin center - Azure Active Directory portal - Microsoft 365 admin center
- - Microsoft 365 compliance center, Microsoft 365 security center, Security & Compliance Center
+ - Microsoft 365 compliance center
- User apps and
If these containers have Azure AD classification values applied to them, the con
See the webinar recording and answered questions for [Using Sensitivity labels with Microsoft Teams, O365 Groups and SharePoint Online sites](https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/using-sensitivity-labels-with-microsoft-teams-o365-groups-and/ba-p/1221885#M1380).
-For more information on managing Teams connected sites and channel sites, see [Manage Teams connected sites and channel sites](/SharePoint/teams-connected-sites).
- This webinar was recorded when the feature was still in preview, so you might notice some discrepancies in the UI. However, the information for this feature is still accurate, with any new capabilities documented on this page.+
+For more information about managing Teams connected sites and channel sites, see [Manage Teams connected sites and channel sites](/SharePoint/teams-connected-sites).
compliance Sensitivity Labels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels.md
When you configure a label policy, you can:
- **Choose which users and groups see the labels.** Labels can be published to any specific user or email-enabled security group, distribution group, or Microsoft 365 group (which can have [dynamic membership](/azure/active-directory/users-groups-roles/groups-create-rule)) in Azure AD. -- **Specify a default label** for new documents, unlabeled emails, new containers (when you've [enabled sensitivity labels for Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md)), and now [a default label for Power BI content](/power-bi/admin/service-security-sensitivity-label-default-label-policy). You can specify the same label for all four types of items, or different labels. When you specify a default label for documents, the Azure Information Protection unified labeling client also applies this label to existing documents that are unlabeled. Users can change the applied default sensitivity label if they decide it's not the right one.
+- **Specify a default label** for unlabeled documents and emails, new containers (when you've [enabled sensitivity labels for Microsoft Teams, Microsoft 365 groups, and SharePoint sites](sensitivity-labels-teams-groups-sites.md)), and now a default label for [Power BI content](/power-bi/admin/service-security-sensitivity-label-default-label-policy). You can specify the same label for all four types of items, or different labels. Users can change the applied default sensitivity label to better match the sensitivity of their content or container.
- > [!IMPORTANT]
- > When you have [sublabels](#sublabels-grouping-labels), be careful not to configure the parent label as a default label.
+ > [!NOTE]
+ > Rolling out for Office apps that use built-in labels: This setting now supports existing documents when they are opened by users, as well as new documents. This change in behavior provides parity with the Azure Information Protection unified labeling client. For more information about the rollout per app and minimum versions, see the [capabilities table](sensitivity-labels-office-apps.md#sensitivity-label-capabilities-in-word-excel-and-powerpoint) for Word, Excel, and PowerPoint.
Consider using a default label to set a base level of protection settings that you want applied to all your content. However, without user training and other controls, this setting can also result in inaccurate labeling. It's usually not a good idea to select a label that applies encryption as a default label to documents. For example, many organizations need to send and share documents with external users who might not have apps that support the encryption or they might not use an account that can be authorized. For more information about this scenario, see [Sharing encrypted documents with external users](sensitivity-labels-office-apps.md#sharing-encrypted-documents-with-external-users).
+
+ > [!IMPORTANT]
+ > When you have [sublabels](#sublabels-grouping-labels), be careful not to configure the parent label as a default label.
- **Require a justification for changing a label.** If a user tries to remove a label or replace it with a label that has a lower-order number, you can require the user provides a justification to perform this action. For example, a user opens a document labeled Confidential (order number 3) and replaces that label with one named Public (order number 1). For Office apps, this justification prompt is triggered once per app session when you use built-in labeling, and per file when you use the Azure Information Protection unified labeling client. Administrators can read the justification reason along with the label change in [activity explorer](data-classification-activity-explorer.md).
compliance Set Up Advanced Audit https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-advanced-audit.md
- m365solution-audit - m365initiative-compliance - m365solution-scenario+ search.appverid: - MOE150 - MET150
If your organization has a subscription and end-user licensing that supports Adv
Advanced Audit features such as the ability to log crucial events such as MailItemsAccessed and Send require an appropriate E5 license assigned to users. Additionally, the Advanced Auditing app/service plan must be enabled for those users. To verify that the Advanced Auditing app is assigned to users, perform the following steps for each user:
-1. In the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal), go to **Users** > **Active users**, and select a user.
+1. In the Microsoft 365 admin center, go to **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>, and select a user.
2. On the user properties flyout page, click **Licenses and apps**.
compliance Set Up New Message Encryption Capabilities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-new-message-encryption-capabilities.md
- Strat_O365_IP - M365-security-compliance description: Learn about the new Office 365 Message Encryption capabilities that enable protected email communication with people inside and outside your organization.-+
+- seo-marvel-apr2020
+- admindeeplinkMAC
# Set up new Message Encryption capabilities
For steps on creating mail flow rules for OME, see [Define mail flow rules to en
To update existing rules to use the new OME capabilities:
-1. In the Microsoft 365 admin center, go to **Admin centers > Exchange**.
+1. In the [Microsoft 365 admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339), go to **Admin centers > Exchange**.
2. In the Exchange admin center, go to **Mail flow > Rules**. 3. For each rule, in **Do the following**: - Select **Modify the message security**.
compliance Turn Audit Log Search On Or Off https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/turn-audit-log-search-on-or-off.md
You have to use Exchange Online PowerShell to turn off auditing.
- Go to the **Audit** page in the Microsoft 365 compliance center. If auditing is not turned on for your organization, a banner is displayed prompting you start recording user and admin activity.+
+## Audit records when auditing status is changed
+
+Changes to the auditing status in your organization are themselves audited. This means that audit records are logged when auditing is turned on or turned off. You can search the Exchange admin audit log for these audit records.
+
+To search the Exchange admin audit log for audit records that are generated when turning auditing on or off, run the following command in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell):
+
+```powershell
+Search-AdminAuditLog -Cmdlets Set-AdminAuditLogConfig -Parameters UnifiedAuditLogIngestionEnabled
+```
+
+Audit records for these events contain information about when the auditing status was changed, the admin who changed it, and the IP address of the computer that was used to make the change. The following screenshots show audit records that correspond to changing the auditing status in your organization.
+
+### Audit record for turning on auditing
+
+![Audit record for turning on auditing](../media/AuditStatusAuditingEnabled.png)
+
+The value of `Confirm` in the *CmdletParameters* property indicates that unified audit logging was turned on in the compliance center or by running the **Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true** cmdlet.
+
+### Audit record for turning off auditing
+
+![Audit record for turning off auditing](../media/AuditStatusAuditingDisabled.png)
+
+The value of `Confirm` is not included in the *CmdletParameters* property. This indicates that unified audit logging was turned off by running the **Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $false** command.
+
+For more information about searching the Exchange admin audit log, see [Search-AdminAuditLog](/powershell/module/exchange/search-adminauditlog).
compliance Use Drive Shipping To Import Pst Files To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-drive-shipping-to-import-pst-files-to-office-365.md
Use the Office 365 Import service and drive shipping to bulk-import PST files to
Here are the steps required to use drive shipping to import PST files to Microsoft 365 mailboxes:
-[Step 1: Download the secure storage key and PST Import tool](#step-1-download-the-secure-storage-key-and-pst-import-tool)
+[Step 1: Download the PST Import tool](#step-1-download-the-pst-import-tool)
[Step 2: Copy the PST files to the hard drive](#step-2-copy-the-pst-files-to-the-hard-drive)
Here are the steps required to use drive shipping to import PST files to Microso
[Step 6: Filter data and start the PST Import job](#step-6-filter-data-and-start-the-pst-import-job) > [!IMPORTANT]
-> You have to perform Step 1 once to down load the secure storage key and the import tool. After you perform these steps, follow Step 2 through Step 6 each time you want to ship a hard drive to Microsoft.
+> You have to perform Step 1 once to download the import tool. After you have performed these steps, follow Step 2 through Step 6 each time you want to ship a hard drive to Microsoft.
For frequently asked questions about using drive shipping to import PST files to Office 365, see [FAQs for using drive shipping to import PST files](./faqimporting-pst-files-to-office-365.yml#using-drive-shipping-to-import-pst-files).
For frequently asked questions about using drive shipping to import PST files to
- The hard drive that you ship to Microsoft may cross international borders. In this case, you're responsible for ensuring that the hard drive and the data it contains are imported and/or exported in accordance with the applicable laws. Before shipping a hard drive, check with your advisors to verify that your drive and data can legally be shipped to the identified Microsoft data center. This helps to ensure that it reaches Microsoft in a timely manner. -- This procedure involves copying and saving a secure storage key and a BitLocker encryption key. Be sure to take precautions to protect these keys like you would protect passwords or other security-related information. For example, you might save them to a password-protected Microsoft Word document or save them to an encrypted USB drive. See the [More information](#more-information) section for an example of these keys.
+- This procedure involves copying and saving a BitLocker encryption key. Be sure to take precautions to protect these keys like you would protect passwords or other security-related information. For example, you might save them to a password-protected Microsoft Word document or save them to an encrypted USB drive. See the [More information](#more-information) section for an example of these keys.
- After PST files are imported to a Microsoft 365 mailbox, the retention hold setting for the mailbox is turned on for an indefinite duration. This means that the retention policy assigned to the mailbox won't be processed until you turn off the retention hold or set a date to turn off the hold. Why do we do this? If messages imported to a mailbox are old, they might be permanently deleted (purged) because their retention period has expired based on the retention settings configured for the mailbox. Placing the mailbox on retention hold gives the mailbox owner time to manage these newly imported messages or give you time to change the retention settings for the mailbox. See the [More information](#more-information) section for suggestions about managing the retention hold.
For frequently asked questions about using drive shipping to import PST files to
See [Step 3: Create the PST Import mapping file](#step-3-create-the-pst-import-mapping-file) for more information.
-## Step 1: Download the secure storage key and PST Import tool
+## Step 1: Download the PST Import tool
-The first step is to download the secure storage key and the tool and that you use in Step 2 to copy PST files to the hard drive.
+The first step is to download the tool and that you use in Step 2 to copy PST files to the hard drive.
> [!IMPORTANT] > You have to use Azure Import/Export tool version 1 (WAimportExportV1) to successfully import PST files by using the drive shipping method. Version 2 of the Azure Import/Export tool isn't supported and using it will result in incorrectly preparing the hard drive for the import job. Be sure to download the Azure Import/Export tool from the Microsoft 365 compliance center by following the procedures in this step.
The first step is to download the secure storage key and the tool and that you u
![Click Ship hard drives to one of our physical locations to create a drive shipping import job.](../media/1584fdc5-cd4c-4e47-932e-db6c8e07f5f8.png)
-6. On the **Import data** page, do the following two things:
+6. On the **Import data** page, do the following:
- ![Copy the secure storage key and download the Azure Import Export tool on the Import data page.](../media/e22e0b48-e5ce-48e0-95bc-0490a2b3b983.png)
-
- a. In step 2, click **Show the secure storage key**. After the storage key is displayed, click **Copy to clipboard** and then paste it and save it to a file so you can access it later.
-
- b. In step 3, **Download the Azure Import/Export tool** to download and install the Azure Import/Export (version 1) tool.
+ **Download the Azure Import/Export tool** to download and install the Azure Import/Export (version 1) tool.
- In the pop-up window, click **Save** \> **Save as** to save the WaImportExportV1.zip file to a folder on your local computer.
compliance Use Your Free Azure Ad Subscription In Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-your-free-azure-ad-subscription-in-office-365.md
search.appverid:
- MET150 ms.assetid: d104fb44-1c42-4541-89a6-1f67be22e4ad description: "Learn how to access Azure Active Directory, which is included in your organization's paid subscription."-+
+- seo-marvel-apr2020
+- admindeeplinkMAC
# Use your free Azure Active Directory subscription
Use a private browsing session (not a regular session) to access the Azure porta
- A free Azure Active Directory subscription does not include the Sign-ins activity report. To record sign-in activity (which can be useful in a data breach), you need an Azure Active Directory Premium subscription. For more information, see [How long does Azure AD store the data?](/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-long-does-azure-ad-store-the-data). -- You can also access the **Azure Active Directory** admin center from the Microsoft 365 admin center. In the left navigation pane of the Microsoft 365 admin center, click **Admin centers** \> **Azure Active Directory**.
+- You can also access the **Azure Active Directory** admin center from the Microsoft 365 admin center. In the left navigation pane of the Microsoft 365 admin center, click **Admin centers** \> [**Azure Active Directory**](https://go.microsoft.com/fwlink/p/?linkid=2067268).
- For information about managing users and groups and performing other directory management tasks, see [Manage your Azure AD directory](/azure/active-directory/active-directory-administer).
contentunderstanding Image Tagging https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/image-tagging.md
audience: admin ms.prod: microsoft-365-enterprise+ search.appverid: - enabler-strategic
After you [set up SharePoint Syntex](set-up-content-understanding.md), you can c
To turn image tagging on or off
-1. In the Microsoft 365 admin center, click **Setup**.
+1. In the Microsoft 365 admin center, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>.
2. Under **Organizational knowledge**, click **Automate content understanding**.
contentunderstanding Set Up Content Understanding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/set-up-content-understanding.md
audience: admin
ms.prod: microsoft-365-enterprise
- - enabler-strategic
- - m365initiative-syntex
+- enabler-strategic
+- m365initiative-syntex
+ search.appverid: MET150 localization_priority: Priority description: "Set up SharePoint Syntex"
description: "Set up SharePoint Syntex"
# Set up SharePoint Syntex
-Admins can use the Microsoft 365 admin center to set up [Microsoft SharePoint Syntex](index.md).
+Admins can use the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> to set up [Microsoft SharePoint Syntex](index.md).
Consider the following before you start: - In which SharePoint sites will you enable form processing? All of them, some, or select sites? - What will you name your default content center?
-You can change your settings after initial setup in the Microsoft 365 admin center.
+You can change your settings after initial setup in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
Prior to setup, make sure to plan for the best way to set up and configure content understanding in your environment. For example, you need to make the following decisions:
Prior to setup, make sure to plan for the best way to set up and configure conte
> [!NOTE] > You must have Global admin or SharePoint admin permissions to be able to access the Microsoft 365 admin center and set up SharePoint Syntex.
-As an admin, you can also make changes to your selected settings anytime after setup, and throughout the content understanding management settings in the Microsoft 365 Admin Center.
+As an admin, you can also make changes to your selected settings anytime after setup, and throughout the content understanding management settings in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
If you plan to use a custom Power Platform environment, you must [install the *AI Builder for Project Cortex* app in this environment](/power-platform/admin/manage-apps#install-an-app-in-the-environment-view) and [allocate AI Builder credits](/power-platform/admin/capacity-add-on) to it before you can create form processing models.
For details about SharePoint Syntex licensing, see [SharePoint Syntex licensing]
## To set up SharePoint Syntex
-1. In the Microsoft 365 admin center, select **Setup**, and then view the **Files and content** section.
+1. In the Microsoft 365 admin center, select <a href="https://go.microsoft.com/fwlink/p/?linkid=2171997" target="_blank">**Setup**</a>, and then view the **Files and content** section.
2. In the **Files and content** section, select **Automate content understanding**. Note that your current AI Builder credit availability is shown in the **At a glance** section.<br/>
Once you have configured SharePoint Syntex, you must assign licenses for the use
To assign licenses:
-1. In the Microsoft 365 admin center, under **Users**, click **Active users**.
+1. In the Microsoft 365 admin center, under **Users**, select <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
2. Select the users that you want to license, and choose **Manage product licenses**.
contentunderstanding Trial Syntex https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/trial-syntex.md
audience: admin
ms.prod: microsoft-365-enterprise
- - enabler-strategic
- - m365initiative-syntex
-
+- enabler-strategic
+- m365initiative-syntex
+
+- Adopt
+- admindeeplinkMAC
search.appverid: localization_priority: Normal description: Learn how to plan and run a trial pilot program for SharePoint Syntex in your organization.
You can get the trial version from one of the following sources:
- The [Microsoft 365 admin center](https://admin.microsoft.com) 1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com).
- 2. Go to **Billing** > **Purchase Services**.
+ 2. Go to **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=868433" target="_blank">**Purchase Services**</a>.
3. Scroll down to the **Add-Ons** section. 4. On the SharePoint Syntex tile, select **Details**. 5. Select **Get free trial**.
enterprise Add A Domain To A Client Tenancy With Windows Powershell For Delegated Access Pe https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/add-a-domain-to-a-client-tenancy-with-windows-powershell-for-delegated-access-pe.md
- M365-subscription-management f1.keywords: - NOCSH-+
+- seo-marvel-apr2020
+- admindeeplinkMAC
ms.assetid: f49b4d24-9aa0-48a6-95dd-6bae9cf53d2c description: "Summary: Use PowerShell for Microsoft 365 to add an alternate domain name to an existing customer tenant."
You also need the following information:
Your customers will likely ask you to create additional domains to associate with their tenancy because they don't want the default \<domain>.onmicrosoft.com domain to be the primary one that represents their corporate identities to the world. This procedure walks you through creating a new domain associated with your customer's tenancy. > [!NOTE]
-> To perform some of these operations, the partner administrator account you sign in with must be set to **Full administration** for the **Assign administrative access to companies you support** setting found in the details of the admin account in the Microsoft 365 admin center. For more information on managing partner administrator roles, see [Partners: Offer delegated administration](https://go.microsoft.com/fwlink/p/?LinkId=532435).
+> To perform some of these operations, the partner administrator account you sign in with must be set to **Full administration** for the **Assign administrative access to companies you support** setting found in the details of the admin account in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. For more information on managing partner administrator roles, see [Partners: Offer delegated administration](https://go.microsoft.com/fwlink/p/?LinkId=532435).
### Create the domain in Azure Active Directory
enterprise Add Several Users At The Same Time https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/add-several-users-at-the-same-time.md
- 'O365P_AddUsersCSV' - 'O365M_AddUsersCSV' - 'O365E_AddUsersCSV'
+- admindeeplinkMAC
search.appverid: - MET150 - MOP150
Each person on your team needs a user account before they can sign in and access
1. Sign in to Microsoft 365 with your work or school account.
-2. In the admin center, choose **Users** \> **Active users**.
+2. In the admin center, choose **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
3. Select **Add multiple users**.
enterprise Configure Services And Applications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-services-and-applications.md
If you want help getting Microsoft 365 set up, use **[FastTrack](https://www.mic
|**Email** <br> (Exchange Online) | - Get ready to migrate with [Exchange Hybrid using the Exchange Deployment Assistant](https://technet.microsoft.com/exdeploy2013) <br> - Use the [Exchange migration advisor](https://aka.ms/office365setup) to get customized set up guidance <br> - [Set up Exchange Online Protection](/exchange/standalone-eop/set-up-your-eop-service) | |**Sites** <br> (SharePoint Online) | -Configure hybrid functionality for [SharePoint Server 2013](/SharePoint/hybrid/hybrid)<br> - [Create and use site templates](https://support.office.com/article/Create-and-use-site-templates-60371B0F-00E0-4C49-A844-34759EBDD989) to customize the look and feel of SharePoint Online <br> - Use the [SharePoint Online Planning Guide](https://support.office.com/article/SharePoint-Online-Planning-Guide-for-Office-365-for-business-d5089cdf-3fd2-4230-acbd-20ecda2f9bb8) or the [SharePoint Online deployment advisor](https://aka.ms/spoguidance) to plan and configure additional features <br> - Manage your [Video portal](https://support.office.com/article/Manage-your-Office-365-Video-portal-c059465b-eba9-44e1-b8c7-8ff7793ff5da) | |**IM and online meetings** <br> (Skype for Business Online) | - Configure hybrid functionality for [Lync Server 2013](/previous-versions/office/lync-server-2013/lync-server-2013-lync-server-2013-hybrid) or [Skype for Business 2015](/skypeforbusiness/hybrid/plan-hybrid-connectivity?bc=%2fSkypeForBusiness%2fbreadcrumb%2ftoc.json&toc=%2fSkypeForBusiness%2ftoc.json)<br> - [Set up Skype for Business Online](https://support.office.com/article/Set-up-Skype-for-Business-Online-40296968-e779-4259-980b-c2de1c044c6e) and configure common features such as call routing, conference calling, and sharing <br> - Use the [Skype for Business deployment advisor](/MicrosoftTeams/faq-journey) to get customized set up guidance |
-| **File storage & sharing** <br> (OneDrive for Business and SharePoint Online) | - [Set up Microsoft 365 file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_WhatDif): Learn when you should use OneDrive for Business to store files and when you should use ShharePoint Online team sites <br> - [Set up file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_MoveDocsVideo): See how easy it is to upload files in OneDrive for Business and your SharePoint team site <br> - [Set up file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_Store): Get all the steps for uploading files to OneDrive for Business and your team site. Learn tips for file sharing <br> - Use the [OneDrive for Business setup guide](https://aka.ms/OD4Bguidance) to get customized set up guidance |
+| **File storage & sharing** <br> (OneDrive for Business and SharePoint Online) | - [Set up Microsoft 365 file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_WhatDif): Learn when you should use OneDrive for Business to store files and when you should use SharePoint Online team sites <br> - [Set up file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_MoveDocsVideo): See how easy it is to upload files in OneDrive for Business and your SharePoint team site <br> - [Set up file storage and sharing](https://support.office.com/article/7aa9cdc8-2245-4218-81ee-86fa7c35f1de#BKMK_Store): Get all the steps for uploading files to OneDrive for Business and your team site. Learn tips for file sharing <br> - Use the [OneDrive for Business setup guide](https://aka.ms/OD4Bguidance) to get customized set up guidance |
|**Microsoft 365 applications** | - Microsoft 365 administrators should use the [Office Deployment Guide](/deployoffice) to get help planning a Microsoft 365 Apps for enterprise deployment or upgrade. <br> - [Power BI for Microsoft 365 admin center](https://support.office.com/article/Power-BI-for-Office-365-Admin-Center-Help-5e391ecb-500c-47a3-bd0f-a6173b541044) <br> - [Office Delve for Microsoft 365 admins](https://support.office.com/article/Office-Delve-for-Office-365-admins-54f87a42-15a4-44b4-9df0-d36287d9531b) <br> - [Frequently asked questions about Sway](https://support.office.com/article/446380fa-25bf-47b2-996c-e12cb2f9d075) <br> - [Get started with Project Online](https://support.office.com/article/Get-started-with-Project-Online-e3e5f64f-ada5-4f9d-a578-130b2d4e5f11). <br> - [Microsoft Intune deployment advisor](/mem/intune/) | |**Enterprise Social** <br> (Yammer) | - [Use Yammer with Microsoft 365](https://support.office.com/article/Plan-for-Yammer-integration-with-Office-365-4086681f-6de1-4d39-aa72-752b2af1cbd7) <br> - Use the [Yammer Enterprise setup guide](https://aka.ms/yammerdeploy) to get customized set up guidance |
enterprise Configure User Account Properties With Microsoft 365 Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell.md
- O365ITProTrain - Ent_Office_Other - PowerShell
+- admindeeplinkMAC
ms.assetid: 30813f8d-b08d-444b-98c1-53df7c29b4d7 description: "Use PowerShell for Microsoft 365 to configure properties of individual or multiple user accounts in your Microsoft 365 tenant."
description: "Use PowerShell for Microsoft 365 to configure properties of indivi
*This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.*
-You can use the Microsoft 365 admin center to configure properties for the user accounts of your Microsoft 365 tenant. In PowerShell, you can also do this, plus some other things you can't do in the admin center.
+You can use the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> to configure properties for the user accounts of your Microsoft 365 tenant. In PowerShell, you can also do this, plus some other things you can't do in the admin center.
## Use the Azure Active Directory PowerShell for Graph module
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
Last updated 09/21/2020
- it-pro
+- admindeeplinkMAC
- M365-subscription-management
Additionally, mail-enabled security groups in the source tenant are required pri
You will also need to communicate with your trusted partner company (with whom you will be moving mailboxes) to obtain their Microsoft 365 tenant ID. This tenant ID is used in the Organization Relationship `DomainName` field.
-To obtain the tenant ID of a subscription, sign-in to the Microsoft 365 admin center and go to [https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties). Click the copy icon for the Tenant ID property to copy it to the clipboard.
+To obtain the tenant ID of a subscription, sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> and go to [https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties). Click the copy icon for the Tenant ID property to copy it to the clipboard.
Here is how the process works.
enterprise Data Classification Microsoft 365 Enterprise Dev Test Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/data-classification-microsoft-365-enterprise-dev-test-environment.md
localization_priority: Normal -+
+- Ent_TLGs
+- admindeeplinkMAC
ms.assetid: 1aa9639b-2862-49c4-bc33-1586dda636b8 description: Use this Test Lab Guide to create and use retention labels on documents in your Microsoft 365 for enterprise test environment.
If you want to configure retention labels in a simulated enterprise, follow the
In this phase, create the retention labels for the different levels of retention for SharePoint Online documents folders:
-1. Sign in to the [Microsoft 365 security center](https://security.microsoft.com/homepage) with your global admin account.
+1. Sign in to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 security center</a> with your global admin account.
1. From the **Home - Microsoft 365 security** tab of your browser, select **Classification** > **Retention labels**. 1. Select **Create a label**. 1. In the **Name your label** pane, enter **Internal Public** in **Name your label**, and then select **Next**.
enterprise Deploy Microsoft 365 Directory Synchronization Dirsync In Microsoft Azure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/deploy-microsoft-365-directory-synchronization-dirsync-in-microsoft-azure.md
Azure AD Connect adds accounts to your Microsoft 365 subscription from the on-pr
1. Sign in to the [Microsoft 365 admin center](https://admin.microsoft.com), and then click **Admin**.
-2. In the left navigation, click **Users > Active users**.
-
+2. In the left navigation, click **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
3. In the list of user accounts, select the check box next to the user you want to activate. 4. On the page for the user, click **Edit** for **Product licenses**.
enterprise Fix Problems With Directory Synchronization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/fix-problems-with-directory-synchronization.md
localization_priority: Priority f1.keywords: - CSH-+
+- Adm_O365
+- admindeeplinkMAC
- Ent_O365 - M365-identity-device-management
You will also receive a mail (to the alternate email and to your admin email) fr
## How do I get Azure Active Directory Connect tool?
-In the [Microsoft 365 admin center](https://admin.microsoft.com), navigate to **Users** \> **Active users**. Click the **More** menu (three dots) and select **Directory synchronization**.
+In the [Microsoft 365 admin center](https://admin.microsoft.com), navigate to **Users** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>. Click the **More** menu (three dots) and select **Directory synchronization**.
Follow the [instructions in the wizard](set-up-directory-synchronization.md) to download Azure AD Connect.
enterprise Identify Directory Synchronization Errors https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/identify-directory-synchronization-errors.md
f1.keywords:
- Adm_O365 - seo-marvel-apr2020
+ - admindeeplinkMAC
- Ent_O365 - M365-identity-device-management
description: Learn how to view directory synchronization errors and possible fix
# View directory synchronization errors in Microsoft 365
-You can view directory synchronization errors in the Microsoft 365 admin center. Only the User object errors are displayed. To view errors with PowerShell, see [Identify objects with DirSyncProvisioningErrors](/azure/active-directory/hybrid/how-to-connect-syncservice-duplicate-attribute-resiliency).
+You can view directory synchronization errors in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. Only the User object errors are displayed. To view errors with PowerShell, see [Identify objects with DirSyncProvisioningErrors](/azure/active-directory/hybrid/how-to-connect-syncservice-duplicate-attribute-resiliency).
## View directory synchronization errors in the Microsoft 365 admin center
enterprise Increased O365 Security Microsoft 365 Enterprise Dev Test Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/increased-o365-security-microsoft-365-enterprise-dev-test-environment.md
localization_priority: Normal -+
+- Ent_TLGs
+- admindeeplinkMAC
ms.assetid: 1aa9639b-2862-49c4-bc33-1586dda636b8 description: Use this Test Lab Guide to enable additional Microsoft 365 security settings your Microsoft 365 for enterprise test environment.
In this phase, you enable increased Microsoft 365 security for your Microsoft 36
Apps that do not support modern authentication cannot have [identity and device access configurations](../security/office-365-security/microsoft-365-policies-configurations.md) applied to them, which is an important element of securing your Microsoft 365 subscription and its digital assets.
-1. Go to the Microsoft 365 admin center ([https://portal.microsoft.com](https://portal.microsoft.com)) and sign in to your Microsoft 365 test lab subscription with your global administrator account.
+1. Go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> and sign in to your Microsoft 365 test lab subscription with your global administrator account.
- If you are using the lightweight Microsoft 365 test environment, sign in from your local computer.
For more information, see [Security Dashboard](../security/office-365-security/s
Microsoft Secure Score shows your security posture as a number, which indicates your current level relative to the features that are available in your subscription. It also gives you a list of improvement actions you can take to improve your score.
-1. Create a new tab in your browser and go to the [Microsoft 365 security center](https://security.microsoft.com/), and then click **Secure score**.
+1. Create a new tab in your browser, go to the <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 security center</a>, and then click **Secure score**.
2. On the **Overview** tab, note your current Secure Score and how it compares with the global average and subscriptions with a similar number of licenses. 3. On the **Improvement actions** tab, read through the list of actions you can take to increase your score.
enterprise Lightweight Base Configuration Microsoft 365 Enterprise https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/lightweight-base-configuration-microsoft-365-enterprise.md
- Ent_TLGs - seo-marvel-apr2020
+- admindeeplinkMAC
ms.assetid: 6f916a77-301c-4be2-b407-6cec4d80df76 description: Use this Test Lab Guide to create a lightweight test environment for testing Microsoft 365 for enterprise.
First, add the Microsoft 365 E5 trial subscription and assign the new Microsoft
1. In an internet browser private window, use your global administrator account credentials to sign in to the Microsoft 365 admin center at [https://admin.microsoft.com](https://admin.microsoft.com).
-2. On the **Microsoft 365 admin center** page, in the left navigation, select **Billing > Purchase services**.
+2. On the **Microsoft 365 admin center** page, in the left navigation, select **Billing** > <a href="https://go.microsoft.com/fwlink/p/?linkid=868433" target="_blank">**Purchase services**</a>.
3. On the **Purchase services** page, select **Microsoft 365 E5**, and then select **Get free trial**.
First, add the Microsoft 365 E5 trial subscription and assign the new Microsoft
6. On the **Order receipt** page, select **Continue**.
-7. In the Microsoft 365 admin center, select **Users > Active users**.
+7. In the Microsoft 365 admin center, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
8. In **Active users**, select your administrator account.
enterprise Mam Policies For Your Microsoft 365 Enterprise Dev Test Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/mam-policies-for-your-microsoft-365-enterprise-dev-test-environment.md
If you want to configure MAM policies in a simulated enterprise, follow the inst
In this phase, you create a device compliance policy for Windows 10 devices. This phase uses Microsoft Intune and the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) to add a group, and create a compliance policy.
-1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com), and sign in to your Microsoft 365 test lab subscription with your global administrator account. Select the **Endpoint Manager** admin center. The [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) opens.
+1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com), sign in to your Microsoft 365 test lab subscription with your global administrator account, and select the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank">Endpoint Manager admin center</a>.
If a message similar to **You haven't enabled device management yet** message is shown, then select Intune as the MDM authority. For the specific steps, see [Set the mobile device management authority](/mem/intune/fundamentals/mdm-authority-set).
enterprise Manage Microsoft 365 Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-microsoft-365-accounts.md
f1.keywords:
- Adm_O365 - seo-marvel-mar2020
+ - admindeeplinkMAC
- Ent_O365 - M365-subscription-management
description: "Learn how to manage Microsoft 365 user accounts."
You can manage Microsoft 365 user accounts in several different ways, depending on your configuration. You can manage user accounts in the [Microsoft 365 admin center](../admin/add-users/index.yml), [PowerShell](manage-user-accounts-and-licenses-with-microsoft-365-powershell.md), in Active Directory Domain Services (AD DS), or in the Azure Active Directory (Azure AD) admin portal.
-As soon as you purchase Microsoft 365, the Microsoft 365 admin center and PowerShell can be used to manage accounts. When managing cloud identities, every person in your organization has a separate user account name and password. If you want to integrate with your on-premises infrastructure and have user accounts synchronized with Microsoft 365, you can use Azure AD Connect to provide synchronization of identities and passwords for single sign-on (SSO) functionality.
+As soon as you purchase Microsoft 365, the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> and PowerShell can be used to manage accounts. When managing cloud identities, every person in your organization has a separate user account name and password. If you want to integrate with your on-premises infrastructure and have user accounts synchronized with Microsoft 365, you can use Azure AD Connect to provide synchronization of identities and passwords for single sign-on (SSO) functionality.
## Plan for where and how you will manage your user accounts
Where and how you can manage your user accounts depends on the identity model yo
### Cloud-only
-You create and manage users in the Microsoft 365 admin center. You can also use PowerShell or the Azure AD admin center.
+You create and manage users in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. You can also use PowerShell or the Azure AD admin center.
### Hybrid
The following table lists the different account management tools.
|Directory synchronization <br/> |[Integrating your on-premises identities with Azure AD](/azure/active-directory/hybrid/whatis-hybrid-identity) <br/> For directory synchronization with or without password synchronization, use [Azure AD Connect with express settings](/azure/active-directory/hybrid/how-to-connect-install-express). <br/> For multiple forests and SSO options, use [Custom Installation of Azure AD Connect](/azure/active-directory/hybrid/how-to-connect-install-custom). <br/> Provides the infrastructure that's necessary to enable SSO. <br/> Required for many hybrid scenarios such as staged migration and hybrid Exchange <br/> Synchronizes security and mail-enabled groups from your AD DS. <br/> | ||| -- Regardless of how you intend to add the user accounts to Microsoft 365, you need to manage several account features, such as assigning licenses, specifying location, and so on. These features can be managed long-term from the Microsoft 365 admin center or you can also [create user accounts with PowerShell](./create-user-accounts-with-microsoft-365-powershell.md).
+- Regardless of how you intend to add the user accounts to Microsoft 365, you need to manage several account features, such as assigning licenses, specifying location, and so on. These features can be managed long-term from the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> or you can also [create user accounts with PowerShell](./create-user-accounts-with-microsoft-365-powershell.md).
If you choose to add and manage all your users through the admin center, you will specify the location and assign licenses at the same time as creating the Microsoft 365 account. As a result, not much planning is required.
enterprise Manage Microsoft 365 Groups With Powershell https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/manage-microsoft-365-groups-with-powershell.md
f1.keywords:
- Adm_O365 - seo-marvel-apr2020
+ - admindeeplinkMAC
search.appverid: - MET150 - MOE150
Set-UnifiedGroup -Identity "MailaTip Group" -MailTip "This group has a MailTip"
## Change the display name of the Microsoft 365 Group
-The display name specifies the name of the Microsoft 365 Group. You can see this name in your exchange admin center or Microsoft 365 admin center. You can edit the display name of the group or assign a display name to an existing Microsoft 365 Group by running the Set-UnifiedGroup command:
+The display name specifies the name of the Microsoft 365 Group. You can see this name in your exchange admin center or <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>. You can edit the display name of the group or assign a display name to an existing Microsoft 365 Group by running the Set-UnifiedGroup command:
```powershell Set-UnifiedGroup -Identity "mygroup@contoso.com" -DisplayName "My new group"
enterprise Microsoft 365 Exchange Monitoring https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-exchange-monitoring.md
search.appverid:
- Ent_O365 - Strat_O365_Enterprise+ f1.keywords: - NOCSH description: "Use Exchange Online monitoring for information about email incidents or advisories in Microsoft 365."
description: "Use Exchange Online monitoring for information about email inciden
# Exchange Online monitoring for Microsoft 365
-You can use Exchange Online monitoring in the Microsoft 365 admin center to monitor the health of the Exchange service for your organization's Microsoft 365 subscription. Exchange Online monitoring provides you with information about incidents and advisories that are collected in these categories:
+You can use Exchange Online monitoring in the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> to monitor the health of the Exchange service for your organization's Microsoft 365 subscription. Exchange Online monitoring provides you with information about incidents and advisories that are collected in these categories:
- **Infrastructure**: Issue is detected in the Microsoft 365 infrastructure that Microsoft owns for providing regular updates and resolving the issue. For example, users cannot access Exchange Online because of issues with Exchange or other Microsoft 365 cloud infrastructure. - **Third-party infrastructure**: Issue is detected in third-party infrastructure on which your organization has taken a dependency and requires action from your organization for resolution. For example, user authentication transactions are getting throttled by a third-party security token service (STS) provider that prevents users from connecting to Exchange Online. - **Customer infrastructure**: Issue is detected in your organization's infrastructure and requires action from your organization for resolution. For example, users cannot access Exchange Online because they are unable to obtain an authentication token from STS provider hosted by your organization because of an expired certificate.
-Here is an example of the **Service health** page in the Microsoft 365 admin center, available from **Health > Service health** for organization scenarios.
+Here is an example of the **Service health** page in the Microsoft 365 admin center, available from **Health** > [**Service health**](https://go.microsoft.com/fwlink/p/?linkid=842900) for organization scenarios.
![The Service health page in the Microsoft 365 admin center.](../media/microsoft-365-exchange-monitoring/service-health-dashboard-example.png)
The value of the **Health** column under **Issues in your organization** indicat
The value of the **Health** column under **Microsoft service health** indicates that the service is healthy or has advisories or incidents based on the cloud services that Microsoft maintains.
-Here is an example of the Exchange Online monitoring page in the Microsoft 365 admin center that shows the health of organization-level scenarios, available from **Health > Service health > Exchange Online**.
+Here is an example of the Exchange Online monitoring page in the Microsoft 365 admin center that shows the health of organization-level scenarios, available from **Health** > [**Service health**](https://go.microsoft.com/fwlink/p/?linkid=842900) > **Exchange Online**.
![The Exchange Online monitoring page in the Microsoft 365 admin center.](../media/microsoft-365-exchange-monitoring/exchange-monitoring-example.png)
With the **Exchange Online** monitoring page, you can see whether the Exchange O
## Requirements
-This preview is enabled for customers who meet these requirements:
+This preview is enabled for customers who meet these requirements:
- Your organization needs to have a license count of at least 5,000 from one or a combination of these products: Office 365 E3, Microsoft 365 E3, Office 365 E5, Microsoft 365 E5. For example, your organization can have 3,000 Office 365 E3 licenses and 2,500 Microsoft 365 E5, for a total of 5,500 licenses from the qualifying products. -- Your organization needs to have at least 50 monthly active Exchange Online users.
+- Your organization needs to have at least 50 monthly active users for one or more core Microsoft 365 services, which include Microsoft Teams, OneDrive for Business, SharePoint Online, Exchange Online, and Office apps.
- Any role with Service Health Dashboard level permissions can access Exchange Online Monitoring. For more information, see [How to check Microsoft 365 service health](view-service-health.md).
There are two ways you can provide feedback:
#### 1. Why don't I see "Exchange Online monitoring" under Health in the Microsoft 365 admin center?
-First, make sure you've enabled the new admin center on the **Home** page of the Microsoft 365 admin center.
+First, make sure you've enabled the new admin center on the **Home** page of the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>.
Then make sure you meet both of the following requirements:
If the license count for your organization falls below 5,000 users and the month
#### 2. The active user count in the dashboard for each client appears to be low. We have a lot of active licenses assigned to users. What does this mean?
-The active user count shown in monitoring is based on a 30-minute window where users have performed the activity called out in the feature. This shouldn't be confused with usage numbers. To view usage numbers, use activity reports in the Microsoft 365 admin center (**Reports > Usage**).
+The active user count shown in monitoring is based on a 30-minute window where users have performed the activity called out in the feature. This shouldn't be confused with usage numbers. To view usage numbers, use activity reports in the Microsoft 365 admin center (**Reports** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">**Usage**</a>).
#### 3. Will there be other monitoring scenarios for other services such as Teams and SharePoint?
Microsoft is integrating this experience directly inside the Service Health dash
#### 4. What is the plan for general availability of this experience?
-Microsoft has integrated Exchange Online monitoring directly on the **Service Health** dashboard in the Microsoft 365 admin center.
+Microsoft has integrated Exchange Online monitoring directly on the <a href="https://go.microsoft.com/fwlink/p/?linkid=842900" target="_blank">**Service Health** dashboard</a> in the Microsoft 365 admin center.
With this new integrated experience, Microsoft's plan is to collect your feedback and then define our plan for general availability.
enterprise Microsoft 365 Mailbox Utilization Service Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-mailbox-utilization-service-alerts.md
search.appverid:
- Ent_O365 - Strat_O365_Enterprise+ f1.keywords: - NOCSH description: "Use mailbox utilization service alerts to monitor mailboxes on hold that are reaching their mailbox quota."
description: "Use mailbox utilization service alerts to monitor mailboxes on hol
We've released a new Exchange Online service alert that informs you of mailboxes that are on hold that are at risk of reaching or exceeding their quota. These service alerts provide visibility to the number of mailboxes in your organization that may require admin intervention.
-These service alerts are displayed in the Microsoft 365 admin center. To view these service alerts, go to **Health** > **Service health** > **Exchange Online** and then click the **Active issues** tab. Here's an example of a mailbox utilization service alert.
+These service alerts are displayed in the Microsoft 365 admin center. To view these service alerts, go to **Health** > <a href="https://go.microsoft.com/fwlink/p/?linkid=842900" target="_blank">**Service health**</a> > **Exchange Online** and then click the **Active issues** tab. Here's an example of a mailbox utilization service alert.
![Mailbox utilization service alert](../media/MailboxUtilizationServiceAlert.png)
enterprise Microsoft 365 Service Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-service-health.md
search.appverid:
- Ent_O365 - Strat_O365_Enterprise+ f1.keywords: - NOCSH description: "Microsoft 365 service health status"
This information includes network issues that affect all of our software as serv
_There might be delays in the updates to this page. We are updating it manually while we build a more automated solution._
-When we detect significant issues within Microsoft's global network or with internet connectivity between our customers and Microsoft's network, we will post that information here. We recommend that customers continue to use the Microsoft 365 admin center Service Health dashboard to understand the impact of any significant network issues on their tenant, as we provide much more detailed and targeted information there.
+When we detect significant issues within Microsoft's global network or with internet connectivity between our customers and Microsoft's network, we will post that information here. We recommend that customers continue to use the Microsoft 365 admin center <a href="https://go.microsoft.com/fwlink/p/?linkid=842900" target="_blank">Service Health dashboard</a> to understand the impact of any significant network issues on their tenant, as we provide much more detailed and targeted information there.
## Current network issues
enterprise Ms Cloud Germany Migration Opt In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-migration-opt-in.md
f1.keywords:
- CSH - Ent_TLGs
+- admindeeplinkMAC
ms.assetid: 706d5449-45e5-4b0c-a012-ab60501899ad description: "Summary: "
description: "Summary: "
## How to request migration
-If you were an eligible customer with your service provisioned in Microsoft Cloud Germany (Microsoft Cloud Deutschland) and you had signed in as a tenant (global) administrator, a page in the Microsoft 365 admin center allowed you to opt-in for migration. The Opt-In page in the Microsoft 365 admin center no longer allows for enrollment, however the process is outlined below for reference purposes.
+If you were an eligible customer with your service provisioned in Microsoft Cloud Germany (Microsoft Cloud Deutschland) and you had signed in as a tenant (global) administrator, a page in the <a href="https://go.microsoft.com/fwlink/p/?linkid=848041" target="_blank">Microsoft 365 admin center</a> allowed you to opt-in for migration. The Opt-In page in the Microsoft 365 admin center no longer allows for enrollment, however the process is outlined below for reference purposes.
To access the page, expand **Settings** in the navigation pane on the left, and then click **Organization Profile**.
The Online Services Terms have changed to include terms that will enable Microso
The customer tenant administrator will receive a notice in e-mail and the Message Center advising that opt-in to migration will happen automatically for a Microsoft-assisted migration. This notice will be sent at least 30 days prior to the automatic opt-in. After migration opt-in, all communications and status updates are sent to customer tenant administrators in the Message Center.
-Customer and partner tenant administrators are encouraged to opt-in for migration in the Microsoft 365 admin center so the migration process can begin as soon as possible.
+Customer and partner tenant administrators are encouraged to opt-in for migration in the <a href="https://go.microsoft.com/fwlink/p/?linkid=848041" target="_blank">Microsoft 365 admin center</a> so the migration process can begin as soon as possible.
## Next step
enterprise Ms Cloud Germany Transition https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/ms-cloud-germany-transition.md
f1.keywords:
- CSH - Ent_TLGs
+- admindeeplinkMAC
ms.assetid: 706d5449-45e5-4b0c-a012-ab60501899ad description: "Summary: Understand the migration from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter region."
This figure shows the ten phases of migration to the new German datacenters.
:::image type="content" alt-text="The ten phases of migration to the new Germany datacenters." source="../media/ms-cloud-germany-migration-opt-in/migration-organization.png" lightbox="../media/ms-cloud-germany-migration-opt-in/migration-organization.png":::
-These phases start when you [opt-in for migration](./ms-cloud-germany-migration-opt-in.md). Most of the migration phases are executed as back-end service operations with minimal customer interaction required and are executed one phase after the other. The start for additional customer-led tasks and overall migration status will be communicated through the Message center of the Microsoft 365 admin center during the migration process. Example of tasks may include customer-managed DNS updates, reconfiguration of hybrid setup for Exchange hybrid customers, or Azure migration.
+These phases start when you [opt-in for migration](./ms-cloud-germany-migration-opt-in.md). Most of the migration phases are executed as back-end service operations with minimal customer interaction required and are executed one phase after the other. The start for additional customer-led tasks and overall migration status will be communicated through the Message center of the <a href="https://go.microsoft.com/fwlink/p/?linkid=848041" target="_blank">Microsoft 365 admin center</a> during the migration process. Example of tasks may include customer-managed DNS updates, reconfiguration of hybrid setup for Exchange hybrid customers, or Azure migration.
Migration does not immediately begin when opt-in occurs. Your organization is added to the list of tenants that are scheduled for later migration. You can begin the pre-work phases now as these are critical to ensure successful migration and usage upon completion:
After the final cutover of Azure AD to the worldwide service, it is expected all
## Moving to the new German datacenter regions
-Existing Microsoft Cloud Deutschland customers can now begin to migrate their Office 365, Dynamics 365 Customer Engagement, and Power Platform services. The first step is to [opt-in to a Microsoft-led migration](./ms-cloud-germany-migration-opt-in.md) to our new German datacenter regions. When you renew your subscription, you automatically opt-in for a Microsoft-assisted migration. Microsoft will notify customer tenant administrators with e-mail and in the Message center of the Microsoft 365 admin center when this has happened. However, if you prefer to start the process now, you can [opt-in](./ms-cloud-germany-migration-opt-in.md) directly in Microsoft 365 admin center today. Migrations are expected to begin in early 2021 and will be completed by October 29, 2021.
+Existing Microsoft Cloud Deutschland customers can now begin to migrate their Office 365, Dynamics 365 Customer Engagement, and Power Platform services. The first step is to [opt-in to a Microsoft-led migration](./ms-cloud-germany-migration-opt-in.md) to our new German datacenter regions. When you renew your subscription, you automatically opt-in for a Microsoft-assisted migration. Microsoft will notify customer tenant administrators with e-mail and in the Message center of the <a href="https://go.microsoft.com/fwlink/p/?linkid=848041" target="_blank">Microsoft 365 admin center</a> when this has happened. However, if you prefer to start the process now, you can [opt-in](./ms-cloud-germany-migration-opt-in.md) directly in <a href="https://go.microsoft.com/fwlink/p/?linkid=848041" target="_blank">Microsoft 365 admin center</a> today. Migrations are expected to begin in early 2021 and will be completed by October 29, 2021.
As a result of the migration, core customer data and subscriptions are moved to the new German datacenter regions.
enterprise Multi Factor Authentication Microsoft 365 Test Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/multi-factor-authentication-microsoft-365-test-environment.md
- TLG - Ent_TLGs - seo-marvel-apr2020
+- admindeeplinkMAC
description: "Configure multi-factor authentication using text messages sent to a smart phone in your Microsoft 365 for enterprise test environment."
Enable multi-factor authentication for the User 2 account with these steps:
1. Open a separate, private instance of your browser, go to the Microsoft 365 admin center ([https://portal.microsoft.com](https://portal.microsoft.com)), and then sign in with your global administrator account.
-2. In the left navigation, select **Users** > **Active users**.
+2. In the left navigation, select **Users** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834822" target="_blank">**Active users**</a>.
3. In the Active users pane, select **Multi-factor authentication**.
In this phase, you enable multi-factor authentication for the User 3 account usi
Next, create a new group named MFAUsers and add the User 3 account to it.
-1. On the **Microsoft 365 admin center** tab, select **Groups** in the left navigation, and then select **Groups**.
+1. On the **Microsoft 365 admin center** tab, select **Groups** in the left navigation, and then select <a href="https://go.microsoft.com/fwlink/p/?linkid=2052855" target="_blank">**Groups**</a>.
2. Select **Add a group**. 3. In the **Choose a group type** pane, select **Security**, and then select **Next**. 4. In the **Set up the basics** pane, select **Create group**, and then select **Close**.
enterprise O365 Data Locations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/o365-data-locations.md
- Strat_O365_Enterprise - Ent_TLGs
+- admindeeplinkMAC
ms.assetid: 706d5449-45e5-4b0c-a012-ab60501899ad description: "Determine where your Microsoft 365 customer data is stored worldwide"
The tables below shows where customer data is stored at-rest for Microsoft 365 s
If your business is located in the European Union, see [Data locations for the European Union](EU-data-storage-locations.md) for more information.
-Customers should view tenant specific data location information in your Microsoft 365 Admin Center in **Settings | Org settings | Organization Profile | Data location**. If you [requested to move to a new Geo](request-your-data-move.md), the data location information in the Microsoft 365 admin center may show only your new Geo even though some data may be stored temporarily in your prior Geo during the transition.
+Customers should view tenant specific data location information in your Microsoft 365 admin center in **Settings** > **Org settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2067339" target="_blank">**Organization profile** tab</a> > **Data location**. If you [requested to move to a new Geo](request-your-data-move.md), the data location information in the Microsoft 365 admin center may show only your new Geo even though some data may be stored temporarily in your prior Geo during the transition.
New Microsoft 365 tenants are defaulted to Geo based on the country of the transaction associated with that tenant's first subscription.
enterprise Office 365 Network Mac Location Services https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/office-365-network-mac-location-services.md
search.appverid:
- Ent_O365 - Strat_O365_Enterprise+ description: "Microsoft 365 Network Connectivity Location Services" # Microsoft 365 Network Connectivity Location Services
-The Microsoft 365 Admin Center now shows **Network Insights and performance recommendations**, which are live performance metrics that are collected from your Microsoft 365 tenant. These metrics can be viewed only by administrative users in your tenant. Organizational network connectivity is designed per office location through a network egress location to the Internet. Microsoft 365 client connectivity uses that route and then across the Internet to Microsoft service front door servers. Identifying office locations is key to being able to show these network insights.
+The <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> now shows **Network Insights and performance recommendations**, which are live performance metrics that are collected from your Microsoft 365 tenant. These metrics can be viewed only by administrative users in your tenant. Organizational network connectivity is designed per office location through a network egress location to the Internet. Microsoft 365 client connectivity uses that route and then across the Internet to Microsoft service front door servers. Identifying office locations is key to being able to show these network insights.
## Location in network measurements
An organization's administrator can opt in for location to be included in the ne
## Location in the Microsoft 365 Admin Center
-In the Microsoft 365 Admin Center, Bing map controls are used to show where organization office locations are. The controls also show network perimeter topology for a selected office location. When an administrator adds specific address details for office locations, Bing Maps is also used to suggest addresses to make data entry easier.
+In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, Bing map controls are used to show where organization office locations are. The controls also show network perimeter topology for a selected office location. When an administrator adds specific address details for office locations, Bing Maps is also used to suggest addresses to make data entry easier.
## Terms of Use
-Any content provided through Bing Maps, including geocodes, can only be used within the product through which the content is provided. Customer's use of the Microsoft 365 Admin Center Location Services feature, powered by Bing Maps, is governed by the _Bing Maps End-User Terms of Use_ available at <https://go.microsoft.com/?linkid=9710837> and the [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?LinkID=248686).
+Any content provided through Bing Maps, including geocodes, can only be used within the product through which the content is provided. Customer's use of the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a> Location Services feature, powered by Bing Maps, is governed by the _Bing Maps End-User Terms of Use_ available at <https://go.microsoft.com/?linkid=9710837> and the [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?LinkID=248686).
This feature, provided through Bing Maps, is also supported by **TomTom**. More information about TomTom's products and services may be found at [https://www.tomtom.com/legal](https://www.tomtom.com/legal).
security Common Exclusion Mistakes Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus.md
ms.technology: mde Previously updated : 06/15/2021 Last updated : 08/31/2021 # Common mistakes to avoid when defining exclusions
In general, do not define exclusions for the following folder locations:
`C:\Windows\Temp\*`
+#### Linux and macOS Platforms
+
+`/`
+
+`/bin`
+
+`/sbin`
+
+`/usr/lib`
++ ### File extensions In general, do not define exclusions for the following file extensions:
In general, do not define exclusions for the following processes:
`windbg.exe`
+#### Linux and macOS Platforms
+
+`bash`
+
+`sh`
+
+`python` and `python3`
+
+`java`
+
+`zsh`
+ > [!NOTE] > You can choose to exclude file types, such as `.gif`, `.jpg`, `.jpeg`, or `.png` if your environment has a modern, up-to-date software with a strict update policy to handle any vulnerabilities. ## Using just the file name in the exclusion list
-A malware may have the same name as that of the file that you trust and want to exclude from scanning. Therefore, to avoid excluding a potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude `Filename.exe` from scanning, use the complete path to the file, such as `C:\program files\contoso\Filename.exe`.
+Malware might have the same name as that of a file that you trust and want to exclude from scanning. Therefore, to avoid excluding potential malware from scanning, use a fully qualified path to the file that you want to exclude instead of using just the file name. For example, if you want to exclude `Filename.exe` from scanning, use the complete path to the file, such as `C:\program files\contoso\Filename.exe`.
## Using a single exclusion list for multiple server workloads
security Configure Arcsight https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-arcsight.md
The following steps assume that you have completed all the required steps in [Be
|Field|Value| ||| |Configuration File|Type in the name of the client property file. The name must match the file provided in the .zip that you downloaded. <p> For example, if the configuration file in "flexagent" directory is named "WDATP-Connector.jsonparser.properties", you must type "WDATP-Connector" as the name of the client property file.|
- |Events URL|Depending on the location of your datacenter, select either the EU or the US URL: <ul><li>**For EU**: `https://<i></i>wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME`</li><li>**For US**: `https://<i></i>wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME`</li><li>**For UK**: `https://<i></i>wdatp-alertexporter-uk.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME`</li></ul>|
+ |Events URL|Depending on the location of your datacenter, select either the EU, the US, or the UK URL: <ul><li>**For EU**: `https://wdatp-alertexporter-eu.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME`</li><li>**For US**: `https://wdatp-alertexporter-us.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME`</li><li>**For UK**: `https://wdatp-alertexporter-uk.windows.com/api/alerts/?sinceTimeUtc=$START_AT_TIME`</li></ul>|
|Authentication Type|OAuth 2| |OAuth 2 Client Properties file|Browse to the location of the *wdatp-connector.properties* file. The name must match the file provided in the .zip that you downloaded.| |Refresh Token|You can obtain a refresh token in two ways: by generating a refresh token from the **SIEM settings** page or using the restutil tool. <p> For more information on generating a refresh token from the **Preferences setup** , see [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md). <p> **Get your refresh token using the restutil tool**: <ol><li>Open a command prompt. Navigate to C:\\*folder\_location*\current\bin where *folder\_location* represents the location where you installed the tool.</li><li>Type: `arcsight restutil token -config` from the bin directory. For example: **arcsight restutil boxtoken -proxy proxy.location.hp.com:8080**. A Web browser window will open.</li><li>Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials.</li><li>A refresh token is shown in the command prompt.</li><li>Copy and paste it into the **Refresh Token** field.|
security Manage Protection Updates Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus.md
The older the updates on an endpoint, the larger the download will be. However,
There are five locations where you can specify where an endpoint should obtain updates: - [Microsoft Update](https://support.microsoft.com/help/12373/windows-update-faq)-- [Windows Server Update Service](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) (Intune Internal Definition Update Server - If you use SCCM/SUP to get definition updates for Microsoft Defender Antivirus, and need to access Windows Update on blocked on client devices, you can transition to co-management and offload the endpoint protection workload to Intune. In the AntiMalware policy configured in Intune there is an option for 'internal definition update server' which can be configured to use on-premises WSUS as the update source)
+- [Windows Server Update Service](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) <sup>[[1](#fn1)]<sup></sup>
- [Microsoft Endpoint Configuration Manager](/configmgr/core/servers/manage/updates) - [Network file share](#unc-share)-- [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/wdsi/defenderupdates) (Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.)
+- [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/wdsi/defenderupdates) <sup>[[2](#fn1)]<sup></sup>
+
+ (<a id="fn1">1</a>) Intune Internal Definition Update Server - If you use SCCM/SUP to get definition updates for Microsoft Defender Antivirus, and need to access Windows Update on blocked on client devices, you can transition to co-management and offload the endpoint protection workload to Intune. In the AntiMalware policy configured in Intune there is an option for 'internal definition update server' which can be configured to use on-premises WSUS as the update source. This helps you control which updates from the official WU server are approved for the enterprise, and also help proxy and save network traffic to the official Windows UPdates network.
+
+ (<a id="fn1">2</a>) Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.
To ensure the best level of protection, Microsoft Update allows for rapid releases, which means smaller downloads on a frequent basis. The Windows Server Update Service, Microsoft Endpoint Configuration Manager, and Microsoft security intelligence updates sources deliver less frequent updates. Thus, the delta can be larger, resulting in larger downloads.
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/preview.md
Turn on the preview experience setting to be among the first to try upcoming fea
2. Toggle the setting between **On** and **Off** and select **Save preferences**.
-## Preview features
-
-The following features are included in the preview release:
--- [Web Content Filtering](web-content-filtering.md)-
- Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
--- [Device health and compliance report](machine-reports.md)-
- The device health and compliance report provides high-level information about the devices in your organization.
- > [!TIP] > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-preview-belowfoldlink)
security Whats New In Microsoft Defender Atp https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-atp.md
ms.technology: mde
> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-pullalerts-abovefoldlink)
-The following features are generally available (GA) in the latest release of Microsoft Defender for Endpoint and security features in Windows 10 and Windows Server.
+The following features are in preview or generally available (GA) in the latest release of Microsoft Defender for Endpoint and security features in Windows 10 and Windows Server.
For more information on preview features, see [Preview features](preview.md).
For more information on preview features, see [Preview features](preview.md).
> https://docs.microsoft.com/api/search/rss?search=%22features+are+generally+available+%28GA%29+in+the+latest+release+of+Microsoft+Defender+for+Endpoint%22&locale=en-us&facet= > ``` +
+For more information on what's new with other Microsoft Defender security products see:
+
+- [What's new in Microsoft 365 Defender](../defender/whats-new.md)
+- [What's new in Microsoft Defender for Office 365](../office-365-security/whats-new-in-defender-for-office-365.md)
+- [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
+- [What's new in Microsoft Cloud App Security](/cloud-app-security/release-notes)
+
+For more information on Microsoft Defender for Endpoint on other operating systems:
+- [What's new in Defender for Endpoint on macOS](mac-whatsnew.md)
+- [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)
+- [What's new in Defender for Endpoint on Linux](linux-whatsnew.md)
++ ## August 2021 -- [Microsoft Defender for Endpoint Plan 1 (preview)](defender-endpoint-plan-1.md) <br/>Defender for Endpoint Plan 1 (preview) is an endpoint protection solution that includes next-generation protection, attack surface reduction, centralized management and reporting, and APIs. Defender for Endpoint Plan 1 (preview) is a new offering for customers who want to try our endpoint protection capabilities, have Microsoft 365 E3, and do not yet have Microsoft 365 E5.
+- (Preview) [Microsoft Defender for Endpoint Plan 1 ](defender-endpoint-plan-1.md) <br/>Defender for Endpoint Plan 1 (preview) is an endpoint protection solution that includes next-generation protection, attack surface reduction, centralized management and reporting, and APIs. Defender for Endpoint Plan 1 (preview) is a new offering for customers who want to try our endpoint protection capabilities, have Microsoft 365 E3, and do not yet have Microsoft 365 E5.
To learn more, see [Microsoft Defender for Endpoint Plan 1 (preview)](defender-endpoint-plan-1.md). Existing [Defender for Endpoint](microsoft-defender-endpoint.md) capabilities will be known as Defender for Endpoint Plan 2.
+- (Preview) [Web Content Filtering](web-content-filtering.md)<br> Web content filtering is part of web protection capabilities in Microsoft Defender for Endpoint. It enables your organization to track and regulate access to websites based on their content categories. Many of these websites, while not malicious, might be problematic because of compliance regulations, bandwidth usage, or other concerns.
+
+## July 2021
+
+- (Preview) [Device health and compliance report](machine-reports.md) <br> The device health and compliance report provides high-level information about the devices in your organization.
+ ## June 2021 - [Delta export software vulnerabilities assessment](get-assessment-methods-properties.md#31-methods) API <br> An addition to the [Export assessments of vulnerabilities and secure configurations](get-assessment-methods-properties.md) API collection. <br> Unlike the full software vulnerabilities assessment (JSON response) - which is used to obtain an entire snapshot of the software vulnerabilities assessment of your organization by device - the delta export API call is used to fetch only the changes that have happened between a selected date and the current date (the "delta" API call). Instead of getting a full export with a large amount of data every time, you'll only get specific information on new, fixed, and updated vulnerabilities. Delta export API call can also be used to calculate different KPIs such as "how many vulnerabilities were fixed" or "how many new vulnerabilities were added to an organization."
For more information on preview features, see [Preview features](preview.md).
## January 2021 - [Windows Virtual Desktop](https://azure.microsoft.com/services/virtual-desktop/) <br> Microsoft Defender for Endpoint now adds support for Windows Virtual Desktop.-
-## December 2020
--- [Microsoft Defender for Endpoint on iOS](microsoft-defender-endpoint-ios.md) <br> Microsoft Defender for Endpoint now adds support for iOS. Learn how to install, configure, update, and use Microsoft Defender for Endpoint on iOS.-
-## September 2020
--- [Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md) <br> Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, update, and use Microsoft Defender for Endpoint on Android.-- [Threat and vulnerability management macOS support](tvm-supported-os.md)<br> Threat and vulnerability management for macOS is now in public preview, and will continuously detect vulnerabilities on your macOS devices to help you prioritize remediation by focusing on risk. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-adds-depth-and-breadth-to-threat/ba-p/1695824).-
-## August 2020
--- [Microsoft Defender for Endpoint on Android](microsoft-defender-endpoint-android.md) <br> Microsoft Defender for Endpoint now adds support for Android. Learn how to install, configure, and use Microsoft Defender for Endpoint on Android.-
-## July 2020
--- [Create indicators for certificates](manage-indicators.md) <br> Create indicators to allow or block certificates.-
-## June 2020
--- [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md) <br> Microsoft Defender for Endpoint now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender for Endpoint on Linux.--- [Attack simulators in the evaluation lab](evaluation-lab.md#threat-simulator-scenarios) <br> Microsoft Defender for Endpoint has partnered with various threat simulation platforms to give you convenient access to test the capabilities of the platform within the portal.-
-## April 2020
--- [Threat & Vulnerability Management API support](exposed-apis-list.md) <BR>Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and device vulnerability inventory, software version distribution, device vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615).-
-## November-December 2019
--- [Microsoft Defender for Endpoint on macOS](microsoft-defender-endpoint-mac.md) <BR> Microsoft Defender for Endpoint on macOS brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices, including [endpoint detection and response](microsoft-defender-endpoint-mac.md).--- [Threat & Vulnerability Management application and application version end-of-life information](tvm-security-recommendation.md) <BR>Applications and application versions that have reached their end-of-life are tagged or labeled as such so that you are aware they will no longer be supported. You can then take action to either uninstall or replace such applications. Doing so will help lessen the risks related to various vulnerability exposures due to unpatched applications.--- [Threat & Vulnerability Management Advanced Hunting Schemas](advanced-hunting-schema-reference.md) <BR>Use the Threat & Vulnerability Management tables in the Advanced hunting schema to query about software inventory, vulnerability knowledgebase, security configuration assessment, and security configuration knowledgebase.---- [Device health and compliance report](machine-reports.md) <br/> The device health and compliance report provides high-level information about the devices in your organization.-
-## October 2019
--- [Indicators for IP addresses, URLs/Domains](manage-indicators.md) <BR> You can now allow or block URLs/domains using your own threat intelligence.--- [Microsoft Threat Experts - Experts on Demand](microsoft-threat-experts.md) <BR> You now have the option to consult with Microsoft Threat Experts from several places in the portal to help you in the context of your investigation.--- [Connected Azure AD applications](connected-applications.md)<br> The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender for Endpoint in your organization.--- [API Explorer](api-explorer.md)<br> The API explorer makes it easy to construct and perform API queries, test, and send requests for any available Microsoft Defender for Endpoint API endpoint.-
-## September 2019
--- [Tamper Protection settings using Intune](prevent-changes-to-security-settings-with-tamper-protection.md) <br/> You can now turn on Tamper Protection (or off) for your organization in the Microsoft 365 Device Management Portal (Intune).--- [Live response](live-response.md) <BR> Get instantaneous access to a device using a remote shell connection. Do in-depth investigative work and take immediate response actions to promptly contain identified threats - real time.--- [Evaluation lab](evaluation-lab.md) <BR> The Microsoft Defender for Endpoint evaluation lab is designed to eliminate the complexities of device and environment configuration so that you can
- focus on evaluating the capabilities of the platform, running simulations, and seeing the prevention, detection, and remediation features in action.
--- [Windows Server 2008 R2 SP1](configure-server-endpoints.md) <BR> You can now onboard Windows Server 2008 R2 SP1.-
-## June 2019
--- [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) <BR> A new built-in capability that uses a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.--- [Device health and compliance report](machine-reports.md) The device health and compliance report provides high-level information about the devices in your organization.-
-## May 2019
--- [Threat protection reports](threat-protection-reports.md)<BR>The threat protection report provides high-level information about alerts generated in your organization.--- [Microsoft Threat Experts](microsoft-threat-experts.md)<BR> Microsoft Threat Experts is the new managed threat hunting service in Microsoft Defender for Endpoint that provides proactive hunting, prioritization, and more context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately. It provides another layer of expertise and optics that Microsoft customers can utilize to augment security operation capabilities as part of Microsoft 365.--- [Indicators](ti-indicator.md) <BR> APIs for indicators are now generally available.--- [Interoperability](partner-applications.md) <BR> Microsoft Defender for Endpoint supports third-party applications to help enhance the detection, investigation, and threat intelligence capabilities of the platform.-
-## April 2019
--- [Microsoft Threat Experts Targeted Attack Notification capability](microsoft-threat-experts.md) <BR> Microsoft Threat Experts' Targeted Attack Notification alerts are tailored to organizations to provide as much information as can be quickly delivered thus bringing attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.--- [Microsoft Defender for Endpoint API](apis-intro.md) <BR> Microsoft Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender for Endpoint capabilities.-
-## February 2019
--- [Incidents](view-incidents-queue.md) <BR> Incident is a new entity in Microsoft Defender for Endpoint that brings together all relevant alerts and related entities to narrate the broader attack story, giving analysts better perspective on the purview of complex threats.--- [Onboard previous versions of Windows](onboard-downlevel.md)<BR> Onboard supported versions of Windows devices so that they can send sensor data to the Microsoft Defender for Endpoint sensor.-
-## October 2018
--- [Attack surface reduction rules](attack-surface-reduction.md)<BR>All Attack surface reduction rules are now supported on Windows Server 2019.--- [Controlled folder access](enable-controlled-folders.md)<BR> Controlled folder access is now supported on Windows Server 2019.--- [Custom detection](manage-indicators.md)<BR>With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. This can be done by leveraging the power of advanced hunting through the creation of custom detection rules.--- [Integration with Azure Defender](configure-server-endpoints.md)<BR> Microsoft Defender for Endpoint integrates with Azure Defender to provide a comprehensive server protection solution. With this integration Azure Defender can leverage the power of Microsoft Defender for Endpoint to provide improved threat detection for Windows Servers.--- [Managed security service provider (MSSP) support](mssp-support.md)<BR> Microsoft Defender for Endpoint adds support for this scenario by providing MSSP integration. The integration will allow MSSPs to take the following actions: Get access to MSSP customer's Microsoft Defender Security Center portal, fetch email notifications, and fetch alerts through security information and event management (SIEM) tools.--- [Removable device control](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/19/windows-defender-atp-has-protections-for-usb-and-removable-devices/)<BR>Microsoft Defender for Endpoint provides multiple monitoring and control features to help prevent threats from removable devices, including new settings to allow or block specific hardware IDs.--- [Support for iOS and Android devices](configure-endpoints-non-windows.md)<BR> iOS and Android devices are now supported and can be onboarded to the service.--- [Threat analytics](threat-analytics.md)<BR>
-Threat Analytics is a set of interactive reports published by the Microsoft Defender for Endpoint research team as soon as emerging threats and outbreaks are identified. The reports help security operations teams assess impact on their environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
--- New in Windows 10 version 1809, there are two new attack surface reduction rules:
- - Block Adobe Reader from creating child processes
- - Block Office communication application from creating child processes.
--- [Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md)
- - Antimalware Scan Interface (AMSI) was extended to cover Office VBA macros as well. [Office VBA + AMSI: Parting the veil on malicious macros](https://cloudblogs.microsoft.com/microsoftsecure/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/).
- - Microsoft Defender Antivirus, new in Windows 10 version 1809, can now [run within a sandbox](https://www.microsoft.com/security/blog/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox) (preview), increasing its security.
- - [Configure CPU priority settings](configure-advanced-scan-types-microsoft-defender-antivirus.md) for Microsoft Defender Antivirus scans.
-
-## March 2018
--- [Advanced Hunting](advanced-hunting-overview.md)-
- Query data using advanced hunting in Microsoft Defender for Endpoint.
--- [Attack surface reduction rules](/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)-
- New attack surface reduction rules:
-
- - Use advanced protection against ransomware
- - Block credential stealing from the Windows local security authority subsystem (lsass.exe)
- - Block process creations originating from PSExec and WMI commands
- - Block untrusted and unsigned processes that run from USB
- - Block executable content from email client and webmail
--- [Automated investigation and remediation](automated-investigations.md)<BR> Use Automated investigations to investigate and remediate threats.-
- > [!NOTE]
- > Available from Windows 10, version 1803 or later.
--- [Conditional Access](conditional-access.md) <br> Enable conditional access to better protect users, devices, and data.--- [Microsoft Defender for Endpoint Community center](community.md)<BR>
- The Microsoft Defender for Endpoint Community Center is a place where community members can learn, collaborate, and share experiences about the product.
--- [Controlled folder access](enable-controlled-folders.md)<BR>
-You can now block untrusted processes from writing to disk sectors using Controlled Folder Access.
--- [Onboard non-Windows devices](configure-endpoints-non-windows.md)<BR>
- Microsoft Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network.
--- [Role-based access control (RBAC)](rbac.md)<BR>
- Using role-based access control (RBAC), you can create roles and groups within your security operations team to grant appropriate access to the portal.
---- [Microsoft Defender Antivirus](microsoft-defender-antivirus-in-windows-10.md)<BR>
-Microsoft Defender Antivirus now shares detection status between Microsoft 365 services and interoperates with Microsoft Defender for Endpoint. For more information, see [Use next-gen technologies in Microsoft Defender Antivirus through cloud-delivered protection](cloud-protection-microsoft-defender-antivirus.md).
-
- Block at first sight can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files. For more information, see [Enable block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md).
security Incidents Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incidents-overview.md
Title: Incidents in Microsoft 365 Defender
+ Title: Incident response with Microsoft 365 Defender
description: Investigate incidents seen across devices, users, and mailboxes in the Microsoft 365 Defender portal. keywords: incidents, alerts, investigate, analyze, response, correlation, attack, machines, devices, users, identities, identity, mailbox, email, 365, microsoft, m365, incident response, cyber-attack search.product: eADQiWindows 10XVcnh
search.appverid:
ms.technology: m365d
-# Incidents in Microsoft 365 Defender
+# Incident response with Microsoft 365 Defender
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)]
security Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/preview.md
Turn on the preview experience setting to be among the first to try upcoming fea
You'll know you have preview features turned on when you see that the **Turn on preview features** check box is selected.
-## Preview features
-The following features and enhancements are currently available on preview:
-- **[View reports per threat tags](threat-analytics.md#view-reports-per-threat-tags)** - Threat tags help you focus on specific threat categories and review the most relevant reports.-- **[Streaming API](../defender-endpoint/raw-data-export.md)** - Microsoft 365 Defender supports streaming all the events available through Advanced Hunting to an Event Hubs and/or Azure storage account.-- **[Microsoft 365 Defender APIs](api-overview.md)** - The top-level Microsoft 365 Defender APIs will enable you to automate workflows based on the shared incident and advanced hunting tables. -- **[Take action in advanced hunting](advanced-hunting-take-action.md)** - Quickly contain threats or address compromised assets that you find in [advanced hunting](advanced-hunting-overview.md).-- **[In-portal schema reference](advanced-hunting-schema-tables.md#get-schema-information-in-the-security-center)** - Get information about advanced hunting schema tables directly in the security center. In addition to table and column descriptions, this reference includes supported event types (`ActionType` values) and sample queries.-- **[DeviceFromIP() function](advanced-hunting-devicefromip-function.md)** - Get information about which devices have been assigned a specific IP address or addresses at a given time range.++
security Threat Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/threat-analytics.md
Title: Track and respond to emerging threats with threat analytics
+ Title: Threat analytics in Microsoft 365 Defender
description: Learn about emerging threats and attack techniques and how to stop them. Assess their impact to your organization and evaluate your organizational resilience. keywords: threat analytics, risk evaluation, Microsoft 365 Defender, M365D, mitigation status, secure configuration, Microsoft Defender for Office 365, Microsoft Defender for Office 365 threat analytics, MDO threat analytics, integrated MDE and MDO threat analytics data, threat analytics data integration, integrated Microsoft 365 Defender threat analytics
-# Track and respond to emerging threats with threat analytics in Microsoft 365 Defender
+# Threat analytics in Microsoft 365 Defender
[!INCLUDE [Microsoft 365 Defender rebranding](../includes/microsoft-defender.md)]
security Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/whats-new.md
ms.technology: m365d
> Want to experience Microsoft 365 Defender? You can [evaluate it in a lab environment](m365d-evaluation.md?ocid=cx-docs-MTPtriallab) or [run your pilot project in production](m365d-pilot.md?ocid=cx-evalpilot). >
-The following features are generally available (GA) in the latest release of Microsoft 365 Defender.
+The following features are in preview or generally available (GA) in the latest release of Microsoft 365 Defender.
RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader: ```http https://docs.microsoft.com/api/search/rss?search=%22Lists+the+new+features+and+functionality+in+Microsoft+365+defender%22&locale=en-us ```+
+For more information on what's new with other Microsoft Defender security products see:
+
+- [What's new in Microsoft Defender for Office 365](../office-365-security/whats-new-in-defender-for-office-365.md)
+- [What's new in Microsoft Defender for Endpoint](../defender-endpoint/whats-new-in-microsoft-defender-atp.md)
+- [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
+- [What's new in Microsoft Cloud App Security](/cloud-app-security/release-notes)
+++++ ## August 2021 - (Preview) Microsoft Defender for Office 365 data available in advanced hunting <br>New columns in email tables can provide more insight into email-based threats for more thorough investigations using advanced hunting. You can now include the `AuthenticationDetails` column in [EmailEvents](./advanced-hunting-emailevents-table.md), `FileSize` in [EmailAttachmentInfo](./advanced-hunting-emailattachmentinfo-table.md), and `ThreatTypes` and `DetectionMethods` in [EmailPostDeliveryEvents](./advanced-hunting-emailpostdeliveryevents-table.md) tables. -- (Preview) Incident graph-
- A new **Graph** tab on the **Summary** tab of an incident shows the full scope of the attack, how the attack spread through your network over time, where it started, and how far the attacker went.
+- (Preview) Incident graph <br> A new **Graph** tab on the **Summary** tab of an incident shows the full scope of the attack, how the attack spread through your network over time, where it started, and how far the attacker went.
## July 2021 - [Professional services catalog](https://sip.security.microsoft.com/interoperability/professional_services)<br>Enhance the detection, investigation, and threat intelligence capabilities of the platform with supported partner connections.+
+## June 2021
+- (Preview) [View reports per threat tags](threat-analytics.md#view-reports-per-threat-tags)<br> Threat tags help you focus on specific threat categories and review the most relevant reports.
+- (Preview) [Streaming API](../defender-endpoint/raw-data-export.md)<br> Microsoft 365 Defender supports streaming all the events available through Advanced Hunting to an Event Hubs and/or Azure storage account.
+- (Preview) [Take action in advanced hunting](advanced-hunting-take-action.md)<br> Quickly contain threats or address compromised assets that you find in [advanced hunting](advanced-hunting-overview.md).
+- (Preview) [In-portal schema reference](advanced-hunting-schema-tables.md#get-schema-information-in-the-security-center)<br> Get information about advanced hunting schema tables directly in the security center. In addition to table and column descriptions, this reference includes supported event types (`ActionType` values) and sample queries.
+- (Preview) [DeviceFromIP() function](advanced-hunting-devicefromip-function.md)<br> Get information about which devices have been assigned a specific IP address or addresses at a given time range.
## May 2021
https://docs.microsoft.com/api/search/rss?search=%22Lists+the+new+features+and+f
- [CloudAppEvents table](advanced-hunting-cloudappevents-table.md) <br>Find information about events in various cloud apps and services covered by Microsoft Cloud App Security. This table also includes information previously available in `AppFileEvents`. ## February 2021 - (Preview) The enhanced [Microsoft 365 Defender portal (https://security.microsoft.com)](https://security.microsoft.com) is now available in public preview. This new experience brings Defender for Endpoint and Defender for Office 365 to the center. [Learn more about what's changed](./overview-security-center.md).-
-## September 2020
-- [IdentityDirectoryEvents table](advanced-hunting-identitydirectoryevents-table.md) <br> Find events involving an on-premises domain controller running Active Directory (AD). This [advanced hunting](advanced-hunting-overview.md) schema table covers a range of identity-related events and system events on the domain controller.-- [AssignedIPAddresses() function](advanced-hunting-assignedipaddresses-function.md) <br> Use this function in your advanced hunting queries to quickly obtain the latest IP addresses assigned to a device or the most recent IP addresses from a specific time.-
-## July 2020
-- [FileProfile() function](advanced-hunting-fileprofile-function.md) <br> Use this function in your advanced hunting queries to enrich results with comprehensive file information.-- [Identity and app tables](advanced-hunting-schema-tables.md)<br> Get visibility into authentication events, Active Directory queries, and app-related activity with the [IdentityLogonEvents](advanced-hunting-identitylogonevents-table.md), [IdentityQueryEvents](advanced-hunting-identityqueryevents-table.md), and [AppFileEvents](advanced-hunting-appfileevents-table.md) tables in the advanced hunting schema.-- [Go hunt](advanced-hunting-go-hunt.md)<br> Quickly pivot from investigating an incident to inspecting a specific event, a user, a device, or other entity types on advanced hunting.-
-## June 2020
-- Twitter feed <br> Get the latest security research, threat intelligence, product news, and more - right inside the dashboard.-- [EmailPostDeliveryEvents schema table](advanced-hunting-emailpostdeliveryevents-table.md) <br> Incorporate information about post-delivery actions taken on email messages in your advanced hunting queries.-- [Inspect records in advanced hunting](advanced-hunting-query-results.md#drill-down-from-query-results) <br> Quickly inspect records in your query results with the new details panel.-
-## May 2020
-- [Custom detections](custom-detections-overview.md) <br> Use advanced hunting queries to create custom detection rules that automatically monitor for and respond to security events and system states.-
-## February 2020
-- [Incidents](incidents-overview.md) <br> Know exactly where an attack started and other details to help you see the extent of the attack.-- [Automated investigation and response](m365d-autoir.md) <br> AIR enables your security operations team to dramatically increase your organization's capacity to deal with security alerts and incidents.-- [Advanced hunting enhancements](advanced-hunting-overview.md) <br> Proactively hunt for threats across the modern workspace with Kusto Query Language and a security-optimized schema.-
-## March 2019
-- Advanced hunting <br> Landing page to various hunting capabilities that let you proactively find threats affecting email and data, devices, and identities.-- [Microsoft Secure Score](microsoft-secure-score.md) <br> Measurement of an organization's security posture, with a higher number indicating more improvement actions taken. Following the Security Score recommendations can protect your organization from threats. -- [Reports](overview-security-center.md) <br> Features a host of cards covering a variety of areas that security analysts and administrators track as part of their day-to-day operations.
+- **[(Preview) Microsoft 365 Defender APIs](api-overview.md)** - The top-level Microsoft 365 Defender APIs will enable you to automate workflows based on the shared incident and advanced hunting tables.
security Whats New In Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365.md
Learn more by watching [this video](https://www.youtube.com/watch?v=Tdz6KfruDGo&
> [!TIP] > Don't have Microsoft Defender for Office 365 yet? [Contact sales to start a trial](https://info.microsoft.com/ww-landing-M365SMB-web-contact.html). ++
+For more information on what's new with other Microsoft Defender security products see:
+
+- [What's new in Microsoft 365 Defender](../defender/whats-new.md)
+- [What's new in Microsoft Defender for Endpoint](../defender-endpoint/whats-new-in-microsoft-defender-atp.md)
+- [What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
+- [What's new in Microsoft Cloud App Security](/cloud-app-security/release-notes)
++ ## September 2021 - [Quarantine policies](quarantine-policies.md): Admins can configure granular control for recipient access to quarantined messages and customize end-user spam notifications.
Learn more by watching [this video](https://www.youtube.com/watch?v=Tdz6KfruDGo&
- Extending the Explorer (and Real-time detections) data retention and search limit for trial tenants from 7 (previous limit) to 30 days in [hunting experiences](threat-explorer.md) - New hunting pivots called **Impersonated domain** and **Impersonated user** within the Explorer (and Real-time detections) to search for impersonation attacks against protected users or domains. For more information, see [details](threat-explorer.md#view-phishing-emails-sent-to-impersonated-users-and-domains). (Microsoft Defender for Office 365 Plan 1 or Plan 2)
-## December 2020
--- [Secure by default in Office 365](secure-by-default.md)-- Automated investigation improvements to: general alerts for manually triggered email investigations, treat mailbox changes as a separate entity category, remove redundant URL block actions, and create outbound email clusters for user compromised investigations.-
-## November 2020
--- Updated export limits in Review > Action Center > Remediation from Mail Submission and Action Log (Defender for Office 365 Plan 2)-
-## September/October 2020
--- New first contact safety tip for when recipients first receive an email from a sender or do not often receive email from a sender. For more information on this setting and how to configure it using Exchange mail flow rules (also known as transport rules), see [First contact safety tip](set-up-anti-phishing-policies.md#first-contact-safety-tip).-- [Check your policies using Configuration Analyzer](configuration-analyzer-for-security-policies.md)-- [Extended capabilities in Threat Explorer including top targeted users, transport rules, and connectors](threat-explorer.md#new-features-in-threat-explorer-and-real-time-detections) (Defender for Office 365 information in [Threat Explorer](threat-explorer.md) (email was allowed/blocked by tenant/user policy) (Defender for Office 365 Plan 2)-- Surfacing URL threats in [Threat Explorer](threat-explorer.md#threats-in-urls) (malware, phish, spam, or none) (Defender for Office 365 Plan 2)-- [Improvements to Hunting Experience Threat Explorer](threat-explorer.md#improvements-to-the-threat-hunting-experience-upcoming) with updates around Threats, Additional Actions, Delivery locations and Updated timeline view (Defender for Office 365 Plan 2)-
-## July/August 2020
--- [Experience improvements to the hunting experience](threat-explorer.md#improvements-to-threat-hunting-experience) (Microsoft Defender for Office 365 Plan 1 or Plan 2)-- [Easily apply recommended settings using preset security policies](preset-security-policies.md)-
-## March/April 2020
--- The ability to [address compromised user accounts with automated investigation and response](address-compromised-users-quickly.md) is now generally available. (Microsoft Defender for Office 365 Plan 2)-
-## January/February 2020
--- [General availability of Campaign Views in Microsoft Defender for Office 365](campaigns.md) (Microsoft Defender for Office 365 Plan 2)-- Enhancements to [Threat Explorer](threat-explorer.md) to enable security operations teams to search and filter on multiple fields while [investigating email](investigate-malicious-email-that-was-delivered.md): (Microsoft Defender for Office 365 Plan 2)
- - Delivery location and special actions
- - Directionality (inbound, outbound, or intra-org)
- - Advanced NOT filters (these are advanced filtering options that include does not contain, does not include, etc.)
- - Granular time filters (day, hour, half-hour)
--- The **Incidents** widget is now the **Action Center** widget. (To view your security widgets in the Security & Compliance Center, go to **Threat management** \> **Review**.) (Microsoft Defender for Office 365 Plan 2)--- [Safe Documents in Microsoft 365](safe-docs.md) **(preview)**-
-## December 2019
--- [Export URL click data for offline analysis](threat-explorer.md#new-features-in-threat-explorer-and-real-time-detections) (Microsoft Defender for Office 365 Plan 1 or Plan 2)--- [Use Campaign Views in Microsoft Defender for Office 365 (**preview**)](campaigns.md) (Microsoft Defender for Office 365 Plan 2)-
-## November 2019
--- [Check out new compromised user detection and response capabilities](address-compromised-users-quickly.md) (**preview**) (Microsoft Defender for Office 365 Plan 2)-
-## September 2019
--- [Employ automated investigation and response capabilities](automated-investigation-response-office.md) (Microsoft Defender for Office 365 Plan 2)--- [Integrate with Microsoft Defender for Office 365 automated investigation and response events using the Office 365 Management Activity API](/office/office-365-management-api/office-365-management-activity-api-schema#office-365-advanced-threat-protection-and-threat-investigation-and-response-schema) (Defender for Office 365 Plan 2)--- [View the email headers and download the email body](investigate-malicious-email-that-was-delivered.md) (Microsoft Defender for Office 365 Plan 1 or Plan 2)-
-## August 2019
--- [View the timeline of email](investigate-malicious-email-that-was-delivered.md#view-the-timeline-of-your-email) (Microsoft Defender for Office 365 Plan 1 or Plan 2)-
-## July 2019
--- [Check the delivery action and location of email messages](investigate-malicious-email-that-was-delivered.md#check-the-delivery-action-and-location) (Microsoft Defender for Office 365 Plan 1 or 2)-
-## June 2019
--- [View phishing URLs and click verdict data](threat-explorer.md#view-phishing-url-and-click-verdict-data) (Microsoft Defender for Office 365 Plan 1 or Plan 2) ## Microsoft Defender for Office 365 Plan 1 and Plan 2
solutions Collaborate As Team https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-as-team.md
- m365initiative-externalcollab - seo-marvel-apr2020
+- admindeeplinkMAC
localization_priority: Priority f1.keywords: NOCSH recommendations: false
If you want to allow file and folder sharing with unauthenticated people, choose
To set SharePoint organization-level sharing settings
-1. In the Microsoft 365 admin center, in the left navigation pane, under **Admin centers**, click **SharePoint**.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2024339" target="_blank">Microsoft 365 admin center</a>, in the left navigation pane, under **Admin centers**, click **SharePoint**.
2. In the SharePoint admin center, in the left navigation pane, expand **Policies** and then click **Sharing**. 3. Ensure that external sharing for SharePoint is set to **Anyone** or **New and existing guests**. 4. If you made changes, click **Save**.
solutions Configure Teams Three Tiers Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-three-tiers-protection.md
By default, both owners and members of the team can share files and folders with
If you need to collaborate with people outside your organization, we recommend configuring [SharePoint and OneDrive integration with Azure AD B2B](/sharepoint/sharepoint-azureb2b-integration-preview) for the best sharing and administration experience.
-Teams guest sharing is off by default, though sharing for Office 365 groups (where team membership is stored) and SharePoint is on. We turn Teams sharing on in the baseline tier, and you can turn it off if needed in the sensitive and highly sensitive tiers by using a sensitivity label.
-
-The sensitivity label only affects guest sharing for the team. Guest sharing settings for the associated SharePoint site are controlled separately, and we have you align the two settings for both the sensitive and highly sensitive tiers.
+Teams guest sharing is on by default, but you can turn it off if needed in the sensitive and highly sensitive tiers by using a sensitivity label.
In the highly sensitive tier, we configure the sensitivity label to encrypt files to which it is applied. If you need guests to have access to these files, you must give them permissions when you create the label.
solutions Microsoft 365 Guest Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-guest-settings.md
The Microsoft 365 admin center has organization-level settings for sharing and f
### Sharing
-**Navigation:** [Microsoft 365 admin center](https://admin.microsoft.com) > Settings > Org Settings > Security & privacy tab > Sharing
+**Navigation:** [Microsoft 365 admin center](https://admin.microsoft.com) > **Settings** > **Org settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2072756" target="_blank">**Security & privacy** tab</a> > **Sharing**.
![Screenshot of the security and privacy guest sharing setting in the Microsoft 365 admin center.](../media/sharepoint-security-privacy-sharing-setting.png)
The Microsoft 365 admin center has organization-level settings for sharing and f
### Microsoft 365 Groups
-**Navigation:** [Microsoft 365 admin center](https://admin.microsoft.com) > Settings > Settings > Microsoft 365 Groups
+**Navigation:** [Microsoft 365 admin center](https://admin.microsoft.com) > **Settings** > **Org settings** > Microsoft 365 Groups
![Screenshot of Microsoft 365 Groups guest settings in Microsoft 365 admin center.](../media/office-365-groups-guest-settings.png)
solutions Microsoft 365 Limit Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-limit-sharing.md
search.appverid:
- SPO160 - MET150 f1.keywords: NOCSH-+ localization_priority: Priority recommendations: false description: "Learn about the options to limit or disable sharing in Microsoft 365."
If you want to limit sharing in a Microsoft 365 group or Microsoft Teams team, i
If you want to prevent guest access in Teams, you can turn off guest sharing in the Teams admin center. To turn off guest sharing for Teams
-1. In the Teams admin center, expand **Org-wide settings**, and then click **Guest access**.
+1. In the <a href="https://go.microsoft.com/fwlink/p/?linkid=2066851" target="_blank">Teams admin center</a>, expand **Org-wide settings**, and then click **Guest access**.
2. Turn off **Allow guest access in Teams**. 3. Click **Save**. If you want to prevent guest access in Microsoft 365 Groups, you can turn off the groups guest access settings in the Microsoft 365 admin center. To turn off guest sharing in Microsoft 365 Groups
-1. In the Microsoft 365 admin center, click **Settings**, and then click **Org Settings**.
-2. On the **Services** tab, click **Microsoft 365 Groups**.
+1. In the Microsoft 365 admin center, click **Settings** > **Org Settings** > <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">**Services** tab</a>.
+2. Click **Microsoft 365 Groups**.
3. Clear the **Let group members outside your organization access group content** and **Let group owners add people outside your organization to groups** check boxes. 4. Click **Save changes**.