Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
security | Mac Preferences | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-preferences.md | The following configuration profile (or, in case of JAMF, a property list that c <key>tamperProtection</key> <dict> <key>enforcementLevel</key>- <string>block</key> + <string>block</string> </dict> </dict> </plist> The following templates contain entries for all settings described in this docum <key>tamperProtection</key> <dict> <key>enforcementLevel</key>- <string>block</key> + <string>block</string> <key>exclusions</key> <array> <dict> The following templates contain entries for all settings described in this docum <key>tamperProtection</key> <dict> <key>enforcementLevel</key>- <string>block</key> + <string>block</string> <key>exclusions</key> <array> <dict> |
security | Machine Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine-groups.md | Title: Create and manage device groups in Microsoft Defender for Endpoint description: Create device groups and set automated remediation levels on them by confirming the rules that apply on the group keywords: device groups, groups, remediation, level, rules, aad group, role, assign, rank -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium As part of the process of creating a device group, you'll: 6. Click **Close**. The configuration changes are applied. + > [!NOTE] + > Device Groups in Defender for Business are managed differently. For more information, see [Device groups in Microsoft Defender for Business](/security/defender-business/mdb-create-edit-device-groups). + ## Manage device groups You can promote or demote the rank of a device group so that it's given higher or lower priority during matching. A device group with a rank of 1 is the highest ranked group. When a device is matched to more than one group, it's added only to the highest ranked group. You can also edit and delete groups. |
security | Manage Mde Post Migration Intune | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-mde-post-migration-intune.md | Title: Manage Microsoft Defender for Endpoint using Intune description: Learn how to manage Microsoft Defender for Endpoint with Intune -keywords: post-migration, manage, operations, maintenance, utilization, intune, Microsoft Defender for Endpoint, edr -ms.sitesec: library -ms.pagetype: security ms.localizationpriority: medium audience: ITPro - m365-security - tier2- Previously updated : 01/27/2023+ Last updated : 09/12/2023 search.appverid: met150 We recommend using Microsoft Intune to manage your organization's threat protect > [!IMPORTANT] > You must have either the global administrator or service administrator role assigned in Intune to configure the settings described in this article. To learn more, see **[Types of administrators (Intune)](/mem/intune/fundamentals/users-add#types-of-administrators)**. -1. Go to the Azure portal ([https://portal.azure.com](https://portal.azure.com)) and sign in. +1. Go to the [Microsoft Intune admin center](https://endpoint.microsoft.com/#home) and sign in. -2. Under **Azure Services**, choose **Intune**. +2. In the navigation pane on the left, choose **Device configuration**, and then, under **Manage**, choose **Profiles**. -3. In the navigation pane on the left, choose **Device configuration**, and then, under **Manage**, choose **Profiles**. --4. Select an existing profile, or create a new one. +3. Select an existing profile, or create a new one. > [!TIP] > Need help? See **[Using Microsoft Defender for Endpoint with Intune](/mem/intune/protect/advanced-threat-protection#example-of-using-microsoft-defender-atp-with-intune)**. |
security | Microsoft Secure Score Whats New | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-secure-score-whats-new.md | Microsoft Secure Score can be found at <https://security.microsoft.com/securesco ## August 2023 -**Microsoft Secure Score permissions integration with Microsoft 365 Defender Unified role-based access control (RBAC) is now in Public Preview** </br> +The following recommendations have been added as Microsoft Secure Score improvement actions: ++**Microsoft Information Protection:** ++- Ensure Microsoft 365 audit log search is enabled ++**Microsoft Exchange Online:** ++- Ensure modern authentication for Exchange Online is enabled +- Ensure Exchange Online Spam Policies are set to notify administrators +- Ensure all forms of mail forwarding are blocked and/or disabled +- Ensure MailTips are enabled for end users +- Ensure mailbox auditing for all users is enabled +- Ensure additional storage providers are restricted in Outlook on the web ++**Azure Active Directory:** ++To see the following new Azure Active Directory controls the Office 365 connector in Microsoft Defender for Cloud Apps must be turned on in the App connectors settings page. ++- Ensure password protection is enabled for on-prem Active Directory +- Ensure 'LinkedIn account connections' is disabled ++**SharePoint:** ++- Ensure Safe Links for Office Applications is enabled +- Ensure Safe Attachments policy is enabled +- Ensure that an anti-phishing policy has been created ++To see the following new SharePoint controls the Office 365 connector in Microsoft Defender for Cloud Apps must be turned on in the App connectors settings page. ++- Ensure SharePoint external sharing is managed through domain whitelist/blacklists +- Block OneDrive for Business sync from unmanaged devices ++### Microsoft Secure Score integration with Microsoft Lighthouse 365 ++Microsoft 365 Lighthouse helps Managed Service Providers (MSPs) grow their business and deliver services to customers at scale from a single portal. Lighthouse allows customers standardize configurations, manage risk, identify artificial intelligence (AI)-driven sales opportunities, and engage with customers to help them maximize their investment in Microsoft 365. ++We've now integrated Microsoft Secure Score into Microsoft 365 Lighthouse. This integration provides an aggregate view of the Secure Score across all managed tenants, as well as Secure Score details for each individual tenant. Access to Secure Score is a available from a new card on the Lighthouse homepage or by selecting a tenant on the Lighthouse Tenants page. ++> [!NOTE] +> The integration with Microsoft Lighthouse 365 is available to Microsoft partners who use the Cloud Solution Provider (CSP) program to manage customer tenants. ++### Microsoft Secure Score permissions integration with Microsoft 365 Defender Unified role-based access control (RBAC) is now in Public Preview Previously, only Azure Active Directory global roles (such as Global Administrators) could access Microsoft Secure Score. Now, you'll be able to control access and grant granular permissions for the Microsoft Secure Score experience as part of the Microsoft 365 Defender Unified RBAC model.  |
security | Preset Security Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/preset-security-policies.md | In PowerShell, preset security policies consist of the following elements: - **[Get-MalwareFilterPolicy](/powershell/module/exchange/get-malwarefilterpolicy)** - <u>Defender for Office 365 policies</u>: - **[Get-SafeAttachmentPolicy](/powershell/module/exchange/get-safeattachmentpolicy)**- - **[Get-SafeLinksPolicy](/powershell/module/exchange/get-safesafelinkspolicy)** + - **[Get-SafeLinksPolicy](/powershell/module/exchange/get-safelinkspolicy)** > [!WARNING] > Do not attempt to create, modify, or remove the individual security policies that are associated with preset security policies. The only supported method for creating the individual security policies for Standard or Strict preset security policies is to turn on the preset security policy in the Microsoft 365 Defender portal for the first time. |
security | Walkthrough Spoof Intelligence Insight | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/walkthrough-spoof-intelligence-insight.md | - Title: Manage spoofed senders using the spoof intelligence policy and spoof intelligence insight - - NOCSH ----- - MET150 - - MOE150 -- - m365-security - - tier2 -description: Admins can learn how to use the spoof intelligence policy and the spoof intelligence insight to allow or block detected spoofed senders. --- seo-marvel-apr2020--- Previously updated : 6/20/2023-appliesto: - - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 plan 1 and plan 2</a> - - ✅ <a href="https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-defender" target="_blank">Microsoft 365 Defender</a> ---# Manage spoofed senders using the spoof intelligence policy and spoof intelligence insight in EOP --> [!IMPORTANT] -> Spoofed sender management in the Microsoft 365 Defender portal is now available only on the **Spoofed senders** tab in the Tenant Allow/Block List. For current procedures in the Microsoft 365 Defender portal, see [Spoof intelligence insight in EOP](anti-spoofing-spoof-intelligence.md). -> -> Spoofed sender management in Exchange Online PowerShell or Standalone EOP PowerShell is in the process of being migrated exclusively to the related **\*-TenantAllowBlockListSpoofItems**, **Get-SpoofIntelligenceInsight**, and **Get-SpoofMailReport** cmdlets. For procedures using these cmdlets, see the following articles: -> -> - [Use PowerShell to view entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-view-entries-for-spoofed-senders-in-the-tenant-allowblock-list) -> - [Use PowerShell to create allow entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-create-allow-entries-for-spoofed-senders-in-the-tenant-allowblock-list) -> - [Use PowerShell to create block entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-create-block-entries-for-spoofed-senders-in-the-tenant-allowblock-list) -> - [Use PowerShell to modify entries for spoofed senders in the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-modify-entries-for-spoofed-senders-in-the-tenant-allowblock-list) -> - [Use PowerShell to remove entries for spoofed senders from the Tenant Allow/Block List](tenant-allow-block-list-email-spoof-configure.md#use-powershell-to-remove-entries-for-spoofed-senders-from-the-tenant-allowblock-list) -> -> The older spoofed sender management experience using the **Get-PhishFilterPolicy** and **Set-PhishFilterPolicy** cmdlets is in the process of being deprecated, but is still presented in this article for completeness until the cmdlets are removed everywhere. --## What do you need to know before you begin? --- To connect to Exchange Online PowerShell, see [Connect to Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell). To connect to standalone EOP PowerShell, see [Connect to Exchange Online Protection PowerShell](/powershell/exchange/connect-to-exchange-online-protection-powershell).--- You need to be assigned permissions before you can do the procedures in this article. You have the following options:- - [Exchange Online RBAC](/exchange/permissions-exo/permissions-exo): - - _Modify the spoof intelligence policy or turn on or turn off spoof intelligence_: Membership in one of the following role groups: - - **Organization Management** - - **Security Administrator** <u>and</u> **View-Only Configuration** or **View-Only Organization Management**. - - _Read-only access to the spoof intelligence policy_: Membership in the **Global Reader**, **Security Reader**, or **View-Only Organization Management** role groups. - - [Azure AD RBAC](../../admin/add-users/about-admin-roles.md): Membership in the **Global Administrator**, **Security Administrator**, **Global Reader**, or **Security Reader** roles gives users the required permissions _and_ permissions for other features in Microsoft 365. --- The options for spoof intelligence are described in [Spoof settings in anti-phishing policies](anti-phishing-policies-about.md#spoof-settings).--- You can enable, disable, and configure the spoof intelligence settings in anti-phishing policies. For instructions based on your subscription, see one of the following topics:-- - [Configure anti-phishing policies in EOP](anti-phishing-policies-eop-configure.md). - - [Configure anti-phishing policies in Microsoft Defender for Office 365](anti-phishing-policies-mdo-configure.md). --- For our recommended settings for spoof intelligence, see [EOP anti-phishing policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-phishing-policy-settings).--## Use PowerShell to manage spoofed senders --To view allowed and blocked senders in spoof intelligence, use the following syntax: --```powershell -Get-PhishFilterPolicy [-AllowedToSpoof <Yes | No | Partial>] [-ConfidenceLevel <Low | High>] [-DecisionBy <Admin | SpoofProtection>] [-Detailed] [-SpoofType <Internal | External>] -``` --This example returns detailed information about all senders that are allowed to spoof users in your domains. --```powershell -Get-PhishFilterPolicy -AllowedToSpoof Yes -Detailed -SpoofType Internal -``` --For detailed syntax and parameter information, see [Get-PhishFilterPolicy](/powershell/module/exchange/get-phishfilterpolicy). --To configure allowed and blocked senders in spoof intelligence, follow these steps: --1. Capture the current list of detected spoofed senders by writing the output of the **Get-PhishFilterPolicy** cmdlet to a CSV file by running the following command: -- ```powershell - Get-PhishFilterPolicy -Detailed | Export-CSV "C:\My Documents\Spoofed Senders.csv" - ``` --2. Edit the CSV file to add or modify the following values: - - **Sender** (domain in source server's PTR record, IP/24 address, or verified DKIM domain) - - **SpoofedUser**: One of the following values: - - The internal user's email address. - - The external user's email domain. - - A blank value that indicates you want to block or allow any and all spoofed messages from the specified **Sender**, regardless of the spoofed email address. - - **AllowedToSpoof** (Yes or No) - - **SpoofType** (Internal or External) -- Save the file, read the file, and store the contents as a variable named `$UpdateSpoofedSenders` by running the following command: -- ```powershell - $UpdateSpoofedSenders = Get-Content -Raw "C:\My Documents\Spoofed Senders.csv" - ``` --3. Use the `$UpdateSpoofedSenders` variable to configure the spoof intelligence policy by running the following command: -- ```powershell - Set-PhishFilterPolicy -Identity Default -SpoofAllowBlockList $UpdateSpoofedSenders - ``` --For detailed syntax and parameter information, see [Set-PhishFilterPolicy](/powershell/module/exchange/set-phishfilterpolicy). --## How do you know these procedures worked? --To verify that you've configured spoof intelligence with senders who are allowed and not allowed to spoof, run the following commands in PowerShell to view the senders who are allowed and not allowed to spoof: -- ```powershell - Get-PhishFilterPolicy -AllowedToSpoof Yes -SpoofType Internal - Get-PhishFilterPolicy -AllowedToSpoof No -SpoofType Internal - Get-PhishFilterPolicy -AllowedToSpoof Yes -SpoofType External - Get-PhishFilterPolicy -AllowedToSpoof No -SpoofType External - ``` --- In PowerShell, run the following command to export the list of all spoofed senders to a CSV file:-- ```powershell - Get-PhishFilterPolicy -Detailed | Export-CSV "C:\My Documents\Spoofed Senders.csv" - ``` |
solutions | Manage Creation Of Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-creation-of-groups.md | The steps in this article won't prevent members of certain roles from creating G - Partner Tier 1 Support: Microsoft 365 admin center, Exchange admin center, Azure AD - Partner Tier 2 Support: Microsoft 365 admin center, Exchange admin center, Azure AD - Directory Writers: Azure AD+- Groups Administrator: Azure AD - SharePoint Administrator: SharePoint admin center, Azure AD - Teams Service Administrator: Teams admin center, Azure AD - User Administrator: Microsoft 365 admin center, Azure AD |
solutions | Microsoft 365 Guest Settings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-guest-settings.md | If the site has a sensitivity label applied, that label may control the external You can set defaults for link type and permissions, and expiration settings for *Anyone* links for each site. When set at the site level, these settings override the organization-level settings. Note that if *Anyone* links are disabled at the organization level, *Anyone* will not be an available link type at the site level. -**Navigation:** SharePoint admin center > <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites**</a> > select the site > **Policies** tab > **Edit External sharing** +**Navigation:** SharePoint admin center > <a href="https://go.microsoft.com/fwlink/?linkid=2185220" target="_blank">**Active sites**</a> > select the site > **Settings** > **Edit External sharing**. ![Screenshot of SharePoint site-level link sharing settings.](../media/sharepoint-site-link-sharing-settings.png) |