Updates from: 09/14/2021 03:12:49
Category Microsoft Docs article Related commit history on GitHub Change details
admin Activity Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/activity-reports.md
There are circumstances where new users show up as **unknown**. This is usually
## Show user details in the reports
-Reports provide information about your organizationΓÇÖs usage data. By default, reports display information with identifiable names for users, groups, and sites. Starting September 1, 2021, we are hiding user information by default for all reports as part of our ongoing commitment to help companies support their local privacy laws.
+By default, user details will be hidden for all reports.
Your user list will look like this:
-
+
![Reports - anonymized user list.](../../media/2ed99bce-4978-4ee3-9ea2-4a8db26eef02.png)++
+If you want to unhide user-level information when you're generating your reports, a global administrator can quickly make that change in the admin center.
+
+Reports provide information about your organizationΓÇÖs usage data. By default, reports display information with identifiable names for users, groups, and sites. Starting September 1, 2021, we are hiding user information by default for all reports as part of our ongoing commitment to help companies support their local privacy laws.
+
+
+1. In the admin center, go to the **Settings** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2053743" target="_blank">Services &amp; add-ins</a> page.
+
+2. Select **Org Settings** and choose **Services** .
+3. In the **Reports** pane, select **Choose how to show user information** and choose **Show identifiable user information in reports**.
+
+ Global administrators can revert this change for their tenant and show identifiable user information if their organization's privacy practices allow it. It can be achieved in the Microsoft 365 admin center by following these steps: 1. In the admin center, go to the **Settings** \> **Org Settings** \> **Services** page.
Global administrators can revert this change for their tenant and show identifia
3. Uncheck the statement **In all reports, display de-identified names for users, groups, and sites**, and then save your changes. It'll take a few minutes for these changes to take effect on the reports in the reports dashboard. This setting also applies to the Microsoft 365 usage reports in [Microsoft Graph](/graph/api/resources/report?view=graph-rest-1.0) and [Power BI](/microsoft-365/admin/usage-analytics/usage-analytics?view=o365-worldwide) and [the usage reports in Microsoft Teams Admin center](/microsoftteams/teams-analytics-and-reports/teams-reporting-reference). Showing identifiable user information is a logged event in the Microsoft 365 compliance center audit log. + ## What happens to usage data when a user account is closed?
admin Sharepoint Site Usage Ww https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
description: "Get the SharePoint site usage report to know how many files users
# Microsoft 365 Reports in the admin center - SharePoint site usage
-As a Microsoft 365 admin, the **Reports** dashboard shows you the activity overview across various products in your organization. It enables you to drill in to get more granular insight about the activities specific to each product. For example, you can get a high level view of the value you are getting from SharePoint in terms of the total number of files that users store in SharePoint sites, how many files are actively being used, and the storage consumed across all these sites. Then, you can drill into the SharePoint site usage report to understand the trends and per site level details for all sites.
+As a Microsoft 365 admin, the **Reports** dashboard shows you the activity overview across various products in your organization. It enables you to drill in to get more granular insight about the activities specific to each product. For example, you can get a high-level view of the value you are getting from SharePoint in terms of the total number of files that users store in SharePoint sites, how many files are actively being used, and the storage consumed across all these sites. Then, you can drill into the SharePoint site usage report to understand the trends and per site level details for all sites.
> [!NOTE] > You must be a global administrator, global reader or reports reader in Microsoft 365 or an Exchange, SharePoint, Teams Service, Teams Communications, or Skype for Business administrator to see reports.
Global administrators can revert this change for their tenant and show identifia
## Interpret the SharePoint site usage report
-You can view the site usage in the SharePoint report by choosing the **Site usage** tab.<br/>![Microsoft 365 reports - Microsoft SharePoint site usage report.](../../media/d1cb6200-e81c-460b-9d05-53f4bd7cf5ee.png)
+You can view the site usage in the SharePoint report by choosing the **Site usage** tab.
-Select **Choose columns** to add or remove columns from the report. <br/> ![SharePoint site usage report - choose columns.](../../media/71ac3195-c494-40c1-9346-a858125ef6df.png)
+
+Select **Choose columns** to add or remove columns from the report.
+ You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data of all users and enables you to do simple sorting and filtering for further analysis. If you have less than 2000 users, you can sort and filter within the table in the report itself. If you have more than 2000 users, in order to filter and sort, you will need to export the data.
-|Item|Description|
+|Metric|Description|
|:--|:--|
-|**Metric**|**Definition**|
-|Site URL <br/> |The full URL of the site. <br/> |
-|Deleted <br/> |The deletion status of the site. It takes at least 7 days for sites to be marked as deleted. <br/> |
-|Site owner <br/> |The username of the primary owner of the site. <br/> |
-|Site owner principal name <br/> |The email address of the owner of the site. <br/> |
-|Last activity date (UTC) <br/> | The date of the last time file activity was detected or a page was viewed on the site. <br/> |
-|Site sensitivity label id <br/> | The sensitivity label on the site. <br/> |
-|External sharing <br/> | The external sharable settings on the site. <br/> |
-|Unmanaged device policy <br/> | The site access policy for unmanaged devices. <br/> |
-|Geo location <br/> | The Geo location of the site. <br/> |
-|Files <br/> |The number of files on the site. <br/>|
-|Active files <br/> | The number of active files on the site.<br/> NOTE: If files were removed during the specified time period for the report, the number of active files shown in the report may be larger than the current number of files on the site. <br/> |
-|Storage used (MB) <br/> |The amount of storage currently being used on the site. <br/>|
-|Storage allocated (MB) <br/> |The maximum amount of storage allocated for the site. <br/>|
-|Page views <br/> |The number of times pages were viewed on the site. <br/>|
-|Pages visited <br/> |The number of unique pages that were visited on the site. <br/>|
-|Anonymous link count <br/> |The number of times documents or folders are shared using "Anyone with the link" on the site. <br/>|
-|Company link count <br/> |The number of times documents or folders are shared using "People in org with the link" on the site. <br/>|
-|Secure link for guest count <br/> |The number of times documents or folders are shared using "specific people" on the site. <br/>|
-|Secure link for member count <br/> |The number of times documents or folders are shared using "specific people" on the site. <br/>|
-|Root Web Template <br/> |The template used for creating the site. <br/> NOTE: If you want to filter the data by different site types, then export the data and use the Root Web Template column. |
-|||
+|Site URL |The full URL of the site. |
+|Deleted |The deletion status of the site. It takes at least 7 days for sites to be marked as deleted. |
+|Site owner |The username of the primary owner of the site. |
+|Site owner principal name |The email address of the owner of the site. |
+|Last activity date (UTC) | The date of the last time file activity was detected or a page was viewed on the site. |
+|Site sensitivity label ID | The sensitivity label on the site. |
+|External sharing | The external sharable settings on the site. |
+|Unmanaged device policy | The site access policy for unmanaged devices. |
+|Geo location | The Geo location of the site. |
+|Files |The number of files on the site. |
+|Active files | The number of active files on the site.<br/> NOTE: If files were removed during the specified time period for the report, the number of active files shown in the report may be larger than the current number of files on the site. |
+|Storage used (MB) |The amount of storage currently being used on the site. |
+|Storage allocated (MB) |The maximum amount of storage allocated for the site. |
+|Page views |The number of times pages were viewed on the site. |
+|Pages visited |The number of unique pages that were visited on the site. |
+|Anonymous link count |The number of times documents or folders are shared using "Anyone with the link" on the site. |
+|Company link count |The number of times documents or folders are shared using "People in org with the link" on the site. |
+|Secure link for guest count |The number of times documents or folders are shared using "specific people" on the site. |
+|Secure link for member count |The number of times documents or folders are shared using "specific people" on the site. |
+|Root Web Template |The template used for creating the site. <br/> NOTE: If you want to filter the data by different site types, then export the data and use the Root Web Template column. |
+
admin Delete A User https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/add-users/delete-a-user.md
Before you begin, think about what you want to do with the user's email and OneD
|Item | Description | |:--|:--| |Product licenses <br/> |You can remove the license from the user and remove it from your subscriptions to stop paying for that license. If you select this option, the license will be removed automatically from your subscriptions. <br/><br/> **You can't remove the license** if you bought it through a Partner or volume licensing. If you're paying for an annual plan or if you're in the middle of a billing cycle, you won't be able to remove the license from your subscription until your commitment is completed. <br/> |
-|OneDrive content <br/> |If the user saved their files to OneDrive, you can give another user access to these files. <br/><br/> You'll need to move the files you want to keep within the retention period that is set for OneDrive files. **By default, the retention period is 30 days.** If you don't move the files within the retention period after deleting the user, the OneDrive content will be permanently deleted. To increase the number of days that you retain OneDrive files for deleted accounts, see [Set the OneDrive retention for deleted users](/onedrive/set-retention). <br/><br/> **Important!** If the deleted user used a personal computer to download files from SharePoint and OneDrive, there's no way for you to wipe those files they stored on their computer. They will continue to have access to any files that were synced from OneDrive. |
+|OneDrive content <br/> |If the user saved their files to OneDrive, you can give another user access to these files. <br/><br/> You'll need to move the files you want to keep within the retention period that is set for OneDrive files. **By default, the retention period is 30 days.** If you don't move the files within the retention period after deleting the user, the OneDrive for the deleted user is moved to the site collection recycle bin, where it is kept for 93 days. During this time, users will no longer be able to access any shared content in the OneDrive. To restore the OneDrive, you need to use PowerShell. For info, see [Restore a deleted OneDrive](/onedrive/restore-deleted-onedrive).<br/><br/> To increase the number of days that you retain OneDrive files for deleted accounts, see [Set the OneDrive retention for deleted users](/onedrive/set-retention). <br/><br/> **Important!** If the deleted user used a personal computer to download files from SharePoint and OneDrive, there's no way for you to wipe those files they stored on their computer. They will continue to have access to any files that were synced from OneDrive. |
|Email <br/> | Giving another user access to the deleted user's email will convert the deleted user's mailbox to a shared mailbox. The new mailbox owner can then access the mailbox and monitor for new email. You'll also have the following options: <br/> <br/>Change the display name - We recommend changing the display name so that it will be easy to identify the shared mailbox in the **Active users** list. <br/> Turn on automatic replies - We've already written a polite automatic reply for you. You can send different automatic replies to people within your organization and people from outside your organization. <br/> <br/> Clean up aliases - Aliases are additional email addresses for users. Some organizations don't use them, so if you don't have any you don't need to do anything else here. If the user does have aliases, we recommend removing them so that you can reuse those email addresses. Otherwise, you can't reuse those email addresses until the retention period for deleted mailboxes has passed. By default, a deleted mailbox is recoverable for 30 days. For more information, see [Delete or restore user mailboxes in Exchange Online](/exchange/recipients-in-exchange-online/delete-or-restore-mailboxes#delete-a-user-mailbox). <br/> | |Active Directory <br/> |If your business uses **Active Directory** that is synchronizing with Azure AD, you need to delete the user account from Active Directory. You can't do it through Office 365. For instructions, see [Delete a User Account](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753730(v=ws.11)). <br/> |
Here are the most common issues people encounter when deleting a user:
[Permanently delete a mailbox](/exchange/permanently-delete-a-mailbox-exchange-2013-help) (article)\ [Remove a former employee from Office 365](remove-former-employee.md) (article)\ [Add a new employee to Office 365](add-new-employee.md) (article)\
-[Delete a User Account](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753730(v=ws.11)): Use these instructions if your business uses **Active Directory** that is synchronizing with Azure AD. You can't do it through Office 365. (article)
+[Delete a User Account](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753730(v=ws.11)): Use these instructions if your business uses **Active Directory** that is synchronizing with Azure AD. You can't do it through Office 365. (article)
admin Configure Email Forwarding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/email/configure-email-forwarding.md
You must be an Exchange administrator or Global administrator in Microsoft 365 t
[Create a shared mailbox](../email/create-a-shared-mailbox.md) (article)\ [Send email from a different address](https://support.microsoft.com/office/ccba89cb-141c-4a36-8c56-6d16a8556d2e) (article)\
-[Control automatic external email forwarding in Microsoft 365](/security/office-365-security/external-email-forwarding?view=o365-worldwide) (article)\
-[Change a user name and email address](../add-users/change-a-user-name-and-email-address.md) (article)
+[Change a user name and email address](../add-users/change-a-user-name-and-email-address.md) (article)\
+[Control automatic external email forwarding in Microsoft 365](/microsoft-365/security/office-365-security/external-email-forwarding) (article)
++
admin Create Dns Records At Any Dns Hosting Provider https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider.md
This MX record's **Priority** must be the highest of all existing MX records for
Make sure that the fields are set to the following values: - Record Type: `MX`-- Priority: Set to the highest value available, typically `0`.
+- Priority: Set to any large value not used already.
- Host Name: `@` - Points to address: Copy the value from the admin center and paste it here. - TTL: `3600` (or your provider default)
admin Room And Equipment Mailboxes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/room-and-equipment-mailboxes.md
description: "Create a room or equipment mailbox so that everyone in your organi
If you have a conference room, company car, or equipment that everyone needs to use, then you need to come up with a way to make those resources reservable to everyone. The best way to do that is to create a room or equipment mailbox in Microsoft 365 for each resource. You might create one for your first floor conference room, media equipment, or a moving truck.
-Once you create a room or equipment mailbox, everyone in the company can reserve it for meetings or events using Outlook. Learn **how to use it** and **how to set it up** on the next two tabs. Here are some other common questions about room and equipment mailboxes.
+Once you create a room or equipment mailbox, everyone in the company can reserve it for meetings or events using Outlook. Learn **how to use it** and **how to set it up** on the next two tabs. Here are some other common questions about room and equipment mailboxes.
## Use room and equipment mailboxes To use room or equipment mailboxes, open Outlook from your computer or sign in to Outlook on the web. Schedule a new meeting and add the room or equipment to the meeting like you would when inviting other employees or customers. You've now reserved it.
-1. Open **Outlook** on your computer.
-
-2. On the **Home** tab, choose **New Items** \> **Meeting**.<br/>![To schedule a meeting, on the Home tab, in the New group, choose New Items, and then Meeting.](../../media/ffd575a8-1036-4d67-b839-73941fc60276.png)<br/>Or, from your Calendar, just select **New Meeting**.
+1. Open **Outlook** on your computer.
+
+2. On the **Home** tab, choose **New Items** \> **Meeting**.
+
+ ![To schedule a meeting, on the Home tab, in the New group, choose New Items, and then Meeting.](../../media/ffd575a8-1036-4d67-b839-73941fc60276.png)
+
+ Or, from your Calendar, just select **New Meeting**.
-3. In the To field, type the name of the conference room or equipment you want to reserve, in addition to any attendees you'd like to invite.<br/>Or, select **To** then double-click the conference room or equipment from the list. Then select **OK**.<br/>![Reserve room mailbox in Outlook.](../../media/4588c806-9fb9-46c9-b2d8-34caa943e28e.png)
+3. In the To field, type the name of the conference room or equipment you want to reserve, in addition to any attendees you'd like to invite.
+
+ Or, select **To** then double-click the conference room or equipment from the list. Then select **OK**.
+
+ ![Reserve room mailbox in Outlook.](../../media/4588c806-9fb9-46c9-b2d8-34caa943e28e.png)
4. In the **Subject** line, type the purpose of the reservation or meeting. 5. Change the **Location** value or leave as is.
-6. Change the **Start time** and **End time**. Or, select **All day event**. To make the meeting or reservation repeat, select **Recurrence** at the top.<br/>![Reserve meeting time.](../../media/4b72a0a6-4da2-449e-909e-85ea79f78e2c.png)
+6. Change the **Start time** and **End time**. Or, select **All day event**. To make the meeting or reservation repeat, select **Recurrence** at the top.
+
+ ![Reserve meeting time.](../../media/4b72a0a6-4da2-449e-909e-85ea79f78e2c.png)
7. Type a message describing the purpose and attach any files if needed. 8. To allow others to join online or call in to the meeting, select **Skype Meeting**.
-9. To make sure the room, equipment, and people you've invited are available, select **Scheduling Assistant** at the top. Then select an available time in the calendar.<br/> ![Check if room equipment available.](../../media/eb0097c6-4263-4b63-bfca-f7c03ad99b4f.png)<br/>TIP: In the scheduling calendar, blue means the room or equipment is reserved, or busy. Select the white, or free, area on the calendar.
+9. To make sure the room, equipment, and people you've invited are available, select **Scheduling Assistant** at the top. Then select an available time in the calendar.
+
+ ![Check if room equipment available.](../../media/eb0097c6-4263-4b63-bfca-f7c03ad99b4f.png)
+
+ > [!TIP]
+ > In the scheduling calendar, blue means the room or equipment is reserved, or busy. Select the white, or free, area on the calendar.
10. When finished, select **Send**.
To set up a room or equipment mailbox, go to the <a href="https://go.microsoft.c
2. Select **Add**.
-3. Fill out the room or equipment fields:<br/>![Add a room mailbox in Microsoft 365.](../../media/114d49e3-976e-40ef-b0af-2b0f5c85f15e.png)<br/>
+3. Fill out the room or equipment fields:
+
+ ![Add a room mailbox in Microsoft 365.](../../media/114d49e3-976e-40ef-b0af-2b0f5c85f15e.png)
- - **Room** or **Equipment**: the type of mailbox you'd like to create.
+ - **Room** or **Equipment**: the type of mailbox you'd like to create.
- - **Name**: a friendly name or even short description.
+ - **Name**: a friendly name or even short description.
- - **Email**: the email alias of the room or equipment. This is necessary to send a meeting request to the room or equipment.
+ - **Email**: the email alias of the room or equipment. This is necessary to send a meeting request to the room or equipment.
- - **Capacity**: the number of people who can fit in the room or use the equipment at the same time.
+ - **Capacity**: the number of people who can fit in the room or use the equipment at the same time.
- - **Location**: the room number or location of the room in a building or region.
+ - **Location**: the room number or location of the room in a building or region.
- - **Phone number**: the number of the room itself. This is different from the meeting phone number generated when using Skype for Business.
+ - **Phone number**: the number of the room itself. This is different from the meeting phone number generated when using Skype for Business.
4. Select **Add**.
Open the meeting you scheduled in Outlook and then remove the room or equipment
### Does someone have to accept or decline every room or equipment request?
- No, you don't need someone to accept or decline requests. You can decide whether you want to let the room or equipment be automatically booked or managed by someone in your company.
+No, you don't need someone to accept or decline requests. You can decide whether you want to let the room or equipment be automatically booked or managed by someone in your company.
### Does a room mailbox or equipment mailbox need a product license?
admin Microsoft 365 Support Integration Servicenow Config Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/microsoft-365-support-integration-servicenow-config-guide.md
+
+ Title: "Microsoft 365 support integration with ServiceNow configuration guide"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- M365-subscription-management
++
+search.appverid:
+- MET150
+description: "Scoped Certified application installation and configuration guide for ServiceNow."
++
+# Microsoft 365 support integration with ServiceNow configuration guide
+
+[Overview](#overview)
+
+[Application dependencies in ServiceNow environments](#application-dependencies-in-servicenow-environments)
+
+[Configuration instructions](#configuration-instructions)
+
+[Who can set up the Microsoft 365 support integration?](#who-can-set-up-microsoft-365-support-integration)
+
+[What features are available in Microsoft 365 support integration?](#what-features-are-available-in-microsoft-365-support-integration)
+
+[Set up Microsoft 365 support integration with ServiceNow Basic Authentication](#set-up-microsoft-365-support-integration-with-servicenow-basic-authentication)
+
+[Set up Microsoft 365 support integration with AAD OAuth Token](#set-up-microsoft-365-support-integration-with-aad-oauth-token)
+
+[Set up Microsoft 365 support integration for Insights ONLY](#set-up-microsoft-365-support-integration-for-insights-only)
+
+[Testing the configuration](#testing-the-configuration)
+
+[Troubleshooting](#troubleshooting)
+
+## Overview
+
+Microsoft 365 support integration enables you to integrate Microsoft 365 help, support, and service health with ServiceNow. You can research Microsoft known and reported issues, resolve incidents, and complete tasks by using Microsoft recommended solutions and, if necessary, escalate to Microsoft human- assisted support.
+
+## Application dependencies in ServiceNow environments
+
+Permissions required:
+
+- oauth\_entity
+
+- oauth\_entity\_profile
+
+After Microsoft 365 support integration was installed, two Application Cross-Scope accesses were created. If they're not created successfully for any reason, create them manually.
++
+## Configuration instructions
++
+To set up Microsoft 365 support integration:
+
+- Register applications in Microsoft Azure Active Directory (AAD) for authentication of both outbound and inbound API calls.
+
+- Create ServiceNow entities with Microsoft AAD applications for both outbound and inbound data flow.
+
+- Integrate ServiceNow instance with Microsoft support through Microsoft 365 Admin Portal.
+
+## Who can set up Microsoft 365 support integration?
+
+- Anyone with permissions to create AAD applications.
+
+- A ServiceNow admin.
+
+- A Helpdesk admin or Service Request admin in Microsoft 365 tenants.
+
+## What features are available in Microsoft 365 support integration?
+
+Before setting up any configuration for Microsoft 365 support integration, review your answers to these questions:
+
+**Question #1** Does your ServiceNow environment allow Basic Authentication (access with ServiceNow user credential) for inbound webservice calls?
+
+**Question #2** If you have multiple tenants, do you plan to use a single tenant integrated with your ServiceNow environment for Microsoft 365 support integration?
+
+Depending on your answers to the questions above, this table tells you what features are available and how to set up Microsoft 365 support integration. For a description of each feature, see [Microsoft 365 support integration](https://store.servicenow.com/sn_appstore_store.do#!/store/application/6d05c93f1b7784507ddd4227cc4bcb9f).
+
+|Question #1 Answer|Question #2 Answer|What features are available?|Configuration Steps|
+| | | | |
+|Yes|Yes|Service Health Incidents <br/>Recommended Solutions </br>Microsoft service request|[Set up Microsoft 365 support integration with ServiceNow Basic Authentication](#set-up-microsoft-365-support-integration-with-servicenow-basic-authentication)|
+|Yes|No|Service Health Incidents <br/>Recommended Solutions </br>Microsoft service request||
+|No|Yes|Service Health Incidents <br/>Recommended Solutions </br>Microsoft service request|[Set up Microsoft 365 support integration with AAD OAuth Token](#set-up-microsoft-365-support-integration-with-aad-oauth-token)|
+|No|No|Service Health Incidents <br/>Recommended Solutions|[Set up Microsoft 365 support integration for Insights ONLY](#set-up-microsoft-365-support-integration-for-insights-only) |
+
+## Set up Microsoft 365 support integration with ServiceNow Basic Authentication
+
+### Prerequisites (Basic Authentication)
+
+Some prerequisites are necessary to set up the Microsoft 365 support integration.
+
+1. \[The person who can create AAD applications\] Create AAD Application under your Microsoft 365 tenant.
+
+ 1. Log on to the [Azure Portal](https://portal.azure.com/) with your Microsoft 365 tenant credentials.
+
+ 1. Go to the App registrations page and create a new application.
+
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image3.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Add redirect URL: `https://{your-servicenow-instance}.service-now.com/oauth_redirect.do`.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image4.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Get the application Client ID and create an App Secret.
+
+2. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider in ServiceNow.
+
+ 1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
+
+ 1. Go to **System OAuth** > **Application Registry**.
+
+ 1. Create a new application with the values following values by selecting **Connect to a third party OAuth Provider**.
+
+ - Client ID: The Client ID of the application created in step \#1
+
+ - Client Secret: The App Secret of the application created in step \#1
+
+ - Default Grant type: Client Credentials
+
+ - Token URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/oauth2/token`
+
+ - Redirect URL: `https://{service-now-instance-name}.service-now.com/auth_redirect.do`
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+3. \[The person who is a ServiceNow admin\] Set up Inbound OAuth Provider.
+
+ 1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+ 1. Go to **System OAuth** > **Application Registry**.
+
+ 1. Create a new application by selecting **Create an OAuth API endpoint for external clients**. Name the inbound OAuth provider and leave other fields at their defaults.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image7.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+4. \[The person who is a ServiceNow admin\] Create integration users.
+
+ You must specify an integration user. If you donΓÇÖt have an existing integration user or if you want to create one specific for this integration, go to **Organization** > **Users** to create a new user.
+
+ If you're creating a new integration user, check the box **Web service access only**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image8.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+### \[Optional\] Allow the serviceΓÇÖs IPs of Microsoft 365 support integration
+
+If your company is limiting internet access with your own policies, enable network access for the service of Microsoft 365 support integration by allowing the IP addresses below for both inbound and outbound API access.
+
+- 52.149.152.32
+
+- 40.83.232.243
+
+- 40.83.114.39
+
+- 13.76.138.31
+
+- 13.79.229.170
+
+- 20.105.151.142
+
+> [!NOTE]
+> This terminal command lists all active IPs of the service for Microsoft 365 support integration:
+> `nslookup connector.rave.microsoft.com`
+
+### Set up Microsoft 365 support integration application
+
+The Microsoft 365 support integration application can be set up under Microsoft 365 support.
+
+These steps are required to set up the integration between your ServiceNow instance and Microsoft 365 support.
+
+1. \[The person who is a ServiceNow admin\] Switch the scope to Microsoft 365 support integration.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image9.png" alt-text="Graphical user interface, table Description automatically generated":::
+
+2. \[The person who is a ServiceNow admin\] Go to Microsoft 365 support > **Setup** to open the integration flow.
+
+ > [!NOTE]
+ > If you see the error "Read operation against 'oauth\_entity' from scope 'x\_mioms\_m365\_assis' has been refused due to the table's cross-scope access policy," it was caused by your table access policy. You must make sure **All application scopes** > **Can read** is checked for the table oauth\_entity.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image10.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+3. \[The person who is a ServiceNow admin\] Select **Agree** to agree to the consent
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image11.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+4. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider.
+
+ Select the OAuth profile for Outbound OAuth Provider created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#2 and select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image12.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+5. \[The person who is a ServiceNow admin\] Set up Inbound OAuth Provider.
+
+ - Uncheck **Skip current step**.
+
+ - Uncheck **External OIDC Auth Token**.
+
+ - Select OAuth Client created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#3 and select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image13.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+6. \[The person who is a ServiceNow admin\] Set up inbound call integration user.
+
+ - Uncheck **Skip current step**.
+
+ - Select the integration user created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#4 and select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image14.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+7. \[The person who is a ServiceNow admin\] Set up Repository ID.
+
+ Specify the repository ID, and then select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image15.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+8. \[The person who is a ServiceNow admin\] Set up Application settings.
+
+ Select the following settings, and then select **Next**.
+
+ - SSO with Microsoft 365: Check whether the ServiceNow instance is set up as SSO with Microsoft 365 tenants, otherwise uncheck it.
+
+ - Microsoft 365 admin email: The email of Microsoft 365 admin user who is contacted when Microsoft 365 support cases are created.
+
+ - Test Environment: Check the box to indicate a test phase to avoid Microsoft support agents contacting you to address the issue. If you're ready to move forward officially with Microsoft 365 support integration, uncheck the box.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image16.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+9. \[The person who is Helpdesk Admin or Service Request Admin in Microsoft 365 tenants\] Complete Integration.
+
+ 1. Check the information below to make sure it's correct.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image17.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+ 1. Go to Microsoft 365 [Admin Portal](https://admin.microsoft.com/) > **Settings** > **Org settings** > **Organization profiles**.
+
+ 1. Set up support integration settings:
+
+ 1. In the **Basic information** tab, select internal support tool **Service Now** and type **Outbound App ID** as the value of Application ID on the page Step - 6 Complete, which was created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#1.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image18.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. In the tab **Repositories**, select **Add a repository** to create a new repository with the following settings:
+
+ - Repository: The **Repository ID** value from page Step - 6 Complete the integration.
+
+ - Endpoint: The **Endpoint** value from page Step - 6 Complete the integration.
+
+ - Authentication type: Select **Basic Auth**.
+
+ - Client ID: The **Client ID** value from page Step - 6 Complete the integration.
+
+ - Client secret: The secret of the inbound OAuth provider that was created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#3.
+
+ - Refresh token expiry: 864000
+
+ - Rest username: The **User Name** value from page Step - 6 Complete the integration.
+
+ - Rest user password: The password of the integration user that was created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#4.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image19.png" alt-text="Graphical user interface, application Description automatically generate":::
+
+ 1. Go back and select the button to save the integration.
+
+ 1. Select **Next** to complete the integration.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image20.png" alt-text="Graphical user interface, application, website Description automatically generated":::
+
+10. \[The person who is a ServiceNow admin\] Enable Microsoft 365 support integration for an existing user.
+
+ Microsoft 365 support integration is enabled only for the user with one of these roles:
+
+ - x\_mioms\_m365\_assis.insights\_user
+
+ - x\_mioms\_m365\_assis.administrator
+
+ > [!NOTE]
+ > The user with the role x\_mioms\_m365\_assis.insights\_user role can see Service Health Incidents, Recommended Solutions. The user with the role x\_mioms\_m365\_assis.administrator can also open a case with Microsoft 365 support.
+
+11. \[Optional\] \[The user with role x_mioms_m365_assis.administrator\] Link Microsoft 365 Admin account.
+
+ If any user has the role x\_mioms\_m365\_assis.administrator and is using different Microsoft 365 accounts to manage a Microsoft 365 support case, they must go to Microsoft 365 support > Link Account to set up their Microsoft 365 admin email.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image21.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+## Set up Microsoft 365 support integration with AAD OAuth Token
+
+### Prerequisites (AAD OAuth Token)
+
+These prerequisite steps are necessary to set up the Microsoft 365 support integration:
+
+1. \[The person who can create AAD applications\] Create an AAD Application for Outbound under your Microsoft 365 tenant.
+
+ 1. Log on [Azure Portal](https://portal.azure.com/) with Microsoft 365 tenant credentials.
+
+ 1. Go to the **App registrations** page and create a new application.
+
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image3.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Add redirect URL: `https://{your-servicenow-instance}.service-now.com/auth_redirect.do`.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image4.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Get Client ID of the application and create App Secret.
+
+2. \[The person who can create AAD applications\] Create AAD Application for Rest API under your Microsoft 365 tenant.
+
+ 1. Log on to the [Azure Portal](https://portal.azure.com/) with your Microsoft 365 tenant credentials.
+
+ 1. Go to **App registrations** and create a new application.
+
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image22.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Get the application Client ID and create App Secret.
+
+3. \[The person who can create AAD applications\] Create AAD Application for Rest User under your Microsoft 365 tenant.
+
+ 1. Log on to the [Azure Portal](https://portal.azure.com/) with your Microsoft 365 tenant credentials.
+
+ 1. Go to the **App registrations** page and create a new application.
+
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image23.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Get the application Client ID and create an App Secret.
+
+4. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider in ServiceNow.
+
+ 1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
+
+ 1. Go to **System OAuth** > **Application Registry**.
+
+ 1. Create a new application with the values below by selecting **Connect to a third party OAuth Provider**.
+
+ - Client ID: The Client ID of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#1.
+
+ - Client Secret: The App Secret of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#1.
+
+ - Default Grant type: Client Credentials.
+
+ - Token URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/oauth2/token`
+
+ - Redirect URL: `https://{service-now-instance-name}.service-now.com/auth_redirect.do`
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+5. \[The person who is a ServiceNow admin\] Configure OIDC provider in ServiceNow, refer to the [online documentation](https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/security/task/add-OIDC-entity.html).
+
+ 1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
+
+ 1. Go to **System OAuth** > **Application Registry**.
+
+ 1. Select **New** > **Create new Open ID Connect Provider**.
+
+ 1. In **OAuth OIDC Provider Configuration**, select **Search** and create a new OIDC provider configuration under ΓÇ£oidc\_provider\_configuration.listΓÇ¥ with these values:
+
+ - OIDC Provider: Contoso Azure
+
+ - OIDC Metadata URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/.well-known/openid-configuration`
+
+ - UserClaim: **appId**
+
+ - User Field: **User ID**
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image24.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+ 1. Create a new application by selecting **Configure an OIDC provider to verify ID tokens** with these values:
+
+ - Name: contoso\_application\_inbound\_api
+
+ - Client ID: The Client ID of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#2.
+
+ - Client Secret: The App Secret of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#2.
+
+ - OAuth OIDC Provider Configuration: The OIDC provider created in the last step.
+
+ - Redirect URL:
+ `https://{service-now-instance-name}.service-now.com/oauth_redirect.do`
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image25.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+6. \[The person who is a ServiceNow admin\] Create Integration Users.
+
+ Navigate to **Organization** > **Users** to create a new user if there is no integration user. The value of **User ID** is the application Client ID created in step [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) \#3
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image26.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+### \[Optional\] Allow the serviceΓÇÖs IPs of Microsoft 365 support integration
+
+If your company is limiting internet access with your own policies, enable network access for the service of Microsoft 365 support integration by allowing these IP addresses for both inbound and outbound API access:
+
+- 52.149.152.32
+
+- 40.83.232.243
+
+- 40.83.114.39
+
+- 13.76.138.31
+
+- 13.79.229.170
+
+- 20.105.151.142
+
+> [!NOTE]
+> This terminal command lists all active IPs of the service for Microsoft 365 support integration:
+> *nslookup connector.rave.microsoft.com*
+
+### Set up Microsoft 365 support integration
+
+The Microsoft 365 support integration application can be set up through the **Setup** under the Microsoft 365 support.
+
+These steps are necessary to set up the integration between your ServiceNow instance and Microsoft 365 support.
+
+1. \[The person who is a ServiceNow admin\] Switch the scope to Microsoft 365 support integration.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image9.png" alt-text="Graphical user interface, table Description automatically generated":::
+
+2. \[The person who is a ServiceNow admin\] Go to Microsoft 365 support > **Setup** to open the integration flow.
+
+ > [!NOTE]
+ > If you see the error "Read operation against 'oauth\_entity' from scope 'x\_mioms\_m365\_assis' has been refused due to the table's cross-scope access policy," it was caused by your table access policy. You must make sure **All application scopes** > **Can read** is checked for the table oauth\_entity.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image27.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+3. \[The person who is a ServiceNow admin\] Select **Agree** to agree to the consent.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image11.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+4. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider.
+
+ Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#4 and select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image12.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+5. \[The person who is a ServiceNow admin\] Set up Inbound OAuth Provider.
+
+ 1. Uncheck **Skip current step**.
+
+ 1. Check **External OIDC Auth Token**.
+
+ 1. Select the OAuth Client created at [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step 5, and then select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image28.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+6. \[The person who is a ServiceNow admin\] Set up Inbound Call Integration User.
+
+ 1. Uncheck **Skip current step**.
+
+ 1. Input the Client ID of the application that was created at [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#3 and select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image39.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+7. \[The person who is a ServiceNow admin\] Set up the Repository ID.
+
+ Specify the repository ID and select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image15.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+8. \[The person who is a ServiceNow admin\] Set up Application Settings.
+
+ Select the following settings, and then select **Next**.
+
+ - SSO with Microsoft 365: Check whether the ServiceNow instance is set up as SSO with Microsoft 365 tenants, otherwise uncheck it.
+
+ - Microsoft 365 admin email: The email of Microsoft 365 admin user who is contacted when Microsoft 365 support cases are created.
+
+ - Test Environment: Check the box to indicate a test phase to avoid Microsoft support agents contacting you to address the issue. If you're ready to move forward officially with Microsoft 365 support integration, uncheck the box.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image16.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+ 1. Select **Next**.
+
+9. \[The person who is Helpdesk Admin or Service Request Admin in Microsoft 365 tenants\] Complete integration.
+
+ 1. Check the following information to make sure it's correct.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image40.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Go to Microsoft 365 [Admin Portal](https://admin.microsoft.com) > **Settings** > **Org settings** > **Organization profiles**.
+
+ 1. Set up support integration settings.
+
+ 1. On the **basic information** tab, select **Service Now** as the internal support tool, and type **Outbound App ID** as the value of Application ID on the Step - 6 Complete the integration page, which was created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#1.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image18.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. On the **Repositories** tab, select **Add a repository** to create a new repository with the following information:
+
+ - Repository: Use the **Repository ID** value from the Step - 6 Complete the integration page.
+
+ - Endpoint: The **Endpoint** value from the Step - 6 Complete the integration page.
+
+ - Authentication type: Select **AAD Auth**.
+
+ - Client Id: The **Client ID** value on the Step - 6 Complete the integration page, which is the Client ID of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#2.
+
+ - Rest username: The **User Name** value on the Step - 6 Complete the integration page, which is the **Client ID** of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#3.
+
+ - Rest user password: The App Secret of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#3.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image31.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+ 1. Go back and select the button to save the integration.
+
+ 1. Select **Next** to complete the integration.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image32.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+10. \[The person who is a ServiceNow admin\] Enable Microsoft 365 support integration for an existing user.
+
+ Microsoft 365 support integration is enabled only for users with the following roles:
+
+ - x\_mioms\_m365\_assis.insights\_user
+
+ - x\_mioms\_m365\_assis.administrator
+
+ > [!NOTE]
+ > The user with the role x\_mioms\_m365\_assis.insights\_user can see Service Health Incidents, Recommended Solutions. The user with the role x\_mioms\_m365\_assis.administrator also can open a case with Microsoft 365 support.
+
+11. **\[Optional\] \[The user with role x_mioms_m365_assis.administrator\] Link Microsoft 365 Admin account**
+
+ If any user has the role ΓÇ£x\_mioms\_m365\_assis.administratorΓÇ¥ and they're using different Microsoft 365 accounts to manage Microsoft support cases, they must go to Microsoft 365 support > Link Account to set up their Microsoft 365 admin email.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image21.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+## Set up Microsoft 365 support integration for Insights ONLY
+
+### Prerequisites (Insights ONLY)
+
+These prerequisite steps are necessary to set up Microsoft 365 support integration:
+
+1. \[The person who can create AAD applications\] Create AAD Application under your Microsoft 365 tenant.
+
+ 1. Log on to the [Azure Portal](https://portal.azure.com/) with your Microsoft 365 tenant credentials.
+
+ 1. Go to the **App registrations** page and create a new application.
+
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image3.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Add redirect URL: `https://{your-servicenow-instance}.service-now.com/auth_redirect.do`
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image4.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Get Client ID of the application and create an App Secret.
+
+1. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider in ServiceNow.
+
+ 1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
+
+ 1. Go to **System OAuth** > **Application Registry**.
+
+ 1. Create a new application with the values below by selecting **Connect to a third party OAuth Provider**.
+
+ - Client ID: The **Client ID** of the application created in [Prerequisites (Insights ONLY)](#prerequisites-insights-only) step \#1
+
+ - Client Secret: The App Secret of the application created in [Prerequisites (Insights ONLY)](#prerequisites-insights-only) step \#1
+
+ - Default Grant type: Client Credentials
+
+ - Token URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/oauth2/token`
+
+ - Redirect URL: `https://{servicenow-instance-name}.service-now.com/oauth_redirect.do`
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+### Set up Microsoft 365 support integration
+
+The Microsoft 365 support integration application can be set up through **Setup** under Microsoft 365 support.
+
+The following steps are needed to set up the integration between your ServiceNow instance and Microsoft support.
+
+1. \[The person who is a ServiceNow admin\] Switch the scope to Microsoft 365 support integration.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image9.png" alt-text="Graphical user interface, table Description automatically generated":::
+
+2. \[The person who is a ServiceNow admin\] Go to Microsoft 365 support > **Setup** to open the integration flow.
+
+ > [!NOTE]
+ > If you see the error "Read operation against 'oauth\_entity' from scope 'x\_mioms\_m365\_assis' has been refused due to the table's cross-scope access policy," it was caused by your table access policy. You must make sure **All application scopes** > **Can read** is checked for the table oauth\_entity.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image27.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+3. \[The person who is a ServiceNow admin\] Select **Agree** to agree to the consent.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image11.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+4. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider.
+
+ Select OAuth profile for Outbound OAuth Provider and select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image12.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+5. \[The person who is a ServiceNow admin\] Skip Inbound OAuth Provider.
+
+ Check **Skip current step**, and then select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image33.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+6. \[The person who is a ServiceNow admin\] Skip Integration User.
+
+ Check **Skip current step** and select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image34.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+7. \[The person who is a ServiceNow admin\] Set up Repository ID.
+
+ Specify the repository ID and select **Next**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image15.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+8. \[The person who is a ServiceNow admin\] Set up Application Settings.
+
+ Select the right settings and select **Next**.
+
+ - SSO with Microsoft 365: Check whether the ServiceNow instance is set up as SSO with Microsoft 365 tenants; otherwise uncheck it.
+
+ - Microsoft 365 Admin Email: The email of Microsoft 365 admin user to be contacted when Microsoft 365 support cases are created.
+
+ - Test Environment: Check the box to indicate a test phase to avoid Microsoft support agents contacting you to address the issue. If you're ready to move forward officially with Microsoft 365 support integration, uncheck the box.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image16.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+
+9. \[The person who is Helpdesk Admin or Service Request Admin in Microsoft 365 tenants\] Complete Integration.
+
+ 1. Check the information here to make sure it's correct.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image35.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. Go to Microsoft 365 [Admin Portal](https://admin.microsoft.com) > **Settings** > **Org settings** > **Organization profiles**.
+
+ 1. Set up support integration settings with the information shown in setup flow.
+
+ 1. On the **basic information** tab, select **Service Now** as the internal support tool, and type **Outbound App ID** as the Application ID to issue an OAuth token.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image18.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+
+ 1. On the **Repositories** tab, select **Add a repository** to create a new repository with the following information:
+
+ - Repository: The **Repository ID** value from the Step - 6 Complete the integration page.
+
+ - Endpoint: The **Endpoint** value from the Step - 6 Complete the integration page.
+
+ - Authentication type: Select **AAD Auth**.
+
+ - Client ID: A random value, such as **ignored**.
+
+ - Rest username: A random value, such as **ignored**.
+
+ - Rest user password: A random value, such as **ignored**.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image36.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+ 1. Go back and select the button to save the integration.
+
+ 1. Select **Next** to complete the integration.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image37.png" alt-text="Graphical user interface, application Description automatically generated":::
+
+10. \[The person who is a ServiceNow admin\] Enable Microsoft 365 support integration for an existing user.
+
+ Microsoft 365 support integration is enabled only for these user roles:
+
+ - x\_mioms\_m365\_assis.insights\_user
+
+ - x\_mioms\_m365\_assis.administrator
+
+ > [!NOTE]
+ > The user with the role x_mioms_m365_assis.insights_user can see Service Health Incidents, Recommended Solutions. The user with the role x_mioms_m365_assis.administrator also can open a case with Microsoft 365 support. With Insights ONLY, no one should be assigned the role x_mioms_m365_assis.administrator.
+
+## Testing the configuration
+
+If your application requires successful communication with external systems, outline how to test the connection to ensure a successful configuration.
+
+Here are the steps to test the configuration of Microsoft 365 support integration:
+
+1. Log on to ServiceNow portal as admin.
+
+2. Open any incident.
+
+3. Focus on **Microsoft 365 support** tab, and select **Microsoft 365 Insights** to determine if the recommended solutions were retrieved successfully.
+
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image38.png" alt-text="Graphical user interface, application, website Description automatically generated":::
+
+## Troubleshooting
+
+|#|Problem|Diagnostics action|
+| | | |
+|1|Can't see **Microsoft 365 support** tab|Verify the current view and **System Logs** > **All** with filter x_mioms_m365_assit|
+|2|Select **Microsoft recommended solutions** but get error "Please contact your ServiceNow admin and ask them to complete the setup steps for the app."|Check the error message on top of the form and **System Logs** > **All** with filter x_mioms_m365_assit|
+|3|Select **Microsoft recommended solutions** but get error "Please contact your ServiceNow admin and ask them to complete the final set up step for the app."|Check the error message on top of the form and **System Logs** > **All** with filter x_mioms_m365_assit|
+|4|Type the problem in search box and select **Microsoft recommended solutions** but get error "Please contact your ServiceNow admin and ask them to complete the setup steps for the app."|Check the error message on top of the form and **System Logs** > **All** with filter x_mioms_m365_assit|
+|5|Type problem in search box and select **Microsoft recommended solutions** but get error "Please contact your ServiceNow admin and ask them to complete the final set up step for the app."|Check the error message on top of the form and **System Logs** > **All** with filter x_mioms_m365_assit|
+|6|Select **Contact Microsoft support**, but get the error "Please contact your ServiceNow admin and ask them to complete the setup steps for the app."|Check the error message on top of the form and **System Logs** > **All** with filter x_mioms_m365_assit|
+|7|Select **Contact Microsoft support**, but get the error "Please contact your ServiceNow admin and ask them to complete the final set up step for the app."|Check the error message on top of the form and **System Logs** > **All** with filter x_mioms_m365_assit|
+|8|Select **Contact Microsoft support** but get the error "{EmailAddress} is not a valid Microsoft 365 admin account. You need Microsoft 365 admin privileges to open a service request. In the app, link the admin account."|Check the error message on top of the form and **System Logs** > **All** with filter x_mioms_m365_assit|
+|9|Select **Microsoft recommended solutions** but nothing shows up|Check **System Logs ΓÇô Outbound HTTP logs** with filter login.microsoftonline.com and connector.rave.microsoft.com|
+|10|Select **Microsoft recommended solutions** but get error "Please contact app support."|Check the error message on top of the form and **System Logs** > **All** with filter x_mioms_m365_assit|
+|11|Type problem in search box and select **Microsoft recommended solutions** but nothing shows up|Check **System Logs ΓÇô Outbound HTTP logs** with filter login.microsoftonline.com and connector.rave.microsoft.com|
+|12|Type problem in search box and select **Microsoft recommended solutions** but get error "Please contact app support."|Check the error message on top of the form and **System Logs** > **All** with filter x_mioms_m365_assit|
+|13|User selects **Contact Microsoft support**, but nothing happens|Check **System Logs ΓÇô Outbound HTTP logs** with filter login.microsoftonline.com and connector.rave.microsoft.com|
+|14|CanΓÇÖt see Microsoft recommended solution after reopening the incident|Check **System Logs** > **All** with filter x_mioms_m365_assit|
+|15|CanΓÇÖt see Microsoft cases when reopening the incident that was transferred to Microsoft support|Check **System Logs** > **All** with filter x_mioms_m365_assit|
+|16|Can't save ticket details, get error "Unable to save ticket details. Please contact App support."|Check the error message on top of form|
admin Get Started Windows 365 Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/get-started-windows-365-business.md
On their Windows 365 home page, users see the Cloud PCs they have access to in t
Users can select **Open in browser** to open their Cloud PC. > [!NOTE]
-> Mobile devices arenΓÇÖt currently supported.
+> Mobile devices arenΓÇÖt currently supported for using a browser to open Cloud PC. The Remote Desktop app is supported.
#### User actions
business-video Migrate Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-video/moveto-microsoft-365/migrate-email.md
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn how to migrate email, contacts and calendar from Google Workspace to Microsoft 365 for business."
+description: "Learn how to migrate email, contacts, and calendar from Google Workspace to Microsoft 365 for business."
# Migrate business email and calendar from Google Workspace
The migration process takes several steps and can take from several hours to a c
1. Using a Chrome browser, sign into your Google Workspace admin console at [admin.google.com](https://admin.google.com). 1. In a new tab or window, navigate to the [Service Accounts](https://console.developers.google.com/iam-admin/serviceaccounts) page.
-1. Select **Create project**, name the project and choose **Create**.
+1. Select **Create project**, name the project, and choose **Create**.
1. Select **Create service account**, enter a name, choose **Create** and then **Done**. 1. Open the **Actions** menu, select **Edit**, and take note of the Unique ID. YouΓÇÖll need this ID later in the process. 1. Open the **Show domain-wide delegation** section. 1. Select **Enable G Suite Domain-wide Delegation**, enter a product name for the consent screen, and choose **Save**. > [!NOTE]
-> The product name is not used by the migration process, but is needed to save in the dialog.
+ > The product name is not used by the migration process, but is needed to save in the dialog.
1. Open the **Actions** menu again and select **Create key**. 1. Choose **JSON**, then **Create**.
The migration process takes several steps and can take from several hours to a c
### Grant access to the service account 1. Return to the Google Workspace admin console.
-1. Select **Security**, scroll down and open **API controls**.
+1. Select **Security**, scroll down, and open **API controls**.
1. Scroll down and select **Manage Domain-wide Delegation**. 1. Select **Add new** and enter the Client ID you made note of earlier. 1. Then enter the OAuth scopes for Google APIs. These are available at [aka.ms/GoogleWorkspaceMigration](/exchange/mailbox-migration/perform-g-suite-migration#grant-access-to-the-service-account-for-your-google-tenant) in step 5 and are:
compliance Sensitivity Labels Coauthoring https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-coauthoring.md
description: "Turn on a setting that enables co-authoring and AutoSave in deskto
>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).*
-> [!NOTE]
-> This feature is in preview and subject to change.
- Enable the setting to support [co-authoring](https://support.office.com/article/ee1509b4-1f6e-401e-b04a-782d26f564a4) for Office desktop apps so that when documents are labeled and encrypted by [sensitivity labels](sensitivity-labels.md), multiple users can edit these documents at the same time. Without this setting enabled for your tenant, users must check out an encrypted document stored in SharePoint or OneDrive when they use Office desktop apps. As a result, they can't collaborate in real time. Or, they must use Office on the web when [sensitivity labels are enabled for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md).
Make sure you understand the following prerequisites before you turn on this fea
- Sensitivity labels must be [enabled for Office files in SharePoint and OneDrive](sensitivity-labels-sharepoint-onedrive-files.md) for the tenant. If this feature isn't already enabled, it will be automatically enabled when you select the setting to turn on co-authoring for files with sensitivity labels. - Microsoft 365 Apps for enterprise:
- - **Windows**: Minimum version 2106
- - **macOS**: Minimum version 16.50
+ - **Windows**: Minimum version 2107
+ - **macOS**: Minimum version 16.51
- **iOS**: Not yet supported - **Android**: Not yet supported - All apps, services, and operational tools in your tenant must support the new [labeling metadata](#metadata-changes-for-sensitivity-labels). If you use any of the following, check the minimum versions required: - **Azure Information Protection unified labeling client and scanner:**
- - A public preview version (installation name of AzInfoProtection_2.10.46_CoAuthoring_PublicPreview.exe) that you can install from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=53018)
+ - Minimum version 2.12.62.0 that you can install from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=53018)
- **OneDrive sync app for Windows or macOS:** - Minimum version of 19.002.0121.0008
Before you enable the tenant setting for co-authoring for files encrypted with s
Specific to Excel: Metadata for a sensitivity label that doesn't apply encryption can be deleted from a file if somebody edits and saves that file by using a version of Excel that doesn't support the metadata changes for sensitivity labels.
+- Office apps for iOS and Android are not currently supported.
+ - Co-authoring and AutoSave aren't supported and don't work for labeled and encrypted Office documents that use any of the following [configurations for encryption](encryption-sensitivity-labels.md#configure-encryption-settings): - **Let users assign permissions when they apply the label** and the checkbox **In Word, PowerPoint, and Excel, prompt users to specify permissions** is selected. This configuration is sometimes referred to as "user-defined permissions". - **User access to content expires** is set to a value other than **Never**.
Before you enable the tenant setting for co-authoring for files encrypted with s
For labels with any of these encryption configurations, the labels display in Office apps. However, when users select these labels and nobody else is editing the document, they are warned that co-authoring and AutoSave won't be available. If somebody else is editing the document, users see a message that the labels can't be applied. -- If you use the Azure Information Protection unified labeling client: Check the documentation for this labeling client for [more requirements or limitations](/azure/information-protection/known-issues#known-issues-for-co-authoring-public-preview).-
-## Known issues for this preview
-
-This preview version of co-authoring for files encrypted with sensitivity labels has the following known issues:
--- Users won't be able to apply any labels in Office for the web for Word, Excel, and PowerPoint files that are bigger than 300 MB. For these files, you can use the Office desktop apps to apply a label but you must be the only person who has the file open.--- Currently rolling out: Support for [DLP policies that use sensitivity labels as conditions](dlp-sensitivity-label-as-condition.md) and unencrypted attachments for emails.--- Some documents are incompatible with sensitivity labels because of features such as [password-protection](https://support.microsoft.com/office/require-a-password-to-open-or-modify-a-workbook-10579f0e-b2d9-4c05-b9f8-4109a6bce643), [shared workbooks](https://support.microsoft.com/office/about-the-shared-workbook-feature-49b833c0-873b-48d8-8bf2-c1c59a628534), or content that includes ActiveX controls. Other reasons are documented in [Troubleshoot co-authoring in Office](https://support.microsoft.com/office/troubleshoot-co-authoring-in-office-bd481512-3f3a-4b6d-b7eb-ebf9d3626ae7). For these documents, you see a message **UPLOAD FAILED** and should select the **Discard Changes** option. Until this issue is addressed, do not label these documents that are identified with this failure message.--- Office apps for iOS and Android are not supported.
+- If you use the Azure Information Protection unified labeling client: Check the documentation for this labeling client for [more requirements or limitations](/azure/information-protection/known-issues#known-issues-for-co-authoring).
## How to enable co-authoring for files with sensitivity labels > [!CAUTION]
-> Turning on this setting is a one-way action. While the feature is in preview, enable it only after you have read and understood the metadata changes, prerequisites, limitations, and any known issues documented on this page.
+> Turning on this setting is a one-way action. Enable it only after you have read and understood the metadata changes, prerequisites, limitations, and any known issues documented on this page.
+
+If you have already turned on this setting during the preview period, no further action is needed and you can skip this procedure.
1. Sign in to the [Microsoft 365 compliance center](https://compliance.microsoft.com) as a global admin for your tenant. 2. From the navigation pane, select **Settings** > **Co-authoring for files with sensitivity files**.
-2. On the **Co-authoring for files with sensitivity labels (preview)** page, read the summary description, prerequisites, what to expect, and the warning that you can't turn off this setting after you've turned it on.
+2. On the **Co-authoring for files with sensitivity labels** page, read the summary description, prerequisites, what to expect, and the warning that you can't turn off this setting after you've turned it on.
Then select **Turn on co-authoring for files with sensitivity labels**, and **Apply**:
If a support engineer disables this setting for your tenant:
- Co-authoring and AutoSave no longer work in your tenant for labeled and encrypted documents. -- Sensitivity labels remain enabled for Office files in OneDrive and SharePoint.
+- Sensitivity labels remain enabled for Office files in OneDrive and SharePoint.
compliance Sensitivity Labels Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitivity-labels-office-apps.md
The numbers listed are the minimum Office application version required for each
|[Require users to apply a label to their email and documents](#require-users-to-apply-a-label-to-their-email-and-documents) | 2101+ | 16.45+ | 2.47+ | 16.0.13628+ | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /> - Using sensitive info types | 2009+ | 16.44+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) | |[Apply a sensitivity label to content automatically](apply-sensitivity-label-automatically.md) <br /> - Using trainable classifiers | 2009+ | Under review | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
-|[Support co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for labeled and encrypted documents | 2106+ | 16.50+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
+|[Support co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for labeled and encrypted documents | 2107+ | 16.51+ | Under review | Under review | [Yes - opt-in](sensitivity-labels-sharepoint-onedrive-files.md) |
| **Footnotes:**
includes Machineactionsnote https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/machineactionsnote.md
ms.prod: w10
>[!Note]
-> This page focuses on performing a machine action via API. See [take response actions on a machine](/microsoft-365/security/defender-endpoint/respond-machine-alerts.md) for more information about response actions functionality via Microsoft Defender for Endpoint.
+> This page focuses on performing a machine action via API. See [take response actions on a machine](/microsoft-365/security/defender-endpoint/respond-machine-alerts) for more information about response actions functionality via Microsoft Defender for Endpoint.
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->----
-## Week of August 23, 2021
--
-| Published On |Topic title | Change |
-|||--|
-| 8/26/2021 | [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles?view=o365-21vianet) | modified |
-| 8/26/2021 | [About admin roles](/microsoft-365/admin/add-users/admin-roles-page?view=o365-21vianet) | modified |
-| 8/26/2021 | [Assign admin roles the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles?view=o365-21vianet) | modified |
-| 8/26/2021 | [Pin apps to your users' app launcher](/microsoft-365/admin/manage/pin-apps-to-app-launcher?view=o365-21vianet) | modified |
-| 8/26/2021 | [Get started with Windows 365 Business and Cloud PCs](/microsoft-365/admin/setup/get-started-windows-365-business?view=o365-worldwide) | modified |
-| 8/26/2021 | [Enable domain-joined Windows 10 devices to be managed by Microsoft 365 for business](/microsoft-365/admin/setup/manage-windows-devices?view=o365-21vianet) | modified |
-| 8/26/2021 | [Secure Windows 10 computers](/microsoft-365/admin/setup/secure-win-10-pcs?view=o365-21vianet) | modified |
-| 8/26/2021 | [Troubleshoot Windows 365 Business Cloud PC setup issues](/microsoft-365/admin/setup/troubleshoot-windows-365-business?view=o365-worldwide) | modified |
-| 8/26/2021 | [Microsoft 365 usage analytics data model](/microsoft-365/admin/usage-analytics/usage-analytics-data-model?view=o365-21vianet) | modified |
-| 8/26/2021 | [Understand the proposal workflow](/microsoft-365/commerce/understand-proposal-workflow?view=o365-21vianet) | modified |
-| 8/26/2021 | [Get started with visibility and insights](/microsoft-365/compliance/app-governance-visibility-insights-get-started?view=o365-21vianet) | modified |
-| 8/26/2021 | [Get started with Microsoft Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-21vianet) | modified |
-| 8/26/2021 | [Create custom sensitive information types with Exact Data Match](/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification?view=o365-21vianet) | modified |
-| 8/26/2021 | [Data Loss Prevention Reference](/microsoft-365/compliance/data-loss-prevention-policies?view=o365-21vianet) | modified |
-| 8/26/2021 | [Collect eDiscovery diagnostic information](/microsoft-365/compliance/ediscovery-diagnostic-info?view=o365-21vianet) | modified |
-| 8/26/2021 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) | modified |
-| 8/26/2021 | [Use a script to add users to a hold in a Core eDiscovery case](/microsoft-365/compliance/use-a-script-to-add-users-to-a-hold-in-ediscovery?view=o365-21vianet) | modified |
-| 8/26/2021 | [Send email notifications and show policy tips for DLP policies](/microsoft-365/compliance/use-notifications-and-policy-tips?view=o365-21vianet) | modified |
-| 8/26/2021 | [Assign roles to Microsoft 365 user accounts with PowerShell](/microsoft-365/enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell?view=o365-21vianet) | modified |
-| 8/26/2021 | [Content delivery networks](/microsoft-365/enterprise/content-delivery-networks?view=o365-21vianet) | modified |
-| 8/26/2021 | [Exchange Online monitoring for Microsoft 365](/microsoft-365/enterprise/microsoft-365-exchange-monitoring?view=o365-21vianet) | modified |
-| 8/26/2021 | [Access the Admin portal](/microsoft-365/managed-desktop/get-started/access-admin-portal?view=o365-21vianet) | modified |
-| 8/26/2021 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |
-| 8/26/2021 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-21vianet) | modified |
-| 8/26/2021 | [Contact Microsoft Defender for Endpoint support](/microsoft-365/security/defender-endpoint/contact-support?view=o365-21vianet) | modified |
-| 8/26/2021 | [Endpoint detection and response in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-21vianet) | modified |
-| 8/26/2021 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-21vianet) | modified |
-| 8/26/2021 | [Turn on cloud-delivered protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 8/26/2021 | [Enable controlled folder access](/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-21vianet) | modified |
-| 8/26/2021 | [Turn on exploit protection to help mitigate against attacks](/microsoft-365/security/defender-endpoint/enable-exploit-protection?view=o365-21vianet) | modified |
-| 8/26/2021 | [Turn on network protection](/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-21vianet) | modified |
-| 8/26/2021 | [Enable SIEM integration in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-siem-integration?view=o365-21vianet) | modified |
-| 8/26/2021 | [Pilot Defender for Endpoint evaluation](/microsoft-365/security/defender-endpoint/evaluate-defender-endpoint-enable?view=o365-21vianet) | modified |
-| 8/26/2021 | [Experience Microsoft Defender for Endpoint (MDE) through simulated attacks](/microsoft-365/security/defender-endpoint/evaluate-defender-endpoint-pilot?view=o365-21vianet) | modified |
-| 8/26/2021 | [See how Exploit protection works in a demo](/microsoft-365/security/defender-endpoint/evaluate-exploit-protection?view=o365-21vianet) | modified |
-| 8/26/2021 | [Evaluate Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 8/26/2021 | [Microsoft Defender for Endpoint evaluation lab](/microsoft-365/security/defender-endpoint/evaluation-lab?view=o365-21vianet) | modified |
-| 8/26/2021 | [Review events and errors using Event Viewer](/microsoft-365/security/defender-endpoint/event-error-codes?view=o365-21vianet) | modified |
-| 8/26/2021 | [View attack surface reduction events](/microsoft-365/security/defender-endpoint/event-views?view=o365-21vianet) | modified |
-| 8/26/2021 | [Use Microsoft Defender for Endpoint APIs](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-nativeapp?view=o365-21vianet) | modified |
-| 8/26/2021 | [Create an Application to access Microsoft Defender for Endpoint without a user](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-partners?view=o365-21vianet) | modified |
-| 8/26/2021 | [Create an app to access Microsoft Defender for Endpoint without a user](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-21vianet) | modified |
-| 8/26/2021 | [Fetch alerts from MSSP customer tenant](/microsoft-365/security/defender-endpoint/fetch-alerts-mssp?view=o365-21vianet) | modified |
-| 8/26/2021 | [Export assessment methods and properties per device](/microsoft-365/security/defender-endpoint/get-assessment-methods-properties?view=o365-21vianet) | modified |
-| 8/26/2021 | [Export secure configuration assessment per device](/microsoft-365/security/defender-endpoint/get-assessment-secure-config?view=o365-21vianet) | modified |
-| 8/26/2021 | [Export software vulnerabilities assessment per device](/microsoft-365/security/defender-endpoint/get-assessment-software-vulnerabilities?view=o365-21vianet) | modified |
-| 8/26/2021 | [Get domain-related alerts API](/microsoft-365/security/defender-endpoint/get-domain-related-alerts?view=o365-21vianet) | modified |
-| 8/26/2021 | [Get exposure score](/microsoft-365/security/defender-endpoint/get-exposure-score?view=o365-21vianet) | modified |
-| 8/26/2021 | [Get IP related alerts API](/microsoft-365/security/defender-endpoint/get-ip-related-alerts?view=o365-21vianet) | modified |
-| 8/26/2021 | [Get live response results](/microsoft-365/security/defender-endpoint/get-live-response-result?view=o365-21vianet) | modified |
-| 8/26/2021 | [List machineActions API](/microsoft-365/security/defender-endpoint/get-machineactions-collection?view=o365-21vianet) | modified |
-| 8/26/2021 | [Get RBAC machine groups collection API](/microsoft-365/security/defender-endpoint/get-machinegroups-collection?view=o365-21vianet) | modified |
-| 8/26/2021 | [Get missing KBs by software ID](/microsoft-365/security/defender-endpoint/get-missing-kbs-software?view=o365-21vianet) | modified |
-| 8/26/2021 | [List all remediation activities](/microsoft-365/security/defender-endpoint/get-remediation-all-activities?view=o365-21vianet) | modified |
-| 8/26/2021 | [Use sensitivity labels to prioritize incident response](/microsoft-365/security/defender-endpoint/information-protection-investigation?view=o365-21vianet) | modified |
-| 8/26/2021 | [Investigate devices in the Defender for Endpoint Devices list](/microsoft-365/security/defender-endpoint/investigate-machines?view=o365-21vianet) | modified |
-| 8/26/2021 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |
-| 8/26/2021 | [Troubleshoot license issues for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-support-license?view=o365-21vianet) | modified |
-| 8/26/2021 | [New configuration profiles for macOS Catalina and newer versions of macOS](/microsoft-365/security/defender-endpoint/mac-sysext-policies?view=o365-21vianet) | modified |
-| 8/26/2021 | [Device health and compliance report in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/machine-reports?view=o365-21vianet) | modified |
-| 8/26/2021 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |
-| 8/26/2021 | [Microsoft Threat Experts](/microsoft-365/security/defender-endpoint/microsoft-threat-experts?view=o365-21vianet) | modified |
-| 8/26/2021 | [Onboarding using Microsoft Endpoint Configuration Manager](/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager?view=o365-21vianet) | modified |
-| 8/26/2021 | [Prepare Microsoft Defender for Endpoint deployment](/microsoft-365/security/defender-endpoint/prepare-deployment?view=o365-21vianet) | modified |
-| 8/26/2021 | [Run and customize on-demand scans in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus?view=o365-21vianet) | modified |
-| 8/26/2021 | [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup?view=o365-21vianet) | modified |
-| 8/26/2021 | [Event timeline in threat and vulnerability management](/microsoft-365/security/defender-endpoint/threat-and-vuln-mgt-event-timeline?view=o365-21vianet) | modified |
-| 8/26/2021 | [Indicator resource type](/microsoft-365/security/defender-endpoint/ti-indicator?view=o365-21vianet) | modified |
-| 8/26/2021 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-21vianet) | modified |
-| 8/26/2021 | [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/defender/m365d-action-center?view=o365-21vianet) | modified |
-| 8/26/2021 | [Manage access to Microsoft 365 Defender data in the Microsoft 365 Defender portal](/microsoft-365/security/defender/m365d-permissions?view=o365-21vianet) | modified |
-| 8/26/2021 | [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |
-| 8/26/2021 | [Microsoft 365 Defender prerequisites](/microsoft-365/security/defender/prerequisites?view=o365-21vianet) | modified |
-| 8/26/2021 | [Mail flow insights in the Mail flow dashboard](/microsoft-365/security/office-365-security/mail-flow-insights-v2?view=o365-21vianet) | modified |
-| 8/26/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
-| 8/26/2021 | [Threat investigation & response capabilities - Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/office-365-ti?view=o365-21vianet) | modified |
-| 8/26/2021 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
-| 8/26/2021 | [Protect against threats in Microsoft Defender for Office 365, Anti-malware, Anti-Phishing, Anti-spam, Safe links, Safe attachments, Zero-hour auto purge (ZAP), MDO security configuration](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-21vianet) | modified |
-| 8/26/2021 | [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/turn-on-mdo-for-spo-odb-and-teams?view=o365-21vianet) | modified |
-| 8/26/2021 | [Use Privileged Identity Management (PIM) in Defender for Office 365.](/microsoft-365/security/office-365-security/use-privileged-identity-management-in-defender-for-office-365?view=o365-21vianet) | modified |
-| 8/26/2021 | [View Defender for Office 365 reports](/microsoft-365/security/office-365-security/view-reports-for-mdo?view=o365-21vianet) | modified |
-| 8/26/2021 | [Create your collaboration governance plan](/microsoft-365/solutions/collaboration-governance-first?view=o365-21vianet) | modified |
-| 8/26/2021 | [Microsoft 365 enterprise resource planning - Security architecture](/microsoft-365/solutions/identity-design-principles?view=o365-21vianet) | modified |
-| 8/26/2021 | [Advanced eDiscovery limits](/microsoft-365/compliance/limits-ediscovery20?view=o365-21vianet) | modified |
-| 8/26/2021 | [Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-21vianet) | modified |
+++
+## Week of September 06, 2021
++
+| Published On |Topic title | Change |
+|||--|
+| 9/7/2021 | [Create retention labels and apply them in apps to retain or delete content](/microsoft-365/compliance/create-apply-retention-labels?view=o365-21vianet) | modified |
+| 9/7/2021 | [Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control?view=o365-21vianet) | modified |
+| 9/7/2021 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-21vianet) | added |
+| 9/7/2021 | [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365?view=o365-21vianet) | modified |
+| 9/7/2021 | [Email analysis in investigations for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/email-analysis-investigations?view=o365-21vianet) | modified |
+| 9/7/2021 | [Investigate malicious email that was delivered in Microsoft 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-21vianet) | modified |
+| 9/7/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 9/7/2021 | [Step-by-step threat protection stack in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/protection-stack-microsoft-defender-for-office365?view=o365-21vianet) | modified |
+| 9/7/2021 | [Security dashboard overview](/microsoft-365/security/office-365-security/security-dashboard?view=o365-21vianet) | modified |
+| 9/7/2021 | [Business Assist for Microsoft 365](/microsoft-365/admin/misc/business-assist?view=o365-21vianet) | modified |
+| 9/7/2021 | [Create a DLP policy from a template](/microsoft-365/compliance/create-a-dlp-policy-from-a-template?view=o365-21vianet) | modified |
+| 9/7/2021 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-21vianet) | modified |
+| 9/7/2021 | [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
+| 9/7/2021 | [Archive third-party data](/microsoft-365/compliance/archiving-third-party-data?view=o365-21vianet) | modified |
+| 9/7/2021 | [Troubleshooting common eDiscovery issues](/microsoft-365/compliance/ediscovery-troubleshooting-common-issues?view=o365-21vianet) | modified |
+| 9/7/2021 | [Advanced indexing of custodian data](/microsoft-365/compliance/indexing-custodian-data?view=o365-21vianet) | modified |
+| 9/7/2021 | [Insider risk management policies](/microsoft-365/compliance/insider-risk-management-policies?view=o365-21vianet) | modified |
+| 9/7/2021 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
+| 9/7/2021 | [Microsoft SharePoint Syntex adoption: Get started](/microsoft-365/contentunderstanding/adoption-getstarted) | modified |
+| 9/7/2021 | [Investigate incidents in Microsoft 365 Defender](/microsoft-365/security/defender/investigate-incidents?view=o365-21vianet) | modified |
+| 9/7/2021 | [Difference between document understanding and form processing models](/microsoft-365/contentunderstanding/difference-between-document-understanding-and-form-processing-model) | modified |
+| 9/7/2021 | [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |
+| 9/8/2021 | [Keyword queries and search conditions for eDiscovery](/microsoft-365/compliance/keyword-queries-and-search-conditions?view=o365-21vianet) | modified |
+| 9/8/2021 | [Configure permissions filtering for eDiscovery](/microsoft-365/compliance/permissions-filtering-for-content-search?view=o365-21vianet) | modified |
+| 9/8/2021 | [Set up compliance boundaries for eDiscovery investigations](/microsoft-365/compliance/set-up-compliance-boundaries?view=o365-21vianet) | modified |
+| 9/8/2021 | [Microsoft SharePoint Syntex adoption: Get started](/microsoft-365/contentunderstanding/adoption-getstarted) | modified |
+| 9/8/2021 | [Setup guides for Microsoft 365 and Office 365 services](/microsoft-365/enterprise/setup-guides-for-microsoft-365?view=o365-21vianet) | modified |
+| 9/7/2021 | Contact Microsoft Defender for Endpoint support for US Government customers | removed |
+| 9/8/2021 | [Microsoft 365 Reports in the admin center - Mailbox usage](/microsoft-365/admin/activity-reports/mailbox-usage?view=o365-21vianet) | modified |
+| 9/8/2021 | [Configure email forwarding](/microsoft-365/admin/email/configure-email-forwarding?view=o365-21vianet) | modified |
+| 9/8/2021 | [Get started with custom sensitive information types](/microsoft-365/compliance/create-a-custom-sensitive-information-type?view=o365-21vianet) | modified |
+| 9/8/2021 | [Create a keyword dictionary](/microsoft-365/compliance/create-a-keyword-dictionary?view=o365-21vianet) | modified |
+| 9/8/2021 | [Data loss prevention and Microsoft Teams](/microsoft-365/compliance/dlp-microsoft-teams?view=o365-21vianet) | modified |
+| 9/8/2021 | [Data Loss Prevention policy reference](/microsoft-365/compliance/dlp-policy-reference?view=o365-21vianet) | modified |
+| 9/8/2021 | [Microsoft 365 compliance support for double byte character set release notes](/microsoft-365/compliance/mip-dbcs-relnotes?view=o365-21vianet) | modified |
+| 9/8/2021 | [Learn about sensitive information types](/microsoft-365/compliance/sensitive-information-type-learn-about?view=o365-21vianet) | modified |
+| 9/8/2021 | [Set up SharePoint Syntex](/microsoft-365/contentunderstanding/set-up-content-understanding) | modified |
+| 9/8/2021 | [Licensing for SharePoint Syntex](/microsoft-365/contentunderstanding/syntex-licensing) | added |
+| 9/8/2021 | [Implementing VPN split tunneling for Office 365](/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-21vianet) | modified |
+| 9/8/2021 | [Monitor Microsoft 365 connectivity](/microsoft-365/enterprise/monitor-connectivity?view=o365-21vianet) | modified |
+| 9/8/2021 | [Overview of advanced hunting in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/advanced-hunting-overview?view=o365-21vianet) | modified |
+| 9/8/2021 | [OData queries with Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/exposed-apis-odata-samples?view=o365-21vianet) | modified |
+| 9/8/2021 | [Manage Microsoft Defender Antivirus updates and apply baselines](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 9/8/2021 | [Hardware-based isolation (Windows 10)](/microsoft-365/security/defender-endpoint/overview-hardware-based-isolation?view=o365-21vianet) | modified |
+| 9/8/2021 | [Create an app to access Microsoft 365 Defender APIs on behalf of a user](/microsoft-365/security/defender/api-create-app-user-context?view=o365-21vianet) | modified |
+| 9/8/2021 | [Decryption in eDiscovery](/microsoft-365/compliance/ediscovery-decryption?view=o365-21vianet) | modified |
+| 9/8/2021 | [Set up a connector to import HR data](/microsoft-365/compliance/import-hr-data?view=o365-21vianet) | modified |
+| 9/8/2021 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |
+| 9/8/2021 | [Manage Industry news](/microsoft-365/admin/manage/manage-industry-news?view=o365-21vianet) | modified |
+| 9/8/2021 | [Define your service offerings in Bookings](/microsoft-365/bookings/define-service-offerings?view=o365-21vianet) | modified |
+| 9/8/2021 | [Create custom sensitive information types with Exact Data Match](/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification?view=o365-21vianet) | modified |
+| 9/8/2021 | [Get started with the Microsoft Compliance Extension](/microsoft-365/compliance/dlp-chrome-get-started?view=o365-21vianet) | modified |
+| 9/8/2021 | [Partially indexed items in Content Search and other eDiscovery tools](/microsoft-365/compliance/partially-indexed-items-in-content-search?view=o365-21vianet) | modified |
+| 9/8/2021 | Reports in the Security & Compliance Center | removed |
+| 9/8/2021 | [Use drive shipping to import your organization's PST files](/microsoft-365/compliance/use-drive-shipping-to-import-pst-files-to-office-365?view=o365-21vianet) | modified |
+| 9/8/2021 | [What's new in Microsoft 365 compliance](/microsoft-365/compliance/whats-new?view=o365-21vianet) | modified |
+| 9/8/2021 | [Launch your portal using the Portal launch scheduler](/microsoft-365/enterprise/portallaunchscheduler?view=o365-21vianet) | modified |
+| 9/8/2021 | [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint?view=o365-21vianet) | modified |
+| 9/8/2021 | [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |
+| 9/8/2021 | [Quarantine policies](/microsoft-365/security/office-365-security/quarantine-policies?view=o365-21vianet) | modified |
+| 9/8/2021 | [View email security reports](/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-21vianet) | modified |
+| 9/8/2021 | [Set up your infrastructure for hybrid work with Microsoft 365](/microsoft-365/solutions/empower-people-to-work-remotely?view=o365-21vianet) | modified |
+| 9/8/2021 | [Microsoft Defender for Endpoint Device Control Device Installation](/microsoft-365/security/defender-endpoint/mde-device-control-device-installation?view=o365-21vianet) | added |
+| 9/8/2021 | [Get started with visibility and insights](/microsoft-365/compliance/app-governance-visibility-insights-get-started?view=o365-21vianet) | modified |
+| 9/9/2021 | [About shared mailboxes](/microsoft-365/admin/email/about-shared-mailboxes?view=o365-21vianet) | modified |
+| 9/9/2021 | [Manage Customer Key](/microsoft-365/compliance/customer-key-manage?view=o365-21vianet) | modified |
+| 9/9/2021 | [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules?view=o365-21vianet) | modified |
+| 9/9/2021 | [Complete Safe Links overview for Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/safe-links?view=o365-21vianet) | modified |
+| 9/9/2021 | [Search the audit log in the Microsoft 365 compliance center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
+| 9/9/2021 | [Set up Advanced Audit in Microsoft 365](/microsoft-365/compliance/set-up-advanced-audit?view=o365-21vianet) | modified |
+| 9/9/2021 | [Send email notifications and show policy tips for DLP policies](/microsoft-365/compliance/use-notifications-and-policy-tips?view=o365-21vianet) | modified |
+| 9/9/2021 | [Microsoft 365 Lighthouse frequently asked questions (FAQs)](/microsoft-365/lighthouse/m365-lighthouse-faq?view=o365-21vianet) | modified |
+| 9/9/2021 | [Overview of Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-overview?view=o365-21vianet) | modified |
+| 9/9/2021 | [Requirements for Microsoft 365 Lighthouse](/microsoft-365/lighthouse/m365-lighthouse-requirements?view=o365-21vianet) | modified |
+| 9/9/2021 | [Microsoft 365 Lighthouse tenant list overview](/microsoft-365/lighthouse/m365-lighthouse-tenant-list-overview?view=o365-21vianet) | modified |
+| 9/9/2021 | [Create indicators for files](/microsoft-365/security/defender-endpoint/indicator-file?view=o365-21vianet) | modified |
+| 9/9/2021 | [Indicator resource type](/microsoft-365/security/defender-endpoint/ti-indicator?view=o365-21vianet) | modified |
+| 9/9/2021 | [Performance analyzer for Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/tune-performance-defender-antivirus?view=o365-21vianet) | modified |
+| 9/10/2021 | [Set up a connector to archive YouTube data in Microsoft 365](/microsoft-365/compliance/archive-youtube-data?view=o365-21vianet) | added |
+| 9/10/2021 | [Automatically apply a sensitivity label to content in Microsoft 365](/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-21vianet) | modified |
+| 9/10/2021 | [Set up a connector to archive Rogers Network data in Microsoft 365](/microsoft-365/compliance/archive-rogers-network-archiver-data?view=o365-21vianet) | modified |
+| 9/10/2021 | [Archive third-party data](/microsoft-365/compliance/archiving-third-party-data?view=o365-21vianet) | modified |
+| 9/10/2021 | [Create and configure retention policies to automatically retain or delete content](/microsoft-365/compliance/create-retention-policies?view=o365-21vianet) | modified |
+| 9/10/2021 | [Investigating partially indexed items in eDiscovery](/microsoft-365/compliance/investigating-partially-indexed-items-in-ediscovery?view=o365-21vianet) | modified |
+| 9/10/2021 | [Manage sensitivity labels in Office apps](/microsoft-365/compliance/sensitivity-labels-office-apps?view=o365-21vianet) | modified |
+| 9/10/2021 | [Learn about sensitivity labels](/microsoft-365/compliance/sensitivity-labels?view=o365-21vianet) | modified |
+| 9/10/2021 | [Turn auditing on or off](/microsoft-365/compliance/turn-audit-log-search-on-or-off?view=o365-21vianet) | modified |
+| 9/10/2021 | [Exchange Online monitoring for Microsoft 365](/microsoft-365/enterprise/microsoft-365-exchange-monitoring?view=o365-21vianet) | modified |
+| 9/10/2021 | [Common mistakes to avoid when defining exclusions](/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 9/10/2021 | [Manage how and where Microsoft Defender Antivirus receives updates](/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 9/10/2021 | [Microsoft Defender for Endpoint preview features](/microsoft-365/security/defender-endpoint/preview?view=o365-21vianet) | modified |
+| 9/10/2021 | [What's new in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-atp?view=o365-21vianet) | modified |
+| 9/10/2021 | [Preview features in Microsoft 365 Defender](/microsoft-365/security/defender/preview?view=o365-21vianet) | modified |
+| 9/10/2021 | [What's new in Microsoft 365 Defender](/microsoft-365/security/defender/whats-new?view=o365-21vianet) | modified |
+| 9/10/2021 | [What's new in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/whats-new-in-defender-for-office-365?view=o365-21vianet) | modified |
+| 9/10/2021 | [Configure Teams with three tiers of file sharing security](/microsoft-365/solutions/configure-teams-three-tiers-protection?view=o365-21vianet) | modified |
+| 9/10/2021 | [Microsoft Viva # < 60 chars](/microsoft-365/viva/index?view=o365-21vianet) | modified |
+| 9/10/2021 | [Manage and monitor priority accounts](/microsoft-365/admin/setup/priority-accounts?view=o365-21vianet) | modified |
+| 9/10/2021 | [What's new in the Microsoft 365 admin center?](/microsoft-365/admin/whats-new-in-preview?view=o365-21vianet) | modified |
+| 9/10/2021 | [Turn Microsoft Bookings on or off](/microsoft-365/bookings/turn-bookings-on-or-off?view=o365-21vianet) | modified |
+| 9/10/2021 | [Add an admin](/microsoft-365/business-video/add-admin?view=o365-worldwide) | modified |
+| 9/10/2021 | [Add a domain](/microsoft-365/business-video/add-domain?view=o365-worldwide) | modified |
+| 9/10/2021 | [Add a user to Microsoft 365 for business](/microsoft-365/business-video/add-user?view=o365-worldwide) | modified |
+| 9/10/2021 | [Microsoft 365 admin center - Overview](/microsoft-365/business-video/admin-center-overview?view=o365-worldwide) | modified |
+| 9/10/2021 | [Turn on malware protection](/microsoft-365/business-video/anti-malware?view=o365-worldwide) | modified |
+| 9/10/2021 | [Buy new licenses](/microsoft-365/business-video/buy-licenses?view=o365-worldwide) | modified |
+| 9/10/2021 | [Move users to different subscriptions](/microsoft-365/business-video/change-subscription?view=o365-worldwide) | modified |
+| 9/10/2021 | [Change a user's name or email address](/microsoft-365/business-video/change-user-name-email?view=o365-worldwide) | modified |
+| 9/10/2021 | [Create a company-wide signature](/microsoft-365/business-video/company-wide-signature?view=o365-worldwide) | modified |
+| 9/10/2021 | [Get support](/microsoft-365/business-video/get-help-support?view=o365-21vianet) | modified |
+| 9/10/2021 | [Add your Google Workspace domain](/microsoft-365/business-video/moveto-microsoft-365/add-google-domain?view=o365-worldwide) | modified |
+| 9/10/2021 | [Connect your domain to Microsoft 365](/microsoft-365/business-video/moveto-microsoft-365/connect-domain-tom365?view=o365-worldwide) | modified |
+| 9/10/2021 | [Migrate business email and calendar from Google Workspace](/microsoft-365/business-video/moveto-microsoft-365/migrate-email?view=o365-worldwide) | modified |
+| 9/10/2021 | [Reset user passwords](/microsoft-365/business-video/reset-user-passwords?view=o365-worldwide) | modified |
+| 9/10/2021 | [Secure Office apps on iOS](/microsoft-365/business-video/secure-office-on-ios?view=o365-worldwide) | modified |
+| 9/10/2021 | [Manage Windows 10 Pro device policies with Microsoft 365 Business Premium](/microsoft-365/business-video/secure-win-10-pro-devices?view=o365-worldwide) | modified |
+| 9/10/2021 | [Secure your Windows 10 PCs](/microsoft-365/business-video/secure-win10-pcs?view=o365-21vianet) | modified |
+| 9/10/2021 | [Let users reset their passwords](/microsoft-365/business-video/set-up-self-serve-password-reset?view=o365-worldwide) | modified |
+| 9/10/2021 | [Set up Microsoft 365 Business Premium subscription](/microsoft-365/business-video/set-up?view=o365-21vianet) | modified |
+| 9/10/2021 | [Sign up for Microsoft 365 Business Premium subscription](/microsoft-365/business-video/sign-up?view=o365-21vianet) | modified |
+| 9/10/2021 | [Stop auto-forwarding emails](/microsoft-365/business-video/stop-email-auto-forward?view=o365-worldwide) | modified |
+| 9/10/2021 | [View, download, or print your bill](/microsoft-365/business-video/view-bill?view=o365-worldwide) | modified |
+| 9/10/2021 | [What is an admin in Microsoft 365 for business](/microsoft-365/business-video/what-is-admin?view=o365-21vianet) | modified |
+| 9/10/2021 | [Increase threat protection](/microsoft-365/campaigns/m365-campaigns-increase-protection?view=o365-21vianet) | modified |
+| 9/10/2021 | [Understand billing accounts](/microsoft-365/commerce/manage-billing-accounts?view=o365-21vianet) | modified |
+| 9/10/2021 | [Manage partner relationships](/microsoft-365/commerce/manage-partners?view=o365-21vianet) | modified |
+| 9/10/2021 | [Manage software-as-a-service apps for your organization](/microsoft-365/commerce/manage-saas-apps?view=o365-21vianet) | modified |
+| 9/10/2021 | [Important information for Office 365 E4 customers](/microsoft-365/commerce/subscriptions/important-information-e4?view=o365-21vianet) | modified |
+| 9/10/2021 | [Upgrade from an Office 365 E4 subscription](/microsoft-365/commerce/subscriptions/upgrade-office-365-e4?view=o365-21vianet) | modified |
+| 9/10/2021 | [Upgrade from Microsoft Teams Free to Microsoft 365 for business](/microsoft-365/commerce/subscriptions/upgrade-from-teams-free?view=o365-21vianet) | modified |
+| 9/10/2021 | [Verify academic eligibility for Microsoft 365 Education subscriptions](/microsoft-365/commerce/subscriptions/verify-academic-eligibility?view=o365-21vianet) | modified |
+| 9/10/2021 | [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365?view=o365-21vianet) | modified |
+| 9/10/2021 | [Add your organization brand to your encrypted messages](/microsoft-365/compliance/add-your-organization-brand-to-encrypted-messages?view=o365-21vianet) | modified |
+| 9/10/2021 | [Get Started with app governance](/microsoft-365/compliance/app-governance-get-started?view=o365-21vianet) | modified |
+| 9/10/2021 | [Assign eDiscovery permissions in the Microsoft 365 compliance center](/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-21vianet) | modified |
+| 9/10/2021 | [Bulk import external contacts to Exchange Online](/microsoft-365/compliance/bulk-import-external-contacts?view=o365-21vianet) | modified |
+| 9/10/2021 | [Learn about trainable classifiers](/microsoft-365/compliance/classifier-learn-about?view=o365-21vianet) | modified |
+| 9/10/2021 | [Case study - Contoso quickly configures an offensive language policy for Microsoft Teams, Exchange, and Yammer communications](/microsoft-365/compliance/communication-compliance-case-study?view=o365-21vianet) | modified |
+| 9/10/2021 | [Working with assessment templates in Microsoft Compliance Manager](/microsoft-365/compliance/compliance-manager-templates?view=o365-21vianet) | modified |
+| 9/10/2021 | [Feature reference for Content search](/microsoft-365/compliance/content-search-reference?view=o365-21vianet) | modified |
+| 9/10/2021 | [Create a Litigation hold](/microsoft-365/compliance/create-a-litigation-hold?view=o365-21vianet) | modified |
+| 9/10/2021 | [Create and manage inactive mailboxes](/microsoft-365/compliance/create-and-manage-inactive-mailboxes?view=o365-21vianet) | modified |
+| 9/10/2021 | [Create eDiscovery holds in a Core eDiscovery case](/microsoft-365/compliance/create-ediscovery-holds?view=o365-21vianet) | modified |
+| 9/10/2021 | [Customer Lockbox Requests](/microsoft-365/compliance/customer-lockbox-requests?view=o365-21vianet) | modified |
+| 9/10/2021 | [Define mail flow rules to encrypt email messages](/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email?view=o365-21vianet) | modified |
+| 9/10/2021 | [Disposition of content](/microsoft-365/compliance/disposition?view=o365-21vianet) | modified |
+| 9/10/2021 | [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using?view=o365-21vianet) | modified |
+| 9/10/2021 | [Overview of importing your organization's PST files](/microsoft-365/compliance/importing-pst-files-to-office-365?view=o365-21vianet) | modified |
+| 9/10/2021 | [Legacy information for Office 365 Message Encryption](/microsoft-365/compliance/legacy-information-for-message-encryption?view=o365-21vianet) | modified |
+| 9/10/2021 | [Manage holds in Advanced eDiscovery](/microsoft-365/compliance/managing-holds?view=o365-21vianet) | modified |
+| 9/10/2021 | [Get started with privileged access management](/microsoft-365/compliance/privileged-access-management-configuration?view=o365-21vianet) | modified |
+| 9/10/2021 | [Create a DLP policy to protect documents with FCI or other properties](/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties?view=o365-21vianet) | modified |
+| 9/10/2021 | [Search the audit log in the Microsoft 365 compliance center](/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-21vianet) | modified |
+| 9/10/2021 | [Use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites](/microsoft-365/compliance/sensitivity-labels-teams-groups-sites?view=o365-21vianet) | modified |
+| 9/10/2021 | [Set up Advanced Audit in Microsoft 365](/microsoft-365/compliance/set-up-advanced-audit?view=o365-21vianet) | modified |
+| 9/10/2021 | [Set up new Message Encryption capabilities](/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-21vianet) | modified |
+| 9/10/2021 | [Use your free Azure Active Directory subscription](/microsoft-365/compliance/use-your-free-azure-ad-subscription-in-office-365?view=o365-21vianet) | modified |
+| 9/10/2021 | [Image tagging in SharePoint Syntex](/microsoft-365/contentunderstanding/image-tagging) | modified |
+| 9/10/2021 | [Set up SharePoint Syntex](/microsoft-365/contentunderstanding/set-up-content-understanding) | modified |
+| 9/10/2021 | [Run a trial of Microsoft SharePoint Syntex](/microsoft-365/contentunderstanding/trial-syntex) | modified |
+| 9/10/2021 | [Add a domain to a client tenancy with Windows PowerShell for DAP partners](/microsoft-365/enterprise/add-a-domain-to-a-client-tenancy-with-windows-powershell-for-delegated-access-pe?view=o365-21vianet) | modified |
+| 9/10/2021 | [Add several users at the same time to Microsoft 365 - Admin Help](/microsoft-365/enterprise/add-several-users-at-the-same-time?view=o365-21vianet) | modified |
+| 9/10/2021 | [Configure Microsoft 365 user account properties with PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 9/10/2021 | [Cross-tenant mailbox migration](/microsoft-365/enterprise/cross-tenant-mailbox-migration?view=o365-21vianet) | modified |
+| 9/10/2021 | [Data classification for your Microsoft 365 for enterprise test environment](/microsoft-365/enterprise/data-classification-microsoft-365-enterprise-dev-test-environment?view=o365-21vianet) | modified |
+| 9/10/2021 | [Deploy Microsoft 365 Directory Synchronization in Microsoft Azure](/microsoft-365/enterprise/deploy-microsoft-365-directory-synchronization-dirsync-in-microsoft-azure?view=o365-21vianet) | modified |
+| 9/10/2021 | [Fixing problems with directory synchronization for Microsoft 365](/microsoft-365/enterprise/fix-problems-with-directory-synchronization?view=o365-21vianet) | modified |
+| 9/10/2021 | [View directory synchronization errors in Microsoft 365](/microsoft-365/enterprise/identify-directory-synchronization-errors?view=o365-21vianet) | modified |
+| 9/10/2021 | [Increased Microsoft 365 security for your Microsoft 365 for enterprise test environment](/microsoft-365/enterprise/increased-o365-security-microsoft-365-enterprise-dev-test-environment?view=o365-21vianet) | modified |
+| 9/10/2021 | [Lightweight base configuration](/microsoft-365/enterprise/lightweight-base-configuration-microsoft-365-enterprise?view=o365-21vianet) | modified |
+| 9/10/2021 | [Device compliance policies for your Microsoft 365 for enterprise test environment](/microsoft-365/enterprise/mam-policies-for-your-microsoft-365-enterprise-dev-test-environment?view=o365-21vianet) | modified |
+| 9/10/2021 | [Manage Microsoft 365 user accounts](/microsoft-365/enterprise/manage-microsoft-365-accounts?view=o365-21vianet) | modified |
+| 9/10/2021 | [Manage Microsoft 365 Groups with PowerShell](/microsoft-365/enterprise/manage-microsoft-365-groups-with-powershell?view=o365-21vianet) | modified |
+| 9/10/2021 | [Mailbox utilization service alerts](/microsoft-365/enterprise/microsoft-365-mailbox-utilization-service-alerts?view=o365-21vianet) | modified |
+| 9/10/2021 | [Microsoft 365 service health status](/microsoft-365/enterprise/microsoft-365-service-health?view=o365-21vianet) | modified |
+| 9/10/2021 | [How to opt-in for migration from Microsoft Cloud Germany (Microsoft Cloud Deutschland) to Office 365 services in the new German datacenter regions](/microsoft-365/enterprise/ms-cloud-germany-migration-opt-in?view=o365-21vianet) | modified |
+| 9/10/2021 | [Migration from Microsoft Cloud Deutschland to Office 365 services in the new German datacenter regions](/microsoft-365/enterprise/ms-cloud-germany-transition?view=o365-21vianet) | modified |
+| 9/10/2021 | [Microsoft 365 for enterprise test environment multi-factor authentication](/microsoft-365/enterprise/multi-factor-authentication-microsoft-365-test-environment?view=o365-21vianet) | modified |
+| 9/10/2021 | [Microsoft 365 data locations](/microsoft-365/enterprise/o365-data-locations?view=o365-21vianet) | modified |
+| 9/10/2021 | [Microsoft 365 Network Connectivity Location Services](/microsoft-365/enterprise/office-365-network-mac-location-services?view=o365-21vianet) | modified |
+| 9/10/2021 | [Incident response with Microsoft 365 Defender](/microsoft-365/security/defender/incidents-overview?view=o365-21vianet) | modified |
+| 9/10/2021 | [Threat analytics in Microsoft 365 Defender](/microsoft-365/security/defender/threat-analytics?view=o365-21vianet) | modified |
+| 9/10/2021 | [Collaborate with guests in a team](/microsoft-365/solutions/collaborate-as-team?view=o365-21vianet) | modified |
+| 9/10/2021 | [Microsoft 365 guest sharing settings reference](/microsoft-365/solutions/microsoft-365-guest-settings?view=o365-21vianet) | modified |
+| 9/10/2021 | [Limit sharing in Microsoft 365](/microsoft-365/solutions/microsoft-365-limit-sharing?view=o365-21vianet) | modified |
++
+## Week of August 23, 2021
++
+| Published On |Topic title | Change |
+|||--|
+| 8/26/2021 | [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles?view=o365-21vianet) | modified |
+| 8/26/2021 | [About admin roles](/microsoft-365/admin/add-users/admin-roles-page?view=o365-21vianet) | modified |
+| 8/26/2021 | [Assign admin roles the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles?view=o365-21vianet) | modified |
+| 8/26/2021 | [Pin apps to your users' app launcher](/microsoft-365/admin/manage/pin-apps-to-app-launcher?view=o365-21vianet) | modified |
+| 8/26/2021 | [Get started with Windows 365 Business and Cloud PCs](/microsoft-365/admin/setup/get-started-windows-365-business?view=o365-worldwide) | modified |
+| 8/26/2021 | [Enable domain-joined Windows 10 devices to be managed by Microsoft 365 for business](/microsoft-365/admin/setup/manage-windows-devices?view=o365-21vianet) | modified |
+| 8/26/2021 | [Secure Windows 10 computers](/microsoft-365/admin/setup/secure-win-10-pcs?view=o365-21vianet) | modified |
+| 8/26/2021 | [Troubleshoot Windows 365 Business Cloud PC setup issues](/microsoft-365/admin/setup/troubleshoot-windows-365-business?view=o365-worldwide) | modified |
+| 8/26/2021 | [Microsoft 365 usage analytics data model](/microsoft-365/admin/usage-analytics/usage-analytics-data-model?view=o365-21vianet) | modified |
+| 8/26/2021 | [Understand the proposal workflow](/microsoft-365/commerce/understand-proposal-workflow?view=o365-21vianet) | modified |
+| 8/26/2021 | [Get started with visibility and insights](/microsoft-365/compliance/app-governance-visibility-insights-get-started?view=o365-21vianet) | modified |
+| 8/26/2021 | [Get started with Microsoft Compliance Manager](/microsoft-365/compliance/compliance-manager-setup?view=o365-21vianet) | modified |
+| 8/26/2021 | [Create custom sensitive information types with Exact Data Match](/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification?view=o365-21vianet) | modified |
+| 8/26/2021 | [Data Loss Prevention Reference](/microsoft-365/compliance/data-loss-prevention-policies?view=o365-21vianet) | modified |
+| 8/26/2021 | [Collect eDiscovery diagnostic information](/microsoft-365/compliance/ediscovery-diagnostic-info?view=o365-21vianet) | modified |
+| 8/26/2021 | [Insider risk management settings](/microsoft-365/compliance/insider-risk-management-settings?view=o365-21vianet) | modified |
+| 8/26/2021 | [Use a script to add users to a hold in a Core eDiscovery case](/microsoft-365/compliance/use-a-script-to-add-users-to-a-hold-in-ediscovery?view=o365-21vianet) | modified |
+| 8/26/2021 | [Send email notifications and show policy tips for DLP policies](/microsoft-365/compliance/use-notifications-and-policy-tips?view=o365-21vianet) | modified |
+| 8/26/2021 | [Assign roles to Microsoft 365 user accounts with PowerShell](/microsoft-365/enterprise/assign-roles-to-user-accounts-with-microsoft-365-powershell?view=o365-21vianet) | modified |
+| 8/26/2021 | [Content delivery networks](/microsoft-365/enterprise/content-delivery-networks?view=o365-21vianet) | modified |
+| 8/26/2021 | [Exchange Online monitoring for Microsoft 365](/microsoft-365/enterprise/microsoft-365-exchange-monitoring?view=o365-21vianet) | modified |
+| 8/26/2021 | [Access the Admin portal](/microsoft-365/managed-desktop/get-started/access-admin-portal?view=o365-21vianet) | modified |
+| 8/26/2021 | [Deploy Microsoft Defender for Endpoint on Android with Microsoft Intune](/microsoft-365/security/defender-endpoint/android-intune?view=o365-21vianet) | modified |
+| 8/26/2021 | [Troubleshoot issues on Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-support-signin?view=o365-21vianet) | modified |
+| 8/26/2021 | [Contact Microsoft Defender for Endpoint support](/microsoft-365/security/defender-endpoint/contact-support?view=o365-21vianet) | modified |
+| 8/26/2021 | [Endpoint detection and response in block mode](/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-21vianet) | modified |
+| 8/26/2021 | [Enable attack surface reduction rules](/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-21vianet) | modified |
+| 8/26/2021 | [Turn on cloud-delivered protection in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/enable-cloud-protection-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 8/26/2021 | [Enable controlled folder access](/microsoft-365/security/defender-endpoint/enable-controlled-folders?view=o365-21vianet) | modified |
+| 8/26/2021 | [Turn on exploit protection to help mitigate against attacks](/microsoft-365/security/defender-endpoint/enable-exploit-protection?view=o365-21vianet) | modified |
+| 8/26/2021 | [Turn on network protection](/microsoft-365/security/defender-endpoint/enable-network-protection?view=o365-21vianet) | modified |
+| 8/26/2021 | [Enable SIEM integration in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-siem-integration?view=o365-21vianet) | modified |
+| 8/26/2021 | [Pilot Defender for Endpoint evaluation](/microsoft-365/security/defender-endpoint/evaluate-defender-endpoint-enable?view=o365-21vianet) | modified |
+| 8/26/2021 | [Experience Microsoft Defender for Endpoint (MDE) through simulated attacks](/microsoft-365/security/defender-endpoint/evaluate-defender-endpoint-pilot?view=o365-21vianet) | modified |
+| 8/26/2021 | [See how Exploit protection works in a demo](/microsoft-365/security/defender-endpoint/evaluate-exploit-protection?view=o365-21vianet) | modified |
+| 8/26/2021 | [Evaluate Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/evaluate-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 8/26/2021 | [Microsoft Defender for Endpoint evaluation lab](/microsoft-365/security/defender-endpoint/evaluation-lab?view=o365-21vianet) | modified |
+| 8/26/2021 | [Review events and errors using Event Viewer](/microsoft-365/security/defender-endpoint/event-error-codes?view=o365-21vianet) | modified |
+| 8/26/2021 | [View attack surface reduction events](/microsoft-365/security/defender-endpoint/event-views?view=o365-21vianet) | modified |
+| 8/26/2021 | [Use Microsoft Defender for Endpoint APIs](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-nativeapp?view=o365-21vianet) | modified |
+| 8/26/2021 | [Create an Application to access Microsoft Defender for Endpoint without a user](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-partners?view=o365-21vianet) | modified |
+| 8/26/2021 | [Create an app to access Microsoft Defender for Endpoint without a user](/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-21vianet) | modified |
+| 8/26/2021 | [Fetch alerts from MSSP customer tenant](/microsoft-365/security/defender-endpoint/fetch-alerts-mssp?view=o365-21vianet) | modified |
+| 8/26/2021 | [Export assessment methods and properties per device](/microsoft-365/security/defender-endpoint/get-assessment-methods-properties?view=o365-21vianet) | modified |
+| 8/26/2021 | [Export secure configuration assessment per device](/microsoft-365/security/defender-endpoint/get-assessment-secure-config?view=o365-21vianet) | modified |
+| 8/26/2021 | [Export software vulnerabilities assessment per device](/microsoft-365/security/defender-endpoint/get-assessment-software-vulnerabilities?view=o365-21vianet) | modified |
+| 8/26/2021 | [Get domain-related alerts API](/microsoft-365/security/defender-endpoint/get-domain-related-alerts?view=o365-21vianet) | modified |
+| 8/26/2021 | [Get exposure score](/microsoft-365/security/defender-endpoint/get-exposure-score?view=o365-21vianet) | modified |
+| 8/26/2021 | [Get IP related alerts API](/microsoft-365/security/defender-endpoint/get-ip-related-alerts?view=o365-21vianet) | modified |
+| 8/26/2021 | [Get live response results](/microsoft-365/security/defender-endpoint/get-live-response-result?view=o365-21vianet) | modified |
+| 8/26/2021 | [List machineActions API](/microsoft-365/security/defender-endpoint/get-machineactions-collection?view=o365-21vianet) | modified |
+| 8/26/2021 | [Get RBAC machine groups collection API](/microsoft-365/security/defender-endpoint/get-machinegroups-collection?view=o365-21vianet) | modified |
+| 8/26/2021 | [Get missing KBs by software ID](/microsoft-365/security/defender-endpoint/get-missing-kbs-software?view=o365-21vianet) | modified |
+| 8/26/2021 | [List all remediation activities](/microsoft-365/security/defender-endpoint/get-remediation-all-activities?view=o365-21vianet) | modified |
+| 8/26/2021 | [Use sensitivity labels to prioritize incident response](/microsoft-365/security/defender-endpoint/information-protection-investigation?view=o365-21vianet) | modified |
+| 8/26/2021 | [Investigate devices in the Defender for Endpoint Devices list](/microsoft-365/security/defender-endpoint/investigate-machines?view=o365-21vianet) | modified |
+| 8/26/2021 | [Set up the Microsoft Defender for Endpoint on macOS policies in Jamf Pro](/microsoft-365/security/defender-endpoint/mac-jamfpro-policies?view=o365-21vianet) | modified |
+| 8/26/2021 | [Troubleshoot license issues for Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/mac-support-license?view=o365-21vianet) | modified |
+| 8/26/2021 | [New configuration profiles for macOS Catalina and newer versions of macOS](/microsoft-365/security/defender-endpoint/mac-sysext-policies?view=o365-21vianet) | modified |
+| 8/26/2021 | [Device health and compliance report in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/machine-reports?view=o365-21vianet) | modified |
+| 8/26/2021 | [Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-21vianet) | modified |
+| 8/26/2021 | [Microsoft Threat Experts](/microsoft-365/security/defender-endpoint/microsoft-threat-experts?view=o365-21vianet) | modified |
+| 8/26/2021 | [Onboarding using Microsoft Endpoint Configuration Manager](/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager?view=o365-21vianet) | modified |
+| 8/26/2021 | [Prepare Microsoft Defender for Endpoint deployment](/microsoft-365/security/defender-endpoint/prepare-deployment?view=o365-21vianet) | modified |
+| 8/26/2021 | [Run and customize on-demand scans in Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/run-scan-microsoft-defender-antivirus?view=o365-21vianet) | modified |
+| 8/26/2021 | [Switch to Microsoft Defender for Endpoint - Setup](/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup?view=o365-21vianet) | modified |
+| 8/26/2021 | [Event timeline in threat and vulnerability management](/microsoft-365/security/defender-endpoint/threat-and-vuln-mgt-event-timeline?view=o365-21vianet) | modified |
+| 8/26/2021 | [Indicator resource type](/microsoft-365/security/defender-endpoint/ti-indicator?view=o365-21vianet) | modified |
+| 8/26/2021 | [Create and manage custom detection rules in Microsoft 365 Defender](/microsoft-365/security/defender/custom-detection-rules?view=o365-21vianet) | modified |
+| 8/26/2021 | [Go to the Action center to view and approve your automated investigation and remediation tasks](/microsoft-365/security/defender/m365d-action-center?view=o365-21vianet) | modified |
+| 8/26/2021 | [Manage access to Microsoft 365 Defender data in the Microsoft 365 Defender portal](/microsoft-365/security/defender/m365d-permissions?view=o365-21vianet) | modified |
+| 8/26/2021 | [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender?view=o365-21vianet) | modified |
+| 8/26/2021 | [Microsoft 365 Defender prerequisites](/microsoft-365/security/defender/prerequisites?view=o365-21vianet) | modified |
+| 8/26/2021 | [Mail flow insights in the Mail flow dashboard](/microsoft-365/security/office-365-security/mail-flow-insights-v2?view=o365-21vianet) | modified |
+| 8/26/2021 | [Automated investigation and response in Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/office-365-air?view=o365-21vianet) | modified |
+| 8/26/2021 | [Threat investigation & response capabilities - Microsoft Defender for Office 365 Plan 2](/microsoft-365/security/office-365-security/office-365-ti?view=o365-21vianet) | modified |
+| 8/26/2021 | [Permissions - Security & Compliance Center](/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-21vianet) | modified |
+| 8/26/2021 | [Protect against threats in Microsoft Defender for Office 365, Anti-malware, Anti-Phishing, Anti-spam, Safe links, Safe attachments, Zero-hour auto purge (ZAP), MDO security configuration](/microsoft-365/security/office-365-security/protect-against-threats?view=o365-21vianet) | modified |
+| 8/26/2021 | [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](/microsoft-365/security/office-365-security/turn-on-mdo-for-spo-odb-and-teams?view=o365-21vianet) | modified |
+| 8/26/2021 | [Use Privileged Identity Management (PIM) in Defender for Office 365.](/microsoft-365/security/office-365-security/use-privileged-identity-management-in-defender-for-office-365?view=o365-21vianet) | modified |
+| 8/26/2021 | [View Defender for Office 365 reports](/microsoft-365/security/office-365-security/view-reports-for-mdo?view=o365-21vianet) | modified |
+| 8/26/2021 | [Create your collaboration governance plan](/microsoft-365/solutions/collaboration-governance-first?view=o365-21vianet) | modified |
+| 8/26/2021 | [Microsoft 365 enterprise resource planning - Security architecture](/microsoft-365/solutions/identity-design-principles?view=o365-21vianet) | modified |
+| 8/26/2021 | [Advanced eDiscovery limits](/microsoft-365/compliance/limits-ediscovery20?view=o365-21vianet) | modified |
+| 8/26/2021 | [Microsoft Defender for Endpoint on Mac](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac?view=o365-21vianet) | modified |
security Android Support Signin https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/android-support-signin.md
Return to the Microsoft Defender Endpoint onboarding screen, select **Allow**, a
If a user faces an issue which is not already addressed in the above sections or is unable to resolve using the listed steps, the user can provide **in-app feedback** along with **diagnostic data**. Our team can then investigate the logs to provide the right solution. Users can follow these steps to do the same: 1. Open the **MDE application** on your device and click on the **profile icon** in the top-left corner.
- ![Click on profile icon.](images/selectprofileicon1.jpeg)
+ ![Click on profile icon.](images/select-profile-icon-1.jpg)
2. Select ΓÇ£Help & feedbackΓÇ¥.
If a user faces an issue which is not already addressed in the above sections or
3. Select ΓÇ£Send feedback to MicrosoftΓÇ¥.
- ![Select send feedback to Microsoft](images/sendfeedbacktomicrosoft3.jpeg)
+ ![Select send feedback to Microsoft](images/send-feedback-to-microsoft-3.jpg)
4. Choose from the given options. To report an issue, select ΓÇ£I want to report an issueΓÇ¥.
- ![Report an issue](images/reportissue4.jpeg)
+ ![Report an issue](images/report-issue-4.jpg)
5. Provide details of the issue that you are facing and check ΓÇ£Send diagnostic dataΓÇ¥. We recommend checking ΓÇ£Include your email addressΓÇ¥ so that the team can reach back to you with a solution or a follow-up.
security Attack Surface Reduction Rules https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules.md
The following table lists attack surface reduction rules in alphabetical order.
|Rule name|Windows&nbsp;10|Windows&nbsp;Server 2019|Windows&nbsp;Server|Windows&nbsp;Server 2016|Windows&nbsp;Server 2012 R2| ||::|::|::|::|::|
-|[Block abuse of exploited vulnerable signed drivers](#block-abuse-of-exploited-vulnerable-signed-drivers) | ![supported.](images/checkmark.png) <br><br> | ![supported.](images/checkmark.png) <br><br> | ![supported.](images/checkmark.png) <br><br> version 1803 (Semi-Annual Channel) or later | | |
-|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | ![supported.](images/checkmark.png) <br><br> version 1809 or later | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) <br><br> | | |
-|[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) | ![supported](images/checkmark.png) <br><br> | | |
-|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | ![supported.](images/checkmark.png) <br><br> version 1803 or later | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | ![supported.](images/checkmark.png) <br><br> version 1803 or later | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) <br><br> \* _File and folder exclusions not supported._ | ![supported.](images/checkmark.png) <br><br> version 1903 (build 18362) or later| ![supported](images/checkmark.png) | ![supported](images/checkmark.png) <br><br> version 1903 (build 18362) or later | | |
-|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | ![supported.](images/checkmark.png) <br><br> version 1803 or later | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
-|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | ![supported.](images/checkmark.png) <br><br> version 1803 or later | ![supported](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> | | |
+|[Block abuse of exploited vulnerable signed drivers](#block-abuse-of-exploited-vulnerable-signed-drivers) | Y | Y | Y version 1803 (Semi-Annual Channel) or later | | |
+|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | Y version 1809 or later | Y | Y <br><br> | | |
+|[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | Y | Y | Y <br><br> | | |
+|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | Y version 1803 or later | Y <br><br> | Y <br><br> | | |
+|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | Y | Y <br><br> | Y <br><br> | | |
+|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | Y version 1803 or later | Y <br><br> | Y <br><br> | | |
+|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | Y | Y <br><br> | Y <br><br> | | |
+|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | Y | Y <br><br> | Y <br><br> | | |
+|[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | Y | Y <br><br> | Y <br><br> | | |
+|[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | Y | Y <br><br> | Y <br><br> | | |
+|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | Y | Y <br><br> | Y <br><br> | | |
+|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) <br><br> \* _File and folder exclusions not supported._ | Y version 1903 (build 18362) or later| Y | Y <br><br> version 1903 (build 18362) or later | | |
+|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | Y version 1803 or later | Y <br><br> | Y <br><br> | | |
+|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | Y | Y <br><br> | Y <br><br> | | |
+|[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | Y | Y <br><br> | Y <br><br> | | |
+|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y version 1803 or later | Y <br><br> | Y <br><br> | | |
| **Rule name** | **Windows&nbsp;10** | **Windows&nbsp;Server 2019** | **Windows&nbsp;Server** | **Windows&nbsp;Server 2016** | **Windows&nbsp;Server 2012 R2** | ## Supported configuration management systems Links to information about configuration management system versions referenced in this table are listed below this table.
-|Rule name|Intune|Microsoft Endpoint Manager|Microsoft Endpoint Configuration Manager|Group Policy|PowerShell|
+|Rule name | Intune | Microsoft Endpoint Manager |Microsoft Endpoint Configuration Manager |Group Policy<sup>[[1](#fn1)]<sup></sup> | PowerShell<sup>[[1](#fn1)]<sup></sup> |
||::|::|::|::|::|
-|[Block abuse of exploited vulnerable signed drivers](#block-abuse-of-exploited-vulnerable-signed-drivers) | ![supported.](images/checkmark.png) <br><br> | ![supported](images/checkmark.png) <br><br> MEM OMA-URI | | | ![supported](images/checkmark.png) <br><br> |
-|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) | | |
-|[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1710 | | |
-|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1802 | | |
-|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1710 | ![supported](images/checkmark.png) | |
-|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1802 | | |
-|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1710 | | |
-|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1710 | | |
-|[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | ![supported.](images/checkmark.png) <br><br> | | ![supported](images/checkmark.png) <br><br> CB 1710 <br><br> | | |
-|[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1710 | | |
-|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1710 | | |
-|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | | | | | |
-|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | ![supported](images/checkmark.png) | | | | |
-|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1802 <br><br> | | |
-|[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1710 <br><br> | | |
-|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | ![supported.](images/checkmark.png) | | ![supported](images/checkmark.png) <br><br> CB 1802 | | |
+|[Block abuse of exploited vulnerable signed drivers](#block-abuse-of-exploited-vulnerable-signed-drivers) | Y | Y <br><br> MEM OMA-URI | | Y | Y |
+|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | Y | | Y | Y | Y |
+|[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | Y | | Y <br><br> CB 1710 | Y | Y |
+|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | Y | | Y <br><br> CB 1802 | Y | Y |
+|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | Y | | Y <br><br> CB 1710 | Y | Y |
+|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | Y | | Y <br><br> CB 1802 | Y | Y |
+|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | Y | | Y <br><br> CB 1710 | Y | Y |
+|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | Y | | Y <br><br> CB 1710 | Y | Y |
+|[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | Y | | Y <br><br> CB 1710 <br><br> | Y | Y |
+|[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | Y | | Y <br><br> CB 1710 | Y | Y |
+|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | Y | | Y <br><br> CB 1710 | Y | Y |
+|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | | | | Y | Y |
+|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | Y | | | Y | Y |
+|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | Y | | Y <br><br> CB 1802 <br><br> | Y | Y |
+|[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | Y | | Y <br><br> CB 1710 <br><br> | Y | Y |
+|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | Y | | Y <br><br> CB 1802 | Y | Y |
| **Rule name** | **Intune** | **Microsoft Endpoint Manager** | **Microsoft Endpoint Configuration Manager** | **Group Policy** | **PowerShell** |
+(<a id="fn1">1</a>) You can configure attack surface reduction rules on a per-rule basis by using any rule's GUID.
+ - [Configuration Manager CB 1710](/configmgr/core/servers/manage/updates) - [Configuration Manager CB 1802](/configmgr/core/servers/manage/updates) - [Microsoft Endpoint Manager CB 1710](/configmgr/core/servers/manage/updates)
Intune Name: `Block abuse of exploited vulnerable signed drivers`
GUID: `56a863a9-875e-4185-98a7-b882c64b5ce5`
-AH action type:
+<!-- Hide this intro with no subsequent list items
+Advanced hunting action type:
+-->
### Block Adobe Reader from creating child processes
Configuration Manager name: Not yet available
GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c`
-AH action type:
+Advanced hunting action type:
- AsrAdobeReaderChildProcessAudited - AsrAdobeReaderChildProcessBlocked
Configuration Manager name: `Block Office application from creating child proces
GUID: `d4f940ab-401b-4efc-aadc-ad5f3c50688a`
-AH action type:
+Advanced hunting action type:
- AsrOfficeChildProcessAudited - AsrOfficeChildProcessBlocked
This rule helps prevent credential stealing by locking down Local Security Autho
LSASS authenticates users who sign in on a Windows computer. Microsoft Defender Credential Guard in Windows 10 normally prevents attempts to extract credentials from LSASS. However, some organizations can't enable Credential Guard on all of their computers because of compatibility issues with custom smartcard drivers or other programs that load into the Local Security Authority (LSA). In these cases, attackers can use hack tools like Mimikatz to scrape cleartext passwords and NTLM hashes from LSASS. > [!NOTE]
-> In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that simply enumerates LSASS, but has no real impact in functionality, there is NO need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat.
+> In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that simply enumerates LSASS, but has no real impact in functionality, there is no need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat.
Intune name: `Flag credential stealing from the Windows local security authority subsystem`
Configuration Manager name: `Block credential stealing from the Windows local se
GUID: `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2`
-AH action type:
+Advanced hunting action type:
- AsrLsassCredentialTheftAudited - AsrLsassCredentialTheftBlocked
Microsoft Endpoint Manager name: `Block executable content from email client and
GUID: `be9ba2d9-53ea-4cdc-84e5-9b1eeee46550`
-AH action type:
+Advanced hunting action type:
- AsrExecutableEmailContentAudited - AsrExecutableEmailContentBlocked
Configuration Manager name: `Block executable files from running unless they mee
GUID: `01443614-cd74-433a-b99e-2ecdc07bfc25`
-AH action type:
+Advanced hunting action type:
- AsrUntrustedExecutableAudited - AsrUntrustedExecutableBlocked
Configuration Manager name: `Block execution of potentially obfuscated scripts`
GUID: `5beb7efe-fd9a-4556-801d-275e5ffc04cc`
-AH action type:
+Advanced hunting action type:
- AsrObfuscatedScriptAudited - AsrObfuscatedScriptBlocked
Configuration Manager name: `Block JavaScript or VBScript from launching downloa
GUID: `d3e037e1-3eb8-44c8-a917-57927947596d`
-AH action type:
+Advanced hunting action type:
- AsrScriptExecutableDownloadAudited - AsrScriptExecutableDownloadBlocked
SCCM name: `Block Office applications from creating executable content`
GUID: `3b576869-a4ec-4529-8536-b80a7769e899`
-AH action type:
+Advanced hunting action type:
- AsrExecutableOfficeContentAudited - AsrExecutableOfficeContentBlocked
Configuration Manager name: `Block Office applications from injecting code into
GUID: `75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84`
-AH action type:
+Advanced hunting action type:
- AsrOfficeProcessInjectionAudited - AsrOfficeProcessInjectionBlocked
Configuration Manager name: Not available
GUID: `26190899-1602-49e8-8b27-eb1d0a1ce869`
-AH action type:
+Advanced hunting action type:
- AsrOfficeCommAppChildProcessAudited - AsrOfficeCommAppChildProcessBlocked
Configuration Manager name: Not available
GUID: `e6db77e5-3df2-4cf1-b95a-636979351e5b`
-AH action type:
+Advanced hunting action type:
- AsrPersistenceThroughWmiAudited - AsrPersistenceThroughWmiBlocked
Configuration Manager name: Not applicable
GUID: `d1e49aac-8f56-4280-b9ba-993a6d77406c`
-AH action type:
+Advanced hunting action type:
- AsrPsexecWmiChildProcessAudited - AsrPsexecWmiChildProcessBlocked
Configuration Manager name: `Block untrusted and unsigned processes that run fro
GUID: `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4`
-AH action type:
+Advanced hunting action type:
- AsrUntrustedUsbProcessAudited - AsrUntrustedUsbProcessBlocked
Configuration Manager name: `Block Win32 API calls from Office macros`
GUID: `92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b`
-AH action type:
+Advanced hunting action type:
- AsrOfficeMacroWin32ApiCallsAudited - AsrOfficeMacroWin32ApiCallsBlocked
Configuration Manager name: `Use advanced protection against ransomware`
GUID: `c1db55ab-c21a-4637-bb3f-a12568109d35`
-AH action type:
+Advanced hunting action type:
- AsrRansomwareAudited - AsrRansomwareBlocked
security Defender Endpoint Plan 1 2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1-2.md
audience: ITPro Previously updated : 08/30/2021 Last updated : 09/13/2021 ms.prod: m365-security
+ms.technology: mdep1
localization_priority: Normal f1.keywords: NOCSH
security Defender Endpoint Plan 1 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1.md
audience: ITPro Previously updated : 08/30/2021 Last updated : 09/13/2021 ms.prod: m365-security
+ms.technology: mdep1
localization_priority: Normal f1.keywords: NOCSH
security Machine https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine.md
|firstSeen|DateTimeOffset|First date and time where the [machine](machine.md) was observed by Microsoft Defender for Endpoint.| |lastSeen|DateTimeOffset|Time and date of the last received full device report. A device typically sends a full report every 24 hours.| |osPlatform|String|Operating system platform.|
+|onboardingstatus|String|Status of machine onboarding. Possible values are: "onboarded" and "offboarded".|
|osProcessor|String|Operating system processor. Use osArchitecture property instead.| |version|String|Operating system Version.| |osBuild|Nullable long|Operating system build number.|
security Mde P1 Maintenance Operations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-p1-maintenance-operations.md
audience: ITPro Previously updated : 08/30/2021 Last updated : 09/13/2021 ms.prod: m365-security
+ms.technology: mdep1
localization_priority: Normal f1.keywords: NOCSH
security Mde P1 Setup Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-p1-setup-configuration.md
audience: ITPro Previously updated : 08/30/2021 Last updated : 09/13/2021 ms.prod: m365-security
+ms.technology: mdep1
localization_priority: Normal f1.keywords: NOCSH
security Mde Plan1 Getting Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-plan1-getting-started.md
audience: ITPro Previously updated : 08/30/2021 Last updated : 09/13/2021 ms.prod: m365-security
+ms.technology: mdep1
localization_priority: Normal f1.keywords: NOCSH
security Non Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/non-windows.md
Linux
>The following capabilities are not currently supported on Linux endpoints: >- Data loss prevention >- Live response
->- SIEM
- ## Microsoft Defender for Endpoint on Android
security Run Analyzer Macos Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux.md
ms.technology: m365d
1. Download the [XMDE Client Analyzer](https://aka.ms/XMDEClientAnalyzer) tool to the macOS or Linux machine you need to investigate. > [!NOTE]
- > The current SHA256 hash of 'XMDEClientAnalyzer.zip' that is downloaded from the above link is: '029296D437BA97B5563D0C75DD874F8F51C563B2B5AC16745619F4DB2E064C85'.
+ > The current SHA256 hash of 'XMDEClientAnalyzer.zip' that is downloaded from the above link is: '973725417D136B7B17AF4B301F1E99BA21D7F4A7DF88036DC5A731A4B768A8B2'.
2. Extract the contents of XMDEClientAnalyzer.zip on the machine.
Additional syntax help:
**-h** \# Help<br> \# Show help message
-**-p** \# Performance<br>
-\# Planned parameter that is not yet implemented.<br>
-\# Collects extensive tracing for analysis of a performance issue that can be reproduced on demand.
+**performance** \# Performance<br>
+\# Collects extensive tracing for analysis of a performance issue that can be reproduced on demand. Using `--length=<seconds>` to specify the duration of the benchmark.
**-o** \# Output<br> \# Specify the destination path for the result file
Additional syntax help:
- Auditd_info.txt Description: details on auditd service and related components for [Linux](/windows/security/threat-protection/microsoft-defender-atp/linux-support-events) OS+
+- perf_benchmark.tar.gz
+
+ Description: The performance test reports. You will see this only if you are using the performance parameter.
security Switch To Microsoft Defender Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-microsoft-defender-setup.md
- m365solution-symantecmigrate Previously updated : 08/16/2021 Last updated : 09/13/2021
On certain versions of Windows, Microsoft Defender Antivirus was likely uninstal
As you're making the switch to Defender for Endpoint, you might need to take certain steps to reinstall or enable Microsoft Defender Antivirus. The following table describes what to do on your Windows clients and servers.
-<br>
-
-****
+<br/><br/>
|Endpoint type|What to do| ||| |Windows clients (such as endpoints running Windows 10)|In general, you do not need to take any action for Windows clients (unless Microsoft Defender Antivirus has been uninstalled). Here's why: <p> Microsoft Defender Antivirus should still be installed, but is most likely disabled at this point of the migration process. <p> When a non-Microsoft antivirus/antimalware solution is installed and the clients are not yet onboarded to Defender for Endpoint, Microsoft Defender Antivirus is disabled automatically. <p> Later, when the client endpoints are onboarded to Defender for Endpoint, if those endpoints are running a non-Microsoft antivirus solution, Microsoft Defender Antivirus goes into passive mode. <p> If the non-Microsoft antivirus solution is uninstalled, Microsoft Defender Antivirus goes into active mode automatically.| |Windows servers|On Windows Server, you'll need to reinstall Microsoft Defender Antivirus, and set it to passive mode manually. Here's why: <p> On Windows servers, when a non-Microsoft antivirus/antimalware is installed, Microsoft Defender Antivirus cannot run alongside the non-Microsoft antivirus solution. In those cases, Microsoft Defender Antivirus is disabled or uninstalled manually. <p> To reinstall or enable Microsoft Defender Antivirus on Windows Server, perform the following tasks: <ul><li>[Set DisableAntiSpyware to false on Windows Server](#set-disableantispyware-to-false-on-windows-server) (only if necessary)</li><li>[Reinstall Microsoft Defender Antivirus on Windows Server](#reinstall-microsoft-defender-antivirus-on-windows-server)</li><li>[Set Microsoft Defender Antivirus to passive mode on Windows Server](#set-microsoft-defender-antivirus-to-passive-mode-on-windows-server)</li></ul>|
-|
> [!TIP] > To learn more about Microsoft Defender Antivirus states with non-Microsoft antivirus protection, see [Microsoft Defender Antivirus compatibility](microsoft-defender-antivirus-compatibility.md).
The [DisableAntiSpyware](/windows-hardware/customize/desktop/unattend/security-m
2. Run the following PowerShell cmdlets: ```powershell
- Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features
- Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender
+ # For Windows Server 2016
+ Dism /online /Enable-Feature /FeatureName:Windows-Defender-Features
+ Dism /online /Enable-Feature /FeatureName:Windows-Defender
+ Dism /online /Enable-Feature /FeatureName:Windows-Defender-Gui
+ # For Windows Server 2019
+ Dism /online /Enable-Feature /FeatureName:Windows-Defender
```-
+ Then restart the device.
+
When using the DISM command within a task sequence running PowerShell, the following path to cmd.exe is required. Example: ```powershell
- c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender-Features
- c:\windows\sysnative\cmd.exe /c Dism /online /Get-FeatureInfo /FeatureName:Windows-Defender
+ c:\windows\sysnative\cmd.exe /c Dism /online /Enable-Feature /FeatureName:Windows-Defender-Features
+ c:\windows\sysnative\cmd.exe /c Dism /online /Enable-Feature /FeatureName:Windows-Defender
``` ### Set Microsoft Defender Antivirus to passive mode on Windows Server
Currently, you cannot run Microsoft Defender Antivirus in passive mode on Window
You can use one of several methods to confirm the state of Microsoft Defender Antivirus, as described in the following table:
-<br>
-
-****
+<br><br/>
|Method|Procedure| |||
You can use one of several methods to confirm the state of Microsoft Defender An
|Task Manager|<ol><li>On a Windows device, open the Task Manager app.</li><li>Select the **Details** tab.</li><li>Look for **MsMpEng.exe** in the list.</li></ol>| |Windows PowerShell <p> (To confirm that Microsoft Defender Antivirus is running)|<ol><li>On a Windows device, open Windows PowerShell.</li><li>Run the following PowerShell cmdlet: `Get-Process`.</li><li>Review the results. You should see **MsMpEng.exe** if Microsoft Defender Antivirus is enabled.</li></ol>| |Windows PowerShell <p> (To confirm that antivirus protection is in place)|You can use the [Get-MpComputerStatus PowerShell cmdlet](/powershell/module/defender/get-mpcomputerstatus). <ol><li>On a Windows device, open Windows PowerShell.</li><li>Run following PowerShell cmdlet: `Get-MpComputerStatus|select AMRunningMode`.</li><li>Review the results. You should see either **Normal** or **Passive** if Microsoft Defender Antivirus is enabled on the endpoint.</li></ol>|
-|
> [!TIP] > [Learn more about Microsoft Defender Antivirus states](microsoft-defender-antivirus-compatibility.md#more-details-about-microsoft-defender-antivirus-states).
You can use one of several methods to confirm the state of Microsoft Defender An
This step of the migration process involves configuring Microsoft Defender Antivirus for your endpoints. We recommend using Intune; however, you can any of the methods that are listed in the following table:
-<br>
-
-****
+<br/><br/>
|Method|What to do| |||
This step of the migration process involves configuring Microsoft Defender Antiv
|Microsoft Endpoint Configuration Manager|See [Create and deploy antimalware policies for Endpoint Protection in Configuration Manager](/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies). <p> When you create and configure your antimalware policies, make sure to review the [real-time protection settings](/mem/configmgr/protect/deploy-use/endpoint-antimalware-policies#real-time-protection-settings) and [enable block at first sight](configure-block-at-first-sight-microsoft-defender-antivirus.md). |Control Panel in Windows|Follow the guidance here: [Turn on Microsoft Defender Antivirus](/mem/intune/user-help/turn-on-defender-windows). (You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.)| |[Advanced Group Policy Management](/microsoft-desktop-optimization-pack/agpm/) <p> or <p> [Group Policy Management Console](/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus)|<ol><li>Go to **Computer configuration** \> **Administrative templates** \> **Windows components** \> **Microsoft Defender Antivirus**.</li><li>Look for a policy called **Turn off Microsoft Defender Antivirus**.</li><li>Choose **Edit policy setting**, and make sure that policy is disabled. This action enables Microsoft Defender Antivirus. (You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.)</li></ol>|
-|
> [!TIP] > You can deploy the policies before your organization's devices are onboarded.
This step of the setup process involves adding Defender for Endpoint to the excl
The specific exclusions to configure will depend on which version of Windows your endpoints or devices are running, and are listed in the following table:
-<br>
-
-****
+<br><br/>
|OS|Exclusions| ||| |Windows 10, [version 1803](/windows/release-health/status-windows-10-1803) or later (See [Windows 10 release information](/windows/release-health/release-information)) <p> Windows 10, version 1703 or 1709 with [KB4493441](https://support.microsoft.com/help/4493441) installed <p> [Windows Server 2019](/windows/release-health/status-windows-10-1809-and-windows-server-2019) <p> [Windows Server, version 1803](/windows-server/get-started/whats-new-in-windows-server-1803)|`C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe` <p> `C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe` <p> `C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe` <p> `C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe`| |[Windows 8.1](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2) <p> [Windows 7](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1) <p> [Windows Server 2016](/windows/release-health/status-windows-10-1607-and-windows-server-2016) <p> [Windows Server 2012 R2](/windows/release-health/status-windows-8.1-and-windows-server-2012-r2) <p> [Windows Server 2008 R2 SP1](/windows/release-health/status-windows-7-and-windows-server-2008-r2-sp1)|`C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Monitoring Host Temporary Files 6\45\MsSenseS.exe` <p> **NOTE**: Monitoring Host Temporary Files 6\45 can be different numbered subfolders. <p> `C:\Program Files\Microsoft Monitoring Agent\Agent\AgentControlPanel.exe` <p> `C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe` <p> `C:\Program Files\Microsoft Monitoring Agent\Agent\HSLockdown.exe` <p> `C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe` <p> `C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe` <p> `C:\Program Files\Microsoft Monitoring Agent\Agent\TestCloudConnection.exe`|
-|
## Add your existing solution to the exclusion list for Microsoft Defender Antivirus During this step of the setup process, you add your existing solution to the Microsoft Defender Antivirus exclusion list. You can choose from several methods to add your exclusions to Microsoft Defender Antivirus, as listed in the following table:
-<br>
-
-****
+<br><br/>
|Method|What to do| |||
During this step of the setup process, you add your existing solution to the Mic
|[Group Policy Object](/previous-versions/windows/desktop/Policy/group-policy-objects)|<ol><li> On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and then select **Edit**.</li><li>In the **Group Policy Management Editor**, go to **Computer configuration** and select **Administrative templates**.</li><li>Expand the tree to **Windows components \> Microsoft Defender Antivirus \> Exclusions**. (You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.)</li><li>Double-click the **Path Exclusions** setting and add the exclusions.<ul><li>Set the option to **Enabled**.</li><li>Under the **Options** section, select **Show...**.</li><li>Specify each folder on its own line under the **Value name** column.</li><li>If you specify a file, make sure to enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.</li></ul></li><li>Select **OK**.</li><li>Double-click the **Extension Exclusions** setting and add the exclusions.<ul><li>Set the option to **Enabled**.</li><li>Under the **Options** section, select **Show...**.</li><li>Enter each file extension on its own line under the **Value name** column. Enter **0** in the **Value** column.</li></ul></li><li>Select **OK**.</li></ul>| |Local group policy object|<ol><li>On the endpoint or device, open the Local Group Policy Editor.</li><li>Go to **Computer Configuration** \> **Administrative Templates** \> **Windows Components** \> **Microsoft Defender Antivirus** \> **Exclusions**. (You might see *Windows Defender Antivirus* instead of *Microsoft Defender Antivirus* in some versions of Windows.)</li><li>Specify your path and process exclusions.</li></ol>| |Registry key|<ol><li>Export the following registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\exclusions`.</li><li>Import the registry key. Here are two examples:<ul><li>Local path: `regedit.exe /s c:\temp\ MDAV_Exclusion.reg`</li><li>Network share: `regedit.exe /s \\FileServer\ShareName\MDAV_Exclusion.reg`</li></ul></li></ol>|
-|
### Keep the following points about exclusions in mind
Keep the following points in mind:
Device groups, device collections, and organizational units enable your security team to manage and assign security policies efficiently and effectively. The following table describes each of these groups and how to configure them. Your organization might not use all three collection types.
-<br>
-
-****
+<br/><br/>
|Collection type|What to do| ||| |[Device groups](/microsoft-365/security/defender-endpoint/machine-groups) (formerly called *machine groups*) enable your security operations team to configure security capabilities, such as automated investigation and remediation. <p> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <p> Device groups are created in the [Microsoft 365 Defender portal](microsoft-defender-security-center.md).|<ol><li>Go to the Microsoft 365 Defender portal (<https://security.microsoft.com>).</li><li>In the navigation pane on the left, choose **Settings** \> **Endpoints** \> **Permissions** \> **Device groups**.</li><li>Choose **+ Add device group**</li><li>Specify a name and description for the device group.</li><li>In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](/microsoft-365/security/defender-endpoint/automated-investigations#how-threats-are-remediated).</li><li>Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](/microsoft-365/security/defender-endpoint/machine-tags).</li><li>On the **User access** tab, specify roles that should have access to the devices that are included in the device group.</li><li>Choose **Done**.</li></ol>| |[Device collections](/mem/configmgr/core/clients/manage/collections/introduction-to-collections) enable your security operations team to manage applications, deploy compliance settings, or install software updates on the devices in your organization. <p> Device collections are created by using [Configuration Manager](/mem/configmgr/).|Follow the steps in [Create a collection](/mem/configmgr/core/clients/manage/collections/create-collections#bkmk_create).| |[Organizational units](/azure/active-directory-domain-services/create-ou) enable you to logically group objects such as user accounts, service accounts, or computer accounts. <p> You can then assign administrators to specific organizational units, and apply group policy to enforce targeted configuration settings. <p> Organizational units are defined in [Azure Active Directory Domain Services](/azure/active-directory-domain-services).|Follow the steps in [Create an Organizational Unit in an Azure Active Directory Domain Services managed domain](/azure/active-directory-domain-services/create-ou).|
-|
## Next step
security Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-identity/notifications.md
Defender for Identity can notify you when it detects suspicious activities by se
1. Enter the following details: - **Sensor** - From the drop-down list, choose the sensor that will send the alerts.
- - **Service endpoint** and **Port** - Enter the IP address or fully qualified domain name (FQDN) for the syslog server and specify the port number.
+ - **Service endpoint** and **Port** - Enter the IP address or fully qualified domain name (FQDN) for the syslog server and specify the port number. You can configure only one Syslog endpoint.
- **Transport** - Select the **Transport** protocol (TCP or UDP). - **Format** - Select the format (RFC 3164 or RFC 5424).
security Advanced Hunting Find Ransomware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/advanced-hunting-find-ransomware.md
By default, the query result lists only devices that have more than two types of
- [Work with query results](advanced-hunting-query-results.md) - [Use shared queries](advanced-hunting-shared-queries.md) - [Understand the schema](advanced-hunting-schema-tables.md)-- [Apply query best practices](advanced-hunting-best-practices.md)
+- [Apply query best practices](advanced-hunting-best-practices.md)
+
+## Additional ransomware resources
+
+Key information from Microsoft:
+
+- [The growing threat of ransomware](https://blogs.microsoft.com/on-the-issues/2021/07/20/the-growing-threat-of-ransomware/), Microsoft On the Issues blog post on July 20, 2021
+- [Human-operated ransomware](/security/compass/human-operated-ransomware)
+- [Rapidly protect against ransomware and extortion](/security/compass/protect-against-ransomware)
+- [The latest Microsoft Security Intelligence Report](https://www.microsoft.com/securityinsights/) (see pages 22-24)
+- **Ransomware: A pervasive and ongoing threat** report in the **Threat analytics** node of the Microsoft 365 Defender portal (see these [licensing requirements](/microsoft-365/security/defender/prerequisites#licensing-requirements))
+
+Microsoft 365:
+
+- [Recover from a ransomware attack](/microsoft-365/security/office-365-security/recover-from-ransomware)
+- [Malware and ransomware protection](/compliance/assurance/assurance-malware-and-ransomware-protection)
+- [Protect your Windows 10 PC from ransomware](https://support.microsoft.com//windows/protect-your-pc-from-ransomware-08ed68a7-939f-726c-7e84-a72ba92c01c3)
+- [Handling ransomware in SharePoint Online](/sharepoint/troubleshoot/security/handling-ransomware-in-sharepoint-online)
+
+Microsoft Azure:
+
+- [Azure Defenses for Ransomware Attack](https://azure.microsoft.com/resources/azure-defenses-for-ransomware-attack/)
+- [Backup and restore plan to protect against ransomware](/security/compass/backup-plan-to-protect-against-ransomware)
+- [Help protect from ransomware with Microsoft Azure Backup](https://www.youtube.com/watch?v=VhLOr2_1MCg) (26 minute video)
+- [Recovering from systemic identity compromise](/azure/security/fundamentals/recover-from-identity-compromise)
+- [Advanced multistage attack detection in Azure Sentinel](/azure/sentinel/fusion#ransomware)
+- [Fusion Detection for Ransomware in Azure Sentinel](https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-fusion-detection-for-ransomware/ba-p/2621373)
+
+Microsoft Cloud App Security:
+
+- [Create anomaly detection policies in Cloud App Security](/cloud-app-security/anomaly-detection-policy)
+
+Microsoft Security team blog posts:
+
+- [3 steps to prevent and recover from ransomware (September 2021)](https://www.microsoft.com/security/blog/2021/09/07/3-steps-to-prevent-and-recover-from-ransomware/)
+- [Becoming resilient by understanding cybersecurity risks: Part 4ΓÇönavigating current threats (May 2021)](https://www.microsoft.com/security/blog/2021/05/26/becoming-resilient-by-understanding-cybersecurity-risks-part-4-navigating-current-threats/)
+
+ See the **Ransomware** section.
+
+- [Human-operated ransomware attacks: A preventable disaster (March 2020)](https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/)
+
+ Includes attack chain analyses of actual attacks.
+
+- [Ransomware responseΓÇöto pay or not to pay? (December 2019)](https://www.microsoft.com/security/blog/2019/12/16/ransomware-response-to-pay-or-not-to-pay/)
+- [Norsk Hydro responds to ransomware attack with transparency (December 2019)](https://www.microsoft.com/security/blog/2019/12/17/norsk-hydro-ransomware-attack-transparency/)
security Incidents Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/incidents-overview.md
For more information about SecOps across Microsoft's products, see these resourc
## Next steps
-**If you are new** to security analysis and incident response:
+Use the listed steps based on your experience level or role on your security team.
-- See the [Respond to your first incident walkthrough](first-incident-overview.md) to get a guided tour of a typical process of analysis, remediation, and post-incident review in the Microsoft 365 Defender portal with an example attack.
+### Experience level
-**If you have experience** with security analysis and incident response:
+Follow this table for your level of experience with security analysis and incident response.
-- Get started with the incident queue from the **Incidents** page of the Microsoft 365 Defender portal. From here, you can:
+| Level | Steps |
+|:-|:--|
+| **New** | <ol><li> See the [Respond to your first incident walkthrough](first-incident-overview.md) to get a guided tour of a typical process of analysis, remediation, and post-incident review in the Microsoft 365 Defender portal with an example attack. </li><li> See which incidents should be [prioritized](incident-queue.md) based on severity and other factors. </li><li> [Manage incidents](manage-incidents.md), which includes renaming, assigning, classifying, and adding tags and comments based on your incident management workflow.</li></ol> |
+| **Experienced** | <ol><li> Get started with the incident queue from the **Incidents** page of the Microsoft 365 Defender portal. From here you can: </li> <ul><li> See which incidents should be [prioritized](incident-queue.md) based on severity and other factors. </li><li> [Manage incidents](manage-incidents.md), which includes renaming, assigning, classifying, and adding tags and comments based on your incident management workflow. </li><li> Perform [investigations](investigate-incidents.md) of incidents. </li></ul> </li><li> Track and respond to emerging threats with [threat analytics](threat-analytics.md). </li><li> Proactively hunt for threats with [advanced threat hunting](advanced-hunting-overview.md). </li><li> See these [incident response playbooks](/security/compass/incident-response-playbooks) for detailed guidance for phishing, password spray, and app consent grant attacks. </li></ol> |
- - See which incidents should be [prioritized](incident-queue.md) based on severity and other factors.
- - [Manage incidents](manage-incidents.md), which includes renaming, assigning, classifying, and adding tags and comments based on your incident management workflow.
+### Security team role
- - Perform [investigations](investigate-incidents.md) of incidents.
+Follow this table based on your security team role.
-- See how to [integrate Microsoft 365 Defender into your Security Operations Center (SOC)](integrate-microsoft-365-defender-secops.md).--- See these [incident response playbooks](/security/compass/incident-response-playbooks) for detailed guidance for phishing, password spray, and app consent grant attacks.
+| Role | Steps |
+|:-|:--|
+| Incident responder (Tier 1) | Get started with the incident queue from the **Incidents** page of the Microsoft 365 Defender portal. From here you can: <ul><li> See which incidents should be [prioritized](incident-queue.md) based on severity and other factors. </li><li> [Manage incidents](manage-incidents.md), which includes renaming, assigning, classifying, and adding tags and comments based on your incident management workflow. </li></ul> |
+| Security investigator or analyst (Tier 2) | <ol><li> Perform [investigations](investigate-incidents.md) of incidents from the **Incidents** page of the Microsoft 365 Defender portal. </li><li> See these [incident response playbooks](/security/compass/incident-response-playbooks) for detailed guidance for phishing, password spray, and app consent grant attacks. </li></ol> |
+| Advanced security analyst or threat hunter (Tier 3) | <ol><li>Perform [investigations](investigate-incidents.md) of incidents from the **Incidents** page of the Microsoft 365 Defender portal. </li><li> Track and respond to emerging threats with [threat analytics](threat-analytics.md). </li><li> Proactively hunt for threats with [advanced threat hunting](advanced-hunting-overview.md). </li><li> See these [incident response playbooks](/security/compass/incident-response-playbooks) for detailed guidance for phishing, password spray, and app consent grant attacks. |
+| SOC manager | See how to [integrate Microsoft 365 Defender into your Security Operations Center (SOC)](integrate-microsoft-365-defender-secops.md). |
security Admin Submission https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/admin-submission.md
For other ways to submit email messages, URLs, and attachments to Microsoft, see
> [!div class="mx-imgBorder"] > ![New Attachment submission example.](../../media/submission-file-flyout.png)
+> [!NOTE]
+> If malware filtering has replaced the message attachments with the Malware Alert Text.txt file, you need to submit the original message from quarantine that contains the original attachments. For more information on quarantine and how to release messages with malware false positives, see [Manage quarantined messages and files as an admin](manage-quarantined-messages-and-files.md).
+ ## View admin submissions to Microsoft 1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Submissions**.
security Bulk Complaint Level Values https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/bulk-complaint-level-values.md
Bulk mailers vary in their sending patterns, content creation, and recipient acq
Spam filtering marks messages as **Bulk email** based on the BCL threshold (the default value or a value you specify) and takes the specified action on the message (the default action is deliver the message to the recipient's Junk Email folder). For more information, see [Configure anti-spam policies](configure-your-spam-filter-policies.md) and [What's the difference between junk email and bulk email?](what-s-the-difference-between-junk-email-and-bulk-email.md)
-You can use the Tenant Allow/Block List to configure exceptions for bulk mail filtering. Messages from senders in the specified domains don't receive the action for the **Bulk email** spam filtering verdict in anti-spam policies. For more information, see [Manage the Tenant Allow/Block List](tenant-allow-block-list.md).
- The BCL thresholds are described in the following table. ****
security Recover From Ransomware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/recover-from-ransomware.md
You can report phishing messages that contain ransomware by using one of several
## Additional ransomware resources
-Key industry information:
--- [Human-operated ransomware overview](/security/compass/human-operated-ransomware)
+Key information from Microsoft:
+- [The growing threat of ransomware](https://blogs.microsoft.com/on-the-issues/2021/07/20/the-growing-threat-of-ransomware/), Microsoft On the Issues blog post on July 20, 2021
+- [Human-operated ransomware](/security/compass/human-operated-ransomware)
- [Rapidly protect against ransomware and extortion](/security/compass/protect-against-ransomware)- - [The latest Microsoft Security Intelligence Report](https://www.microsoft.com/securityinsights/) (see pages 22-24)
+- **Ransomware: A pervasive and ongoing threat** report in the **Threat analytics** node of the Microsoft 365 Defender portal (see these [licensing requirements](/microsoft-365/security/defender/prerequisites#licensing-requirements))
-- **Ransomware: A pervasive and ongoing threat** report in the **Threat analytics node** of the Microsoft 365 Defender portal (see these [licensing requirements](/microsoft-365/security/defender/prerequisites#licensing-requirements))-
-Microsoft 365 protection:
+Microsoft 365:
- [Malware and ransomware protection](/compliance/assurance/assurance-malware-and-ransomware-protection)-- [Ransomware detection and recovering your files in OneDrive](https://support.microsoft.com/office/0d90ec50-6bfd-40f4-acc7-b8c12c73637f)-- [Enable or disable macros in Office files](https://support.microsoft.com/office/12b036fd-d140-4e74-b45e-16fed1a7e5c6)-- [Recommended settings for EOP and Microsoft Defender for Office 365 security](recommended-settings-for-eop-and-office365.md)
+- [Protect your Windows 10 PC from ransomware](https://support.microsoft.com//windows/protect-your-pc-from-ransomware-08ed68a7-939f-726c-7e84-a72ba92c01c3)
+- [Handling ransomware in SharePoint Online](/sharepoint/troubleshoot/security/handling-ransomware-in-sharepoint-online)
+
+Microsoft 365 Defender:
+
+- [Find ransomware with advanced hunting](/microsoft-365/security/defender/advanced-hunting-find-ransomware)
+
+Microsoft Azure:
+
+- [Azure Defenses for Ransomware Attack](https://azure.microsoft.com/resources/azure-defenses-for-ransomware-attack/)
+- [Backup and restore plan to protect against ransomware](/security/compass/backup-plan-to-protect-against-ransomware)
+- [Help protect from ransomware with Microsoft Azure Backup](https://www.youtube.com/watch?v=VhLOr2_1MCg) (26 minute video)
+- [Recovering from systemic identity compromise](/azure/security/fundamentals/recover-from-identity-compromise)
+- [Advanced multistage attack detection in Azure Sentinel](/azure/sentinel/fusion#ransomware)
+- [Fusion Detection for Ransomware in Azure Sentinel](https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-fusion-detection-for-ransomware/ba-p/2621373)
+
+Microsoft Cloud App Security:
+
+- [Create anomaly detection policies in Cloud App Security](/cloud-app-security/anomaly-detection-policy)
Microsoft Security team blog posts:
+- [3 steps to prevent and recover from ransomware (September 2021)](https://www.microsoft.com/security/blog/2021/09/07/3-steps-to-prevent-and-recover-from-ransomware/)
- [Becoming resilient by understanding cybersecurity risks: Part 4ΓÇönavigating current threats (May 2021)](https://www.microsoft.com/security/blog/2021/05/26/becoming-resilient-by-understanding-cybersecurity-risks-part-4-navigating-current-threats/) See the **Ransomware** section. - [Human-operated ransomware attacks: A preventable disaster (March 2020)](https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/)+
+ Includes attack chain analyses of actual attacks.
+ - [Ransomware responseΓÇöto pay or not to pay? (December 2019)](https://www.microsoft.com/security/blog/2019/12/16/ransomware-response-to-pay-or-not-to-pay/) - [Norsk Hydro responds to ransomware attack with transparency (December 2019)](https://www.microsoft.com/security/blog/2019/12/17/norsk-hydro-ransomware-attack-transparency/)-- [A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017 (January 2018)](https://www.microsoft.com/security/blog/2018/01/10/a-worthy-upgrade-next-gen-security-on-windows-10-proves-resilient-against-ransomware-outbreaks-in-2017/)-
security Safe Docs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-docs.md
ms.prod: m365-security
**Applies to** - [Microsoft 365 Defender](../defender/microsoft-365-defender.md)
-Safe Documents is a premium feature that uses [Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) to scan documents and files that are opened in [Protected View](https://support.microsoft.com/office/d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653) or [Application Guard for Office](https://support.microsoft.com/topic/9e0fb9c2-ffad-43bf-8ba3-78f785fdba46).
+Safe Documents is a premium feature that uses the cloud backend of [Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection) to scan opened Office documents in [Protected View](https://support.microsoft.com/office/d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653) or [Application Guard for Office](https://support.microsoft.com/topic/9e0fb9c2-ffad-43bf-8ba3-78f785fdba46).
-## What do you need to know before you begin?
+Users don't need Defender for Endpoint installed on their local devices to get Safe Documents protection. Users get Safe Documents protection if all of the following requirements are met:
-- The availability of Safe Documents controlled by the **Office 365 SafeDocs** (or **SAFEDOCS** or **bf6f5520-59e3-4f82-974b-7dbbc4fd27c7**) service (also known as a service plan). This service plan is available in the following licensing plans (also known as license plans, Microsoft 365 plans, or products):
+- Safe Documents is enabled in the organization as described in this article.
+- Licenses from a required licensing plan are assigned to the users. Safe Documents is controlled by the **Office 365 SafeDocs** (or **SAFEDOCS** or **bf6f5520-59e3-4f82-974b-7dbbc4fd27c7**) service plan (also known as a service). This service plan is available in the following licensing plans (also known as license plans, Microsoft 365 plans, or products):
- Microsoft 365 A5 for Faculty - Microsoft 365 A5 for Students - Microsoft 365 E5
Safe Documents is a premium feature that uses [Microsoft Defender for Endpoint](
Safe Documents is not included in Microsoft Defender for Office 365 licensing plans.
- For more information, see the following topics:
+ For more information, see [Product names and service plan identifiers for licensing](/azure/active-directory/enterprise-users/licensing-service-plan-reference).
- - [View Microsoft 365 licenses and services with PowerShell](/microsoft-365/enterprise/view-licenses-and-services-with-microsoft-365-powershell)
- - [View Microsoft 365 account license and service details with PowerShell](/microsoft-365/enterprise/view-account-license-and-service-details-with-microsoft-365-powershell)
- - [Product names and service plan identifiers for licensing](/azure/active-directory/enterprise-users/licensing-service-plan-reference)
+- They're using Microsoft 365 Apps for enterprise (formerly known as Office 365 ProPlus) version 2004 or later.
-- Safe Documents is supported in Microsoft 365 Apps for enterprise (formerly known as Office 365 ProPlus) version 2004 or later.
+## What do you need to know before you begin?
- You open the Microsoft 365 Defender portal at <https://security.microsoft.com>. To go directly to the **Safe Attachments** page, use <https://security.microsoft.com/safeattachmentv2>.
Files sent by Safe Documents are not retained in Defender beyond the time needed
### Use Exchange Online PowerShell to configure Safe Documents
-Use the following syntax:
+If you'd rather user PowerShell to configure Safe Documents, use the following syntax in Exchange Online PowerShell:
```powershell Set-AtpPolicyForO365 -EnableSafeDocs <$true | $false> -AllowSafeDocsOpen <$true | $false>
For more information, see the following topics:
- [View Microsoft 365 account license and service details with PowerShell](/microsoft-365/enterprise/view-account-license-and-service-details-with-microsoft-365-powershell) - [Product names and service plan identifiers for licensing](/azure/active-directory/enterprise-users/licensing-service-plan-reference)
-### Onboard to the Microsoft Defender for Endpoint Service to enable auditing capabilities
+### Onboard to the Microsoft Defender for Endpoint service to enable auditing capabilities
-To deploy Microsoft Defender for Endpoint, you need to go through the various phases of deployment. After onboarding, you can configure auditing capabilities in the Microsoft 365 Defender portal.
+To enable auditing capabilities, the local device needs to have Microsoft Defender for Endpoint installed. To deploy Microsoft Defender for Endpoint, you need to go through the various phases of deployment. After onboarding, you can configure auditing capabilities in the Microsoft 365 Defender portal.
To learn more, see [Onboard to the Microsoft Defender for Endpoint service](/microsoft-365/security/defender-endpoint/onboarding). If you need additional help, refer to [Troubleshoot Microsoft Defender for Endpoint onboarding issues](/microsoft-365/security/defender-endpoint/troubleshoot-onboarding).
To verify that you've enabled and configured Safe Documents, do any of the follo
Get-AtpPolicyForO365 | Format-List *SafeDocs* ``` -- The following files are available to test Safe Documents protection. These documents are similar to the EICAR.TXT file for testing anti-malware and anti-virus solutions. The files are not harmful, but they will trigger Safe Documents protection.
+- The following files are available to test Safe Documents protection. These files are similar to the EICAR.TXT file for testing anti-malware and anti-virus solutions. The files are not harmful, but they will trigger Safe Documents protection.
- [SafeDocsDemo.docx](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/SafeDocsDemo.docx) - [SafeDocsDemo.pptx](https://github.com/MicrosoftDocs/microsoft-365-docs/raw/public/microsoft-365/downloads/SafeDocsDemo.pptx)
security Tenant Allow Block List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list.md
For detailed syntax and parameter information, see [Get-TenantAllowBlockListSpoo
For example, `t.co` is allowed; `.com` or `contoso.` are not allowed. -- Subpaths are not implied.
+- Subpaths are not implied for allows.
For example, `contoso.com` does not include `contoso.com/a`.