-Anyone who is interested can contribute to the topics. When you contribute, your work will go directly into the content set after being merged. It will then show up on docs.microsoft.com and you will be listed as a contributor at: <https://github.com/MicrosoftDocs/microsoft-365-docs/graphs/contributors>.

-2. Go to the page you want to edit on docs.microsoft.com.

- 

-The writer identified in the metadata of the topic will be notified and will eventually review and approve your changes so the topic will be updated on docs.microsoft.com. If there are questions or issues with the updates, the writer will contact you.

-A subdomain is an internet domain, which is part of a primary domain. Subdomains are also referred to as "hosts". As an example, "docs.microsoft.com" is a subdomain of "microsoft.com". For every subdomain, there could be a new set of IP addresses to which the domain resolves to and this can be a great data source for finding related infrastructure.

-Microsoft cloud-only accounts have a pre-defined password policy that cannot be changed. The only items you can change are the number of days until a password expires and whether or not passwords expire at all.

-

-### Requiring long passwords

-Password length requirements (greater than about 10 characters) can result in user behavior that is predictable and undesirable. For example, users who are required to have a 16-character password may choose repeating patterns like **fourfourfourfour** or **passwordpassword** that meet the character length requirement but aren't hard to guess. Additionally, length requirements increase the chances that users will adopt other insecure practices, such as writing down their passwords, reusing them, or storing them unencrypted in their documents. To encourage users to think about a unique password, we recommend keeping a reasonable 8-character minimum length requirement.

-|**Sender Policy Framework (SPF)** uses IP information to ensure that destination email systems trust messages sent from your custom domain.|[How Sender Policy Framework (SPF) prevents spoofing - Office 365 - Microsoft Docs](/microsoft-365/security/office-365-security/how-office-365-uses-spf-to-prevent-spoofing)|

-|**DomainKeys Identified Mail (DKIM)** uses X.509 certificate information to ensure that destination email systems trust messages sent outbound from your custom domain.|[How to use DKIM for email in your custom domain - Office 365 - Microsoft Docs](/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email)|

-|**Domain-based Message Authentication, Reporting, and Conformance (DMARC)** works with Sender Policy Framework and DomainKeys Identified Mail to authenticate mail senders and ensure that destination email systems trust messages sent from your domain.|[Use DMARC to validate email, setup steps - Office 365 - Microsoft Docs](/microsoft-365/security/office-365-security/use-dmarc-to-validate-email)|

-When you deploy data loss prevention policies for Teams, you might find useful the following end-user guidance as an introduction to this technology with some potential messages that they might see: [Teams messages about data loss prevention (DLP) and communication compliance policies ](https://support.microsoft.com/office/teams-messages-about-data-loss-prevention-dlp-and-communication-compliance-policies-c5631c3f-f61b-4306-a6ac-6603d9fc5ff0).

-|[Apply S/MIME protection](#configure-a-label-to-apply-smime-protection-in-outlook) | Under review | Rolling out: 16.61+ ^\* | Rolling out: 4.2226+ | Rolling out: 4.2203+ | Under review |

-2. In the compliance portal, go to **Solutions** \> **Data lifecycle management** \> **Exchange (legacy)** > **Retention tags**

-1. On the **Retention tags** page, select **+ New tag**, and then on the **Define how the tag will be applied** page, select **Automatically to entire mailbox (default)**.

-3. On the **Name your tag** page, type a name for the new retention tag, and an optional description that explains the purpose of the custom retention tag.

-

- For our example scenario, we'll name this tag "Alpine House 3 Year Move to Archive".

-1. Back on the **Retention tags** page, select **+ New tag**, and then on the **Define how the tag will be applied** page, select **Automatically to entire mailbox (default)** again.

-2. On the **Define retention settings** page, complete the following fields:

-3. On the **Name your tag** page, type a name for the new retention tag, and an optional description that explains the purpose of the custom retention tag.

-

- For our example scenario, we'll name this tag "Alpine House 7 Year Permanently Delete".

-1. Back on the **Retention tags** page, select **+ New tag**, and then on the **Define how the tag will be applied** page, select **Automatically to entire mailbox (default)** again.

-2. On the **Define retention settings** page, complete the following fields:

- 1. **When items reaches the following age (in days)** Enter the duration of the retention period. For this scenario, items will be deleted after 1825 days (5 years).

-3. On the **Name your tag** page, type a name for the new retention tag, and an optional description that explains the purpose of the custom retention tag.

-

- For our example scenario, we'll name this tag "Alpine House Deleted Items 5 Years Delete and Allow Recovery".

-1. In the [Microsoft Purview compliance portal](https://compliance.microsoft.com/), go to **Data lifecycle management** \> **Exchange (legacy)** > **Retention policies**.

-2. On the **Retention policies** page, select **New policy**.

- |Never Delete <br/> |This tag prevents items from being deleted by a retention policy. <br/> |Built-in <br/> |Personal; this tag can be applied by users. <br/> |

- |Personal 1 year move to archive <br/> |Moves items to the archive mailbox after 1 year. <br/> |Built-in <br/> |Personal; this tag can be applied by users. <br/> |

- > ^\* Users can use the Recover Deleted Items tool in Outlook and Outlook on the web (formerly known as Outlook Web App) to recover a deleted item within the deleted item retention period, which by default is 14 days in Exchange Online. An administrator can use Exchange Online PowerShell to increase the deleted item retention period to a maximum of 30 days. For more information, see: [Recover deleted items in Outlook for Windows](https://support.office.com/article/49e81f3c-c8f4-4426-a0b9-c0fd751d48ce) and [Change the deleted item retention period for a mailbox in Exchange Online](/exchange/recipients-in-exchange-online/manage-user-mailboxes/change-deleted-item-retention).

-SharePoint Online is a shared multi-tenanted environment that is balanced across farms and scale is adjusted in an on-going basis. Load testing an environment, like SharePoint Online, whose scale changes continuously will not only give you unexpected results but it is not permitted.

-Pages from an on-Premise deployment should not simply be moved as they are onto SharePoint Online without reviewing them against recommended guidelines for SharePoint Online. The best approach is to always optimize any home page for any site or portal in SharePoint, as this is where most users in your organization will access as the starting point for your site(s).

-The traditional big bang approach for site launches will not allow verification that customizations, external sources, services, or processes have been tested at the right scale. This approach doesn't mean that it will take months to launch, but it is recommended over at least several days dependent on your organization size. Following a wave roll-out plan therefore gives you the option to pause and resolve issues before proceeding with the next phase and therefore lowers the potential number of users impacted by any issues. SharePoint as a service scales your capacity based on usage and predicted usage and whilst we don't need you to notify us of your launch, you should follow the guidelines to ensure success.

-|Office 365 CDN |Microsoft Azure |Generic assets in public origins, SharePoint user content in private origins |[Microsoft Azure CDN](https://azure.microsoft.com/documentation/services/cdn/) |

-|Azure CDN |Microsoft |Custom code, SharePoint Framework solutions |[Microsoft Azure CDN](https://azure.microsoft.com/documentation/services/cdn/) |

-Commonly, during mergers or divestitures, you need the ability to move your user's Exchange Online mailbox into a new tenant. Cross-tenant mailbox migration allows tenant administrators to use well-known interfaces like Exchange Online PowerShell and MRS to transition users to their new organization.

-### How do we access Outlook on Day 1 after the use mailbox is moved?

-Since only one tenant can own a domain, the former primary SMTPAddress will not be associated to the user in the target tenant when the mailbox move completes; only those domains associated with the new tenant. Outlook uses the users new UPN to authenticate to the service and the Outlook profile expects to find the legacy primary SMTPAddress to match the mailbox in the target system. Since the legacy address is not in the target System the outlook profile will not connect to find the newly moved mailbox.

-3. You've already read and understand the [ExpressRoute documentation](https://azure.microsoft.com/documentation/services/expressroute/) and your internal network is able to meet ExpressRoute pre-requisites end to end.

-For Azure CDN from Verizon (Edgecast) you can find an exhaustive list using [https://docs.microsoft.com/rest/api/cdn/edge-nodes/list](/rest/api/cdn/edge-nodes/list) (click **Try It** ) - you will need to look specifically for the **Premium\_Verizon** section. Note that this API shows all Edgecast IPs (origin and Anycast). Currently there isn't a mechanism for the API to distinguish between origin and Anycast.

-There are several articles on docs.microsoft.com about the details of managed navigation. For example, see [Overview of managed navigation in SharePoint Server](/sharepoint/administration/overview-of-managed-navigation).

-[Structural navigation caching and performance](https://support.office.com/article/structural-navigation-and-performance-f163053f-8eca-4b9c-b973-36b395093b43)

-3. If possible, ensure a valid and unique value for the **userPrincipalName** attribute in the user's **user** object. For the best synchronization experience, ensure that the AD DS UPN matches the Azure AD UPN. If a user does not have a value for the **userPrincipalName** attribute, then the **user** object must contain a valid and unique value for the **sAMAccountName** attribute. Remove any duplicate values in the **userPrincipalName** attribute.

-Successful directory synchronization between your AD DS and Microsoft 365 requires that your AD DS attributes are properly prepared. For example, you need to ensure that specific characters aren't used in certain attributes that are synchronized with the Microsoft 365 environment. Unexpected characters do not cause directory synchronization to fail but might return a warning. Invalid characters will cause directory synchronization to fail.

- - If the attribute exists in the user object, it will be synchronized with Microsoft 365, but Microsoft 365 does not require or use it.

- - The attribute value cannot begin with a period (.).

- Note that the invalid characters apply to the characters following the type delimiter and ":", such that SMTP:User@contso.com is allowed, but SMTP:user:M@contoso.com is not.

- - If the attribute exists in the user object, it will be synchronized with Microsoft 365, but Microsoft 365 does not require or use it.

- - The @ character cannot be the first character in each **userPrincipalName** value.

- - The username cannot end with a period (.), an ampersand (&amp;), a space, or an at sign (@).

- - The username cannot contain any spaces.

- - Routable domains must be used; for example, local or internal domains cannot be used.

- - **userPrincipalName** cannot contain any duplicate values in the directory.

-In Microsoft 365, the UPN is the default attribute that's used to generate the email address. It's easy to get **userPrincipalName** (in AD DS and in Azure AD) and the primary email address in **proxyAddresses** set to different values. When they are set to different values, there can be confusion for administrators and end users.

-If you've already set up directory synchronization, the user's UPN for Microsoft 365 may not match the user's AD DS UPN that's defined in your AD DS. This can occur when a user was assigned a license before the domain was verified. To fix this, use [PowerShell to fix duplicate UPN](https://go.microsoft.com/fwlink/p/?LinkId=396730) to update the user's UPN to ensure that the Microsoft 365 UPN matches the corporate user name and domain. If you are updating the UPN in the AD DS and would like it to synchronize with the Azure Active Directory identity, you need to remove the user's license in Microsoft 365 prior to making the changes in AD DS.

-After you have done 1 through 5 above, see [Set up directory synchronization](set-up-directory-synchronization.md).

-Under some circumstances you may choose to enforce a site and its file content to remain in the geo location where the site was created, either by preventing the site from being moved or by preventing the caching of the site's file content in another geo location.

-You can do this by using the [Set-SPOSite](/powershell/module/sharepoint-online/set-sposite) cmdlet with the **RestrictedToGeo** parameter. This parameter has a default value of NULL, but you can change it to one of the following:

-`Set-SPOSite -Identity https://contoso.sharepoint.com/sites/RegionRestrictedTeamSite -RestrictedToGeo BlockFull`

-Syndication and Cloud Solution Provider (CSP) partners can access the data that makes up customer tenant reports directly via remote Windows PowerShell for Exchange Online PowerShell. This lets partners collect and save the reporting data and then perform other operations on it. After you open a remote connection, retrieving reporting data about a customer tenancy is identical to running any cmdlet against a customer tenancy.

-In this article, you use remote Windows PowerShell for Exchange Online to connect to a single customer tenancy and retrieve a report. By default, Windows PowerShell does not support aggregating reporting data from multiple customer tenancies. The reports you retrieve with this procedure are only for the _DelegatedOrg_ that you connect to.

-After you have opened a remote session to Exchange Online, run this command to retrieve the **Get-StaleMailboxReport** for the date range 03/25/2015 through 03/31/2015.

-There are many other reporting cmdlets available for Exchange Online, Lync Online, and SharePoint Online as well as others for message tracing that you can use. To find out more about the available reporting cmdlets and the Office 365 Reporting web service, see the topics in the following section.

-For many DNS providers, there are specific instructions to change your MX record. If your DNS provider isn't included, or if you want to get a sense of the general directions, [general MX record instructions](/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide#add-an-mx-record-for-email-outlook-exchange-online) are provided as well.

-For many DNS providers, there are specific instructions to change your MX record. If your DNS provider isn't included, or if you want to get a sense of the general directions, [general MX record instructions](/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide#add-an-mx-record-for-email-outlook-exchange-online) are provided as well.

-On docs.microsoft.com, you can search the content in the table of contents by using the filter search box at the top:

-Did you know that you could edit the content on docs.microsoft.com yourself? If you do so, not only will our documentation improve, but you'll also be credited as a contributor to the page. To get started, see:

-You can use a local script to onboard Windows client devices. When you run the onboarding script on a device, it creates a trust with Azure Active Directory, if that trust doesn't already exist; enrolls the device in Microsoft Intune, if it isn't already enrolled; and then onboards the device to Defender for Business. The local script method works even if you don't currently have Intune, and this is the recommended method for Defender for Business customers.

-When you run the local script on a Mac, it creates a trust with Azure Active Directory, if that trust doesn't already exist; enrolls the Mac in Microsoft Intune, if it isn't already enrolled; and then onboards the Mac to Defender for Business. We recommend that you onboard up to 10 devices at a time using this method.

-You can use Microsoft Intune to onboard mobile devices, such as Android and iOS/iPadOS devices. See the following resources to get help enrolling these devices into Intune:

-##### [Investigate a domain](investigate-domain.md)

-Search by deviceId or deviceName by commenting out the respective lines.

-# Investigate a domain associated with a Microsoft Defender for Endpoint alert

-Investigate a domain to see if devices and servers in your enterprise network have been communicating with a known malicious domain.

-You can investigate a domain by using the search feature or by clicking on a domain link from the **Device timeline**.

-You can see information from the following sections in the URL view:

-## URL worldwide

-The **URL Worldwide** section lists the URL, a link to further details at Whois, the number of related open incidents, and the number of active alerts.

-## Incident

-The **Incident** card displays a bar chart of all active alerts in incidents over the past 180 days.

-## Prevalence

-The **Prevalence** card provides details on the prevalence of the URL within the organization, over a specified period of time.

-Although the default time period is the past 30 days, you can customize the range by selecting the downward-pointing arrow in the corner of the card. The shortest range available is for prevalence over the past day, while the longest range is over the past 6 months.

-## Alerts

-The **Alerts** tab provides a list of alerts that are associated with the URL. The table shown here is a filtered version of the alerts visible on the Alert queue screen, showing only alerts associated with the domain, their severity, status, the associated incident, classification, investigation state, and more.

-The Alerts tab can be adjusted to show more or less information, by selecting **Customize columns** from the action menu above the column headers. The number of items displayed can also be adjusted, by selecting **items per page** on the same menu.

-## Observed in organization

-The **Observed in organization** tab provides a chronological view on the events and associated alerts that were observed on the URL. This tab includes a timeline and a customizable table listing event details, such as the time, device, and a brief description of what happened.

-You can view events from different periods of time by entering the dates into the text fields above the table headers. You can also customize the time range by selecting different areas of the timeline.

-**Investigate a domain:**

-3. Click the search icon or press **Enter**. Details about the URL are displayed. Note: search results will only be returned for URLs observed in communications from devices in the organization.

-5. Clicking any of the device names will take you to that device's view, where you can continue investigate reported alerts, behaviors, and events.

-## Related topics

-<details>

-<summary> August-2022 (Platform: 4.18.2207.7| Engine: 1.1.19600.3)</summary>

-ΓÇ»

-&ensp;Security intelligence update version: **1.373.1647.0** <br/>

-&ensp;Released: **September 6th, 2022**<br/>

-ΓÇ»

-Security intelligence update version: 1.373.1647.0<br/>

-ΓÇ»

-### What's new

-

-### Known Issues

-No known issues

-<br/>

-</details>

-<details>

-| [Corelight]( https://corelight.com/integrations/iot-security)| Using data, sent from Corelight network appliances, Microsoft 365 Defender gains increased visibility into the network activities of unmanaged devices, including communication with other unmanaged devices or external networks.

-## Microsoft Learn learning paths

-Use these Microsoft Learn learning paths and their modules to build an understanding of Microsoft 365 Defender and Microsoft Defender for Endpoint, one module and unit at a time.

-> ***Insider tip***. You can use the docs.microsoft.com table of contents to learn about EOP and Microsoft Defender for Office 365. Navigate back to this page, [Office 365 Security overview](index.yml), and you'll notice that table of contents organization in the side-bar. It begins with Deployment (including migration) and then continues into prevention, detection, investigation, and response. <p> This structure is divided so that **Security Administration** topics are followed by **Security Operations** topics. If you're a new member of either job role, use the link in this tip, and your knowledge of the table of contents, to help learn the space. Remember to use *feedback links* and *rate articles* as you go. Feedback helps us improve what we offer you.

-> ***Insider tip***. You can use the docs.microsoft.com table of contents to learn about EOP and Microsoft Defender for Office 365. Navigate back to this page, [Office 365 Security overview](index.yml), and you'll notice that table of contents organization in the side-bar. It begins with Deployment (including migration) and then continues into prevention, detection, investigation, and response. <p> This structure is divided so that **Security Administration** topics are followed by **Security Operations** topics. If you're a new member of either job role, use the link in this tip, and your knowledge of the table of contents, to help learn the space. Remember to use *feedback links* and *rate articles* as you go. Feedback helps us improve what we offer you.

-If a file attachment is encrypted or password protected, it can't be examined by Safe Attachments. The message with the attachment will be delivered, and the recipient receives no warning that the file hasn't been scanned by Safe Attachments.

-Also visit Microsoft's new Defender for Cloud on [docs.microsoft.com/security](/security).

-description: Learn which clients are currently supported for Whiteboard.