Updates from: 09/16/2022 03:24:28
Category Microsoft Docs article Related commit history on GitHub Change details
threat-intelligence Analyst Insights https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/analyst-insights.md
Title: 'Microsoft Defender Threat Intelligence (Defender TI) Analyst Insights'
description: 'In this overview article, learn about the Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs analyst insights feature.' + Last updated 08/02/2022
threat-intelligence Data Sets https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/data-sets.md
Title: 'Microsoft Defender Threat Intelligence (Defender TI) Data Sets'
description: 'In this overview article, learn about Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs data sets feature.' + Last updated 08/02/2022
threat-intelligence Gathering Threat Intelligence And Infrastructure Chaining https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/gathering-threat-intelligence-and-infrastructure-chaining.md
Title: 'Tutorial: Gathering Threat Intelligence and Infrastructure Chaining usin
description: 'In this tutorial, learn how to gather threat intelligence and infrastructure chain together indicators of compromise in Microsoft Defender Threat Intelligence (Defender TI). This article will cover a historical investigation of the MyPillow Magecart breach.' + Last updated 08/02/2022
threat-intelligence Gathering Vulnerability Intelligence https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/gathering-vulnerability-intelligence.md
Title: 'Tutorial: Gathering vulnerability intelligence'
description: 'In this tutorial, practice gathering vulnerability intelligence associated with the Darkside threat actor group using Microsoft Defender Threat Intelligence (Defender TI).' + Last updated 08/04/2022
threat-intelligence Index Backup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/index-backup.md
Title: 'What is Microsoft Defender Threat Intelligence (Defender TI)?'
description: 'In this overview article, learn about the main features that come with Microsoft Defender Threat Intelligence (Defender TI).' + Last updated 08/02/2022
threat-intelligence Infrastructure Chaining https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/infrastructure-chaining.md
Title: 'Microsoft Defender Threat Intelligence (Defender TI): Infrastructure Cha
description: 'In this concept article, learn about infrastructure chaining and how you can apply that process to perform threat infrastructure analysis using Microsoft Defender Threat Intelligence (Defender TI).' + Last updated 08/02/2022
threat-intelligence Learn How To Access Microsoft Defender Threat Intelligence And Make Customizations In Your Portal https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal.md
Title: 'Quickstart: Accessing the Microsoft Defender Threat Intelligence (Defend
description: 'In this quickstart, learn how to configure your profile and preferences and access Defender TIΓÇÖs help resources using Microsoft Defender Threat Intelligence (Defender TI).' + Last updated 08/02/2022
threat-intelligence Reputation Scoring https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/reputation-scoring.md
Title: 'Microsoft Defender Threat Intelligence (Defender TI) Reputation Scoring'
description: 'In this overview article, learn about the Microsoft Defender Threat Intelligence (Defender TI)ΓÇÖs reputation scoring feature.' + Last updated 08/02/2022
threat-intelligence Searching And Pivoting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/searching-and-pivoting.md
Title: 'Searching & pivoting with Microsoft Defender Threat Intelligence (De
description: 'Learn how to search and pivot across internet data sets, threat articles, vulnerability articles, and projects using Microsoft Defender Threat Intelligence (Defender TI).' + Last updated 08/02/2022
threat-intelligence Sorting Filtering And Downloading Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/sorting-filtering-and-downloading-data.md
Title: 'Sorting, filtering, and downloading data using Microsoft Defender Threat
description: 'Learn how to sort, filter and download data using Microsoft Defender Threat Intelligence (Defender TI).' + Last updated 08/02/2022
threat-intelligence Using Projects https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/using-projects.md
Title: 'Using Projects with Microsoft Defender Threat Intelligence (MDTI)'
description: 'Learn how to manage projects using Microsoft Defender Threat Intelligence (MDTI).' + Last updated 08/02/2022
threat-intelligence Using Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/using-tags.md
Title: 'Using Tags in Microsoft Defender Threat Intelligence (Defender TI)'
Description: 'In this how-to article, learn about the tag types and how to add, modify, delete and search custom tags in Microsoft Defender Threat Intelligence (Defender TI).' + Last updated 08/02/2022
threat-intelligence What Is Microsoft Defender Threat Intelligence Defender Ti https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti.md
Title: 'What is Microsoft Defender Threat Intelligence (Defender TI)?'
description: 'In this overview article, learn about the main features that come with Microsoft Defender Threat Intelligence (Defender TI).' + Last updated 08/02/2022
admin Ownerless Groups Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/create-groups/ownerless-groups-teams.md
description: "Learn how to automatically invite members to become owners in an o
A team in Microsoft Teams or a Microsoft 365 group and its related services can become ownerless if an owner's account is deleted or disabled in Microsoft 365. Groups and teams require an owner to add or remove members and change group settings.
-A Global administrator can create a policy that automatically asks the most active members of an ownerless group or team if they'll accept ownership. When a member accepts the invitation to become an owner, the action is logged in the compliance portal audit log. Guests are never invited to be owners.
+A Global Administrator, Exchange Administrator, or Groups Administrator can create a policy that automatically asks the most active members of an ownerless group or team if they'll accept ownership. When a member accepts the invitation to become an owner, the action is logged in the compliance portal audit log. Guests are never invited to be owners.
When creating the policy, you can specify: - If you want to limit who can be invited to be an owner by specifying a security group
admin Secure Your Business Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/security-and-compliance/secure-your-business-data.md
f1.keywords:
- CSH -+ audience: Admin -++ Last updated : 09/15/2022 ms.localizationpriority: medium Previously updated : 09/14/2022 - highpri - Adm_O365
The following table compares capabilities in Microsoft 365 for business plans.
(<a id="fn3">3</a>) Defender for Business is included in Microsoft 365 Business Premium. Defender for Business can also be added on to Microsoft 365 Business Basic or Standard. See [Get Defender for Business](/microsoft-365/security/defender-business/get-defender-business).
-(<a id="fn4">4</a>) Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium. Defender for Office 365 Plan 1 can also be added on to Microsoft 365 Business Basic or Standard. See [Defender for Office 365 Plan 1 and Plan 2](../../security/office-365-security/overview.md#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet).
+(<a id="fn4">4</a>) Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium. Defender for Office 365 Plan 1 can also be added on to Microsoft 365 Business Basic or Standard. See [Defender for Office 365 Plan 1 and Plan 2](/microsoft-365/security/security/office-365-security/overview#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet).
> [!TIP] > For more information about what each plan includes, see [Reimagine productivity with Microsoft 365 and Microsoft Teams](https://www.microsoft.com/en-us/microsoft-365/business/compare-all-microsoft-365-business-products-b?ef_id=8c2a86ec9ea514a008c6e419e036519c:G:s&OCID=AIDcmmwf9kwzdj_SEM_8c2a86ec9ea514a008c6e419e036519c:G:s&lnkd=Bing_O365SMB_Brand&msclkid=8c2a86ec9ea514a008c6e419e036519c).
bookings Bookings Sms https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/bookings-sms.md
With Microsoft Bookings, you can set up SMS text notifications to be sent to the
The SMS notifications will include the Teams meeting link for virtual booking appointments. > [!Note]
-> We'll be providing unlimited SMS notifications through September 30 2022, for customers with Bookings licenses. As we get closer to the end of the promotion period, we'll provide additional details on licensing requirements. Contact your account team or support to receive pricing details after the promotion period.
+> We'll be providing unlimited SMS notifications through November 30th 2022, for customers with Bookings licenses. As we get closer to the end of the promotion period, we'll provide additional details on licensing requirements. Contact your account team or support to receive pricing details after the promotion period.
## Before you begin
You can configure SMS notification in Bookings in a couple of ways:
> [!NOTE] > You need to be a Teams admin to see Teams and Bookings data on the Teams admin center.
-You can track key data on SMS notifications usage in your organization in the Teams admin center. Usage reports include data such as time and date sent, origin number, message type, event type and delivery status. You can use SMS notification telemetry during the promotional period to help forecast and budget for SMS notifications after September 30, 2022.
+You can track key data on SMS notifications usage in your organization in the Teams admin center. Usage reports include data such as time and date sent, origin number, message type, event type and delivery status. You can use SMS notification telemetry during the promotional period to help forecast and budget for SMS notifications after November 30, 2022.
1. On the Teams admin center, **Virtual Visits SMS notifications**.
business-premium Create Communications Site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/create-communications-site.md
Title: "Create a SharePoint communications site in Teams for Microsoft 365 Business Premium"
+ Title: "Create a SharePoint communications site in Teams with Microsoft 365 for business"
f1.keywords: - NOCSH
ms.audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high - Adm_O365
search.appverid:
- BCS160 - MET150 - MOE150
-description: "Learn why and how to create a SharePoint communications site for your campaign or business with Microsoft 365 Business Premium, and protect the team from cyberattacks and incursions from malware and other threats due to improper file sharing."
+description: "Create a SharePoint communications site for your campaign or business and protect your team from cyberattacks and incursions from malware and other threats due to improper file sharing."
# Create a communications site
Include the following elements in a Communications site:
![Diagram of a SharePoint Communications page with space for common elements that a campaign would need.](../media/m365-democracy-comms-site.png)
-## Infographic: Create a Communications Site infographic
+## Infographic: Create a Communications site infographic
The following links for PowerPoint and PDF can be downloaded and printed in tabloid format (also known as ledger, 11 x 17, or A3).
The following links for PowerPoint and PDF can be downloaded and printed in tabl
## Set it up
-1. Sign in to https://Office.com.
+1. Sign in to [https://Office.com](https://Office.com).
2. In the top-left corner of the page, select the app launcher icon and then select the **SharePoint** tile. If you don't see the **SharePoint** tile, click the **Sites** tile or **All** if SharePoint isn't visible.
business-premium Create Teams For Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/create-teams-for-collaboration.md
ms.audience: Admin --++ ms.localizationpriority: high Last updated : 09/15/2022 - Adm_O365 - M365-subscription-management
business-premium Get Microsoft 365 Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/get-microsoft-365-business-premium.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/20/2022 - Adm_O365 - M365-subscription-management
business-premium Get Microsoft 365 Campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/get-microsoft-365-campaigns.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high - Adm_O365
business-premium Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/index.md
ms.audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 08/24/2022 - M365-Campaigns - m365solution-overview
business-premium M365 Campaigns Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-setup.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 08/05/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Add Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-add-users.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - MiniMaven
business-premium M365bp Avoid Phishing And Attacks https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-avoid-phishing-and-attacks.md
ms.audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Collaborate Share Securely https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-collaborate-share-securely.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 08/11/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Conditional Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-conditional-access.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 08/24/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Device Groups Mdb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-device-groups-mdb.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 f1.keywords: NOCSH
business-premium M365bp Device States https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-device-states.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - MiniMaven
business-premium M365bp Devices Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-devices-overview.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 08/05/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Increase Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-increase-protection.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 08/18/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Install Office Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-install-office-apps.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Intune Admin Roles In The Mac https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 description: "The Microsoft 365 admin center lets you manage some Microsoft Intune roles, which map to business functions and give permissions to do specific tasks."
business-premium M365bp Maintain Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-maintain-environment.md
Title: "Maintain environment"
+ Title: "Maintain your environment"
f1.keywords: - NOCSH
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - M365-Campaigns - m365solution-smb
search.appverid: - BCS160 - MET150
-description: "An overview about maintaining your organization's network and systems security environment, and defending against cyberattacks."
+description: "Maintain your systems, user accounts, and policies to help protect against cyberattacks."
# Maintain your environment
-In addition to security incident management, your company needs a maintenance and operations plan. The missions you completed during the setup and configuration process were about getting your systems secured. But in addition to this, you also need to be able to perform certain tasks, such as adding or removing users, resetting passwords, and resetting devices to factory settings as needed.
+As you know, security incident management is important. As threats are detected, those threats must be reviewed and addressed. Your business also needs a maintenance and operations plan. The missions you completed during the setup and configuration process were all about getting your systems, users, and data secured. Now, you'll need to perform certain tasks, such as adding or removing users, resetting passwords, and resetting devices to factory settings as needed. This is what maintaining your environment is all about.
See the following articles for more details:
business-premium M365bp Map Protection Features To Intune Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-map-protection-features-to-intune-settings.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - MiniMaven
business-premium M365bp Multifactor Authentication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-multifactor-authentication.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Onboard Devices Mdb https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-onboard-devices-mdb.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 f1.keywords: NOCSH
business-premium M365bp Prepare For Office Client Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-prepare-for-office-client-deployment.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - MiniMaven search.appverid:
business-premium M365bp Protect Admin Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-admin-accounts.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Protect Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-devices.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 09/14/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Protect Email Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-email-overview.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 08/05/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Protect Pcs Macs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-pcs-macs.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Remove Company Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-remove-company-data.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - MiniMaven
business-premium M365bp Reset Devices To Factory Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-reset-devices-to-factory-settings.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - MiniMaven search.appverid:
business-premium M365bp Reset Passwords https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-reset-passwords.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: medium Previously updated : 07/19/2022 search.appverid: - BCS160 - MET150
business-premium M365bp Review Remediation Actions Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-review-remediation-actions-devices.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 f1.keywords: NOCSH
business-premium M365bp Review Threats Take Action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-review-threats-take-action.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: medium Previously updated : 07/19/2022 - M365-subscription-management - Adm_O365
business-premium M365bp Secure Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-secure-users.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 09/14/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Security Incident Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-incident-management.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/20/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Security Incident Quick Start https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-incident-quick-start.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - m365solution-smb
business-premium M365bp Security Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-overview.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 08/08/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Set Up Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-set-up-compliance.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - MiniMaven search.appverid:
business-premium M365bp Setup Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup-overview.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 08/05/2022 - M365-Campaigns - m365solution-smb
business-premium M365bp Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 09/14/2022 f1.keywords: NOCSH
business-premium M365bp Threats Detected Defender Av https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-threats-detected-defender-av.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: medium Previously updated : 07/19/2022 search.appverid: MET150 description: "Learn how Microsoft Defender Antivirus protects your Windows devices from software threats, such as viruses, malware, and spyware."
business-premium M365bp Trial Playbook Microsoft Business Premium https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-trial-playbook-microsoft-business-premium.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 09/14/2022 search.appverid: - MOE150 - MET150
business-premium M365bp Upgrade Windows 10 Pro https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-upgrade-windows-10-pro.md
audience: Admin --++ Last updated : 09/15/2022 localization_priority: Normal Previously updated : 07/19/2022 search.appverid: - MET150 - MOE150
business-premium M365bp View Edit Create Mdb Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies.md
audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 09/14/2022 f1.keywords: NOCSH
business-premium Send Encrypted Email https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/send-encrypted-email.md
ms.audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - M365-Campaigns - m365solution-smb
business-premium Set Up Meetings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/set-up-meetings.md
ms.audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - M365-Campaigns - m365solution-smb
business-premium Share Files And Videos https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/share-files-and-videos.md
ms.audience: Admin --++ Last updated : 09/15/2022 ms.localizationpriority: high Previously updated : 07/19/2022 - M365-Campaigns - m365solution-smb
compliance Communication Compliance Investigate Remediate https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-investigate-remediate.md
search.appverid:
# Investigate and remediate communication compliance alerts
-After you've configured your [communication compliance policies](/microsoft-365/compliance/communication-compliance-policies), you'll start to receive alerts in the [Microsoft Purview compliance portal](https://compliance.microsoft.com) for message issues that match your policy conditions. Follow the workflow instructions here to investigate and remediate alert issues.
+After you've configured your [communication compliance policies](/microsoft-365/compliance/communication-compliance-policies), you'll start to receive alerts in the [Microsoft Purview compliance portal](https://compliance.microsoft.com) for message issues that match your policy conditions. To view and act on alerts, users must have the following permissions:
+
+- Be assigned to the *Communication Compliance Analysts* or the *Communication Compliance Investigators* role group
+- Be assigned as a reviewer in the policy associated with the alert
+
+After you have the required permissions, follow the workflow instructions here to investigate and remediate alert issues.
## Investigate alerts
compliance Communication Compliance Reports Audits https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-reports-audits.md
search.appverid:
## Reports
-The new **Reports** dashboard is the central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities. Information contained in the report widgets isn't exportable. Detailed reports provide in-depth information related to specific communication compliance areas and offer the ability to filter, group, sort, and export information while reviewing.
+The **Reports** dashboard is the central location for viewing all communication compliance reports. To view and manage reports, users must be assigned to the *Communication Compliance Viewers* role group.
+
+Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities. Information contained in the report widgets isn't exportable. Detailed reports provide in-depth information related to specific communication compliance areas and offer the ability to filter, group, sort, and export information while reviewing.
For the date range filter, the date and time for events are listed in Coordinated Universal Time (UTC). When filtering messages for reports, the requesting user's local date/time determines the results based on the conversion of the user's local date/time to UTC. For example, if a user in U.S. Pacific Daylight Time (PDT) filters a report from 8/30/2021 to 8/31/2021 at 00:00, the report includes messages from 8/30/2021 07:00 UTC to 8/31/2021 07:00 UTC. If the same user was in U.S. Eastern Daylight Time (EDT) when filtering at 00:00, the report includes messages from 8/30/2021 04:00 UTC to 8/31/2021 04:00 UTC.
compliance Communication Compliance Solution Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/communication-compliance-solution-overview.md
Title: Communication compliance
description: Learn how to configure communication compliance in Microsoft Purview. keywords: Microsoft 365, insider risk, compliance ms.localizationpriority: medium+ f1.keywords: - NOCSH
compliance Compliance Manager Templates List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-templates-list.md
The templates listed below may be purchased by your organization.
- Privacy of Consumer Financial and Health Information Regulation, NAIC MDL-672, Q2 2017 - Revisions to the principles for the sound management of operational risk (Basel III Ops Risks) - Standardized Information Gathering (SIG) Questionnaire -- [Trusted Information Security Assessment Exchange](/compliance/regulatory/offering-tisax-germany)
+- [Trusted Information Security Assessment Exchange (TISAX) 5.1](/compliance/regulatory/offering-tisax-germany)
### US Government
The templates listed below may be purchased by your organization.
- New York - 23 NYCRR Part 500 - New York City Administrative Code - Security Breach Notification - New York General Business Law - Data Security Breach Notification and Data Security Protections -- New York Privacy Act - DRAFT
+- New York Privacy Act
- North Carolina - Identity Theft Protection Act - North Dakota Chapter 51-30 Notice of Security Breach for Personal Information - Ohio - Security Breach Notification
The templates listed below may be purchased by your organization.
- Australia - ASD Essential 8 Maturity Level 3 - Australia - National Archives Act - Australia - Public Records Office Victoria Recordkeeping Standards -- Australia - Spam Act 2003
+- Australia - Spam Act 2003
- Australia Privacy (Credit Reporting) Code -- Australia Privacy Act
+- Australia Privacy Act
+- Australia Public Record Act
- Australian Energy Sector Cyber Security Framework (AESCSF) -- [Australian Information Security Registered Assessor Program (IRAP) Version 3](/compliance/regulatory/offering-ccsl-irap-australia)
+- [Australian Information Security Registered Assessor Program (IRAP) with ISM Version 3.5 - Official](/compliance/regulatory/offering-ccsl-irap-australia)
+- [Australian Information Security Registered Assessor Program (IRAP) with ISM Version 3.5 - Protected](/compliance/regulatory/offering-ccsl-irap-australia)
- [Australian Prudential Regulation Authority CPS](/compliance/regulatory/offering-apra-australia) - Victorian Protective Data Security Standards V2.0 (VPDSS 2.0) - Information Management Standard for Australian Government - National Archives of Australia (NAA)
compliance Compliance Manager Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/compliance-manager-whats-new.md
description: "Find out whatΓÇÖs new in Compliance Manger and whatΓÇÖs to come. R
**In this article:** Learn about recent updates in Compliance Manager.
+## August 2022
+
+Compliance Manager has published the following new assessment template:
+
+- Australian Information Security Registered Assessor Program (IRAP) with ISM Version 3.5 - Official
+
+View our [full list of assessment templates](compliance-manager-templates-list.md).
+ ## July 2022 Compliance Manager has published the following new assessment template:
compliance Encryption Azure Ad Configuration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/encryption-azure-ad-configuration.md
However, the automatic guest account is not created immediately in this scenario
## Next steps
-If you use [sensitivity labels](sensitivity-labels.md) to encrypt documents and emails, you might be interested in [Support for external users and labeled content](sensitivity-labels-office-apps.md#support-for-external-users-and-labeled-content) to understand which label settings apply across tenants.
+For configurations you might need to make for network infrastructure services, see [Firewalls and network infrastructure](/azure/information-protection/requirements#firewalls-and-network-infrastructure).
+
+If you use [sensitivity labels](sensitivity-labels.md) to encrypt documents and emails, you might be interested in [Support for external users and labeled content](sensitivity-labels-office-apps.md#support-for-external-users-and-labeled-content) to understand which label settings apply across tenants. For configuration guidance for the label encryption settings, see [Restrict access to content by using sensitivity labels to apply encryption](encryption-sensitivity-labels.md).
+
+Interested to learn how and when the encryption service is accessed? See [Walkthrough of how Azure RMS works: First use, content protection, content consumption](/azure/information-protection/how-does-it-work#walkthrough-of-how-azure-rms-works-first-use-content-protection-content-consumption).
+
-If you're interested to learn how and when the encryption service is accessed, see [Walkthrough of how Azure RMS works: First use, content protection, content consumption](/azure/information-protection/how-does-it-work#walkthrough-of-how-azure-rms-works-first-use-content-protection-content-consumption).
compliance Retention Policies Sharepoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/retention-policies-sharepoint.md
A timer job periodically runs on the Preservation Hold library. For content that
This behavior for copying files into the Preservation Hold library applies to content that exists when the retention settings were applied. In addition, for retention policies, any new content that's created or added to the site after it was included in the policy will be retained in the Preservation Hold library. However, new content isn't copied to the Preservation Hold library the first time it's edited, only when it's deleted. To retain all versions of a file, [versioning](#how-retention-works-with-document-versions) must be turned on for the original site.
-Users see an error message if they try to delete a library, list, folder, or site that's subject to retention. They can delete a folder if they first move or delete any files in the folder that are subject to retention.
+Users see an error message if they try to delete a library, list, folder, or site that's subject to retention. They can delete an unlabeled folder if they first move or delete any files in the folder that are subject to retention.
Users also see an error message if they try to delete a labeled item in any of the following circumstances. The item isn't copied to the Preservation Hold library but remains in the original location:
enterprise Cross Tenant Mailbox Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md
The meetings will move, however the Teams meeting URL does not update when items
### Does the Teams chat folder content migrate cross-tenant?
-No, the Teams chat folder content does not migrate cross-tenant. When a mailbox is migrated Cross-Tenant with this feature, all email, including email held for litigation, is migrated. After successful migration, the source mailbox is deleted. This means that after the migration, under no circumstances (including mailboxes on litigation or retention hold), is the source mailbox available, discoverable, or accessible in the source tenant.
+No, the Teams chat folder content does not migrate cross-tenant. When a mailbox is migrated Cross-Tenant with this feature, all email, including email held for litigation, is migrated. After successful migration, the source mailbox is deleted. This means that after the migration, under no circumstances (including mailboxes on litigation or retention hold), is the source mailbox available, discoverable, or accessible in the source tenant. Currently we are investigating an issue where in some scenarios, Teams chat data is also held in the mailbox, but the Teams chat data is not migrated. If Teams chat data must be preserved, do not use this feature to migrate the mailbox.
### How can I see just moves that are cross-tenant moves, not my onboarding and off-boarding moves?
enterprise Project Server 2013 End Of Support https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/project-server-2013-end-of-support.md
Last updated 10/11/2021 audience: ITPro + f1.keywords: - CSH
enterprise Upgrade From Lync 2013 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/upgrade-from-lync-2013.md
Last updated 11/10/2021 audience: ITPro + - Ent_O365 search.appverid:
frontline Deploy Teams At Scale https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/deploy-teams-at-scale.md
Follow these steps to install and connect to the latest version of the Teams Pow
``` If you get an error message, you're already set. Go to the next step.
-1. Download and install the [latest version of the Teams PowerShell module](https://www.powershellgallery.com/packages/MicrosoftTeams). You must be running version 4.3.1 (preview) or a later version.
+1. Download and install the [latest version of the Teams PowerShell module](https://www.powershellgallery.com/packages/MicrosoftTeams). You must be running version 4.7.0 (preview) or a later version.
1. Run the following to connect to Teams.
frontline Flw Team Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/flw-team-collaboration.md
You can also set up shared mailboxes to allow for incoming mail from customers (
## Use Viva Connections to create a personalized experience
-Viva Connections is part of the [Microsoft Viva suite](/viva/microsoft-viva-overview) and enables you to create a personalized landing experience in Teams.
+> [!NOTE]
+> Viva Connections isn't currently available for tablets.
+
+Viva Connections is part of the [Microsoft Viva suite](/viva/microsoft-viva-overview) and enables you to create a personalized landing experience in Teams.
![Screenshot of the Viva Connections Dashboard on a mobile device.](media/flw-shifts-praise-tasks-approvals.png) Use the Viva Connections Dashboard and add the Shifts, Tasks, and Approvals cards. Cards are connected to the Shifts, Tasks, and Approvals apps in Teams. Content in the cards is dynamic and personalized to the user.
-Learn more about [how to get Viva Connections](/viva/connections/viva-connections-overview) and [how to create a Viva Connections Dashboard](/viva/connections/create-dashboard).
+Learn more about [how to get Viva Connections](/viva/connections/viva-connections-overview) and [how to create a Viva Connections Dashboard](/viva/connections/create-dashboard).
## Learn more about Teams capabilities for specific industries
frontline Hc Delegates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/hc-delegates.md
Users in Microsoft Teams can set their status to Away or Do not Disturb, and include a custom text status message. A user who's going to be away can assign someone as a delegate who people can contact instead. The message delegation feature works as follows:
-1. The user who's going to be away @mentions another user (the delegate) in their status message to let people know to contact the delegate instead while the user is away.
+1. The user who's going to be away @mentions another user (the delegate) in their status message to let people know to contact the delegate instead while the user is away.
![Screenshot of a status message with a user set as a delegate.](media/message-delegation.png)
-
+ 1. The user who's been @mentioned gets notified that they've been nominated as a delegate. 1. When someone opens a chat with the away user and sees their status message, they can hover over the delegate and easily message them instead.
Users can initiate the process themselves, and no admin involvement is required
## Delegation use scenario in Healthcare
-**Usage example without setting delegates**
+**Usage example without setting delegates**
Dr. Franco Piccio is on call at the radiology department. He receives an urgent personal call and has to step away for the next couple of hours. He asks one of his peers in the radiology department, Dr. Lena Ehrle, to cover for him while he's gone. He informally hands over his pager to Dr. Ehrle, who listens for urgent messages and pings on the pager and responds to them on behalf of Dr. Piccio in addition to her current responsibilities. Others on the team may not realize the informal delegation happened. Confusion ensues with a patient's care.
-**Usage example with setting delegates**
+**Usage example with setting delegates**
Dr. Franco Piccio is on call at the radiology department. He receives an urgent personal call and has to step away for the next couple of hours. He asks one of his peers in the radiology department, Dr. Lena Ehrle to cover for him while he's gone. He changes his custom status message to say "I am unavailable for the next few hours. Please contact @DrEhrle for any emergencies." Others on the team realize the delegation happened as they're attempting to contact Dr. Piccio, so they now know to contact Dr. Ehrle in the meantime. Little to no confusion ensues with a patient's care.
lighthouse M365 Lighthouse Device Security Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lighthouse/m365-lighthouse-device-security-overview.md
You can access the Device security page in Microsoft 365 Lighthouse from the **S
## Incidents and alerts tab
-The Incidents and alerts tab provides a multi-tenant view of incidents and alerts that were flagged from devices in your customers' network. By default, the tab displays any active incidents seen in the last 30 days. You can select any incident or alert to open the details pane to view more information. From the details pane, you can also resolve the incident or alert or assign it to yourself.
+The Incidents and alerts tab provides a multi-tenant view of incidents and alerts that were flagged from devices in your customers' network. By default, the tab displays any active incidents seen in the last 30 days. You can select any incident or alert to open the details pane to view more information. From the details pane, you can also resolve the incident or alert, or assign it to yourself.
:::image type="content" source="../media/m365-lighthouse-device-security-overview/device-security-incidents-and-alerts-tab.png" alt-text="Incidents and alerts tab on the Device security page.":::
lti Index https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/lti/index.md
Last updated 06/15/2021 audience: admin + search.appverid: - M365-modern-desktop
microsoft-365-docs-navigation-guide Microsoft 365 Docs Navigation Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/microsoft-365-docs-navigation-guide.md
Title: Microsoft 365 docs navigation tips description: Tips and tricks for navigating the Microsoft 365 technical documentation - explains such things as the hub page, the table of contents, the header, as well as how to use the breadcrumbs and how to use the version filter. Last updated 08/12/2020+
security Microsoft 365 Zero Trust https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/Microsoft-365-zero-trust.md
audience: Admin description: Learn how to deploy Microsoft 365 Zero Trust security into your environment to defend against threats and protect sensitive data. + ms.localizationpriority: medium search.appverid: - MET150
security Active Content In Trusted Docs https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/active-content-in-trusted-docs.md
audience: Admin ms.localizationpriority: medium+ - M365-security-compliance search.appverid:
security Compare Mdb M365 Plans https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/compare-mdb-m365-plans.md
ms.localizationpriority: medium Previously updated : 08/30/2022 Last updated : 09/15/2022 - SMB
Microsoft offers a wide variety of cloud solutions and services, including plans
| Plan | Description | |:|:| | **[Defender for Business](mdb-overview.md)** (standalone) | **Antivirus, antimalware, and ransomware protection for devices**<ul><li>[Next-generation protection](../defender-endpoint/microsoft-defender-antivirus-in-windows-10.md) (antivirus/antimalware protection on devices together with cloud protection)</li><li>[Attack surface reduction](../defender-endpoint/overview-attack-surface-reduction.md) (network protection, firewall, and attack surface reduction rules) <sup>[[a](#fna)]</sup></li><li>[Endpoint detection and response](../defender-endpoint/overview-endpoint-detection-response.md) (behavior-based detection and manual response actions)</li><li>[Automated investigation and response](../defender/m365d-autoir.md) (with self-healing for detected threats)</li><li>[Microsoft Defender Vulnerability Management](mdb-view-tvm-dashboard.md) (view exposed devices and recommendations)</li><li>[Cross-platform support for devices](mdb-onboard-devices.md) (Windows, Mac, iOS, and Android) <sup>[[b](#fnb)]</sup></li><li>[Centralized management and reporting](mdb-get-started.md) (Microsoft 365 Defender portal)</li><li>[APIs for integration](../defender-endpoint/management-apis.md) (for Microsoft partners or your custom tools and apps)</li></ul> |
-| **[Microsoft 365 Business Premium](../../business-premium/index.md)** | **Defender for Business capabilities, together with productivity and additional security capabilities**<ul><li>[Microsoft 365 Business Standard](../../admin/admin-overview/what-is-microsoft-365-for-business.md) (Office apps and services, and Microsoft Teams)</li><li>[Shared computer activation](/deployoffice/overview-shared-computer-activation) (for deploying Microsoft 365 Apps)</li><li>[Windows 10/11 Business](../../business-premium/m365bp-upgrade-windows-10-pro.md) (upgrade from previous versions of Windows Pro)</li><li>[Windows Autopilot](/mem/autopilot/windows-autopilot) (for setting up and configuring Windows devices)</li><li>[Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md) (antiphishing, antispam, antimalware, and spoof intelligence for email)</li><li>[Microsoft Defender for Office 365 Plan 1](../office-365-security/overview.md) (advanced antiphishing, real-time detections, Safe Attachments, Safe Links)</li><li>[Auto-expanding archiving](../../compliance/autoexpanding-archiving.md) (for email)</li><li>[Azure Active Directory Premium Plan 1](/azure/active-directory/fundamentals/active-directory-whatis) (identity management)</li><li>[Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (device onboarding and management)</li><li>[Azure Information Protection Premium Plan 1](/azure/information-protection/what-is-information-protection) (protection for sensitive information)</li><li>[Azure Virtual Desktop](/azure/virtual-desktop/overview) (centrally managed, secure virtual machines in the cloud)</li></ul> |
+| **[Microsoft 365 Business Premium](../../business-premium/index.md)** | **Defender for Business capabilities, together with productivity and additional security capabilities**<ul><li>[Microsoft 365 Business Standard](../../admin/admin-overview/what-is-microsoft-365-for-business.md) (Office apps and services, and Microsoft Teams)</li><li>[Shared computer activation](/deployoffice/overview-shared-computer-activation) (for deploying Microsoft 365 Apps)</li><li>[Windows 10/11 Business](../../business-premium/m365bp-upgrade-windows-10-pro.md) (upgrade from previous versions of Windows Pro)</li><li>[Windows Autopilot](/mem/autopilot/windows-autopilot) (for setting up and configuring Windows devices)</li><li>[Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md) (antiphishing, antispam, antimalware, and spoof intelligence for email)</li><li>[Microsoft Defender for Office 365 Plan 1](/microsoft-365/office-365-security/overview) (advanced antiphishing, real-time detections, Safe Attachments, Safe Links)</li><li>[Auto-expanding archiving](../../compliance/autoexpanding-archiving.md) (for email)</li><li>[Azure Active Directory Premium Plan 1](/azure/active-directory/fundamentals/active-directory-whatis) (identity management)</li><li>[Microsoft Intune](/mem/intune/fundamentals/what-is-intune) (device onboarding and management)</li><li>[Azure Information Protection Premium Plan 1](/azure/information-protection/what-is-information-protection) (protection for sensitive information)</li><li>[Azure Virtual Desktop](/azure/virtual-desktop/overview) (centrally managed, secure virtual machines in the cloud)</li></ul> |
(<a id="fna">a</a>) Microsoft Intune is required to modify or customize attack surface reduction rules. Intune can be added on to the standalone version of Defender for Business. Intune is included in Microsoft 365 Business Premium.
security Mdb Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-business/mdb-get-started.md
ms.localizationpriority: medium Previously updated : 08/15/2022 Last updated : 09/15/2022 f1.keywords: NOCSH
Use the navigation bar on the left side of the screen to access your incidents,
| **Endpoints** > **Tutorials** | Provides access to walkthroughs and simulations to help you learn more about how your threat protection features work. Select the **Read the walkthrough** link before attempting to get the simulation file for each tutorial. Some simulations require Office apps, such as Microsoft Word, to read the walkthrough. | | **Endpoints** > **Configuration management** > **Device configuration** | Lists your security policies by operating system and by type. To learn more about your security policies, see [View or edit policies in Defender for Business](mdb-view-edit-policies.md). | | **Endpoints** > **Configuration management** > **Device management reporting** | Lists devices that are onboarded to Defender for Business, along with their operating system version, sensor health state, and when they were last updated. |
-| **Email & collaboration** > **Policies & rules** | If your subscription includes Exchange Online Protection or Microsoft Defender for Office 365, this section is where you'll manage your security policies and settings for email and collaboration services. [Learn more about Office 365 security](../office-365-security/overview.md). *The standalone version of Defender for Business does not include email & collaboration policies, but Microsoft 365 Business Premium does include Exchange Online Protection and Defender for Office 365 Plan 1*. [Compare security features in Microsoft 365 plans for small and medium-sized businesses](compare-mdb-m365-plans.md). |
+| **Email & collaboration** > **Policies & rules** | If your subscription includes Exchange Online Protection or Microsoft Defender for Office 365, this section is where you'll manage your security policies and settings for email and collaboration services. [Learn more about Office 365 security](/microsoft-365/office-365-security/overview). *The standalone version of Defender for Business does not include email & collaboration policies, but Microsoft 365 Business Premium does include Exchange Online Protection and Defender for Office 365 Plan 1*. [Compare security features in Microsoft 365 plans for small and medium-sized businesses](compare-mdb-m365-plans.md). |
| **Cloud apps** > **App governance** | If your subscription includes [Microsoft Defender for Cloud Apps](/defender-cloud-apps/what-is-defender-for-cloud-apps), you can add on [app governance](/defender-cloud-apps/app-governance-manage-app-governance), and this section is where you'll view and access those capabilities. *Defender for Business and Microsoft 365 Business Premium do not include Defender for Cloud Apps*. | | **Reports** | Lists available security reports. These reports enable you to see your security trends, view details about threat detections and alerts, and learn more about your company's vulnerable devices. | | **Health** | Enables you to view your service health status and plan for upcoming changes. <br/>- Select **Service health** to view the health status of the Microsoft 365 services that are included in your company's subscription.<br/>- Select **Message center** to learn about planned changes and what to expect. |
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
###### [Respond to web threats](web-protection-response.md) ##### [Web content filtering](web-content-filtering.md) - ### Next-generation protection #### [Next-generation protection overview](next-generation-protection.md) ##### [Overview of Microsoft Defender Antivirus](microsoft-defender-antivirus-windows.md)
##### [Troubleshooting mode scenarios](troubleshooting-mode-scenarios.md) #### Diagnostics and performance for Microsoft Defender Antivirus
-##### [Device health and compliance reports](machine-reports.md)
+##### [Device health reports](device-health-reports.md)
+###### [Microsoft Defender Antivirus health report](device-health-microsoft-defender-antivirus-health.md)
+###### [Sensor health and OS report](device-health-sensor-health-os.md)
##### [Troubleshoot performance issues related to real-time protection](troubleshoot-performance-issues.md) ##### [Troubleshoot Microsoft Defender Antivirus reporting in Update Compliance](troubleshoot-reporting.md) ##### [Collect diagnostic data of Microsoft Defender Antivirus](collect-diagnostic-data.md)
####### [Export software vulnerabilities assessment](get-assessment-software-vulnerabilities.md) ###### [Browser extensions]()
-####### [Export browser extentions assessment](get-assessment-browser-extensions.md)
-####### [Get browser extentions permission information](get-browser-extensions-permission-info.md)
+####### [Export browser extensions assessment](get-assessment-browser-extensions.md)
+####### [Get browser extensions permission information](get-browser-extensions-permission-info.md)
###### [Automated investigation]() ####### [Investigation methods and properties](investigation.md)
security Add Or Remove Machine Tags https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags.md
audience: ITPro -+ search.appverid: met150
security Api Release Notes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-release-notes.md
Title: Microsoft Defender for Endpoint API release notes description: Release notes for updates made to the Microsoft Defender for Endpoint set of APIs. keywords: Microsoft Defender for Endpoint API release notes, mde, APIs, Microsoft Defender for Endpoint API, updates, notes, release++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro search.appverid: met150
security Apis Intro https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/apis-intro.md
Title: Access the Microsoft Defender for Endpoint APIs
description: Learn how you can use APIs to automate workflows and innovate based on Microsoft Defender for Endpoint capabilities keywords: apis, api, wdatp, open api, microsoft defender for endpoint api, microsoft defender atp, public api, supported apis, alerts, device, user, domain, ip, file, advanced hunting, query++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro search.appverid: met150
security Application Deployment Via Mecm https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/application-deployment-via-mecm.md
Title: Migrating servers from Microsoft Monitoring Agent to the unified solution
description: Learn how to migrate down-level servers from Microsoft Monitoring Agent to the new unified solution step-by-step from this article. keywords: migrate server, server, 2012r2, 2016, server migration onboard Microsoft Defender for Endpoint servers, MECM, Microsoft Monitoring Agent, MMA, downlevel server, unified solution, UA search.appverid: met150++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro
security Assign Portal Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/assign-portal-access.md
description: Assign read and write or read only access to the Microsoft Defender
keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles search.product: eADQiWindows 10XVcnh search.appverid: met150++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro
Last updated 11/28/2018 # Assign user access to Microsoft Defender Security Center
security Attack Simulations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-simulations.md
description: Run the provided attack scenario simulations to experience how Micr
keywords: test, scenario, attack, simulation, simulated, diy, Microsoft Defender for Endpoint search.product: eADQiWindows 10XVcnh search.appverid: met150++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro
Last updated 11/20/2018 # Experience Microsoft Defender for Endpoint through simulated attacks
security Attack Surface Reduction Rules Deployment Implement https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement.md
Title: Enable attack surface reduction (ASR) rules
description: Provides guidance to implement your attack surface reduction rules deployment. keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh++ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security
- M365-security-compliance
security Attack Surface Reduction Rules Deployment Operationalize https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize.md
Title: Operationalize attack surface reduction (ASR) rules
description: Provides guidance to operationalize your attack surface reduction rules deployment. keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh++ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security
- M365-security-compliance
security Attack Surface Reduction Rules Deployment Plan https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-plan.md
Title: Plan attack surface reduction (ASR) rules deployment
description: Provides guidance to plan your attack surface reduction (ASR) rules deployment. keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh++ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security
- M365-security-compliance
security Attack Surface Reduction Rules Deployment Test https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test.md
Title: Test attack surface reduction (ASR) rules
description: Provides guidance to test your attack surface reduction (ASR) rules deployment. keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh++ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security
- M365-security-compliance
security Attack Surface Reduction Rules Deployment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment.md
Title: Attack surface reduction (ASR) rules deployment overview
description: Provides overview and prerequisite guidance about deploying attack surface reduction (ASR) rules. keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules search.product: eADQiWindows 10XVcnh++ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security
- M365-security-compliance
security Attack Surface Reduction Rules Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference.md
Title: Attack surface reduction rules reference description: Lists details about attack surface reduction rules on a per-rule basis. keywords: Attack surface reduction rules, ASR, asr rules, hips, host intrusion prevention system, protection rules, anti-exploit rules, antiexploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules, ASR rule description++ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security
Last updated 08/10/2022
security Attack Surface Reduction Rules Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-report.md
Title: Attack surface reduction (ASR) rules reporting description: Provides information about attack surface reduction (ASR) rules detections, configuration, block threats, and methods to enable three standard rules and exclusions. keywords: Attack surface reduction rules, ASR, asr rules, hips, host intrusion prevention system, protection rules, anti-exploit rules, antiexploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules, ASR rule description++ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security
Last updated 08/25/2022
security Attack Surface Reduction https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction.md
Title: Use attack surface reduction rules to prevent malware infection description: Attack surface reduction rules can help prevent exploits from using apps and scripts to infect devices with malware. keywords: Attack surface reduction rules, asr, hips, host intrusion prevention system, protection rules, anti-exploit, antiexploit, exploit, infection prevention, Microsoft Defender for Endpoint++ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security
- asr - admindeeplinkDEFENDER - m365initiative-m365-defender
security Auto Investigation Action Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/auto-investigation-action-center.md
Title: Visit the Action center to see remediation actions description: Use the action center to view details and results following an automated investigation keywords: action, center, autoir, automated, investigation, response, remediation++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
search.appverid: met150
security Autoir Investigation Results https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/autoir-investigation-results.md
Title: View the details and results of an automated investigation
description: During and after an automated investigation, you can view the results and key findings keywords: automated, investigation, results, analyze, details, remediation, autoair search.appverid: met150++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Automated Investigations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/automated-investigations.md
Title: Use automated investigations to investigate and remediate threats description: Understand the automated investigation flow in Microsoft Defender for Endpoint. keywords: automated, investigation, detection, Microsoft Defender for Endpoint++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Automation Levels https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/automation-levels.md
Title: Automation levels in automated investigation and remediation description: Get an overview of automation levels and how they work in Microsoft Defender for Endpoint keywords: automated, investigation, level, Microsoft Defender for Endpoint++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Azure Server Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/azure-server-integration.md
description: Learn about Microsoft Defender for Endpoint integration with Micros
keywords: integration, server, azure, 2012r2, 2016, 2019, server onboarding, device management, configure Microsoft Defender for Endpoint servers, onboard Microsoft Defender for Endpoint servers, onboard Microsoft Defender for Endpoint servers search.product: eADQiWindows 10XVcnh search.appverid: met150++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro # Integration with Microsoft Defender for Cloud
security Basic Permissions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/basic-permissions.md
Title: Use basic permissions to access Microsoft Defender Security Center description: Learn how to use basic permissions to access the Microsoft Defender for Endpoint portal. keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro search.appverid: met150
security Batch Update Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/batch-update-alerts.md
Title: Batch Update alert entities API description: Learn how to update Microsoft Defender for Endpoint alerts in a batch by using this API. You can update the status, determination, classification, and assignedTo properties. keywords: apis, graph api, supported apis, get, alert, information, id++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro search.appverid: met150
security Behavioral Blocking Containment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/behavioral-blocking-containment.md
audience: ITPro ++ ms.localizationpriority: medium - next-gen - edr - admindeeplinkDEFENDER search.appverid: met150
security Cancel Machine Action https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/cancel-machine-action.md
Title: Cancel machine action API
description: Learn how to cancel an already launched machine action keywords: apis, graph api, search.appverid: met150++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro
security Check Sensor Status https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/check-sensor-status.md
Title: Check the health state of the sensor at Microsoft Defender for Endpoint description: Check the sensor health on devices to identify which ones are misconfigured, inactive, or aren't reporting sensor data. keywords: sensor, sensor health, misconfigured, inactive, no sensor data, sensor data, impaired communications, communication++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro
Last updated 04/24/2018 search.appverid: met150
security Client Behavioral Blocking https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/client-behavioral-blocking.md
Title: Client behavioral blocking
description: Client behavioral blocking is part of behavioral blocking and containment capabilities at Microsoft Defender for Endpoint keywords: behavioral blocking, rapid protection, client behavior, Microsoft Defender for Endpoint ms.pagetype: security+
- next-gen - edr - search.appverid: met150
security Configure Vulnerability Email Notifications https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications.md
Title: Configure vulnerability email notifications in Microsoft Defender for End
description: Use Microsoft Defender for Endpoint to configure email notification settings for vulnerability events. keywords: email notifications, configure alert notifications, Microsoft Defender for Endpoint, Microsoft Defender for Endpoint notifications, Microsoft Defender for Endpoint alerts, windows enterprise, windows education + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
security Controlled Folders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/controlled-folders.md
Previously updated : search.appverid: met150
security Customize Controlled Folders https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/customize-controlled-folders.md
Previously updated : search.appverid: met150
security Data Collection Analyzer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/data-collection-analyzer.md
audience: ITPro -+ search.appverid: met150
security Defender Endpoint False Positives Negatives https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-false-positives-negatives.md
- m365solution-fpfn - highpri Previously updated : 12/02/2021 - FPFN
security Deploy Manage Removable Storage Group Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-group-policy.md
Title: Deploy and manage Removable Storage Access Control using group policy description: Use group policy to deploy and manage removable storage access control.++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro
Last updated 09/09/2022 search.appverid: met150
security Deploy Manage Removable Storage Intune https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/deploy-manage-removable-storage-intune.md
Title: Deploy and manage Removable Storage Access Control using Intune description: Use Intune OMA-URI and Intune user interface to deploy and manage removable storage access control. ++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro
Last updated 09/09/2022 search.appverid: met150
security Device Control Removable Storage Access Control Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control-faq.md
Title: Microsoft Defender for Endpoint Device Control Removable Storage frequently asked questions description: Answers frequently asked questions on MDE device control removable storage. ++ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro
Last updated 08/25/2022 search.appverid: met150
security Device Control Removable Storage Access Control https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control.md
Previously updated : 09/09/2022 Last updated : 09/15/2022 search.appverid: met150
You can use the following properties to create the access control policy:
| **ExcludedIDList** | The group(s) that the policy won't be applied to. | The Group ID/GUID must be used at this instance. | | **Entry Id** | One PolicyRule can have multiple entries; each entry with a unique GUID tells Device Control one restriction.| | | **Type** | Defines the action for the removable storage groups in IncludedIDList. <p>Enforcement: Allow or Deny <p>Audit: AuditAllowed or AuditDenied<p> | Allow<p>Deny <p>AuditAllowed: Defines notification and event when access is allowed <p>AuditDenied: Defines notification and event when access is denied; has to work together with **Deny** entry.<p> When there are conflict types for the same media, the system will apply the first one in the policy. An example of a conflict type is **Allow** and **Deny**. |
-| **SID** | Local user SID or user SID group or the SID of the AD object, defines whether to apply this policy over a specific user or user group. One entry can have a maximum of one SID and an entry without any SID means applying the policy over the machine. | |
-| **ComputerSID** | Local computer SID or computer SID group or the SID of the AD object, defines whether to apply this policy over a specific machine or machine group. One entry can have a maximum of one ComputerSID and an entry without any ComputerSID means applying the policy over the machine. If you want to apply an Entry to a specific user and specific machine, add both SID and ComputerSID into the same Entry. | |
+| **Sid** | Local user Sid or user Sid group or the Sid of the AD object, defines whether to apply this policy over a specific user or user group. One entry can have a maximum of one Sid and an entry without any Sid means applying the policy over the machine. | |
+| **ComputerSid** | Local computer Sid or computer Sid group or the Sid of the AD object, defines whether to apply this policy over a specific machine or machine group. One entry can have a maximum of one ComputerSid and an entry without any ComputerSid means applying the policy over the machine. If you want to apply an Entry to a specific user and specific machine, add both Sid and ComputerSid into the same Entry. | |
| **Options** | Defines whether to display notification or not |**When Type Allow is selected**: <p>0: nothing<p>4: disable **AuditAllowed** and **AuditDenied** for this Entry. Even if **Allow** happens and the AuditAllowed is setting configured, the system won't send event. <p>8: capture file information and have a copy of the file as evidence for Write access. <p>16: capture file information for Write access. <p>**When Type Deny is selected**: <p>0: nothing<p>4: disable **AuditDenied** for this Entry. Even if **Block** happens and the AuditDenied is setting configured, the system won't show notification. <p>**When Type **AuditAllowed** is selected**: <p>0: nothing <p>1: nothing <p>2: send event<p> **When Type **AuditDenied** is selected**: <p>0: nothing <p>1: show notification <p>2: send event<p>3: show notification and send event | |AccessMask|Defines the access. | **Disk level access**: <p>1: Read <p>2: Write <p>4: Execute <p>**File system level access**: <p>8: File system Read <p>16: File system Write <p>32: File system Execute <p><p>You can have multiple access by performing binary OR operation, for example, the AccessMask for Read and Write and Execute will be 7; the AccessMask for Read and Write will be 3.|
security Device Discovery Faq https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-discovery-faq.md
audience: ITPro -+ search.appverid: met150
security Device Discovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-discovery.md
- m365-initiative-defender-endpoint -+ search.appverid: met150
security Device Health Api Methods Properties https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-health-api-methods-properties.md
-
+search.appverid: met150
+ # Export device antivirus health details API methods and properties
Data that is collected using either '_JSON response_ or _via files_' is the curr
> [!NOTE] >
-> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft 365 Security dashboard, see: [Device health and antivirus compliance report in Microsoft Defender for Endpoint](machine-reports.md).
+> For information about using the **Device health and antivirus compliance** reporting tool in the Microsoft 365 Security dashboard, see: [Device health and antivirus report in Microsoft Defender for Endpoint](device-health-reports.md).
> ### 1.1 Export device antivirus health details API methods
Method|Data type|Description
> [!NOTE] > > - The properties defined in the following table are listed alphabetically, by property ID. When running this API, the resulting output will not necessarily be returned in the same order listed in this table.
-> - Some additional columns might be returned in the response. These columns are temporary and might be removed, please use only the documented columns.
+> - Some additional columns might be returned in the response. These columns are temporary and might be removed; please use only the documented columns.
| Property (ID) | Data type | Description | Example of a returned value | |:-|:-|:-|:-| | avEngineUpdateTime | DateTimeOffset | Datetime when AV engine was last updated on device | ΓÇ£2022-08-04T12:44:02ZΓÇ£ | | avEngineVersion | String | Antivirus engine version | ΓÇ£1.1.19400.3ΓÇ¥ | | avIsEngineUpToDate | String | Up-to-date status of AV engine | ΓÇ£TrueΓÇ¥, ΓÇ£FalseΓÇ¥, ΓÇ£UnknownΓÇ¥ |
-| avIsPlatformUpToDate | String | Up-to-date stauts of AV platform | ΓÇ£TrueΓÇ¥, ΓÇ£FalseΓÇ¥, ΓÇ£UnknownΓÇ¥ |
+| avIsPlatformUpToDate | String | Up-to-date status of AV platform | ΓÇ£TrueΓÇ¥, ΓÇ£FalseΓÇ¥, ΓÇ£UnknownΓÇ¥ |
| avIsSignatureUpToDate | String | Up-to-date status of AV signature | ΓÇ£TrueΓÇ¥, ΓÇ£FalseΓÇ¥, ΓÇ£UnknownΓÇ¥ | | avMode | String | Antivirus mode. | Each mode will be a string typed integer value ranging from 0 to 5. Refer to the mapping below to see its valueΓÇÖs meaning: <ul><li>'' = Other</li><li> '0' = Active</li><li> '1' = Passive</li><li> '2' = Disabled</li><li> '3' = Other</li><li> '4' = EDRBlocked</li><li>'5' = PassiveAudit</li></ul> | | avPlatformUpdateTime | DateTimeOffset | Datetime when AV platform was last updated on device | ΓÇ£2022-08-04T12:44:02ZΓÇ¥ |
Method|Data type|Description
| computerDnsName | String | DNS name | ΓÇ£SampleDnsΓÇ¥ | | dataRefreshTimestamp | DateTimeOffset | Datetime when data is refreshed for this report | ΓÇ£2022-08-04T12:44:02ZΓÇ£ | | fullScanError | String | Error codes from full scan | ΓÇ£0x80508023ΓÇ£ |
-| fullScanResult | String | Full scan result of this device | ΓÇ£CompletedΓÇ£ <br> ΓÇ£Cancelled ΓÇ£ <br>ΓÇ£FailedΓÇ£ |
+| fullScanResult | String | Full scan result of this device | ΓÇ£CompletedΓÇ£ <br> ΓÇ£CanceledΓÇ£ <br>ΓÇ£FailedΓÇ£ |
| fullScanTime | DateTimeOffset | Datetime when full scan has completed | ΓÇ£2022-08-04T12:44:02ZΓÇ£ | | id | String | Machine GUID | ΓÇ£30a8fa2826abf24d24379b23f8a44d471f00feabΓÇ¥ | | lastSeenTime | DateTimeOffset | Last seen datetime of this machine | ΓÇ£2022-08-04T12:44:02ZΓÇ¥ |
Method|Data type|Description
| osPlatform | String | Operating system major version name | Windows 10, macOs | | osVersion | String | Operating system version | 10.0.18363.1440, 12.4.0.0 | | quickScanError | String | Error codes from quick scan | ΓÇ£0x80508023ΓÇ£ |
-| quickScanResult | String | Quick scan result of this device | ΓÇ£CompletedΓÇ£ <br>ΓÇ£Cancelled ΓÇ£ <br>ΓÇ£FailedΓÇ£ |
+| quickScanResult | String | Quick scan result of this device | ΓÇ£CompletedΓÇ£ <br>ΓÇ£CanceledΓÇ£ <br>ΓÇ£FailedΓÇ£ |
| quickScanTime | DateTimeOffset | Datetime when quick scan has completed | ΓÇ£2022-08-04T12:44:02ZΓÇ£ | | rbacGroupId | Long | Device group ID that this machine belongs to | 712 | | rbacGroupName | String | Name of device group that this machine belongs to | ΓÇ£SampleGroupΓÇ¥ |
Method|Data type|Description
[Export device antivirus health report](device-health-export-antivirus-health-report-api.md)
-[Device health and compliance reporting](machine-reports.md)
+[Device health and compliance reporting](device-health-reports.md)
security Device Health Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-health-api.md
- Title: Microsoft Defender Antivirus Device Health details API
-description: "Retrieves a list of Microsoft Defender Antivirus device health details."
-keywords: apis, graph api, supported apis, get, device health api, Microsoft Defender for Endpoint report api microsoft defender reports api, microsoft defender for endpoint reporting api, windows defender reporting api, defender for endpoint reporting api, windows defender report api
-
-ms.sitesec: library
-ms.pagetype: security
-- Previously updated : 08/08/2022-----
-
-
-# Microsoft Defender Antivirus Device Health details API
-
-**Applies to:**
--- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/?linkid=2154037)-- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)-
-> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
----
-## API description
-
-Retrieves a list of Microsoft Defender Antivirus device health details.
-URL: GET: /api/public/avdeviceshealth
-<br>Supports [OData V4 queries](https://www.odata.org/documentation/).
-<br>OData supported operators:
-<br>```$filter``` on: ```machineId```, ```computerDnsName```, ```osKind```, ```osPlatform```, ```osVersion```, a```vMode```, ```avSignatureVersion```, ```avEngineVersion```, ```avPlatformVersion```, ```quickScanResult```, ```quickScanError```, ```fullScanResult```, ```fullScanError```, ```avIsSignatureUpToDate```, ```avIsEngineUpToDate```, ```vIsPlatformUpToDate```, ```rbacGroupId```
-<br>```$top``` with max value of 10,000.
-<br>```$skip```.
-<br>See examples at [OData queries with Microsoft Defender for Endpoint.](exposed-apis-odata-samples.md]
-
-## Permissions
-
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md) for details.
-
-| Permission type | Permission | Permission display name |
-|:-|:-|:-|
-| Application | Machine.Read.All | 'Read all machine profiles' |
-| Application | Machine.ReadWrite.All | 'Read and write all machine information' |
-| Delegated (work or school account) | Machine.Read | 'Read machine information' |
-| Delegated (work or school account) | Macine.ReadWrite | 'Read and write machine information' |
-
-## HTTP request
-
-```http
-GET /api/public/avdeviceshealth
-```
-
-## Request headers
-
-| Name | Type | Description |
-|:-|:-|:-|
-| Authorization | String | Bearer {token}. **Required** |
-
-## Request body
-
-_Empty_
-
-## Response
-
-If successful, this method returns 200 OK with a list of device health details.
-
-## Example
-
-### Example request
-
-Here is an example of the request:
-
-```http
-GET https://api.securitycenter.microsoft.com/api/public/avdeviceshealth
-```
-
-### Example response
-
-Here is an example of the response:
-
-```json
-{
-
- "@odata.context": "https://api.securitycenter.microsoft.com/api/$metadata#avdeviceshealth",
-
- "value": [
-
- {
-
- "id": "sampleId",
-
- "machineId": "sampleMachineId",
-
- "computerDnsName": "sampleDnsName",
-
- "osKind": "mac",
-
- "osPlatform": "macOS",
-
- "osVersion": "11.6.5.0",
-
- "avMode": "0",
-
- "avSignatureVersion": "87523",
-
- "avEngineVersion": "3.0",
-
- "avPlatformVersion": "101.61.69",
-
- "lastSeenTime": "2022-04-02T06:12:07+00:00",
-
- "quickScanResult": "-",
-
- "quickScanError": "-",
-
- "fullScanResult": "-",
-
- "fullScanError": "-",
-
- "dataRefreshTimestamp": "2022-04-06T21:50:48+00:00",
-
- "avSignatureUpdateTime": "2022-04-01T01:31:58+00:00",
-
- "avIsSignatureUpToDate": "Unknown",
-
- "avIsEngineUpToDate": "Unknown",
-
- "avIsPlatformUpToDate": "Unknown",
-
- "rbacGroupId": 86
-
- },
-
- ...
-
- ]
-
-}
-```
-
-## See also
-
-[Device health and compliance report in Microsoft Defender for Endpoint](machine-reports.md)
security Device Health Export Antivirus Health Report Api https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-health-export-antivirus-health-report-api.md
Here's an example response:
[Export device health methods and properties](device-health-api-methods-properties.md)
-[Device health and compliance reporting](machine-reports.md)
+[Device health and compliance reporting](device-health-reports.md)
security Device Health Microsoft Defender Antivirus Health https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-health-microsoft-defender-antivirus-health.md
+
+ Title: Device health Microsoft Defender Antivirus health report
+description: Use the Microsoft Defender Antivirus report to track antivirus status and Microsoft Defender Antivirus engine, intelligence, and platform versions.
+keywords: Microsoft Defender Antivirus report, engine version, intelligence version, and platform versions, antivirus
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+localization_priority: Normal
Last updated : 09/06/2022 +
+audience: ITPro
++++++
+# Device health, Microsoft Defender Antivirus health report
+
+**Applies to:**
+
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Business](../defender-business/mdb-overview.md)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+The Device Health report provides information about the devices in your organization. The report includes trending information showing the antivirus status and Microsoft Defender Antivirus engine, intelligence, and platform versions.
+
+> [!IMPORTANT]
+> For Windows&nbsp;Server&nbsp;2012&nbsp;R2 and Windows&nbsp;Server&nbsp;2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](/microsoft-365/security/defender-endpoint/configure-server-endpoints#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution).
+
+In the Microsoft 365 Security dashboard navigation panel, select **Reports**, and then open **Device health and compliance**.
+
+- The [**Microsoft Defender Antivirus health** tab](#microsoft-defender-antivirus-health-tab) has eight cards that report on the following aspects of Microsoft Defender Antivirus:
+ - [Antivirus mode card](#antivirus-mode-card)
+ - [Antivirus engine version card](#antivirus-engine-version-card)
+ - [Antivirus security intelligence version card](#antivirus-security-intelligence-version-card)
+ - [Antivirus platform version card](#antivirus-platform-version-card)
+ - [Recent antivirus scan results card](#recent-antivirus-scan-results-card)
+ - [Antivirus engine updates card](#antivirus-engine-updates-card)
+ - [Security intelligence updates card](#security-intelligence-updates-card)
+ - [Antivirus platform updates card](#antivirus-platform-updates-card)
+
+## Report access permissions
+
+To access the Device health and antivirus compliance report in the Microsoft 365 Security dashboard, the following permissions are required:
+
+| Permission name | Permission type |
+|:|:|
+| View Data | Threat and vulnerability management (TVM) |
+
+To Assign these permissions:
+
+1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a> using account with Security administrator or Global administrator role assigned.
+1. In the navigation pane, select **Settings** \> **Endpoints** \> **Roles** (under **Permissions**).
+1. Select the role you'd like to edit.
+1. Select **Edit**.
+1. In **Edit role**, on the **General** tab, in **Role name**, type a name for the role.
+1. In **Description** type a brief summary of the role.
+1. In **Permissions**, select **View Data**, and under **View Data** select **Threat and vulnerability management** (TVM).
+
+For more information about user role management, see [Create and manage roles for role-based access control](user-roles.md).
+
+## Microsoft Defender Antivirus health tab
+
+The Microsoft Defender Antivirus health tab contains eight cards that report on several aspects of Microsoft Defender Antivirus in your organization:
+
+Two cards, [Antivirus mode card](#antivirus-mode-card) and [Recent antivirus scan results card](#recent-antivirus-scan-results-card), report about Microsoft Defender Antivirus functions.
+
+The remaining six cards report about the Microsoft Defender Antivirus status for devices in your organization:
+
+| _version_ cards: | _update_ cards{<a id="fn1">1</a>} |
+|:|:|
+| [Antivirus engine version card](#antivirus-engine-version-card) <br> [Antivirus security intelligence version card](#antivirus-security-intelligence-version-card) <br> [Antivirus platform version card](#antivirus-platform-version-card) | [Antivirus engine updates card](#antivirus-engine-updates-card) <br> [Security intelligence updates card](#security-intelligence-updates-card) <br> [Antivirus platform updates card](#antivirus-platform-updates-card) |
+| The three version cards provide flyout reports that provide additional information, and enable further exploration. | The three up-to-date reporting cards provide links to resources to learn more. |
+
+<sup>{[1](#fn1)}</sup> For the three _updates_ cards (also known as up-to-date reporting cards), "**No data available**" (or "Unknown" value) indicates devices that aren't reporting update status. Devices that aren't reporting update status can be due to various reasons, such as:
+
+- Computer is disconnected from the network
+- Computer is powered down or in a hibernation state
+- Microsoft Defender Antivirus is disabled
+- Device is a non-Windows (Mac or Linux) device
+- Cloud protection isn't enabled
+- Device doesn't meet pre-requisites for Antivirus engine or platform version
+
+### Prerequisites
+
+Up to date reporting generates information for devices that meet the following criteria:
+
+- Engine version: 1.1.19300.2+
+- Platform version: 4.18.2202.1+
+- Cloud protection enabled
+- Windows OS*
+
+*Currently up to date reporting is only available for Windows devices. Cross platform devices such as Mac and Linux are listed under ΓÇ£No data availableΓÇ¥/Unknown
+
+>:::image type="content" source="images/device-health-defender-antivirus-health-tab.png" alt-text="Shows the Microsoft Defender Antivirus Health tab." lightbox="images/device-health-defender-antivirus-health-tab.png":::
+
+### Card functionality
+
+The functionality is essentially the same for all cards. By clicking on a numbered bar in any of the cards, the **Microsoft Defender Antivirus details** flyout opens enabling you to review information about all the devices configured with the version number of an aspect on that card.
+
+>:::image type="content" source="images/device-health-defender-antivirus-health-antivirus-details.png" alt-text="Shows the Microsoft Defender Antivirus details flyout." lightbox="images/device-health-defender-antivirus-health-antivirus-details.png":::
+
+If the version number that you clicked on is:
+
+- A current version, then **Remediation required** and **Security recommendation** aren't present
+- An outdated version, a notification at the top of the report is present, indicating **Remediation required**, and a **Security recommendation** link is present. Select the security recommendation link to navigate to the threat and vulnerability management console, which can recommend appropriate antivirus updates.
+
+To add or remove specific types of information on the **Microsoft Defender Antivirus details** flyout, select **Customize Columns**. In **Customize Columns**, select or clear items to specify what you want included in the Microsoft Defender Antivirus details report.
+
+>:::image type="content" source="images/device-health-defender-antivirus-engine-version-details-custom-columns.png" alt-text="Shows custom column options for Microsoft Defender Antivirus health reporting." lightbox="images/device-health-defender-antivirus-engine-version-details-custom-columns.png":::
+
+#### New Microsoft Defender Antivirus filter definitions
+
+The following table contains a list of terms that are new to Microsoft Defender Antivirus reporting.
+
+| Column name | Description |
+|:|:|
+| Security intelligence publish time | Indicates MicrosoftΓÇÖs release date of the security intelligence update version on the device. Devices with a security intelligence publish time greater than seven days are considered out of date in the reports. |
+| Last seen | Indicates date when device last had connection. |
+| Data refresh timestamp | Indicates when client events were last received for reporting on AV mode, AV engine version, AV platform version, AV security intelligence version, and scan information. |
+| Signature refresh time | Indicates when client events were last received for reporting on engine, platform, and signature up to date status. |
+
+Within the flyout: clicking on the name of the device will redirect you to the "Device page" for that device, where you can access detailed reports.
+
+#### Export report
+
+There are two levels of reports that you can export:
+
+##### Top level export
+
+There are two different export csv functionalities through the portal:
+
+- **Top-level export** You can use the top level **Export** button to gather an all-up Microsoft Defender Antivirus health report (500 K limit).
+
+>:::image type="content" source="images/device-health-defender-antivirus-health-tab-export.png" alt-text="Shows the top-level export report button" lightbox="images/device-health-defender-antivirus-health-tab-export.png":::
+
+- **Flyout level export** You can use the **Export** button within the flyouts to export a report to an Excel spreadsheet (100 K limit).
+
+Exported reports capture information based on your entry-point into the details report and which filters or customized columns you have set.
+
+For information on exporting using API, see the following articles:
+
+- [Export device antivirus health report](device-health-export-antivirus-health-report-api.md)
+- [Export device antivirus health details API methods and properties](device-health-api-methods-properties.md)
+
+> [!IMPORTANT]
+>
+> Currently, only the **Antivirus Health JSON Response** is generally available. **Antivirus Health API via files** is only available in public preview.
+>
+> **Advanced Hunting custom query** is currently only available in public preview, even if the queries are still visible.
+
+### Microsoft Defender Antivirus version and update cards functionality
+
+Following are descriptions for the six cards that report about the _version_ and _update_ information for Microsoft Defender Antivirus engine, security intelligence, and platform components:
+
+#### Full report
+
+In any of the three _version_ cards, select **View full report** to display the nine most recent Microsoft Defender Antivirus _version_ reports for each of the three device types: Windows, Mac, and Linux; if fewer than nine exist, they're all shown. An **Other** category captures recent antivirus engine versions ranking tenth and below, if detected.
+
+>:::image type="content" source="images/device-health-defender-antivirus-health-view-full-report.png" alt-text="Shows the distribution of the top nine operating systems of each type" lightbox="images/device-health-defender-antivirus-health-view-full-report.png":::
+
+A primary benefit of the three _version_ cards is that they provide quick indicators as to whether the most current versions of the antivirus engines, platforms, and security intelligence are being utilized. Coupled with the detailed information that is linked to the card, the versions cards become a powerful tool to check if versions are up to date and to gather information about individual computers, or groups of computers.
+Ideally, when you run these reports, they'll indicate that the most current antivirus versions are installed, as opposed to older versions.
+Use these reports to determine whether your organization is taking full advantage of the most current versions.
+
+>:::image type="content" source="images/device-health-defender-antivirus-health-antivirus-details-up-to-date.png" alt-text="Shows Microsoft Defender Antivirus version details" lightbox="images/device-health-defender-antivirus-health-antivirus-details-up-to-date.png":::
+
+To help ensure your anti-malware solution detects the latest threats, get updates automatically as part of Windows Update.
+
+For more details on the current versions and how to update the different Microsoft Defender Antivirus components, visit [Microsoft Defender Antivirus platform support](manage-updates-baselines-microsoft-defender-antivirus.md).
+
+### Card descriptions
+
+Following are brief summaries of the collected information reported in each of the _Antivirus version_ cards:
+
+#### Antivirus mode card
+
+Reports on how many devices in your organization ΓÇô on the date indicated on the card ΓÇô are in any of the following Microsoft Defender Antivirus modes:
+
+| value | mode |
+|||
+| 0 | Active |
+| 1 | Passive |
+| 2 | Disabled (uninstalled, disabled, or SideBySidePassive {also known as Low Periodic Scan}) |
+| 3 | Others (Not running, Unknown) |
+| 4 | EDRBlocked |
+
+>:::image type="content" source="images/device-health-defender-antivirus-health-antivirus-mode.png" alt-text="Shows filtering Microsoft Defender Antivirus modes" lightbox="images/device-health-defender-antivirus-health-antivirus-mode.png":::
+
+Following are descriptions for each mode:
+
+- **Active** mode - In active mode, Microsoft Defender Antivirus is used as the primary antivirus app on the device. Files are scanned, threats are remediated, and detected threats are listed in your organization's security reports and in your Windows Security app.
+- **Passive** mode - In passive mode, Microsoft Defender Antivirus isn't used as the primary antivirus app on the device. Files are scanned, and detected threats are reported, but threats aren't remediated by Microsoft Defender Antivirus. IMPORTANT: Microsoft Defender Antivirus can run in passive mode only on endpoints that are onboarded to Microsoft Defender for Endpoint. See [Requirements for Microsoft Defender Antivirus to run in passive mode](microsoft-defender-antivirus-compatibility.md#requirements-for-microsoft-defender-antivirus-to-run-in-passive-mode).
+- **Disabled** mode - synonymous with: uninstalled, disabled, sideBySidePassive, and Low Periodic Scan. When disabled, Microsoft Defender Antivirus isn't used. Files aren't scanned, and threats aren't remediated. In general, Microsoft doesn't recommend disabling or uninstalling Microsoft Defender Antivirus.
+- **Others** mode - Not running, Unknown
+- **EDR in Block** mode - In endpoint detection and response (EDR) blocked mode. See [Endpoint detection and response in block mode](edr-in-block-mode.md)
+
+Devices that are in either passive, LPS, or Off present a potential security risk and should be investigated.
+
+For details about LPS, see [Use limited periodic scanning in Microsoft Defender Antivirus](limited-periodic-scanning-microsoft-defender-antivirus.md).
+
+#### Recent antivirus scan results card
+
+This card has two bars graphs showing all-up results for quick scans and full scans. In both graphs, the first bar indicates the completion rate for scans, and indicate **Completed**, **Canceled**, or **Failed**. The second bar in each section provides the error codes for failed scans.
+By scanning the **Mode** and **Recent scan results** columns, you can quickly identify devices that aren't in active antivirus scan mode, and devices that have failed or canceled recent antivirus scans. You can return to the report with this information and gather more details and security recommendations. If any error codes are reported in this card, there will be a link to learn more about error codes.
+
+For more details on the current Microsoft Defender Antivirus versions and how to update the different Microsoft Defender Antivirus components, visit [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md).
+
+#### Antivirus engine version card
+
+Shows the real-time results of the most current Microsoft Defender Antivirus engine versions installed across Windows Devices, Mac devices, and Linux devices in your organization. Microsoft Defender Antivirus engine is updated monthly.
+For more information on the current versions and how to update the different Microsoft Defender Antivirus components, see [Microsoft Defender Antivirus platform support](manage-updates-baselines-microsoft-defender-antivirus.md).
+
+#### Antivirus security intelligence version card
+
+Lists the most common _Microsoft Defender Antivirus security intelligence_ versions installed on devices on your network.
+Microsoft continually updates Microsoft Defender security intelligence to address the latest threats, and to refine detection logic. These refinements to security intelligence enhance Microsoft Defender AntivirusΓÇÖ (and other Microsoft anti-malware solutionsΓÇÖ) ability to accurately identify potential threats. This security intelligence works directly with cloud-based protection to deliver AI-enhanced, next-generation protection that is fast and powerful.
+
+##### Antivirus platform version card
+
+Shows the real-time results of the most current Microsoft Defender Antivirus platform versions installed across versions of Windows, Mac, and Linux devices in your organization. Microsoft Defender Antivirus platform is updated monthly.
+For more information on the current versions and how to update the different Microsoft Defender Antivirus components, see [Microsoft Defender Antivirus platform support](manage-updates-baselines-microsoft-defender-antivirus.md)
+
+#### Up-to-date cards
+
+The up-to-date cards show the up-to-date status for **Antivirus engine**, **Antivirus platform**, and **Security intelligence** update versions. There are three possible states: _Up to date_ (‘True’), _out of date_ (‘False’), and _no data available_ (‘Unknown’).
+
+Definitions for  _Up to date_, _out of date_, and _no data available_ are provided for each card below.
+
+Microsoft Defender Antivirus makes up-to-date reports and determinations based on the following criteria:
+
+- **For engine & platform updates**: "Signature Refresh Time" (the time client events were last received for up to date reports) and "Security Intelligence Publish Time" (security intelligence VDMs are used to determine engine & platform versions)
+- **For security intelligence updates**: "Signature Refresh Time" (the time client events were last received for up to date reports), Security Intelligence Publish Time, and the last up-to-date status communicated from client
+
+For more information about the aforementioned terms, refer back to the section: [New Microsoft Defender Antivirus filter definitions](#new-microsoft-defender-antivirus-filter-definitions)
+
+> [!NOTE]
+>
+> Up to date reporting **prerequisites**
+>
+> Up to date reporting generates information for devices that meet the following criteria:
+>
+> - Engine version: 1.1.19300.2+
+> - Platform version: 4.18.2202.1+
+> - Cloud protection enabled
+> - Windows OS*
+>
+>*Currently up to date reporting is only available for Windows devices. Cross platform devices such as Mac and Linux are listed under ΓÇ£no data availableΓÇ¥
+>
+
+##### Up-to-date definitions
+
+Following are up-to-date definitions for engine and platform:
+
+| The engine/platform on the device is considered: | If: |
+|:|:|
+| **up-to-date** | the device communicated with the Defender report event (‘Signature refresh time’) within last seven days and has a security intelligence publish time within last seven days and the Engine or Platform version build time is within last 60 days. |
+| **out-of-date** | the device communicated with the Defender report event (‘Signature refresh time’) within last seven days and has a security intelligence publish time within last seven days but Engine or Platform version build time is older than 60 days. |
+| **unknown (no data available)** | the device hasn't communicated with the report event (ΓÇÿSignature refresh timeΓÇÖ) for more than seven days, or the security intelligence publish time is greater than seven days. |
+
+Following are up-to-date definitions for security intelligence:
+
+| The security intelligence update is considered | If: |
+|:|:|
+|Up-to date | the security intelligence version on the device was written in the past seven days and the device has communicated with the report event in past seven days. |
+
+For more information, see:
+
+- [Antivirus engine updates card](#antivirus-engine-updates-card)
+- [Security intelligence updates card](#security-intelligence-updates-card)
+- [Antivirus platform updates card](#antivirus-platform-updates-card)
+
+##### Antivirus engine updates card
+
+This card identifies devices that have antivirus engine versions that are up to date versus out of date.
+
+**The general definition of ΓÇÿ_Up to date_ΓÇÖ** - The engine version on the device is the most recent engine release. The engine is _typically_ released monthly, via Windows Update (WU)). There's a three-day grace period given from the day when Windows Update (WU) is released.
+
+The following table lays out the possible values for up to date reports for **Antivirus Engine**. Reported Status is based on the last time reporting event was received and security intelligence publish time.
+
+| EventΓÇÖs Last Refresh Time (also known as ΓÇ£Signature Refresh TimeΓÇ¥ in reports) | Security Intelligence Publish Time | _Reported Status_: |
+|:-|:-|:-|
+| < 7 days (new) | < 7 days (new) | _Up to date <br/> Out of date <br/> Unknown (whatever client reports)_ |
+| > 7 days (old) | > 7 days (old) | _Unknown_ |
+| < 7 days (new) | > 7 days (old) | _Unknown_ |
+| > 7 days (old) | < 7 days (new) | _Unknown_ |
+
+For information about Manage Microsoft Defender Antivirus update versions, see:ΓÇ»[Monthly platform and engine versions](manage-updates-baselines-microsoft-defender-antivirus.md#monthly-platform-and-engine-versions)
+
+#### Antivirus platform updates card
+
+This card identifies devices that have Antivirus platform versions that are up to date versus out of date.
+
+**The general definition of ‘Up to date’** The platform version on the device is the most recent platform release. Platform is typically released monthly, via Windows Update). There's a three-day grace period from the day when WU is released.
+
+The following table lays out the possible up to date report values for **Antivirus Platform**. Reported values are based on the last time reporting event was received and security intelligence publish time.
+
+| EventΓÇÖs Last Refresh Time (also known as ΓÇ£Signature Refresh TimeΓÇ¥ in reports) | Security Intelligence Publish Time | _Reported Status_: |
+|:-|:-|:-|
+| < 7 days (new) | < 7 days (new) | _Up to date <br/> Out of date <br/> Unknown (whatever client reports)_ |
+| > 7 days (old) | > 7 days (old) | _Unknown_ |
+| < 7 days (new) | > 7 days (old) | _Unknown_ |
+| > 7 days (old) | < 7 days (new) | _Unknown_ |
+
+For information about Manage Microsoft Defender Antivirus update versions, see: [Monthly platform and engine versions](manage-updates-baselines-microsoft-defender-antivirus.md#monthly-platform-and-engine-versions)
+
+##### Security intelligence updates card
+
+This card identifies devices that have security intelligence versions that are up to date versus out of date.
+
+**The general definition of ΓÇÿUp to dateΓÇÖ** ΓÇô the security intelligence version on the device was written in the past 7 days.
+
+The following table lays out the possible up to date report values for **Security Intelligence** updates. Reported values are based on the last time reporting event was received, the security intelligence publish time, and the last status received from client.
+
+| EventΓÇÖs Last Refresh Time <br/> (Also known as ΓÇ£Signature Refresh TimeΓÇ¥ in reports) | Security Intelligence Publish Time | Last status received from client | _Reported Status_: |
+|:-|:-|:-|:-|
+| >7 days (old) | >7 days (old) | Up to date | _Unknown_ |
+| <7 days (new) | >7 days (old) | Up to date | _Unknown_ |
+| >7 days (old) | <7 days (new) | Up to date | _Unknown_ |
+| <7 days (new) | <7 days (new) | Unknown | _Unknown_|
+| <7 days (new) | <7 days (new) | Up to date | _Up to date_ |
+| >7 days (old) | <7 days (new) | Out of date | _Out of date_ |
+| >7 days (old) | >7 days (old) | Out of date | _Out of date_ |
+| <7 days (new) | >7 days (old) | Out of date | _Out of date_ |
+
+## See also
+
+- [Export device antivirus health details API methods and properties](device-health-api-methods-properties.md)
+- [Export device antivirus health report](device-health-api-methods-properties.md)
+- [Threat protection report](threat-protection-reports.md)
+
+> [!TIP]
+> For antivirus-related information for other platforms, see:
+>
+> - [Set preferences for Microsoft Defender for Endpoint on macOS](mac-preferences.md)
+> - [Microsoft Defender for Endpoint on Mac](microsoft-defender-endpoint-mac.md)
+> - [macOS Antivirus policy settings for Microsoft Defender Antivirus for Intune](/mem/intune/protect/antivirus-microsoft-defender-settings-macos)
+> - [Set preferences for Microsoft Defender for Endpoint on Linux](linux-preferences.md)
+> - [Microsoft Defender for Endpoint on Linux](microsoft-defender-endpoint-linux.md)
+> - [Configure Defender for Endpoint on Android features](android-configure.md)
+> - [Configure Microsoft Defender for Endpoint on iOS features](ios-configure-features.md)
security Device Health Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-health-reports.md
+
+ Title: Device health reporting in Microsoft Defender for Endpoint
+description: Use the device health report to track device health, antivirus status and versions, OS platforms, and Windows 10 versions.
+keywords: health state, antivirus, os platform, windows 10 version, version, health, compliance, state
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+localization_priority: Normal
Last updated : 09/06/2022 +
+audience: ITPro
++++++
+# Device health reports in Microsoft Defender for Endpoint
+
+**Applies to:**
+
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Business](../defender-business/mdb-overview.md)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+The Device Health report provides information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions.
+
+> [!IMPORTANT]
+> For Windows&nbsp;Server&nbsp;2012&nbsp;R2 and Windows&nbsp;Server&nbsp;2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](/microsoft-365/security/defender-endpoint/configure-server-endpoints#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution).
+
+In the Microsoft 365 Security dashboard navigation panel, select **Reports**, and then open **Device health and compliance**.
+The Device health and compliance dashboard is structured in two tabs:
+
+- The [**Sensor health & OS** tab](device-health-sensor-health-os.md#sensor-health--os-tab) provides general operating system information, divided into three cards that display the following device attributes:
+ - [Sensor health card](device-health-sensor-health-os.md#sensor-health-card)
+ - [Operating systems and platforms card](device-health-sensor-health-os.md#operating-systems-and-platforms-card)
+ - [Windows versions card](device-health-sensor-health-os.md#windows-versions-card)
+
+- The [**Microsoft Defender Antivirus health** tab](device-health-microsoft-defender-antivirus-health.md#microsoft-defender-antivirus-health-tab) has eight cards that report on aspects of Microsoft Defender Antivirus:
+ - [Antivirus mode card](device-health-microsoft-defender-antivirus-health.md#antivirus-mode-card)
+ - [Antivirus engine version card](device-health-microsoft-defender-antivirus-health.md#antivirus-engine-version-card)
+ - [Antivirus security intelligence version card](device-health-microsoft-defender-antivirus-health.md#antivirus-security-intelligence-version-card)
+ - [Antivirus platform version card](device-health-microsoft-defender-antivirus-health.md#antivirus-platform-version-card)
+ - [Recent antivirus scan results card](device-health-microsoft-defender-antivirus-health.md#recent-antivirus-scan-results-card)
+ - [Antivirus engine updates card](device-health-microsoft-defender-antivirus-health.md#antivirus-engine-updates-card)
+ - [Security intelligence updates card](device-health-microsoft-defender-antivirus-health.md#security-intelligence-updates-card)
+ - [Antivirus platform updates card](device-health-microsoft-defender-antivirus-health.md#antivirus-platform-updates-card)
+
+## Report access permissions
+
+To access the Device health and antivirus compliance report in the Microsoft 365 Security dashboard, the following permissions are required:
+
+| Permission name | Permission type |
+|:|:|
+| View Data | Threat and vulnerability management (TVM) |
+
+To Assign these permissions:
+
+1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a> using account with Security administrator or Global administrator role assigned.
+1. In the navigation pane, select **Settings** \> **Endpoints** \> **Roles** (under **Permissions**).
+1. Select the role you'd like to edit.
+1. Select **Edit**.
+1. In **Edit role**, on the **General** tab, in **Role name**, type a name for the role.
+1. In **Description** type a brief summary of the role.
+1. In **Permissions**, select **View Data**, and under **View Data** select **Threat and vulnerability management** (TVM).
+
+## See also
+
+- [Create and manage roles for role-based access control](user-roles.md).
+- [Export device antivirus health details API methods and properties](device-health-api-methods-properties.md)
security Device Health Sensor Health Os https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-health-sensor-health-os.md
+
+ Title: Device health Sensor health & OS report
+description: Use the device health report to track device health, OS platforms, and Windows 10 versions.
+keywords: health state, antivirus, os platform, windows 10 version, version, health, compliance, state
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+localization_priority: Normal
Last updated : 09/06/2022 +
+audience: ITPro
++++++
+# Device health, Sensor health & OS report
+
+**Applies to:**
+
+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)
+- [Microsoft Defender for Business](../defender-business/mdb-overview.md)
+
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+The Device Health report provides information about the devices in your organization. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions.
+
+> [!IMPORTANT]
+> For Windows&nbsp;Server&nbsp;2012&nbsp;R2 and Windows&nbsp;Server&nbsp;2016 to appear in device health reports, these devices must be onboarded using the modern unified solution package. For more information, see [New functionality in the modern unified solution for Windows Server 2012 R2 and 2016](/microsoft-365/security/defender-endpoint/configure-server-endpoints#new-windows-server-2012-r2-and-2016-functionality-in-the-modern-unified-solution).
+
+In the Microsoft 365 Security dashboard navigation panel, select **Reports**, and then open **Device health and compliance**.
+
+- The [**Sensor health & OS** tab](#sensor-health--os-tab) provides general operating system information, divided into three cards that display the following device attributes:
+ - [Sensor health card](#sensor-health-card)
+ - [Operating systems and platforms card](#operating-systems-and-platforms-card)
+ - [Windows versions card](#windows-versions-card)
+
+## Report access permissions
+
+To access the Device health and antivirus compliance report in the Microsoft 365 Security dashboard, the following permissions are required:
+
+| Permission name | Permission type |
+|:|:|
+| View Data | Threat and vulnerability management (TVM) |
+
+To Assign these permissions:
+
+1. Sign in to <a href="https://go.microsoft.com/fwlink/p/?linkid=2077139" target="_blank">Microsoft 365 Defender</a> using account with Security administrator or Global administrator role assigned.
+1. In the navigation pane, select **Settings** \> **Endpoints** \> **Roles** (under **Permissions**).
+1. Select the role you'd like to edit.
+1. Select **Edit**.
+1. In **Edit role**, on the **General** tab, in **Role name**, type a name for the role.
+1. In **Description** type a brief summary of the role.
+1. In **Permissions**, select **View Data**, and under **View Data** select **Threat and vulnerability management** (TVM).
+
+For more information about user role management, see [Create and manage roles for role-based access control](user-roles.md).
+
+## Sensor health & OS tab
+
+Sensor health and OS cards report on general operating system health, which includes detection sensor health, up-to-date versus out-of-date operating systems, and Windows 10 versions.
+
+>:::image type="content" source="images/device-health-sensor-health-os-tab.png" alt-text="Shows Sensor health and Operating system information." lightbox="images/device-health-sensor-health-os-tab.png":::
+
+Each of the three cards on the **Sensor health** tab has two reporting sections, _Current state_ and _device trends_, presented as graphs:
+
+### Current state graph
+
+In each card, the Current state (referred to in some documentation as _Device summary_) is the top, horizontal bar graph. Current state is a snapshot that shows information collected about devices in your organization, scoped to the current day. This graph represents the distribution of devices across your organization that report status or are detected to be in a specific state.
+
+>:::image type="content" source="images/device-health-sensor-health-os-current-state-graph.png" alt-text="Shows the current state graph." lightbox="images/device-health-sensor-health-os-current-state-graph.png":::
+
+### Device trends graph
+
+The lower graph on each of the three cards isn't named, but is commonly known as _device trends_. The device trends graph depicts the collection of devices across your organization, throughout the time span indicated directly above the graph.
+By default, the device trends graph displays device information from the 30-day period, ending in the latest full day. To gain a better perspective about trends occurring in your organization, you can fine-tune the reporting period by adjusting the time period shown. To adjust the time period, open the filter and select a start day and end day.
+
+>:::image type="content" source="images/device-health-sensor-health-os-device-trends-graph.png" alt-text="Shows the Device Health versions trends graph." lightbox="images/device-health-sensor-health-os-device-trends-graph.png":::
+
+### Filtering data
+
+Use the provided filters to include or exclude devices with certain attributes. You can select multiple filters to apply from the device attributes. When applied, filters apply to all three cards in the report.
+
+For example, to show data about Windows 10 devices with Active sensor health state:
+
+1. Under **Filters** > **Sensor health state** > **Active**.
+2. Then select **OS platforms** > **Windows 10**.
+3. Select **Apply**.
+
+### Sensor health card
+
+The Sensor health card displays information about the sensor state on devices. Sensor health provides an aggregate view of devices that are:
+
+- active
+- inactive
+- experiencing impaired communications
+- or where no sensor data is reported
+
+Devices that are either experiencing impaired communications, or devices from which no sensor data is detected could expose your organization to risks, and warrant investigation. Likewise, devices that are inactive for extended periods of time could expose your organization to threats due to out-of-date software. Devices that are inactive for long periods of time also warrant investigation.
+
+> [!NOTE]
+>
+> In a small percentage of cases, the numbers and distributions reported when clicking on the horizontal Sensor health bar graph will be out of synch with the values shown in the **Device inventory** page. The disparity in values can occur because the Sensor Health Reports has a different refresh cadence than the Device Inventory page.
+
+### Operating systems and platforms card
+
+This card shows the distribution of operating systems and platforms that exist within your organization.
+_OS systems and platforms_ can give useful insights into whether devices in your organization are running current or outdated operating systems. When new operating systems are introduced, security enhancements are frequently included that improve your organization's posture against security threats.
+
+For example, Secure Boot (introduced in Windows 8) practically eliminated the threat from some of the most harmful types of malware. Improvements in Windows 10 provide PC manufacturers the option to prevent users from disabling Secure Boot. Preventing users from disabling Secure Boot removes almost any chance of malicious rootkits or other low-level malware from infecting the boot process.
+
+Ideally, the ΓÇ£Current stateΓÇ¥ graph shows that the number of operating systems is weighted in favor of more current OS over older versions. Otherwise, the trends graph indicates that new systems are being adopted and/or older systems are being updated or replaced.
+
+### Windows versions card
+
+The Windows 10 versions card shows the distribution of Windows devices and their versions in your organization.
+In the same way that an upgrade from Windows 8 to Windows 10 improves security in your organization, changing from early releases of Windows to more current versions improves your posture against possible threats.
+
+The Windows version trend graph can help you quickly determine whether your organization is keeping current by updating to the most recent, most secure versions of Windows 10.
+
+## See also
+
+[Microsoft Defender Antivirus health](device-health-microsoft-defender-antivirus-health.md#microsoft-defender-antivirus-health-tab)
security Download Client Analyzer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/download-client-analyzer.md
audience: ITPro -+ search.appverid: met150
security Enable Network Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/enable-network-protection.md
Previously updated : search.appverid: met150
security Evaluate Controlled Folder Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access.md
Previously updated : search.appverid: met150
security Evaluate Exploit Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/evaluate-exploit-protection.md
Previously updated : search.appverid: met150
security Export Certificate Inventory Assessment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/export-certificate-inventory-assessment.md
+search.appverid: met150
-
+ # Export certificate inventory per device [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Get Assessment Methods Properties https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-assessment-methods-properties.md
+search.appverid: met150
-
+ # Export assessment methods and properties per device [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
security Linux Privacy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-privacy.md
Diagnostic logs are collected only with the consent of the user as part of the f
- All files under */var/log/microsoft/mdatp* - Subset of files under */etc/opt/microsoft/mdatp* that are created and used by Defender for Endpoint on Linux-- Product installation and uninstallation logs under */var/log/microsoft_mdatp_\*.log*
+- Product installation and uninstallation logs under /var/log/microsoft/mdatp/*.log
### Optional diagnostic data
security Live Response Library Methods https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/live-response-library-methods.md
audience: ITPro
- M365-security-compliance -+ # Live response library methods and properties
security Manage Gradual Rollout https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-gradual-rollout.md
- M365-security-compliance - m365-initiative-defender-endpoint -+ search.appverid: met150
security Mde Plan1 Getting Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-plan1-getting-started.md
The navigation bar on the left side of the screen enables you to move easily bet
| **Endpoints** > **Configuration & baselines** | Expands to show **Security baselines** and **Configuration management**. | | **Endpoints** > **Configuration & baselines** > **Security baselines** | Security baselines are pre-configured policies and groups of settings that can help you apply recommended security settings efficiently and effectively. Baselines include settings that are based on industry best practices. You can keep the default settings, or customize your baselines to suit your organization's needs. <br/><br/> To learn more, see [Use security baselines to configure Windows 10 devices in Intune](/mem/intune/protect/security-baselines). | | **Endpoints** > **Configuration & baselines** > **Configuration management** | Navigates to the **Device configuration management** page, where you can view information about onboarded devices, and take steps to onboard more devices. |
-| **Reports** | Navigates to your reports, such as your [Threat protection report](threat-protection-reports.md), [Device health and compliance report](machine-reports.md), and your [Web protection report](web-protection-overview.md). |
+| **Reports** | Navigates to your reports, such as your [Threat protection report](threat-protection-reports.md), [Device health and compliance report](device-health-reports.md) and your [Web protection report](web-protection-overview.md). |
| **Health** | Includes links to the **Service health** and **Message center**. | | **Health** > **Service health** | Navigates to the Service health page in the Microsoft 365 admin center. This page enables you to view health status across all the services available with your organization's subscriptions. | | **Health** > **Message center** | Navigates to the Message center in the Microsoft 365 admin center. The Message center provides information about planned changes. Each message describes what's coming, how it might affect users, and how to manage changes. |
To access your Device health report, in the Microsoft 365 Defender portal, choos
Scroll down to see all the views in each list. By default, the views in the **Device trends** column display data for the past 30 days, but you can change a view to display data for the last three months, last six months, or a custom time range (up to 180 days). The **Device summary** views are snapshots for the previous business day. > [!TIP]
-> To learn more, see [Device health](machine-reports.md).
+> To learn more, see [Device health](device-health-reports.md).
### Web protection report
security Minimum Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/minimum-requirements.md
There are some minimum requirements for onboarding devices to the service. Learn
## Licensing requirements
-The standalone versions of [Defender for Endpoint Plan 1 and Plan 2](defender-endpoint-plan-1-2.md) do not include server licenses. To onboard servers to those plans, you'll need Defender for Servers Plan 1 or Plan 2 as part of the [Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) offering. To learn more, see the overview of [Microsoft Defender for Servers](/azure/defender-for-cloud/defender-for-servers-introduction).
+The standalone versions of [Defender for Endpoint Plan 1 and Plan 2](defender-endpoint-plan-1-2.md), even when they are included as part of other Microsft 365 plans, do not include server licenses. To onboard servers to those plans, you'll need Defender for Servers Plan 1 or Plan 2 as part of the [Defender for Cloud](/azure/defender-for-cloud/defender-for-cloud-introduction) offering. To learn more, see the overview of [Microsoft Defender for Servers](/azure/defender-for-cloud/defender-for-servers-introduction).
For information licensing requirements for Microsoft Defender for Endpoint, see [Microsoft Defender for Endpoint licensing information](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#microsoft-defender-for-endpoint).
security Overview Client Analyzer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/overview-client-analyzer.md
audience: ITPro -+ search.appverid: met150
security Respond Machine Alerts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/respond-machine-alerts.md
Title: Take response actions on a device in Microsoft Defender for Endpoint
-description: Take response actions on a device such as isolating devices, collecting an investigation package, managing tags, running av scan, and restricting app execution.
+description: Take response actions on a device such as isolating devices, collecting an investigation package, managing tags, running an av scan, and restricting app execution.
keywords: respond, isolate, isolate device, collect investigation package, action center, restrict, manage tags, av scan, restrict app ms.mktglfcycl: deploy
The package contains the following folders:
|Scheduled tasks|Contains a .CSV file listing the scheduled tasks, which can be used to identify routines performed automatically on a chosen device to look for suspicious code that was set to run automatically.| |Security event log|Contains the security event log, which contains records of login or logout activity, or other security-related events specified by the system's audit policy. <p><div class="alert"><b>NOTE:</b> Open the event log file using Event viewer.</div>| |Services|Contains a .CSV file that lists services and their states.|
-|Windows Server Message Block (SMB) sessions|Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement. <p> Contains files for SMBInboundSessions and SMBOutboundSession. <p> <div class="alert"><b>NOTE:</b> If there are no sessions (inbound or outbound), you'll get a text file that tell you that there are no SMB sessions found.</div>|
+|Windows Server Message Block (SMB) sessions|Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement. <p> Contains files for SMBInboundSessions and SMBOutboundSession. <p> <div class="alert"><b>NOTE:</b> If there are no sessions (inbound or outbound), you'll get a text file that tells you that there are no SMB sessions found.</div>|
|System Information|Contains a SystemInformation.txt file that lists system information such as OS version and network cards.| |Temp Directories|Contains a set of text files that lists the files located in %Temp% for every user in the system. <p> This can help to track suspicious files that an attacker may have dropped on the system. <p> <div class="alert"><b>NOTE:</b> If the file contains the following message: "The system cannot find the path specified", it means that there is no temp directory for this user, and might be because the user didn't log in to the system.</div>| |Users and Groups|Provides a list of files that each represent a group and its members.|
When an app is restricted, the following notification is displayed to inform the
Depending on the severity of the attack and the sensitivity of the device, you might want to isolate the device from the network. This action can help prevent the attacker from controlling the compromised device and performing further activities such as data exfiltration and lateral movement. > [!IMPORTANT]
-> - Isolating devices from the network is not currently supported for devices running macOS or Linux. Use live response to run the action. For more information on live response, see [Investigate entities on devices using live response](live-response.md).
+> - Isolating devices from the network is not currently supported for devices running macOS or Linux. For macOS, use live response to run the action. For more information on live response, see [Investigate entities on devices using live response](live-response.md).
> - Full isolation is available for devices running Windows 11, Windows 10, version 1703 or later, Windows Server 2022, Windows Server 2019, and Windows Server 2016. > - Selective isolation is available for devices running Windows 10, version 1709 or later, and Windows 11. > - When isolating a device, only certain processes and destinations are allowed. Therefore, devices that are behind a full VPN tunnel won't be able to reach the Microsoft Defender for Endpoint cloud service after the device is isolated. We recommend using a split-tunneling VPN for Microsoft Defender for Endpoint and Microsoft Defender Antivirus cloud-based protection-related traffic.
security Run Analyzer Macos Linux https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-analyzer-macos-linux.md
audience: ITPro -+ search.appverid: met150
security Run Analyzer Windows https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-analyzer-windows.md
- M365-security-compliance - m365initiative-m365-defender -+ search.appverid: met150
security Run Detection Test https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-detection-test.md
ms.pagetype: security
ms.localizationpriority: medium Last updated : 09/13/2022 audience: ITPro
Making sure, or verifying, that a device has been added to the service successfu
Run the following PowerShell script on a newly onboarded device to verify that it is properly reporting to the Defender for Endpoint service.
-1. Create a folder: 'C:\test-MDATP-test'.
-2. Open an elevated command-line prompt on the device and run the script:
+1. Open an elevated command-line prompt on the device and run the script:
1. Go to **Start** and type **cmd**.
Run the following PowerShell script on a newly onboarded device to verify that i
:::image type="content" source="images/run-as-admin.png" alt-text="The Start menu pointing to Run as administrator" lightbox="images/run-as-admin.png":::
-3. At the prompt, copy and run the following command:
+2. At the prompt, copy and run the following command:
```powershell powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden $ErrorActionPreference = 'silentlycontinue';(New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\\test-MDATP-test\\invoice.exe');Start-Process 'C:\\test-MDATP-test\\invoice.exe'
security Threat Protection Integration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/threat-protection-integration.md
Microsoft Defender for Endpoint directly integrates with various Microsoft solut
### Microsoft Defender for Cloud
-Microsoft Defender for Endpoint provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers.
+Microsoft Defender for Cloud provides a comprehensive server protection solution, including endpoint detection and response (EDR) capabilities on Windows Servers.
### Microsoft Sentinel
security Threat Protection Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/threat-protection-reports.md
For example, to show data about high-severity alerts only:
## Related topic -- [Device health and compliance report](machine-reports.md)
+- [Device health and compliance report](device-health-reports.md)
security Whats New In Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
For more information on Microsoft Defender for Endpoint on other operating syste
## September 2022 -- [Device health reporting is now generally available](machine-reports.md). <br/>The device health report provides high-level information about the health and security of your endpoints. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions.-- [Troubleshooting mode](enable-troubleshooting-mode.md) is now available for more Windows operating systems, including Windows Server 2012 R2 and above. Please refer to the article for more details about the required updates.
+- [Device health reporting is now generally available](device-health-reports.md). <br/>The device health report provides information about the health and security of your endpoints. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions.
+
+- [Troubleshooting mode](enable-troubleshooting-mode.md) is now available for more Windows operating systems, including Windows Server 2012 R2 and above. See the article for more information about the required updates.
## August 2022
For more information on Microsoft Defender for Endpoint on other operating syste
## July 2021 -- (Preview) [Device health and compliance report](machine-reports.md) <br> The device health and compliance report provides high-level information about the devices in your organization.
+- (Preview) [Device health and compliance report](device-health-reports.md) <br> The device health and compliance report provides high-level information about the devices in your organization.
## June 2021
For more information on Microsoft Defender for Endpoint on other operating syste
- [Device group definitions](/microsoft-365/security/defender-endpoint/machine-groups) can now include multiple values for each condition. You can set multiple tags, device names, and domains to the definition of a single device group. - [Mobile Application management support](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730) <br> This enhancement enables Microsoft Defender for Endpoint protect an organization's data within a managed application when Intune is being used to manage mobile applications. For more information about mobile application management, see [this documentation](/mem/intune/apps/mam-faq).-- [Microsoft Tunnel VPN integration](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730) <br> Microsoft Tunnel VPN capabilities is now integrated with Microsoft Defender for Endpoint app for Android. This unification enables organizations to offer a simplified end user experience with one security app ΓÇô offering both mobile threat defense and the ability to access on-premesis resources from their mobile device, while security and IT teams are able to maintain the same admin experiences they are familiar with.
+- [Microsoft Tunnel VPN integration](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730) <br> Microsoft Tunnel VPN capabilities are now integrated with Microsoft Defender for Endpoint app for Android. This unification enables organizations to offer a simplified end user experience with one security app ΓÇô offering both mobile threat defense and the ability to access on-premises resources from their mobile device, while security and IT teams are able to maintain the same admin experiences they are familiar with.
- [Jailbreak detection on iOS](/microsoft-365/security/defender-endpoint/ios-configure-features#conditional-access-with-defender-for-endpoint-on-ios) <br> Jailbreak detection capability in Microsoft Defender for Endpoint on iOS is now generally available. This adds to the phishing protection that already exists. For more information, see [Setup Conditional Access Policy based on device risk signals](/microsoft-365/security/defender-endpoint/ios-configure-features).
security Get Defender Vulnerability Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-vulnerability-management/get-defender-vulnerability-management.md
Microsoft Defender Vulnerability Management is available as a standalone and as
> [!NOTE] > This offering isn't currently available to: >
+> - Customers using the **New Commerce Experience (NCE)**
> - US Government customers using GCC, GCC High, and DoD > - Microsoft Defender for Business customers
If you don't have Defender for Endpoint Plan 1 or Plan 2, or Microsoft 365 E3, y
To sign up: 1. Log in as a global admin to the tenant where the Defender Vulnerability Management public preview trial service will be added.
-2. Visit [Microsoft Defender Vulnerability Management Public Preview Trial](https://signup.microsoft.com/get-started/signup?products=dee3976b-2cfd-40c3-90b6-3147cbf03146&ali=1&ru=https://aka.ms/MdvmPortal).
+2. Visit [Microsoft Defender Vulnerability Management Public Preview Trial](https://aka.ms/MdvmStandaloneStartTrial).
3. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not. 4. Once you have signed in, select the **Try now** button to confirm your order of the 120 day subscription of the Microsoft Defender Vulnerability Management Public Preview Trial. 5. Select **Continue**. You'll now be directed to the Microsoft 365 Defender portal.
To sign up:
If you already have Defender for Endpoint Plan 2, sign up to trial the **Defender Vulnerability Management Add-on trial** to get access to the additional capabilities. To sign up:
-1. Visit [Microsoft Defender Vulnerability Management Add-on Public Preview Trial](https://signup.microsoft.com/get-started/signup?products=5908ecaa-b8a7-4a04-b6c0-d44fd934b6f2&ali=1&ru=https://aka.ms/MdvmPortal).
+1. Visit [Microsoft Defender Vulnerability Management Add-on Public Preview Trial](https://aka.ms/MdvmAddonStartTrial).
2. Follow the prompts to sign in. This will differ depending on whether you already have a Microsoft 365 subscription or not. 3. Once you have signed in, select the **Try now** button to confirm your order of the 120 day subscription of the Microsoft Defender Vulnerability Add-on Public Preview Trial. 4. Select **Continue**. You'll now be directed to the Microsoft 365 Defender portal.
security Eval Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/eval-overview.md
f1.keywords:
- NOCSH Previously updated : 06/25/2021 Last updated : 09/15/2022 ms.localizationpriority: medium audience: ITPro
Microsoft 365 Defender is made up of these security technologies, operating in t
|Component|Description|Reference material| |||| |Microsoft Defender for Identity|Microsoft Defender for Identity uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.|[What is Microsoft Defender for Identity?](/defender-for-identity/what-is)|
-|Exchange Online Protection|Exchange Online Protection is the native cloud-based SMTP relay and filtering service that helps protect your organization against spam and malware.|[Exchange Online Protection (EOP) overview - Office 365](../office-365-security/overview.md)|
-|Microsoft Defender for Office 365|Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.|[Microsoft Defender for Office 365 - Office 365](../office-365-security/overview.md)|
+|Exchange Online Protection|Exchange Online Protection is the native cloud-based SMTP relay and filtering service that helps protect your organization against spam and malware.|[Exchange Online Protection (EOP) overview - Office 365](/microsoft-365/office-365-security/overview.md)|
+|Microsoft Defender for Office 365|Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.|[Microsoft Defender for Office 365 - Office 365](/microsoft-365/office-365-security/overview.md)|
|Microsoft Defender for Endpoint|Microsoft Defender for Endpoint is a unified platform for device protection, post-breach detection, automated investigation, and recommended response.|[Microsoft Defender for Endpoint - Windows security](../defender-endpoint/microsoft-defender-endpoint.md)| |Microsoft Defender for Cloud Apps|Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.|[What is Defender for Cloud Apps?](/cloud-app-security/what-is-cloud-app-security)| |Azure AD Identity Protection|Azure AD Identity Protection evaluates risk data from billions of sign-in attempts and uses this data to evaluate the risk of each sign-in to your environment. This data is used by Azure AD to allow or prevent account access, depending on how Conditional Access policies are configured. Azure AD Identity Protection is licensed separately from Microsoft 365 Defender. It is included with Azure Active Directory Premium P2.|[What is Identity Protection?](/azure/active-directory/identity-protection/overview-identity-protection)|
security First Incident Analyze https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/first-incident-analyze.md
Microsoft 365 Defender receives alerts and events from multiple Microsoft securi
- [Microsoft Defender for Endpoint](../defender-endpoint/microsoft-defender-endpoint.md) is an endpoint detection and response solution (EDR) that uses Microsoft Defender antivirus and cloud-enabled advanced threat protection using Microsoft Security Graph. Defender for Endpoint is a unified platform for preventative protection, post-breach detection, automated investigation, and response. It protects endpoints from cyberthreats, detects advanced attacks and data breaches, automates security incidents, and improves security posture. - [Microsoft Defender for Identity](/defender-for-identity/what-is) is a cloud-based security solution that uses your on-premises Active Directory Domain Services (AD DS) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. - [Microsoft Defender for Cloud Apps](/cloud-app-security/) acts as a gatekeeper to broker access in real time between your enterprise users and the cloud resources they use, wherever your users are located and regardless of the device they are using.-- [Microsoft Defender for Office 365](../office-365-security/overview.md) safeguards your organization against malicious threats in email messages, links (URLs), and collaboration tools.
+- [Microsoft Defender for Office 365](/microsoft-365/office-365-security/overview) safeguards your organization against malicious threats in email messages, links (URLs), and collaboration tools.
- [Azure Security Center](/azure/security-center/security-center-introduction) is a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in the cloud and on premises.
security Mdo Trial Banner https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/includes/mdo-trial-banner.md
++ search.appverid: met150
security Microsoft Defender For Office https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/includes/microsoft-defender-for-office.md
++ search.appverid: met150
security Microsoft Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/includes/microsoft-defender.md
++ search.appverid: met150
security Prerelease https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/includes/prerelease.md
-++ Last updated 12/18/2019 f1.keywords:
security Coinminer Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/coinminer-malware.md
Title: Coin miners
description: Learn about coin miners, how they can infect devices, and what you can do to protect yourself. keywords: security, malware, coin miners, protection, cryptocurrencies+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Coin miners
security Coordinated Malware Eradication https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/coordinated-malware-eradication.md
Title: Coordinated Malware Eradication
description: The Coordinated Malware Eradication program aims to unite security organizations to disrupt the malware ecosystem. keywords: security, malware, malware eradication, Microsoft Malware Protection Center, MMPC+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro search.appverid: met150
security Criteria https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/criteria.md
Title: How Microsoft identifies malware and potentially unwanted applications
description: Learn how Microsoft reviews software for privacy violations and other negative behavior, to determine if it's malware or a potentially unwanted application. keywords: security, malware, virus research threats, research malware, device protection, computer infection, virus infection, descriptions, remediation, latest threats, MMdevice, Microsoft Malware Protection Center, PUA, potentially unwanted applications+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
Last updated 12/13/2021 search.appverid: met150 # How Microsoft identifies malware and potentially unwanted applications
security Cybersecurity Industry Partners https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/cybersecurity-industry-partners.md
Title: Industry collaboration programs
description: There are various collaborative programs regarding Microsoft industry-wide anti-malware - Virus Information Alliance (VIA), Microsoft Virus Initiative (MVI), and Coordinated Malware Eradication (CME) keywords: security, malware, antivirus industry, anti-malware Industry, collaboration programs, alliances, Virus Information Alliance, Microsoft Virus Initiative, Coordinated Malware Eradication, WDSI, MMPC, Microsoft Malware Protection Center, partnerships+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro search.appverid: met150
security Developer Resources https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/developer-resources.md
description: This page provides information for developers such as detection criteria, developer questions, and how to check your software against Security intelligence. keywords: wdsi, software, developer, resources, detection, criteria, questions, scan, software, definitions, cloud, protection, security intelligence search.product: eADQiWindows 10XVcnh+ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: medium
audience: ITPro search.appverid: met150
security Exploits Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/exploits-malware.md
Title: Exploits and exploit kits
description: Learn about how exploits use vulnerabilities in common software to give attackers access to your computer and install other malware. keywords: security, malware, exploits, exploit kits, prevention, vulnerabilities, Microsoft, Exploit malware family, exploits, java, flash, adobe, update software, prevent exploits, exploit pack, vulnerability, 0-day, holes, weaknesses, attack, Flash, Adobe, out-of-date software, out of date software, update, update software, reinfection, Java cache, reinfected, won't remove, won't clean, still detects, full scan, MSE, Defender, WDSI, MMPC, Microsoft Malware Protection Center+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Exploits and exploit kits
security Fileless Threats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/fileless-threats.md
Title: Fileless threats
description: Learn about the categories of fileless threats and malware that live off the land keywords: fileless, fileless malware, living off the land, lolbins, amsi, behavior monitoring, memory scanning, boot sector protection, security, malware, Windows Defender ATP, antivirus, AV, Microsoft Defender ATP, next-generation protection+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Fileless threats
security Macro Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/macro-malware.md
Title: Macro malware
description: Learn about macro viruses and malware, which are embedded in documents and are used to drop malicious payloads and distribute other threats. keywords: security, malware, macro, protection, WDSI, MMPC, Microsoft Malware Protection Center, macro virus, macro malware, documents, viruses in Office, viruses in Word+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Macro malware
security Malware Naming https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/malware-naming.md
Title: Malware names
description: Understand the malware naming convention used by Microsoft Defender Antivirus and other Microsoft antimalware. keywords: security, malware, names, Microsoft, MMPC, Microsoft Malware Protection Center, WDSI, malware name, malware prefix, malware type, virus name+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Malware names
security Microsoft Bug Bounty Program https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/microsoft-bug-bounty-program.md
Title: About the Microsoft Bug Bounty Program description: If you are a security researcher, you can get a reward for reporting a vulnerability in a Microsoft product, service, or device.+ audience: ITPro
ms.localizationpriority: medium search.appverid: met150
security Phishing Trends https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/phishing-trends.md
Title: Phishing trends and techniques
description: Learn about how to spot phishing techniques keywords: security, malware, phishing, information, scam, social engineering, bait, lure, protection, trends, targeted attack, spear phishing, whaling+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Phishing trends and techniques
security Phishing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/phishing.md
Title: How to protect against phishing attacks
description: Learn about how phishing work, deliver malware do your devices, and what you can do to protect yourself keywords: security, malware, phishing, information, scam, social engineering, bait, lure, protection, trends, targeted attack+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # How to protect against phishing attacks
security Portal Submission Troubleshooting https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/portal-submission-troubleshooting.md
Title: Troubleshoot MSI portal errors caused by admin block
description: Troubleshoot MSI portal errors keywords: security, sample submission help, malware file, virus file, trojan file, submit, send to Microsoft, submit a sample, virus, trojan, worm, undetected, doesn't detect, email microsoft, email malware, I think this is malware, I think it's a virus, where can I send a virus, is this a virus, MSE, doesn't detect, no signature, no detection, suspect file, MMPC, Microsoft Malware Protection Center, researchers, analyst, WDSI, security intelligence+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Troubleshooting malware submission errors caused by administrator block
security Prevent Malware Infection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/prevent-malware-infection.md
Title: Prevent malware infection
description: Learn steps you can take to help prevent a malware or potentially unwanted software from infecting your computer. keywords: security, malware, prevention, infection, tips, Microsoft, MMPC, Microsoft Malware Protection Center, virus, trojan, worm, stop, prevent, full scan, infection, avoid malware, avoid trojan, avoid virus, infection, how, detection, security software, antivirus, updates, how malware works, how virus works, firewall, turn on, user privileges, limit, prevention, WDSI, MMPC, Microsoft Malware Protection Center+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Prevent malware infection
security Rootkits Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/rootkits-malware.md
Title: Rootkits
description: Rootkits may be used by malware authors to hide malicious code on your computer and make malware or potentially unwanted software harder to remove. keywords: security, malware, rootkit, hide, protection, hiding, WDSI, MMPC, Microsoft Malware Protection Center, rootkits, Sirefef, Rustock, Sinowal, Cutwail, malware, virus+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Rootkits
Malware authors use rootkits to hide malware on your device, allowing malware to
Rootkits intercept and change standard operating system processes. After a rootkit infects a device, you can't trust any information that device reports about itself.
-If you were to ask a device to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn't want you to know about. Rootkits are all about hiding things. They want to hide both themselves and their malicious activity on a device.
+If asked a device to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn't want you to know about. Rootkits are all about hiding things. They want to hide both themselves and their malicious activity on a device.
Many modern malware families use rootkits to try to avoid detection and removal, including:
For more general tips, see [prevent malware infection](prevent-malware-infection
### What if I think I have a rootkit on my device?
-Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you have a rootkit that your antimalware software isn't detecting, you may need an extra tool that lets you boot to a known trusted environment.
+Microsoft security software includes many technologies designed specifically to remove rootkits. If you think you have a rootkit, you might need an extra tool that helps you boot to a known trusted environment.
[Microsoft Defender Offline](https://support.microsoft.com/help/17466/microsoft-defender-offline-help-protect-my-pc) can be launched from the Windows Security app and has the latest antimalware updates from Microsoft. It's designed to be used on devices that aren't working correctly because of a possible malware infection.
-[System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity.
+[System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that affect system integrity.
### What if I can't remove a rootkit?
security Safety Scanner Download https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/safety-scanner-download.md
Title: Microsoft Safety Scanner Download
description: Get the Microsoft Safety Scanner tool to find and remove malware from Windows computers. keywords: security, malware+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Microsoft Safety Scanner Download
security Submission Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/submission-guide.md
Title: Submit files for analysis by Microsoft
description: Learn how to submit files to Microsoft for malware analysis, how to track your submissions, and dispute detections. keywords: security, sample submission help, malware file, virus file, trojan file, submit, send to Microsoft, submit a sample, virus, trojan, worm, undetected, doesn't detect, email microsoft, email malware, I think this is malware, I think it's a virus, where can I send a virus, is this a virus, MSE, doesn't detect, no signature, no detection, suspect file, MMPC, Microsoft Malware Protection Center, researchers, analyst, WDSI, security intelligence+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Submit files for analysis
security Supply Chain Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/supply-chain-malware.md
Title: Supply chain attacks
description: Learn about how supply chain attacks work, deliver malware do your devices, and what you can do to protect yourself keywords: security, malware, protection, supply chain, hide, distribute, trust, compromised+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Supply chain attacks
security Support Scams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/support-scams.md
Title: Tech Support Scams
description: Microsoft security software can protect you from tech support scams that claims to scan for malware or viruses and then shows you fake detections and warnings. keywords: security, malware, tech support, scam, protection, trick, spoof, fake, error messages, report, rogue security software, fake, antivirus, fake software, rogue, threats, fee, removal fee, upgrade, pay for removal, install full version, trial, lots of threats, scanner, scan, clean, computer, security, program, XP home security, fake microsoft, activate, activate scan, activate antivirus, warnings, pop-ups, security warnings, security pop-ups tech support scams, fake Microsoft error notification, fake virus alert, fake product expiration, fake Windows activation, scam web pages, scam phone numbers, telephone numbers, MMPC, WDSI, Microsoft Malware Protection Center, tech support scam numbers+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Tech support scams
security Trojans Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/trojans-malware.md
Title: Trojan malware
-description: Trojans are a type of threat that can infect your device. This page tells you what they are and how to remove them.
+description: Trojans are a type of threat that can infect your device. This page tells you what they're and how to remove them.
keywords: security, malware, protection, trojan, download, file, infection, trojans, virus, protection, cleanup, removal, antimalware, antivirus, WDSI, MMPC, Microsoft Malware Protection Center, malware types+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Trojans
-Trojans are a common type of malware which, unlike viruses, can't spread on their own. This means they either have to be downloaded manually or another malware needs to download and install them.
+Trojans are a common type of malware, which, unlike viruses, can't spread on their own. This means they either have to be downloaded manually or another malware needs to download and install them.
-Trojans often use the same file names as real and legitimate apps. It is easy to accidentally download a trojan thinking that it is a legitimate app.
+Trojans often use the same file names as real and legitimate apps. It's easy to accidentally download a trojan thinking that it's a legitimate app.
## How trojans work
-Trojans can come in many different varieties, but generally they do the following:
+Trojans can come in many different varieties, but generally they do the following tasks:
- Download and install other malware, such as viruses or [worms](worms-malware.md). -- Use the infected device for click fraud.
+- Use the infected device for select fraud.
- Record keystrokes and websites visited. -- Send information about the infected device to a malicious hacker including passwords, login details for websites, and browsing history.
+- Send information about the infected device to a malicious hacker including passwords, sign in details for websites, and browsing history.
- Give a malicious hacker control over the infected device.
security Understanding Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/understanding-malware.md
Title: Understanding malware & other threats
description: Learn about the most prevalent viruses, malware, and other threats. Understand how they infect systems, how they behave, and how to prevent and remove them. keywords: security, malware, virus, malware, threat, analysis, research, encyclopedia, dictionary, glossary, ransomware, support scams, unwanted software, computer infection, virus infection, descriptions, remediation, latest threats, mmpc, microsoft malware protection center, wdsi+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Understanding malware & other threats
security Unwanted Software https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/unwanted-software.md
Title: Unwanted software
description: Learn about how unwanted software changes your default settings without your consent and what you can do to protect yourself. keywords: security, malware, protection, unwanted, software, alter, infect, unwanted software, software bundlers, browser modifiers, privacy, security, computing experience, prevent infection, solution, WDSI, MMPC, Microsoft Malware Protection Center, virus research threats, research malware, pc protection, computer infection, virus infection, descriptions, remediation, latest threats+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Unwanted software
security Virus Information Alliance Criteria https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/virus-information-alliance-criteria.md
Title: Virus Information Alliance
description: The Microsoft Virus Information Alliance (VIA) is a collaborative antimalware program for organizations fighting cybercrime. keywords: security, malware, Microsoft, MMPC, Microsoft Malware Protection Center, partners, sharing, samples, vendor exchange, CSS, alliance, WDSI+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro search.appverid: met150
security Virus Initiative Criteria https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/virus-initiative-criteria.md
Title: Microsoft Virus Initiative
description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share telemetry with Microsoft. keywords: security, malware, MVI, Microsoft Malware Protection Center, MMPC, alliances, WDSI+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro search.appverid: met150
security Worms Malware https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/intelligence/worms-malware.md
Title: Worms
description: Learn about how worms replicate and spread to other computers or networks. Read about the most popular worms and steps you can take to stop them. keywords: security, malware, protection, worm, vulnerabilities, infect, steal, Jenxcus, Gamarue, Bondat, WannaCrypt, WDSI, MMPC, Microsoft Malware Protection Center, worms, malware types, threat propagation, mass-mailing, IP scanning+ ms.mktglfcycl: secure ms.sitesec: library ms.localizationpriority: medium
audience: ITPro
search.appverid: met150 # Worms
security Microsoft Defender For Office 365 Product Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/microsoft-defender-for-office-365-product-overview.md
+
+ Title: Office 365 Security including Microsoft Defender for Office 365 and Exchange Online Protection
+++
+audience: Admin
+
+ms.localizationpriority: high
+search.appverid:
+ - MET150
+ - MOE150
+
+ - M365-security-compliance
+ - m365initiative-defender-office365
+description: Security in Office 365, from EOP to Defender for Office 365 Plans 1 and 2, Standard vs. Strict security configurations, and more. Understand what you have, and how to secure your properties.
++
+adobe-target: true
++
+# Microsoft Defender for Office 365 security product overview
++
+**Applies to**
+- [Exchange Online Protection](exchange-online-protection-overview.md)
+- [Microsoft Defender for Office 365 plan 1 and plan 2](defender-for-office-365.md)
+
+This article will introduce you to your new Microsoft Defender for Office 365 security properties in the Cloud. Whether you're part of a Security Operations Center, you're a Security Administrator new to the space, or you want a refresher, let's get started.
+
+> [!CAUTION]
+> If you're using **Outlook.com**, **Microsoft 365 Family**, or **Microsoft 365 Personal**, and need *Safe Links* or *Safe Attachments* info, ***click this link***: [Advanced Outlook.com security for Microsoft 365 subscribers](https://support.microsoft.com/office/advanced-outlook-com-security-for-office-365-subscribers-882d2243-eab9-4545-a58a-b36fee4a46e2).
+
+## What is Defender for Office 365 security
+
+Every Office 365 subscription comes with security capabilities. The goals and actions that you can take depend on the focus of these different subscriptions. In Office 365 security, there are three main security services (or products) tied to your subscription type:
+
+1. Exchange Online Protection (EOP)
+1. Microsoft Defender for Office 365 Plan 1 (Defender for Office P1)
+1. Microsoft Defender for Office 365 Plan 2 (Defender for Office P2)
+
+> [!NOTE]
+> If you bought your subscription and need to roll out security features *right now*, skip to the steps in the [Protect Against Threats](protect-against-threats.md) article. If you're new to your subscription and would like to know your license before you begin, browse Billing > Your Products in the [Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/#/homepage).
+
+Office 365 security builds on the core protections offered by EOP. EOP is present in any subscription where Exchange Online mailboxes can be found (remember, all the security products discussed here are Cloud-based).
+
+You may be accustomed to seeing these three components discussed in this way:
+
+|EOP|Microsoft Defender for Office 365 P1|Microsoft Defender for Office 365 P2|
+||||
+|Prevents broad, volume-based, known attacks.|Protects email and collaboration from zero-day malware, phish, and business email compromise.|Adds post-breach investigation, hunting, and response, as well as automation, and simulation (for training).|
+
+But in terms of architecture, let's start by thinking of each piece as cumulative layers of security, each with a security emphasis. More like this:
++
+Though each of these services emphasizes a goal from among Protect, Detect, Investigate, and Respond, ***all*** the services can carry out ***any*** of the goals of protecting, detecting, investigating, and responding.
+
+The core of Office 365 security is EOP protection. Microsoft Defender for Office 365 P1 contains EOP in it. Defender for Office 365 P2 contains P1 and EOP. The structure is cumulative. That's why, when configuring this product, you should start with EOP and work to Defender for Office 365.
+
+Though email authentication configuration takes place in public DNS, it's important to configure this feature to help defend against spoofing. *If you have EOP,* ***you should [configure email authentication](email-validation-and-authentication.md)***.
+
+If you have an Office 365 E3, or below, you have EOP, but with the option to buy standalone Defender for Office 365 P1 through upgrade. If you have Office 365 E5, you already have Defender for Office 365 P2.
+
+> [!TIP]
+> If your subscription is neither Office 365 E3 or E5, you can still check to see if you have the option to upgrade to Microsoft Defender for Office 365 P1. If you're interested, [this webpage](https://www.microsoft.com/microsoft-365/exchange/advance-threat-protection#coreui-contentrichblock-x07wids) lists subscriptions eligible for the Microsoft Defender for Office 365 P1 upgrade (check the end of the page for the fine-print).
+
+## The Office 365 security ladder from EOP to Microsoft Defender for Office 365
+
+> [!IMPORTANT]
+> Learn the details on these pages: [Exchange Online Protection](exchange-online-protection-overview.md), and [Defender for Office 365](defender-for-office-365.md).
+
+What makes adding Microsoft Defender for Office 365 plans an advantage to pure EOP threat management can be difficult to tell at first glance. To help sort out if an upgrade path is right for your organization, let's look at the capabilities of each product when it comes to:
+
+- preventing and detecting threats
+- investigating
+- responding
+
+starting with **Exchange Online Protection**:
+<p>
+
+|Prevent/Detect|Investigate|Respond|
+||||
+|Technologies include:<ul><li>spam</li><li>phish</li><li>malware</li><li>bulk mail</li><li>spoof intelligence</li><li>impersonation detection</li><li>Admin Quarantine</li><li>Admin and user submissions of False Positives and False Negatives</li><li>Allow/Block for URLs and Files</li><li>Reports</li></ul>|<li>Audit log search</li><li>Message Trace</li>|<li>Zero-hour auto purge (ZAP)</li><li>Refinement and testing of Allow and Block lists</li>|
+
+If you want to dig in to EOP, **[jump to this article](exchange-online-protection-overview.md)**.
+
+Because these products are cumulative, if you evaluate Microsoft Defender for Office 365 P1 and decide to subscribe to it, you'll add these abilities.
+
+Gains with **Defender for Office 365, Plan 1** (to date):
+<p>
+
+|Prevent/Detect|Investigate|Respond|
+||||
+|Technologies include everything in EOP plus:<ul><li>Safe attachments</li><li>Safe links<li>Microsoft Defender for Office 365 protection for workloads (ex. SharePoint Online, Teams, OneDrive for Business)</li><li>Time-of-click protection in email, Office clients, and Teams</li><li>anti-phishing in Defender for Office 365</li><li>User and domain impersonation protection</li><li>Alerts, and SIEM integration API for alerts</li>|<li>SIEM integration API for detections</li><li>**Real-time detections tool**</li><li>URL trace</li>|<li>Same</li></ul>
+
+So, Microsoft Defender for Office 365 P1 expands on the ***prevention*** side of the house, and adds extra forms of ***detection***.
+
+Microsoft Defender for Office 365 P1 also adds **Real-time detections** for investigations. This threat hunting tool's name is in bold because having it is clear means of *knowing* you have Defender for Office 365 P1. It doesn't appear in Defender for Office 365 P2.
+
+Gains with **Defender for Office 365, Plan 2** (to date):
+<p>
+
+|Prevent/Detect|Investigate|Respond|
+||||
+|Technologies include everything in EOP, and Microsoft Defender for Office 365 P1 plus:<ul><li>Same</li>|<li>**Threat Explorer**</li><li>Threat Trackers</li><li>Campaign views</li>|<li>Automated Investigation and Response (AIR)</li><li>AIR from Threat Explorer</li><li>AIR for compromised users</li><li>SIEM Integration API for Automated Investigations</li>
+
+So, Microsoft Defender for Office 365 P2 expands on the ***investigation and response*** side of the house, and adds a new hunting strength. Automation.
+
+In Microsoft Defender for Office 365 P2, the primary hunting tool is called **Threat Explorer** rather than Real-time detections. If you see Threat Explorer when you navigate to the Microsoft 365 Defender portal, you're in Microsoft Defender for Office 365 P2.
+
+To get into the details of Microsoft Defender for Office 365 P1 and P2, **[jump to this article](defender-for-office-365.md)**.
+
+> [!TIP]
+> EOP and Microsoft Defender for Office 365 are also different when it comes to end-users. In EOP and Defender for Office 365 P1, the focus is *awareness*, and so those two services include the *Report message Outlook add-in* so users can report emails they find suspicious, for further analysis. <p> In Defender for Office 365 P2 (which contains everything in EOP and P1), the focus shifts to *further training* for end-users, and so the Security Operations Center has access to a powerful *Threat Simulator* tool, and the end-user metrics it provides.
+
+## Microsoft Defender for Office 365 Plan 1 vs. Plan 2 cheat sheet
+
+This quick-reference will help you understand what capabilities come with each Microsoft Defender for Office 365 subscription. When combined with your knowledge of EOP features, it can help business decision makers determine what Microsoft Defender for Office 365 is best for their needs.
+
+|Defender for Office 365 Plan 1|Defender for Office 365 Plan 2|
+|||
+|Configuration, protection, and detection capabilities: <ul><li>[Safe Attachments](safe-attachments.md)</li><li>[Safe Links](safe-links.md)</li><li>[Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](mdo-for-spo-odb-and-teams.md)</li><li>[Anti-phishing protection in Defender for Office 365](set-up-anti-phishing-policies.md#exclusive-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365)</li><li>[Real-time detections](threat-explorer.md)</li></ul>|Defender for Office 365 Plan 1 capabilities <p> plus <p> Automation, investigation, remediation, and education capabilities: <ul><li>[Threat Trackers](threat-trackers.md)</li><li>[Threat Explorer](threat-explorer.md)</li><li>[Automated investigation and response](office-365-air.md)</li><li>[Attack simulation training](attack-simulation-training.md)</li><li>[Proactively hunt for threats with advanced hunting in Microsoft 365 Defender](../defender/advanced-hunting-overview.md)</li><li>[Investigate incidents in Microsoft 365 Defender](../defender/investigate-incidents.md)</li><li>[Investigate alerts in Microsoft 365 Defender](../defender/investigate-alerts.md)</li></ul>|
+
+- Microsoft Defender for Office 365 Plan 2 is included in Office 365 E5, Office 365 A5, and Microsoft 365 E5.
+
+- Microsoft Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium.
+
+- Microsoft Defender for Office 365 Plan 1 and Defender for Office 365 Plan 2 are each available as an add-on for certain subscriptions. To learn more, here's another link [Feature availability across Microsoft Defender for Office 365 plans](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description#feature-availability-across-advanced-threat-protection-atp-plans).
+
+- The [Safe Documents](safe-docs.md) feature is only available to users with the Microsoft 365 A5 or Microsoft 365 E5 Security licenses (not included in Microsoft Defender for Office 365 plans).
+
+- If your current subscription doesn't include Microsoft Defender for Office 365 and you want it, [contact sales to start a trial](https://info.microsoft.com/ww-landing-M365SMB-web-contact.html), and find out how Microsoft Defender for Office 365 can work for in your organization.
+
+- Microsoft Defender for Office 365 P2 customers have access to **Microsoft 365 Defender integration** to efficiently detect, review, and respond to incidents and alerts.
+
+> [!TIP]
+> ***Insider tip***. You can use the Microsoft Docs table of contents to learn about EOP and Microsoft Defender for Office 365. Navigate back to this page, [Office 365 Security overview](index.yml), and you'll notice that table of contents organization in the side-bar. It begins with Deployment (including migration) and then continues into prevention, detection, investigation, and response. <p> This structure is divided so that **Security Administration** topics are followed by **Security Operations** topics. If you're a new member of either job role, use the link in this tip, and your knowledge of the table of contents, to help learn the space. Remember to use *feedback links* and *rate articles* as you go. Feedback helps us improve what we offer you.
+
+## Where to go next
+
+If you're a Security Admin, you may need to configure DKIM or DMARC for your mail. You may want to roll out 'Strict' security presets for your priority users, or look for what's new in the product. Or if you're with Security Ops, you may want to leverage Real-time detections or Threat Explorer to investigate and respond, or train end-user detection with Attack Simulator. Either way, here are some additional recommendations for what to look at next.
+
+[Email Authentication, including SPF, DKIM, and DMARC (with links to setup of all three)](email-validation-and-authentication.md)
+
+[See the specific recommended 'golden' configs](recommended-settings-for-eop-and-office365.md) and [use their recommended presets to configure security policies quickly](preset-security-policies.md)
+
+Catch up on [what's new in Microsoft Defender for Office 365 (including EOP developments)](whats-new-in-defender-for-office-365.md)
+
+[Use Threat Explorer or Real-time detections](threat-explorer.md)
+
+Use [Attack simulation training](attack-simulation-training.md)
security Report Junk Email Messages To Microsoft https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft.md
Watch this video that shows more information about the unified submissions exper
## Report a suspicious email to Microsoft
-|Method|Description|
-|||
-|[Use the Submissions portal to submit suspected spam, phish, URLs, and email attachments to Microsoft](admin-submission.md)|The recommended reporting method for admins in organizations with Exchange Online mailboxes (not available in standalone EOP).|
-|[Enable the Report Message or the Report Phishing add-ins](enable-the-report-message-add-in.md)|Works with Outlook and Outlook on the web (formerly known as Outlook Web App). <br/><br/> Depending on your subscription, messages that users reported with the add-ins are available in [the Admin Submissions portal](admin-submission.md), [Automated investigation and response (AIR) results](air-view-investigation-results.md), the [User-reported messages report](view-email-security-reports.md#user-reported-messages-report), and [Explorer](threat-explorer-views.md#email--submissions). <br/><br/> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).
-|[Report false positives and false negatives in Outlook](report-false-positives-and-false-negatives.md)|Submit false positives (good email that was blocked or sent to junk folder) and false negatives (unwanted email or phish that was delivered to the inbox) to Exchange Online Protection (EOP) using the Report Message feature.|
-|[Use mail flow rules to see what users are reporting to Microsoft](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-see-what-users-are-reporting-to-microsoft)|Learn how to create a mail flow rule (also known as a transport rule) that notifies you when users report messages to Microsoft for analysis.|
-|[Submit files for analysis](../intelligence/submission-guide.md)|Submit email attachments and other suspected files to Microsoft for analysis.|
+|Method|Submission type|Description|
+||||
+|[Use the Submissions portal to submit suspected spam, phish, URLs, and email attachments to Microsoft](admin-submission.md)|Admin|The recommended reporting method for admins in organizations with Exchange Online mailboxes (not available in standalone EOP).|
+|[Enable the Report Message or the Report Phishing add-ins](enable-the-report-message-add-in.md)|User|Works with Outlook and Outlook on the web (formerly known as Outlook Web App). <br/><br/> Depending on your subscription, messages that users reported with the add-ins are available in [the Admin Submissions portal](admin-submission.md), [Automated investigation and response (AIR) results](air-view-investigation-results.md), the [User-reported messages report](view-email-security-reports.md#user-reported-messages-report), and [Explorer](threat-explorer-views.md#email--submissions). <br/><br/> You can configure reported messages to be copied or redirected to a mailbox that you specify. For more information, see [User submissions policies](user-submission.md).
+|[Report false positives and false negatives in Outlook](report-false-positives-and-false-negatives.md)|User|Submit false positives (good email that was blocked or sent to junk folder) and false negatives (unwanted email or phish that was delivered to the inbox) to Exchange Online Protection (EOP) using the Report Message feature.|
+|[Use mail flow rules to see what users are reporting to Microsoft](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-see-what-users-are-reporting-to-microsoft)|Admin|Learn how to create a mail flow rule (also known as a transport rule) that notifies you when users report messages to Microsoft for analysis.|
+|[Submit files for analysis](../intelligence/submission-guide.md)|Admin|Submit email attachments and other suspected files to Microsoft for analysis.|
> [!NOTE]
-> When you report an email entity to Microsoft, we make a copy of everything associated with the email to include it in our continual algorithm reviews. This copy includes the email content, the email headers, and related data about the email routing. Attachments in the message are also included.
+> When you report an email entity to Microsoft, a copy is made of everything associated with the email to include it in the reviews. This copy includes the email content, the email headers, and related data about the email routing. Attachments in the message are also included.
>
-> Microsoft treats your feedback as your organization's permission for us to analyze all of the previously described information and to work to fine tune the message hygiene algorithms. We hold your message in our secure audited datacenters in the USA until we delete your submission no later than 30 days after you provided it to us. Personnel at Microsoft may read your submitted message and attachments, which is normally not permitted for email in Office 365. However, your email is still treated as confidential between you and Microsoft, and we will not provide your submission to any other party to read the email or its attachments for this review process.
+> Microsoft treats your feedback as your organization's permission to analyze all of the information and to improve the suspected message reporting and review process. Your message is stored securely until it is deleted no later than 30 days after you provided it. Microsoft may read your submitted message and attachments, however, your email is still treated as confidential between you and Microsoft. Your submission is not provided to any other party for the review process.
security Assess The Impact Of Security Configuration Changes With Explorer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/assess-the-impact-of-security-configuration-changes-with-explorer.md
Title: Assess the impact of security configuration changes with Explorer description: Examples and walkthrough of using Explorer to determine the impact of a security control (configuration) change in Microsoft Defender for Office 365 search.product:+ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
This step-by-step guide will take you through assessing a change, and exporting
1. Press the **filter** button (defaulted to *Sender*) and select **Phish confidence level**. 1. Select the **Phish confidence level** of **Normal**. 1. Add an additional **filter** of **Original delivery location** set as **Junk folder**.
-1. Press **Refresh**. Explorer is now filtered to show all the mail that is detected as *high confidence phish* and gets delivered to the Junk folder due to the settings in the anti-spam policy.
+1. Press **Refresh**. Explorer is now filtered to show all the mail that is detected as *normal confidence phish* and gets delivered to the Junk folder due to the settings in the anti-spam policy.
1. If you wish to pivot the data displayed in the chart, you can do by using the **data slicer top left of the chart (defaulted to *Delivery action*)**, selecting useful data such as **Sender IP**, or **Sender domain** to spot trends and top affected senders. 1. Below the chart section, where the affected emails are displayed, select **Export email list**, which will generate a CSV for offline analysis. **This is a list of the emails which would be quarantined if the phish action was changed to Quarantine (recommended change for both standard and strict presets)**.
security Connect Microsoft Defender For Office 365 To Microsoft Sentinel https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel.md
Title: Connect Microsoft Defender for Office 365 to Microsoft Sentinel description: The steps to connect Microsoft Defender for Office 365 to Sentinel. Add your Microsoft Defender for Office 365 data (*and* data from the rest of the Microsoft 365 Defender suite), including incidents, to Microsoft Sentinel for a single pane of glass into your security. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Defense In Depth Guide https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/defense-in-depth-guide.md
Title: Getting started with defense in-depth configuration for email security description: Step-by-step configuration guidance on how to get security value from Microsoft Defender for Office 365 when you have third party email filtering. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Deploy And Configure The Report Message Add In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/deploy-and-configure-the-report-message-add-in.md
Title: How-to deploy and configure the report message add-in description: The steps to deploy and configure Microsoft's phish reporting add-in(s) aimed at security administrators. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Ensuring You Always Have The Optimal Security Controls With Preset Security Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies.md
Title: Steps to quickly set up the Standard or Strict preset security policies for Microsoft Defender for Office 365 description: Step to setup preset security policies in Microsoft Defender for Office 365 so you have the security recommended by the product. Preset policies set a security profile of either *Standard* or *Strict*. Set these and Microsoft Defender for Office 365 will manage and maintain these security controls for you. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security How To Configure Quarantine Permissions With Quarantine Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-configure-quarantine-permissions-with-quarantine-policies.md
Title: How to configure quarantine permissions and policies description: The steps to configure quarantine policies and permissions across different groups, including AdminOnlyPolicy, limited access, full access, and providing security admins and users with a simple way to manage false positive folders. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security How To Enable Dmarc Reporting For Microsoft Online Email Routing Address Moera And Parked Domains https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-enable-dmarc-reporting-for-microsoft-online-email-routing-address-moera-and-parked-domains.md
Title: How to enable DMARC Reporting for Microsoft Online Email Routing Address (MOERA) and parked Domains description: The steps to configure DMARC for MOERA and parked domains. search.product:+ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security How To Handle False Negatives In Microsoft Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-negatives-in-microsoft-defender-for-office-365.md
Title: (False Negatives) How to handle malicious emails that are delivered to recipients using Microsoft Defender for Office 365 description: The steps to handle malicious emails coming through to end users and inboxes (as False Negatives) with Microsoft Defender for Office 365 in order to prevent loss of business. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security How To Handle False Positives In Microsoft Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365.md
Title: (False Positives) How to handle legitimate emails getting blocked from delivery using Microsoft Defender for Office 365 description: The steps to handle legitimate email getting blocked(False Positive) by Microsoft Defender for Office 365 in order to prevent lose of business. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security How To Prioritize And Manage Automated Investigations And Response Air https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-prioritize-and-manage-automated-investigations-and-response-air.md
Title: How to prioritize and manage Automated Investigations and Response (AIR). description: How to steps to analyze and approve AIR actions directly from the Action Center. When alerts are triggered, Automated Investigation and Response (AIR) determines the scope of impact of a threat in your organization and provided recommended remediation actions. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security How To Prioritize Manage Investigate And Respond To Incidents In Microsoft 365 Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-prioritize-manage-investigate-and-respond-to-incidents-in-microsoft-365-defender.md
Title: How to prioritize, Manage, Investigate & Respond to Incidents in Microsoft 365 Defender description: The steps to manage alerts triggered in Microsoft 365 Defender. Automated investigation and response (AIR) hunt across the subscription and determines the impact and scope of a threat, and combines the information into a single Incident. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security How To Run Attack Simulations For Your Team https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-run-attack-simulations-for-your-team.md
Title: How to run attack simulations for your team description: The steps to send an Attack Simulation payload to your target users for your team or organization for training. Simulated attacks can help you identify and find vulnerable users, policies and practices before a real attack impacts your organization. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security How To Setup Attack Simulation Training For Automated Attacks And Training https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/how-to-setup-attack-simulation-training-for-automated-attacks-and-training.md
Title: How to setup automated attacks and training within Attack simulation training description: The steps to automate Attack Simulation training and send a payload to target users. By following this guide, you will learn to create automated attack flows with specific techniques and payloads. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Optimize And Correct Security Policies With Configuration Analyzer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/optimize-and-correct-security-policies-with-configuration-analyzer.md
Title: Optimize and correct security policies with configuration analyzer description: The steps to optimize and correct security policies with configuration analyzer. Configuration analyzer is a central location and single pane of glass for administering and viewing the email security policies you have configured in your tenant. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Protect Your C Suite With Priority Account Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/protect-your-c-suite-with-priority-account-protection.md
Title: Protect your c-suite with Priority account protection in Microsoft Defender for Office 365 Plan 2 description: The steps to protect your c-suite with priority account protection. Tagging an account as a Priority account will enable the additional protection tuned for the mail flow patterns targeting company executives, along with extra visibility in reports, alerts, and investigations. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Search For Emails And Remediate Threats https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/search-for-emails-and-remediate-threats.md
Title: Search for emails and remediate threats using Threat Explorer in Microsoft 365 Defender description: The steps to do manual remediation in Threat Explorer in Microsoft 365 Defender, including how to get the best performance and scenarios that call for remediation. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Stay Informed With Message Center https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/stay-informed-with-message-center.md
Title: Steps to set up a weekly digest email of message center changes for Microsoft Defender for Office 365 description: The steps to setup a weekly digest email of message center activity to stay up-to-date about changes to Microsoft Defender for Office 365. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Step By Step Guide Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/step-by-step-guide-overview.md
Title: Microsoft Defender for Office 365 step-by-step guides and how to use them description: What are the step-by-step-guides for Microsoft 365 Defender for Office 365? See *only the steps needed to complete a task* and set up features. Information for use in trial subscriptions and production. Guidance designed to minimise information overload and speed up your configuration and use. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Track And Respond To Emerging Threats With Campaigns https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/track-and-respond-to-emerging-threats-with-campaigns.md
Title: Track and respond to emerging security threats with campaigns view in Microsoft Defender for Office 365 description: Walkthrough of threat campaigns within Microsoft Defender for Office 365 to demonstrate how they can be used to investigate a coordinated email attack against your organization. search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
security Utilize Microsoft Defender For Office 365 In Sharepoint Online https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/step-by-step-guides/utilize-microsoft-defender-for-office-365-in-sharepoint-online.md
Title: Use Microsoft Defender for Office 365 in SharePoint Online description: The steps to ensure that you can use, and get the value from, Microsoft Defender for Office 365 in SharePoint Online and OneDrive for Business search.product: + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro + search.appverid: met150
To learn more, read [Step 1: Use the Microsoft 365 Defender portal to turn on Sa
1. Sign in to the [security centerΓÇÖs safe attachments configuration page](https://security.microsoft.com/safeattachmentv2). 1. Select **Global settings**. 1. Ensure that **Turn on Defender for Office 365 for SharePoint, OneDrive, and Microsoft Teams** is set to **on**.
-1. Navigate to the [security centerΓÇÖs Safe links configuration page](https://security.microsoft.com/safelinksv2).
1. Select **Save**. + ## Stop infected file downloads from SharePoint Online By default, users can't open, move, copy, or share malicious files that are detected by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. However, the *Download* option is still available and should be *disabled*.
security Trial Playbook Defender For Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/trial-playbook-defender-for-office-365.md
Equip your users with the right knowledge to identify threats and report suspici
- **Interactive guide**: Unfamiliar with Defender for Office 365? Review the [interactive guide](https://mslearn.cloudguides.com/guides/Safeguard%20your%20organization%20with%20Microsoft%20Defender%20for%20Office%20365) to understand how to get started. - **Fast Track Get Started Guide***: [Microsoft Defender for Office 365](https://go.microsoft.com/fwlink/p/?linkid=2197415)-- **Microsoft docs**: Get detailed information on how Defender for Office 365 works and how to best implement it for your organization. Visit [Docs](overview.md).
+- **Microsoft docs**: Get detailed information on how Defender for Office 365 works and how to best implement it for your organization. Visit [Docs](defender-for-office-365.md).
- **What's included**: For a full list of Office 365 email security features listed by product tier, view the [Feature Matrix](/office365/servicedescriptions/office-365-advanced-threat-protection-service-description#feature-availability). - **Why Defender for Office 365**: The [Defender for Office 365 Datasheet](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4FCiy) shows the top 10 reasons customers choose Microsoft.
security Top Security Tasks For Remote Work https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/top-security-tasks-for-remote-work.md
audience: Admin + ms.localizationpriority: medium search.appverid: - MET150
solutions Allow Direct Connect With All Organizations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/allow-direct-connect-with-all-organizations.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-securecollab
solutions Allow Members To Send As Or Send On Behalf Of Group https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/allow-members-to-send-as-or-send-on-behalf-of-group.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Adm_O365 - m365solution-collabgovernance
solutions Architecture Icons Templates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/architecture-icons-templates.md
ms.localizationpriority: medium f1.keywords: NOCSH+
+- highpri
# Microsoft 365 architecture templates and icons
solutions B2b Extranet https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/b2b-extranet.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-3tiersprotection
solutions Best Practices Anonymous Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/best-practices-anonymous-sharing.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-3tiersprotection
solutions Choose Domain To Create Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/choose-domain-to-create-groups.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Adm_O365 - m365solution-collabgovernance
solutions Cloud Architecture Models https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/cloud-architecture-models.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - M365solutions
solutions Collaborate As Team https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-as-team.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-3tiersprotection
solutions Collaborate In Site https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-in-site.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-3tiersprotection
solutions Collaborate On Documents https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-on-documents.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-3tiersprotection
solutions Collaborate Teams Direct Connect https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-teams-direct-connect.md
audience: ITPro -+
+- highpri
- SPO_Content - M365-collaboration - m365solution-3tiersprotection
solutions Collaborate With People Outside Your Organization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaborate-with-people-outside-your-organization.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-securecollab
solutions Collaboration Governance First https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaboration-governance-first.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Collaboration Governance Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/collaboration-governance-overview.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-overview - m365solution-collabgovernance
solutions Configure Teams Baseline Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-baseline-protection.md
ms.localizationpriority: high
search.appverid: - MET150
+- highpri
- Ent_O365 - Strat_O365_Enterprise - m365solution-3tiersprotection
solutions Configure Teams Highly Sensitive Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-highly-sensitive-protection.md
ms.localizationpriority: high
search.appverid: - MET150
+- highpri
- Ent_O365 - Strat_O365_Enterprise - m365solution-3tiersprotection
solutions Configure Teams Sensitive Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-sensitive-protection.md
ms.localizationpriority: high
search.appverid: - MET150
+- highpri
- Ent_O365 - Strat_O365_Enterprise - m365solution-3tiersprotection
solutions Configure Teams Three Tiers Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/configure-teams-three-tiers-protection.md
ms.localizationpriority: high
search.appverid: - MET150
+- highpri
- Ent_O365 - Strat_O365_Enterprise - M365-security-compliance
solutions Contoso Case Study Solutions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/contoso-case-study-solutions.md
ms.localizationpriority: high
+- highpri
- Strat_O365_Enterprise - M365-subscription-management
solutions Contoso Remote Onsite Work https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/contoso-remote-onsite-work.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Strat_O365_Enterprise
solutions Contoso Team For Top Secret Project https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/contoso-team-for-top-secret-project.md
ms.localizationpriority: medium search.appverid: - MET150-+
+- highpri
- M365-security-compliance description: "Summary: How Contoso used a team with security isolation for a top-secret project to develop a new suite of products and services."
solutions Create Secure Guest Sharing Environment https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/create-secure-guest-sharing-environment.md
audience: ITPro
+- highpri
- SPO_Content - M365-security-compliance - m365solution-3tiersprotection
solutions Deploy Voice https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/deploy-voice.md
ms.audience: ITPro
ms.localizationpriority: medium-+
+- highpri
- M365-collaboration - m365solution-overview - m365solution-voice
solutions Design Principles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/design-principles.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - M365solutions
solutions Empower People To Work Remotely Manage Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-manage-endpoints.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - remotework
solutions Empower People To Work Remotely Remote Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-remote-access.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - remotework
solutions Empower People To Work Remotely Secure Sign In https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-secure-sign-in.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - remotework
solutions Empower People To Work Remotely Security Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-security-compliance.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - remotework
solutions Empower People To Work Remotely Teams Productivity Apps https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-teams-productivity-apps.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - remotework
solutions Empower People To Work Remotely Train Monitor Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely-train-monitor-usage.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - remotework
solutions Empower People To Work Remotely https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - remotework
solutions End Life Cycle Groups Teams Sites Yammer https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/end-life-cycle-groups-teams-sites-yammer.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Energy Secure Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/energy-secure-collaboration.md
audience: ITPro
+- highpri
- Ent_O365 - Strat_O365_Enterprise - M365-security-compliance
solutions Financial Services Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/financial-services-overview.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - M365solutions
solutions Financial Services Secure Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/financial-services-secure-collaboration.md
audience: ITPro
+- highpri
- M365-security-compliance
solutions Groups Naming Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/groups-naming-policy.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Adm_O365 - m365solution-collabgovernance
solutions Groups Services Interactions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/groups-services-interactions.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Groups Sharepoint Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/groups-sharepoint-governance.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Groups Sharepoint Teams Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/groups-sharepoint-teams-governance.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Groups Teams Access Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/groups-teams-access-governance.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Groups Teams Communication Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/groups-teams-communication-governance.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Groups Teams Compliance Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/groups-teams-compliance-governance.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Healthcare Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/healthcare-overview.md
ms.audience: ITPro
ms.localizationpriority: medium-+
+- highpri
- M365-subscription-management - M365solutions
solutions Identity Design Principles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/identity-design-principles.md
ms.localizationpriority: medium
+- highpri
- M365-identity-device-management - M365-security-compliance - M365solutions
solutions Infographics For Users https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/infographics-for-users.md
Last updated 02/11/2022 ms.localizationpriority: medium
+- highpri
- M365solutions f1.keywords: NOCSH
solutions Information Protection Deploy Assess https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy-assess.md
ms.localizationpriority: medium
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - m365solution-infoprotection
solutions Information Protection Deploy Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy-compliance.md
ms.localizationpriority: medium
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - m365solution-infoprotection
solutions Information Protection Deploy Govern https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy-govern.md
ms.localizationpriority: medium
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - m365solution-infoprotection
solutions Information Protection Deploy Identity Device Threat https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy-identity-device-threat.md
ms.localizationpriority: medium
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - m365solution-infoprotection
solutions Information Protection Deploy Monitor Respond https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy-monitor-respond.md
ms.localizationpriority: medium
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - m365solution-infoprotection
solutions Information Protection Deploy Protect Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy-protect-information.md
ms.localizationpriority: medium
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - m365solution-infoprotection
solutions Information Protection Deploy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/information-protection-deploy.md
ms.localizationpriority: medium
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - m365solution-infoprotection
solutions Limit Guest Sharing To Specific Organization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/limit-guest-sharing-to-specific-organization.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-securecollab
solutions Limit Invitations From Specific Organization https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/limit-invitations-from-specific-organization.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-securecollab
solutions Limit Organizations Where Users Have Guest Accounts https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/limit-organizations-where-users-have-guest-accounts.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-securecollab
solutions Limit Who Can Invite Guests https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/limit-who-can-invite-guests.md
audience: ITPro -+
+- highpri
- SPO_Content - M365-collaboration - m365solution-securecollab
solutions Manage Creation Of Groups https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-creation-of-groups.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Adm_O365 - m365solution-collabgovernance
solutions Manage Devices With Intune App Protection https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-app-protection.md
description: Configure mobile app protection with App Protection policies (APP)
ms.localizationpriority: high
+- highpri
- M365-security-compliance - m365solution-managedevices - m365solution-scenario
solutions Manage Devices With Intune Compliance Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-compliance-policies.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - m365solution-managedevices - m365solution-scenario
solutions Manage Devices With Intune Configuration Profiles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-configuration-profiles.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - m365solution-managedevices - m365solution-scenario
solutions Manage Devices With Intune Dlp Mip https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-dlp-mip.md
ms.localizationpriority: high
+- highpri
- endpoint dlp - data loss prevention - dlp policies
solutions Manage Devices With Intune Enroll https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-enroll.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - m365solution-managedevices - m365solution-scenario
solutions Manage Devices With Intune Monitor Risk https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-monitor-risk.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - deploy security baselines - m365solution-managedevices
solutions Manage Devices With Intune Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-overview.md
description: Enroll your endpoint devices in Microsoft Intune as part of your Ze
ms.localizationpriority: high
+- highpri
- M365-security-compliance - m365solution-managedevices - m365solution-overview
solutions Manage Devices With Intune Require Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/manage-devices-with-intune-require-compliance.md
ms.localizationpriority: high
+- highpri
- Conditional access policy - Microsoft Intune - M365-security-compliance
solutions Microsoft 365 Groups Expiration Policy https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-groups-expiration-policy.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Adm_O365 - m365solution-collabgovernance
solutions Microsoft 365 Guest Settings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-guest-settings.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-3tiersprotection
solutions Microsoft 365 Limit Sharing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/microsoft-365-limit-sharing.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-3tiersprotection
solutions Networking Design Principles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/networking-design-principles.md
ms.localizationpriority: medium
+- highpri
- M365-identity-device-management - M365-security-compliance
solutions Per Group Guest Access https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/per-group-guest-access.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Plan External Collaboration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/plan-external-collaboration.md
audience: ITPro
+- highpri
- M365-collaboration - m365solution-securecollab - m365solution-scenario
solutions Plan Organization Lifecycle Governance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/plan-organization-lifecycle-governance.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-collabgovernance
solutions Productivity Illustrations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/productivity-illustrations.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - M365-security-compliance
solutions Ransomware Protection Microsoft 365 Attack Detection Response https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/ransomware-protection-microsoft-365-attack-detection-response.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - ransomware
solutions Ransomware Protection Microsoft 365 Devices https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/ransomware-protection-microsoft-365-devices.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - ransomware
solutions Ransomware Protection Microsoft 365 Identities https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/ransomware-protection-microsoft-365-identities.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - ransomware
solutions Ransomware Protection Microsoft 365 Information https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/ransomware-protection-microsoft-365-information.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - ransomware
solutions Ransomware Protection Microsoft 365 Security Baselines https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/ransomware-protection-microsoft-365-security-baselines.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - ransomware
solutions Ransomware Protection Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/ransomware-protection-microsoft-365.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - ransomware
solutions Retail Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/retail-overview.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - M365solutions f1.keywords: NOCSH
solutions Secure Teams Security Isolation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/secure-teams-security-isolation.md
ms.localizationpriority: high
+- highpri
- M365-subscription-management - Strat_O365_Enterprise - m365solution-3tiersprotection
solutions Security Design Principles https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/security-design-principles.md
ms.audience: ITPro
ms.localizationpriority: medium-+
+- highpri
- M365-identity-device-management - M365-security-compliance - M365solutions
solutions Setup Secure Collaboration With Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/setup-secure-collaboration-with-teams.md
ms.localizationpriority: medium
+- highpri
- M365-collaboration - m365solution-securecollab - m365solution-overview
solutions Share Limit Accidental Exposure https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/share-limit-accidental-exposure.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-3tiersprotection
solutions Team Security Isolation Dev Test https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/team-security-isolation-dev-test.md
ms.localizationpriority: high
+- highpri
- M365-security-compliance - Strat_O365_Enterprise - remotework
solutions Tenant Management Device Management https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-device-management.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Strat_O365_Enterprise - m365solution-tenantmanagement
solutions Tenant Management Identity https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-identity.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Strat_O365_Enterprise - m365solution-tenantmanagement
solutions Tenant Management Migration https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-migration.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Strat_O365_Enterprise - m365solution-tenantmanagement
solutions Tenant Management Networking https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-networking.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Strat_O365_Enterprise - m365solution-tenantmanagement
solutions Tenant Management Overview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-overview.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Strat_O365_Enterprise - m365solution-tenantmanagement
solutions Tenant Management Tenants https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/tenant-management-tenants.md
ms.localizationpriority: medium
+- highpri
- M365-subscription-management - Strat_O365_Enterprise - m365solution-tenantmanagement
solutions Test Lab Guides Overview Solutions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/test-lab-guides-overview-solutions.md
ms.localizationpriority: medium
search.appverid: - MET150
+- highpri
- M365-security-compliance - Ent_Architecture
solutions Trust Conditional Access From Other Organizations https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/trust-conditional-access-from-other-organizations.md
audience: ITPro
+- highpri
- SPO_Content - M365-collaboration - m365solution-securecollab
whiteboard Manage Clients Gcc https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/whiteboard/manage-clients-gcc.md
audience: admin + search.appverid: MET150 ms.localizationpriority: medium