-description: "Learn how to work with Domain Connect enabled registrars and add your domain to Microsoft 365."

-# Using Domain Connect to add your domain to Microsoft 365

- **[Check the Domains FAQ](../setup/domains-faq.yml)** if you don't find what you're looking for.

-[Domain Connect](https://www.domainconnect.org/) enabled registrars let you add your domain to Microsoft 365 in a three-step process that takes minutes.

-In the wizard, we'll just confirm that you own the domain, and then automatically set up your domain's records, so email comes to Microsoft 365 and other Microsoft 365 services, like Teams, work with your domain.

-> [!NOTE]

-> Make sure you disable any popup blockers in your browser before you start the setup wizard.

-## Domain Connect registrars integrating with Microsoft 365

- - [MadDog Web Hosting](https://maddogwebhosting.com/domains/)

- - [CheapNames](https://www.cheapnames.com)

-## What happens to my email and website?

-After you finish setup, the MX record for your domain is updated to point to Microsoft 365 and all email for your domain will start coming to Microsoft 365. Make sure you've added users and set up mailboxes in Microsoft 365 for everyone who gets email on your domain!

-If you have a website that you use with your business, it will keep working where it is. The Domain Connect setup steps don't affect your website.

-description: "Learn how to join an unmanaged account to remove the domain from the account and add the domain to your account."

-# Move a domain verified in an unmanaged account

- **[Check the Domains FAQ](../setup/domains-faq.yml)** if you don't find what you're looking for.

-If you're an admin and you've tried to add a domain to your Microsoft 365 account, but you're blocked because the domain is verified for an unmanaged account, you can become the admin on the unmanaged account to remove the domain and add it to your account.

-> [!NOTE]

-> A self-service sign up for any cloud service that uses Azure AD adds the user to an unmanaged or "shadow" Azure AD directory and creates an unmanaged account. An unmanaged account is a directory without a global administrator. To determine whether an account is managed or unmanaged, see [Determining Tenant Type](/power-platform/admin/powerapps-gdpr-dsr-guide-systemlogs#determining-tenant-type).

-

-## Before you begin

-Sometimes you can't add a domain to your organization account because someone else has already signed up for Microsoft 365 using an email address associated with that domain name. But you can remove the domain from the other, unmanaged account and add it to your organization account.

-First, you'll need to join the unmanaged account and become an admin for that account (Steps 1 - 3). Then you can remove the domain from the account (Step 4), sign back into your organization account, and add the domain to your account (Step 5).

-## Step 1: Get an invitation to join the unmanaged account

-After you try to add a domain to your account, you might receive a message that someone has already signed up for Microsoft 365 using the email address. Step 1 is to request an invitation to join the other account and begin the process of performing an admin takeover.

-1. Go to the Microsoft 365 admin center > **Settings** > **Domains** > **+ Add domain**, and add the domain name.

-1. If you see a message that you can't add the domain because other people have already signed up using an email address for the domain, enter your account username, and then select **Send me the invitation**.

-1. Sign out of your current account, so you can sign into the unmanaged account.

- Check your email for an invitation to help you join the unmanaged account, and select the link provided in the email.

- Enter the **verification code** from the email to validate your email address.

-## Step 2: Complete signup with email instructions

-1. When you enter the verification code, you'll be brought to a page where you can create a new account.

-2. Fill in the username and password fields with the account that you want to use, and then complete the steps to create the account.

-## Step 3: Verify domain ownership and become the admin

-1. After you complete Step 2, select the admin center icon in the left navigation pane (alternatively, go to a browser and type in `https://admin.microsoft.com`).

- You're redirected to the admin takeover wizard.

-1. Select **Next** and verify that you own the domain you want to take over by adding a TXT record to your domain registrar.

- The wizard will give you the TXT record to add, as well as provide a link to your registrar's website, and a link to step-by-step instructions.

-1. On the **You're now the admin** page, select **Go to the admin center**.

- You now have the admin privileges required to remove the domain from the formerly unmanaged account.

-## Step 4: Remove a domain from the unmanaged account

-1. Go to **Users** > **Active users** for the account you joined in Step 2, and then select the Display name for the username you're logged in with.

-1. Under **Username**, select **Manage username**, and move the user to the onmicrosoft domain by choosing the onmicrosoft.com domain from the dropdown list.

-1. Sign out of the account and sign back in using the new `username@account.onmicrosoft.com`.

-1. Select **Settings** > **Domains**, locate the domain you want to add to the other account and select **Remove domain**.

- If you're asked to select another domain as the default, choose the onmicrosoft.com domain.

- If other users are using the domain, you must remove them. Choose from the options to **Automatically remove**, manually move the users to your domain, or remove the users completely.

- > [!NOTE]

- > Check back as it can take some time for the domain to be removed from the account. Removal is complete when the domain disappears from the account.

-1. Sign out of the account.

-## Step 5: Add the domain to your account

-1. Log in to the account where you want to add the domain.

-1. Select **Settings** > **Domains** > **+ Add domain**, and then enter the domain name to continue with wizard steps to verify domain ownership in this account and complete adding the domain to your account.

-

-## Related content

-[Perform an internal admin takeover](become-the-admin.md) (article)

-description: "Learn to use work or school email to sign up for Microsoft online services without involving their IT department. "

-# Your domain may be in use if someone else signed up with it

-Users with a work or school email can [sign up for some Microsoft online services](self-service-sign-up.md) without involving their IT department. For example, services like Office 365, Power BI, and Rights Management Services. By completing self-service signup, which they do by providing their work or school email address, they have access to functionality included in the service but they can't administer the service (add users, add licenses, manage the domain, and so on).

-

-To get the ability to administer the environment, an eligible admin can [take over control of the account](become-the-admin.md). They do this by verifying that they own the domain that was included in the work or school email addresses people used when they signed up and, in some cases, buying licenses for the service.

-

-## How does the self-service signup work?

- When someone signs up using a work or school-related email address, such as sara@contoso.com, the domain portion of that email address (contoso.com, in this example) is used as their Office 365 domain name.

-

-All other users who sign up with an email address on that same domain (say, rob@contoso.com) are added to the same account.

-

-Both Sara and Rob can use the service they signed up for, but they can't manage the service. For example, they can't purchase more licenses, add new users, or enforce policies on other users.

-

-description: "Learn how to sign up for Office 365 with your personal email address, if you don't prefer to add a custom domain. "

-# Signing up for Office 365 with a personal email address

-## When you skip adding a custom domain

-When you sign up for Office 365 with your personal email address and skip adding [a custom domain](../get-help-with-domains/what-is-a-domain.md) for now, you limit your access to certain features.

-If you choose to add a custom domain now, you get access to all the premium features below:

-|**Feature**|**Office 365 with personal email**|**Office 365 with custom domain**|

-|:--|:--|:--|

-|**OneDrive ^{1, 2}**| [Personal OneDrive](https://onedrive.live.com/about/plans/)| [OneDrive for Business](https://onedrive.live.com/about/en-us/business/) |

-|**Office applications: Word, Excel, PowerPoint, OneNote, Outlook, Access (PC only),**| Yes | Yes

-|**Business applications ³ : Microsoft Bookings and MileIQ**| No | Yes

-|**Access to Microsoft 365 admin center**| Limited Access (Billing, Support, and Domain setup) | Yes

-|**Add Users**| No | Yes

-|**Office 365

-|**Security and Compliance tools**| No | Yes

-> ¹ You'll need to migrate your [Personal OneDrive files over to OneDrive for Business](move-email-and-data-to-office-365-business-premium.md).<br/>

-> ² For information on how your data will be handled, see the [Privacy Statement](https://g.microsoftonline.com/0BX20en/138). Use of OneDrive is governed by the [Microsoft Services Agreement](https://signup.live.com/signup?ru=https://login.live.com/oauth20_authorize.srf?lc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps://login.microsoftonline.com/common/federation/oauth2%26state%3drQIIAXWRO2_TUACFc_NSUyGoEBKVEFIHJCSQk-vrR-JIHdLWSdPGaR426TVDZCeO7TjX17Ld5rGzd47EwgLqyFLED2DolBFVMIOYEBMjaXeWM5zvDEfnvEixebb8jOd4wSiaEiMZIsfwEgsZg0ciwwmcyCHIDgXIhQ83t64-PP_-ZvtGvnr04-uX8yedJcj1J-65lR9QcgkeO3EcROVCYTqd5ulo5A7uQOETACsAfgKwTGYsn9G6l8lI5EReYIWSCDmuJIhIKuYxkae6OiT6WIkx6nhNF0K80McN1eYVtR0rB56goKqD1YqgE5lde3wTVb071pOh3oWwSapuo3fkKKS-9vAcIwzx2JlgtT67ST44qZzFDroVGroL608yN6Ih6Qc0ipep9-AksPz6cJ_6vjWI87cxy4_dgRG71G-FNLDC2LWiXbOrtHuKZ7W0_nlgtvwOPZYJU-_7HsIYmWhPY2XSOz2WGh27PzY0ElRHbXgoOqo-N0Rq8KpNTbuzPy_CU1k7VJslRgtmc143vS6vwBrlup0SrYa-ViPzOdNTJHl_OGAachhVhnsz9WMqu56VUP86dX9dyneHO0FIR-7EWqXBr_Q9mCpvbGxuJbYTO4m_afAus36u-1qsZVblo7ffELCfgsR1pkCw8yps8Mh7SaJJaTGxXQU6MB7jakM_iyYHLQVJbRya07a9K5XZiyy4yGZ_ZxOfc_87-h81%26estsfed%3d1%26uaid%3ddd27a8b7188545dab714e7d8c6761b52%26lw%3d1%26fl%3deasi2%26mkt%3den-US&amp;mkt=EN-US&amp;uiflavor=web&amp;lw=1&amp;fl=easi2&amp;client_id=51483342-085c-4d86-bf88-cf50c7252078&amp;uaid=dd27a8b7188545dab714e7d8c6761b52&amp;lic=1). The [Microsoft Online Subscription Agreement](https://admin.microsoft.com/Commerce/Mosa.aspx?cc2=US&amp;cl=en&amp;cc=en-US&amp;gcc=False) governs all the other services included with your subscription.<br/>

-> ³ Some business applications aren't available in all regions.<br/>

-## How to add a domain

-In the admin center, go to **Setup** > <a href="https://go.microsoft.com/fwlink/p/?linkid=834818" target="_blank">Domains</a> > **Add domain**.

-description: "Learn the difference between the setup wizard and the Setup page."

-# Difference between the setup wizard and the Setup page

-Microsoft 365 provides two setup experiences:

-The setup wizard provides a guided walkthrough for setting up the basic Microsoft 365 configuration. After you complete the initial setup, you can go to the **Setup** page to finish setting up and configuring the services that come with your subscriptions.

-## Use the setup wizard to complete initial setup tasks

-To set up your account, go to the [admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339), select **Setup** in the left navigation pane, and then select **Guided setup** on the **Setup** page.

-

-The setup wizard guides you through the following steps:

-1. Install the Microsoft 365 apps on your computer.

-2. Choose and verify your domain, such as contoso.com.

-3. Add new users and assign licenses to them so that they can download and install Microsoft 365 apps.

-4. Connect your domain.

-## Use the Setup page to complete and manage your configuration

-To access the **Setup** page in the [admin center](https://go.microsoft.com/fwlink/p/?linkid=2024339), select **Setup** in the navigation pane. Based on products you've purchased, features you've set up, and your admin role, tasks and related information from across Microsoft 365 are surfaced here.

-You'll see the complete list of setup tasks arranged in logical categories, including those that you completed in the setup wizard.

-

-Choose **View** for any task to get at-a-glance information, such as task description, user impact, prerequisites, effort to implement, and security and adoption statistics to help you understand consequences and impact before proceeding.

-You'll also see the status of the task (**Started**, **Not started yet**, or **Completed**). If you're multi-tasking, working on tasks over several days, or if there are multiple admins working on tasks, you can track completion by seeing at a glance which tasks have been completed and which ones still require attention.

-For access to comprehensive articles about the features you're setting up, select any of the **Learn more** links. The collection of tasks is always here, so you can return to the **Setup** page at any time to explore resources further.

-When you're ready to complete a task, select **Get started** to walk through the configuration process. Once you complete a task, the **Get started** button changes to a **Manage** button, allowing you to manage the task, as needed.

-

-description: Learn how to use eDiscovery (Premium) to send and follow up on legal hold notifications through email, as well as monitor obligation status.

-description: "Learn how to use the built-in custodian management tool in Microsoft Purview eDiscovery (Premium) to coordinate your workflows and identify relevant data sources in a case."

-description: "Learn how to select documents from one review set and work with them individually in another set in an Microsoft Purview eDiscovery (Premium) case."

-description: Learn how to add search results or samples of those search results to an eDiscovery (Premium) case review set.

-description: "Learn how to add or remove the members who can access a case when managing an eDiscovery (Premium) case."

-description: "Microsoft Purview Audit (Premium) provides new auditing capabilities to help your organization with forensic and compliance investigations."

-description: "Use collections in Microsoft Purview eDiscovery (Premium) to collect cloud attachments for review in an investigation or case."

-description: "You can add custodian communications templates (such as a template for hold notification) in eDiscovery (Premium) so they can be used in any case in your organization."

-description: "Use the Microsoft Purview eDiscovery (Premium) dashboard for review sets to quickly analyze your corpus to identify trends or key statistics that will help you develop your review strategy."

-description: "Use historical versions in eDiscovery (Premium) to collect content from all versions of documents stored in SharePoint and OneDrive."

-description: "You can add organization-wide issuing officers in eDiscovery (Premium) so they can be added to any custodial communication in any case in your organization."

-description: "Use the new case format in eDiscovery (Premium) so you can add more items to review sets and take advantage of other increased limits and new functionality."

-description: Learn about the tools available to organize document sets when analyzing an Microsoft Purview eDiscovery (Premium) case.

-description: "Learn how to set up and use a 17a-4 BlackBerry DataParser connector to import and archive BlackBerry data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Bloomberg DataParser connector to import and archive Bloomberg data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Cisco Jabber DataParser connector to import and archive Cisco Jabber data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 FactSet DataParser connector to import and archive FactSet data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Fuze DataParser connector to import and archive Fuze data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 FX Connect DataParser connector to import and archive FX Connect data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 ICE Connect Chat DataParser connector to import and archive ICE Connect Chat data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 InvestEdge DataParser connector to import and archive InvestEdge data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 LivePerson Conversational Cloud DataParser connector to import and archive LivePerson Conversational Cloud data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Quip DataParser connector to import and archive Quip data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Refinitiv Eikon Messenger DataParser connector to import and archive this data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 ServiceNow DataParser connector to import and archive ServiceNow data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Skype for Business Server DataParser connector to import and archive Skype for Business Server data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Slack DataParser connector to import and archive Slack data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 SQL DataParser connector to import and archive SQL data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Symphony DataParser connector to import and archive Symphony data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Cisco Webex DataParser connector to import and archive Cisco Webex data in Microsoft 365."

-description: "Learn how to set up and use a 17a-4 Zoom DataParser connector to import and archive Zoom data in Microsoft 365."

-description: "Admins can set up a TeleMessage connector to import and archive SMS, MMS, and voice calls from Android mobile phones. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a TeleMessage connector to import and archive SMS and MMS data from the AT&T Mobile Network. This lets you archive data from third-party data sources in Microsoft Purview so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a TeleMessage connector to import and archive SMS and MMS data from the Bell Network. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Administrators can set up a data connector to import and archive data from the Bloomberg Message email tool in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, Content Search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive CellTrust data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive Cisco Jabber on MS SQL data from Veritas in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Learn how to set up and use a connector in the Microsoft Purview compliance portal to import and archive data from Cisco Jabber on Oracle to Microsoft 365."

-description: "Learn how to set up and use a connector in the Microsoft Purview compliance portal to import and archive data from Cisco Jabber on PostgreSQL to Microsoft 365."

-description: "Learn how to set up and use a CellTrust SL2 data connector to import and archive mobile communications data."

- 

-description: "Admins can set up a connector to import and archive EML data from Veritas into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive SMS and MMS data from TeleMessage Enterprise Number Archiver. This lets you archive data from third-party data sources in Microsoft Purview so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Learn how to set up & use a connector in the Microsoft Purview compliance portal to import & archive data from Facebook Business pages to Microsoft 365."

-description: "Admins can set up a connector to import and archive data from Veritas FX Connect in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive data from the ICE Chat tool into Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Learn how administrators can set up and use a data connector to import and archive data from the Instant Bloomberg chat tool into Microsoft 365."

-description: "Learn how administrators can setup & use a native connector to import data from a LinkedIn Company Page to Microsoft 365."

-description: "Admins can set up a connector to import and archive data from MS SQL Database. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a TeleMessage connector to import and archive SMS and MMS data from the O2 mobile network in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive Red tail Speak data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive Reuters Dealing data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive Reuters Eikon data from Veritas in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive Reuters FX data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive RingCentral data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, eDiscovery, and retention policies to manage third-party data."

-description: "Admins can set up a TeleMessage connector to import and archive Rogers Network data in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive Salesforce Chatter data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive ServiceNow data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a TeleMessage connector to import and archive Signal communications data in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Learn how to set up and use a connector in the Microsoft Purview compliance portal to import and archive data from Skype for Business to Microsoft 365."

-description: "Learn how to set up and use a Slack eDiscovery data connector provided by Microsoft to import and archive instant messaging data."

-description: "Admins can set up a connector to import and archive data from Veritas Slack eDiscovery into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive data from Veritas Symphony into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a TeleMessage connector to import and archive Telegram communications data in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a TeleMessage connector to import and archive SMS data from the TELUS Network in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive text-delimited data from Veritas into Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Learn how administrators can set up and use a native connector to import Twitter data into Microsoft 365."

-description: "Admins can set up a connector to import and archive Twitter data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, eDiscovery, and retention policies to manage third-party data."

-description: "Admins can set up a TeleMessage connector to import and archive SMS and MMS data from the Verizon Network in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive data from Veritas's Webex Teams connector in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive Webpage Capture data from Veritas in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Set up and use a connector in the Microsoft Purview compliance portal to import and archive WeChat data in Microsoft 365."

-description: "Admins can set up a TeleMessage connector to import and archive WhatsApp data in Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive data from Workplace from Facebook, which is archived on Veritas's Merge1 site, into Microsoft 365. Setting up a connector requires that you work with Veritas This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive XIP source data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive XSLT/XML data from Veritas in Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Admins can set up a connector to import and archive Yieldbroker data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, content search, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive YouTube data from Veritas to Microsoft 365. This connector lets you archive data from third-party data sources in Microsoft 365. After your archive this data, you can use compliance features such as legal hold, eDiscovery, and retention policies to manage third-party data."

-description: "Admins can set up a connector to import and archive data from Veritas Zoom Meetings into Microsoft 365. This lets you archive data from third-party data sources in Microsoft 365 so you can use compliance features such as legal hold, content search, and retention policies to manage your organization's third-party data."

-description: "Learn how to import and archive third-party data from social media platforms, instant messaging platforms, and document collaboration platforms to Microsoft 365 mailboxes."

-description: "Get an overview of the Assessment stage and its role in determining the richness of issues during Relevance training in Microsoft Purview eDiscovery (Premium)."

-description: "Assign the permissions required to perform eDiscovery-related tasks using the Microsoft Purview compliance portal."

-description: "Use the attorney-client privilege detection model to use the machine learning-based detection of privileged content when reviewing content in a Microsoft Purview eDiscovery (Premium) case."

-description: "Audit log retention policies are part of the new Microsoft Purview Audit (Premium) capabilities. An audit log retention policy lets you specify how long to retain audit logs in your organization."

-description: "Use a PowerShell script that runs the Search-UnifiedAuditLog cmdlet in Exchange Online to search the audit log. This script is optimized to return a large set of audit records each time you run it. The script exports these records to a CSV file that you can view or transform using Power Query in Excel."

-description: "The Audit New Search validates the performance improvements, completeness, and consistency of results."

-description: "Learn how to audit the activities of users and administrators in your Microsoft 365 organization."

-description: "Learn how to use the Microsoft 365 audit log search tool to help troubleshoot common support issues for email accounts."

-description: "Use keywords and conditions to narrow the scope of the search when searching for data using eDiscovery (Premium) in Microsoft 365."

-description: "Use the bulk-import tool to quickly add multiple custodians and their associated data sources to a case in Microsoft Purview eDiscovery (Premium)."

-description: "Learn how admins can use Exchange Online PowerShell and a CSV file to bulk import external contacts to the global address list."

-description: "You can change the default size of PST files that are downloaded to your computer when you export eDiscovery search results."

-description: "Learn how to detect errors and typos in your keyword query for eDiscovery searches before running the search."

-description: "Use the PowerShell script in this article to quickly clone an existing Content Search in the Microsoft Purview compliance portal in Microsoft 365."

-description: Learn what happens when an investigation or legal case supported by a Microsoft Purview eDiscovery (Premium) case is closed or deleted.

-description: "This article describes how to manage eDiscovery (Standard) cases. This includes closing a case, reopening a closed case, and deleting a case."

-description: "Learn how to access and use statistics and reports for draft collections and collections that have been committed to a review set in Microsoft Purview eDiscovery (Premium)."

-description: "Use collections in eDiscovery (Premium) to search for and collect content that's relative to your case or investigation."

-description: "After you create and iterate on a draft collection, you can commit it to a review set. When you commit a draft collection, the collected items are added to review set in the case. After the collected items are in the review set, you can analyze, review, and export them."

-description: "Learn about extending Microsoft Purview solutions by using third-party data connectors and Microsoft Graph APIs."

-description: "You have to enable ClickOnce support to use the newest version of Microsoft Edge to download search results from Content Search and eDiscovery in the security and compliance center."

-description: "Configure Microsoft Purview eDiscovery (Premium) settings that apply to all review set in a case. This includes settings for analytics and Optical character recognition."

-description: "This article contains reference information about the Content search eDiscovery tool in the Microsoft Purview compliance portal to help you learn the many details about Content search."

-description: "Use the Content search eDiscovery tool in the compliance center to search for content in different Microsoft 365 services."

-description: "Learn about the conversation reconstruction feature in Microsoft Purview eDiscovery (Premium) (called conversation threading) to reconstruct, review, and export chat conversations in Microsoft Teams and Yammer groups."

-description: "Learn how to place a mailbox on Litigation hold, retaining all the mailbox content during an investigation."

-description: Learn how to generate a report that contains information about all the holds that are associated with eDiscovery cases.

-description: Add and manage activity alerts in the Microsoft Purview compliance portal so that Microsoft 365 will send you email notifications when users perform specific activities

-description: "This article describes how to create and manage Microsoft Purview eDiscovery (Premium) cases. The first step is to create a case and start using eDiscovery (Premium) features and functionality."

-description: "A draft collection is an eDiscovery search of custodial and non-custodial data sources in an eDiscovery (Premium) case that returns a search estimate that matches the search query of the collection. You can review search statistics, preview a sampling of items, and revise and rerun the collection before you commit the results to a review set."

-description: "You can create a hold that's associated with a eDiscovery (Standard) case in Microsoft 365 to preserve content relevant to an investigation or legal case."

-description: Use the Communications tool in an eDiscovery (Premium) case to send, collect, and track legal hold notifications.

-description: "Learn how to automate Content Search tasks like creating searches and running reports using Security & Compliance PowerShell."

-description: "The data classification dashboard gives you visibility into how much sensitive data has been found and classified in your organization."

-# Learn about data classification

-description: "Learn how to access and view admin logs for data connectors to get status information for the data imported by the connector."

-description: "Use eDiscovery and search tools to manage and respond to a data spillage incident in your organization."

-description: Learn how to eliminate duplicate eDiscovery search results so that only one copy of an email message is exported.

-description: "Learn how the Decide tab in eDiscovery (Premium) provides data that can help you determine the correct size of the review set of case files."

-description: Learn how admins can delete items in a user's Recoverable Items folder for an Exchange Online mailbox, even if that mailbox is placed on legal hold.

-description: "Administrators can set up a native connector to import and archive Facebook Business pages to Microsoft 365. After this data is imported to Microsoft 365, you can use compliance features such as legal hold, content search, and retention policies to manage the governance of your organization's Facebook data."

-description: "Administrators can set up a native connector to import and archive Twitter data to Microsoft 365. After this data is imported to Microsoft 365, you can use compliance features such as legal hold, content search, and retention policies to manage the governance of your organization's Twitter data."

-description: This article provides descriptions of additional properties included when you export results for an Office 365 audit log record.

-description: "Understand why estimated and actual search results may vary in searches run with eDiscovery tools in Office 365."

-description: Edit the Windows Registry on your local computer to disable reports when you export the results of a Content Search from the Microsoft Purview compliance portal.

-description: "This article defines the metadata fields for documents in a review set in a case in Microsoft Purview eDiscovery (Premium) in Microsoft 365."

-description: "Learn how to select and download content from a review set in eDiscovery (Premium) for presentations or external reviews."

-description: "Export documents in a review set to an Azure Storage account and then use Azure Storage Explorer to download them to a local computer."

-description: "Learn how Microsoft Purview eDiscovery (Premium) in Microsoft 365 supports Chinese, Japanese, and Korean (CJK) languages, which use a double-byte character set."

-description: "Learn about how Microsoft 365 eDiscovery tools handle encrypted documents attached to email messages and stored in SharePoint Online and OneDrive for Business."

-description: "Learn about how to collect eDiscovery diagnostic information for a Microsoft Support case."

-description: "Microsoft 365 customers can perform eDiscovery searches on content ingested for enterprise search."

-description: "You can use the KQL editor to configure eDiscovery search queries in Content search, eDiscovery (Standard), and eDiscovery (Premium)."

-description: "Microsoft Purview offers three eDiscovery tools that you can use to search for and export content found in different locations such as Exchange mailboxes, SharePoint and OneDrive for Business sites, Microsoft 365 Groups, Microsoft Teams, and Skype for Business conversations. eDiscovery (Standard) and eDiscovery (Premium) provide many additional features to help you manage your investigations."

-description: "When conducting an eDiscovery (Premium) analysis, email threading parses an email conversation and separates each message into different categories."

-description: Learn how to use error remediation to correct data issues in eDiscovery (Premium) that might prevent proper processing of content.

-description: "Instead of exporting the actual results of a Content search in the Microsoft Purview compliance portal, you can export a search results report. The report contains a summary of the search results and a document with detailed information about each item that would be exported."

-description: "Describes how to export and download content from a eDiscovery (Standard) case in Microsoft 365."

-description: "Learn how to select and export content from an eDiscovery (Premium) review set for presentations or external reviews."

-description: "Export the search results from a Content search in the Microsoft Purview compliance portal to a local computer. Email results are exported as PST files. Content from SharePoint and OneDrive for Business sites are exported as native Office documents."

-description: "In this article, you will learn how to export, configure, and view Microsoft 365 audit log records."

-description: "Learn how to export or download content from a review set for presentations or external reviews in an eDiscovery (Premium) case."

-description: "Learn how to filter data using the intelligent import feature in the Microsoft 365 import service when you import PST files to Microsoft 365."

-description: "Describes how to get started using eDiscovery (Standard) in Microsoft Purview. After you assign eDiscovery permissions and create a case, you can add members, create eDiscovery holds, and then search for and export content that's relevant to your investigation."

-description: "This article describes how to set up eDiscovery (Premium) so you can start creating and managing cases. It also describes the required Microsoft subscriptions and licensing. After you complete a few quick steps, the eDiscovery (Premium) tool is ready to use."

-mscollection: M365-security-compliance

-description: Learn how to access and use the Microsoft Service Trust Portal to help with security, privacy, and compliance practices.

-description: "Learn how to identify the different types of hold that can be placed on an Exchange Online mailbox in Microsoft 365."

-description: "Administrators can set up a data connector to import electronic healthcare records (EHR) data from your organization's Epic system to Microsoft 365. This lets you use Epic EHR data in insider risk management policies to help you detect unauthorized access activity to patient data by your employees."

-description: "Administrators can set up a data connector to import electronic healthcare records (EHR) data from their healthcare system to Microsoft 365. This lets you use EHR data in insider risk management policies to help you detect unauthorized access activity to patient data by your employees."

-description: "Administrators in the US Government cloud can set up a data connector to import employee data from their organization's human resources (HR) system to Microsoft 365. This lets you use HR data in insider risk management policies to help you detect activity by specific users that may pose an internal threat to your organization."

-description: "Administrators can set up a data connector to import employee data from their organization's human resources (HR) system to Microsoft 365. This lets you use HR data in insider risk management policies to help you detect activity by specific users that may pose an internal threat to your organization."

-description: "Administrators can set up a data connector to import data from their organization's physical badging system to Microsoft 365. This lets you use this data in insider risk management policies to help you detect access to your physical buildings by specific users that may indicate a possible internal threat to your organization."

-description: Learn how to use the Import service in the Microsoft Purview compliance portal to bulk-import email data (PST files) to user mailboxes.

-description: "Enable the archive mailbox and turn on auto-expanding archiving to increase the size of the Recoverable Items folder for a mailbox in Microsoft 365."

-description: "When a custodian is added to an eDiscovery (Premium) case, any content that was deemed as partially indexed is reprocessed to make it fully searchable."

-description: "Learn how to manage partially indexed items (also called unindexed items) from Exchange, SharePoint, and OneDrive for Business within your organization."

-description: "Learn about email and document properties that you can search by using the eDiscovery search tools in Microsoft 365."

-|Property|Property description|Examples|Search results returned by the examples|

-|||||

-|AttachmentNames|The names of files attached to an email message.|`attachmentnames:annualreport.ppt` <p> `attachmentnames:annual*`|Messages that have an attached file named annualreport.ppt. In the second example, using the wildcard character ( * ) returns messages with the word "annual" in the file name of an attachment.¹|`bcc:pilarp@contoso.com` <p> `bcc:pilarp` <p> `bcc:"Pilar Pinilla"`|All examples return messages with Pilar Pinilla included in the Bcc field.<br>([See Recipient Expansion](keyword-queries-and-search-conditions.md#recipient-expansion))|

-description: "In-Place eDiscovery and In-Place Hold (and the corresponding PowerShell cmdlets) in Exchange Online will be retired in the first half of 2020. The Search-Mailbox cmdlet and Microsoft Purview eDiscovery (Premium) v1.0 are also being retired within the same time period."

-description: "This article describes the limits in eDiscovery (Standard) case in Microsoft 365."

-description: "Learn about the case limits, indexing limits, and search limits in effect for the eDiscovery (Premium) solution in Microsoft 365."

-description: "Learn about the limits in effect for the Content search and eDiscovery (Standard) features in the Microsoft Purview compliance portal."

-description: "Learn how to import non-Microsoft 365 data to a review set for analysis in an eDiscovery (Premium) case."

-description: "Use the MailItemsAccessed mailbox auditing action to perform forensic investigations of compromised user accounts."

-description: "Use the communications workflow in eDiscovery (Premium) to track the status of your legal hold notifications and if necessary update and resend them."

-description: "Use eDiscovery cases in the Microsoft Purview compliance portal to manage your organization's legal investigation."

-description: Learn how to view details, edit, and bulk edit the list of custodians in an eDiscovery (Premium) case.

-description: "Read the recommendations for setting up Relevance training in eDiscovery (Premium) to score files by their relevance and generate analytical results."

-description: "eDiscovery (Premium) makes it easy to manage the legal hold notification workflow around notifying custodians in legal investigations."

-description: Learn how to use the custodian management tool in eDiscovery (Premium) to manage data for a legal case.

-description: Learn how to place holds on custodians and their data sources to preserve relevant content for your eDiscovery (Premium) case.

-description: "eDiscovery (Premium) jobs help you track the status of long-running processes related to performing various eDiscovery (Premium) tasks."

-description: Learn how to manage review sets so you can analyze, query, view, tag, and export data in an eDiscovery (Premium) case.

-description: Learn about managing permissions in the Microsoft Purview compliance portal.

-description: Learn about automatic redirection of users from the Office 365 Security and Compliance Center users to the Microsoft Purview compliance portal.

-description: Learn about the Microsoft Purview compliance portal, including what it contains, how to get it, and your next steps.

-description: Learn about the Microsoft Purview solution catalog, including what it contains, how to access it, and your next steps.

-description:

-description: "Use near duplicate detection to group textually similar documents when analyzing case data in eDiscovery (Premium)."

-description: "You can add non-custodial data sources to an eDiscovery (Premium) case and place a hold on the data source. Non-custodial data sources are reindexed, so any content that was marked as partially indexed is reprocessed to make it fully and quickly searchable."

-description: "Access logs are available for encrypted messages retrieved through the encrypted message portal."

-description: "Learn about the eDiscovery (Premium) solution in Microsoft Purview. This article provides an overview of eDiscovery (Premium) in Microsoft Purview, a tool to help you manage internal and external investigations. It also frames the business reasons for using eDiscovery (Premium) to manage your legal investigations."

-description: "Learn about unindexed items in Exchange and SharePoint that you can include in an eDiscovery search that you run in the Microsoft Purview compliance portal."

-description: "Use search permissions filtering to let eDiscovery managers search only a subset of mailboxes and sites in your organization."

-description: "Use a prediction score filter to displays items that a predictive coding model as predicted as relevant or not relevant."

-description: "Learn how to create a predictive coding model in eDiscovery (Premium). This is the first step in using the machine learning capabilities in eDiscovery (Premium) to help you identify relevant and non-relevant content in a review set."

-description: "The new predictive coding module in eDiscovery (Premium) uses machine learning to analyze items in a review set to predictive which the items that are relevant to your case or investigation."

-description: "Learn how to get started using the predictive coding module in eDiscovery (Premium). This article walks you through the end-to-end process of using predictive coding to identify content in a review set that's most relevant to your investigation."

-description: "Learn about the key concepts and metrics of the predictive coding tool in Microsoft Purview eDiscovery (Premium)."

-description: "Learn about performing the first training round for predictive coding."

-description: "In-Place Hold, Litigation Hold, and Microsoft 365 retention policies allow you to preserve mailbox content to meet regulatory compliance and eDiscovery requirements."

-description: "Preview a sample of the results returned by a Content search or a eDiscovery (Standard) search in the Microsoft Purview compliance portal."

-description: "Overview about processing various forms of data in eDiscovery (Premium)."

-description: During an investigation, you can use the Retry button to resolve Content Searches that have content location errors.

-description: "Learn how to create and run a query in a review set to organize content for a more efficient review in a Microsoft Purview eDiscovery (Premium) case."

-description: "Use eDiscovery (Premium) and the Microsoft Graph Explorer to search for and purge chat messages in Microsoft Teams, and respond to data spillage incidents in Teams."

-description: "Admins can use eDiscovery tools in Microsoft 365 to search for and export Teams chat data for on-premises users in an Exchange hybrid deployment."

-description: "Use the search and purge feature in the Microsoft Purview compliance portal to search for and delete an email message from all mailboxes in your organization."

-description: "Search for content that may be relevant to a eDiscovery (Standard) case."

-description: "Use the Content search eDiscovery tool in the Microsoft Purview compliance portal to quickly find email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations, and instant messaging conversations in Skype for Business."

-description: Learn what events are logged when users assigned eDiscovery permissions perform Content search, eDiscovery (Standard), and eDiscovery (Premium) tasks in the Microsoft Purview compliance portal.

-description: "Use the Microsoft Purview compliance portal to search the unified audit log to view user and administrator activity in your organization."

-description: "Use Content Search and the script in this article to search the mailboxes and OneDrive for Business sites for a group of users."

-description: "This article describes how to set up Audit (Premium) so you can perform forensic investigations when user accounts are compromised or to investigation other security-related incidents."

-description: "Learn how to use compliance boundaries to create logical boundaries that control the user content locations that an eDiscovery manager can search in Microsoft 365."

-description: "You can fix a processing error in a document in a review set in eDiscovery (Premium) without having to follow the bulk error remediation process."

-description: "Smart tags let you apply the machine learning capabilities when reviewing content in an eDiscovery (Premium) case. Use smart tag groups to display the results of machine learning detection models, such as the attorney-client privilege model."

-description: "A list of supported file types in Microsoft 365 eDiscovery (Premium), including image file types supported by the OCR functionality in eDiscovery (Premium)."

-description: "Learn the steps to tag and then work with a training sample of 40 files during the Relevance training stage of eDiscovery (Premium)."

-description: "Tagging documents in a review set helps remove unnecessary content and identify relevant content in an eDiscovery (Premium) case."

-description: "Learn how to preserve, collect, review, and export content from Microsoft Teams in eDiscovery (Premium)."

-description: "Learn how to use the Test tab after Batch calculation in eDiscovery (Premium) to test, compare, and validate the overall quality of processing."

-description: "Use Themes in eDiscovery (Premium) to organize review sets by finding the dominant theme in each document."

-description: "Learn how to view and interpret the Relevance training status and results for case issues in eDiscovery (Premium)."

-description: Troubleshoot errors for Azure AzCopy when loading non-Office 365 data for error remediation in eDiscovery (Premium).

-description: How to turn on or off the Audit log search feature in the Microsoft Purview compliance portal to enable or disable the ability of admins to search the audit log.

-description: "Learn how to run a script to add mailboxes & OneDrive for Business sites to a new hold associated with an eDiscovery case in the Microsoft Purview compliance portal."

-description: "Use Content search in the Microsoft Purview compliance portal to perform a targeted collection, which searches for items in a specific mailbox or site folder."

-description: Use the Content Search eDiscovery tool to search for items imported to mailboxes in Microsoft 365 from a third-party data source by creating queries.

-description: Admin can learn how to bulk-import PST files to Microsoft 365 mailboxes by copying PST files to a hard drive and then shipping it to Microsoft.

-description: "For administrators: Learn how to use network upload to bulk-import multiple PST files to user mailboxes in Microsoft 365."

- | Parameter | Description | Example |

- |:--|:--|:--|

- | `Workload` <br/> |Specifies the service that data will be imported to. To import PST files to user mailboxes, use `Exchange`. <br/> | `Exchange` <br/> |

- | `FilePath` <br/> |Specifies the folder location in the Azure Storage location that you uploaded the PST files to in Step 2. <br/> If you didn't include an optional subfolder name in the SAS URL in the `/Dest:` parameter in Step 2, leave this parameter blank in the CSV file. If you included a subfolder name, specify it in this parameter (see the second example). The value for this parameter is case-sensitive. <br/> Either way, *don't* include "ingestiondata" in the value for the `FilePath` parameter. <br/><br/> **Important:** The case for the file path name must be the same as the case you used if you included an optional subfolder name in the SAS URL in the destination field in Step 2. For example, if you used `PSTFiles` for the subfolder name in Step 2 and then use `pstfiles` in the `FilePath` parameter in CSV file, the import for the PST file will fail. Be sure to use the same case in both instances. <br/> |(leave blank) <br/> Or <br/> `PSTFiles` <br/> |

- | `Name` <br/> |Specifies the name of the PST file that will be imported to the user mailbox. The value for this parameter is case-sensitive. The file name of each PST file in the mapping file for an import job must be unique. <br/> <br/>**Important:** The case for the PST file name in the CSV file must be the same as the PST file that was uploaded to the Azure Storage location in Step 2. For example, if you use `annb.pst` in the `Name` parameter in the CSV file, but the name of the actual PST file is `AnnB.pst`, the import for that PST file will fail. Be sure that the name of the PST in the CSV file uses the same case as the actual PST file. <br/> | `annb.pst` <br/> |

- | `Mailbox` <br/> |Specifies the email address of the mailbox that the PST file will be imported to. You can't specify a public folder or unified group because the PST Import Service doesn't support importing PST files or unified groups to public folders. <br/> To import a PST file to an inactive mailbox, you have to specify the mailbox GUID for this parameter. To obtain this GUID, run the following PowerShell command in Exchange Online: `Get-Mailbox <identity of inactive mailbox> -InactiveMailboxOnly`. | `FL Guid` <br/> **Note:** Sometimes you might have multiple mailboxes with the same email address, where one mailbox is an active mailbox and the other mailbox is in a soft-deleted (or inactive) state. In these situations, you have to specify the mailbox GUID to uniquely identify the mailbox to import the PST file to. To obtain this GUID for active mailboxes, run the following PowerShell command: `Get-Mailbox <identity of active mailbox>`. | `FL Guid`. To obtain the GUID for soft-deleted (or inactive) mailboxes, run this command `Get-Mailbox \<identity of soft-deleted or inactive mailbox\> -SoftDeletedMailbox | FL Guid`. <br/> | `annb@contoso.onmicrosoft.com` <br/> Or <br/> `2d7a87fe-d6a2-40cc-8aff-1ebea80d4ae7` <br/> |

-description: Admin can learn how to use sharing auditing in the Microsoft 365 audit log to identify resources shared with users outside of their organization.

-description: Use the Communications Editor to change text and merge field variables when formatting your content.

-description: Use the eDiscovery (Premium) Custodian Management tool to easily access and search the activity for custodians within your case.

-description: "Choose how you view content in eDiscovery (Premium), such as text, annotate, converted, or native view."

-description: "Learn how to use the search statistics feature to display statistics for Content searches and searches associated with a eDiscovery (Standard) case in the Microsoft Purview compliance portal."

-description: "Content produced by cloud-based apps in Microsoft 365 is stored or associated with a user's Exchange Online mailbox. This content can be searched using Microsoft eDiscovery tools."

-description: Learn how to set up a custom connector to import third-party data from data sources such as Salesforce Chatter, Yahoo Messenger, or Yammer.

-|classification|Nullable Enum|Specification of the alert. Possible values are: 'Unknown', 'FalsePositive', 'TruePositive'.|

-|determination|Nullable Enum|Specifies the determination of the alert. Possible values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'.|

->Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.

-keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules

-After you've fully deployed attack surface reduction (ASR) rules, it's vital that you have processes in place to monitor and respond to ASR-related activities.

-## Managing false positives

-## Keeping up with reports

-## Hunting

-> [!div class="mx-imgBorder"]

-> :::image type="content" source="images/asr-defender365-advanced-hunting2.png" alt-text="The Advanced Hunting page in the Microsoft 365 Defender portal" lightbox="images/asr-defender365-advanced-hunting2.png":::

-keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules

-When testing attack surface reduction (ASR) rules it is important to start with the right business unit. You'll want to start with a small group of people in a specific business unit. You can identify some ASR champions within a particular business unit who can provide real-world impact about the ASR rules, and help you tune your implementation.

-> [!div class="mx-imgBorder"]

-> :::image type="content" source="images/asr-rules-planning-steps.png" alt-text="The ASR rules planning steps" lightbox="images/asr-rules-planning-steps.png":::

-## Start with the right business unit

-## Identify ASR rules champions

-## Define reporting and response team roles and responsibilities

-## Ring deployment

-description: Provides guidance to test your attack surface reduction (ASR) rules deployment.

-keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules

-Testing attack surface reduction (ASR) rules helps you determine if rules will impede line-of-business operations prior to enabling any rule. By starting with a small, controlled group, you can limit potential work disruptions as you expand your deployment across your organization.

-Begin your attack surface reduction(ASR) rules deployment with ring 1.

-> [!div class="mx-imgBorder"]

-> :::image type="content" source="images/asr-rules-testing-steps.png" alt-text="The ASR rules testing steps" lightbox="images/asr-rules-testing-steps.png":::

-### Configure ASR Rules using MEM

-## Step 2: Understand the Attack surface reduction rules reporting page in the Microsoft 365 Defender portal

-> [!div class="mx-imgBorder"]

-> :::image type="content" source="images/asr-defender365-01b.png" alt-text="The Attack surface reduction rules page" lightbox="images/asr-defender365-01b.png":::

-description: Provides overview and prerequisite guidance about deploying attack surface reduction (ASR) rules.

-keywords: Attack surface reduction rules deployment, ASR deployment, enable asr rules, configure ASR, host intrusion prevention system, protection rules, anti-exploit rules, anti-exploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules

-Attack surfaces are all the places where your organization is vulnerable to cyberthreats and attacks. Your organization's attack surfaces includes all the places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means protecting your organization's devices and network, which leaves attackers with fewer ways to attack. Configuring attack surface reduction (ASR) rules ΓÇö one of many security features found in Microsoft Defender for Endpoint ΓÇö can help.

-## Before you begin

-### Rules by category

-### Infrastructure requirements

-### Cloud Protection (MAPS) must be enabled

-### Microsoft Defender Antivirus components must be current versions

-## ASR rules deployment steps

-As with any new, wide-scale implementation which could potentially impact your line-of-business operations, it is important to be methodical in your planning and implementation. Because of the powerful capabilities of ASR rules in preventing malware, careful planning and deployment of these rules is necessary to ensure they work best for your unique customer workflows. To work in your environment, you need to plan, test, implement, and operationalize ASR rules carefully.

-> [!div class="mx-imgBorder"]

-> :::image type="content" source="images/asr-rules-deployment-phases.png" alt-text="The ASR rules deployment phases" lightbox="images/asr-rules-deployment-phases.png":::

->[!Note]

->For Customers who are using a non-Microsoft HIPS and are transitioning to Microsoft Defender for Endpoint attack surface reduction rules:

->Microsoft advises customers to run their HIPS solution side-by-side with their ASR rules deployment until the moment you shift from Audit to Block mode. Keep in mind that you must reach out to your 3rd-party antivirus vendor for exclusion recommendations.

-### ASR collection

-description: Lists details about attack surface reduction rules on a per-rule basis.

-keywords: Attack surface reduction rules, ASR, asr rules, hips, host intrusion prevention system, protection rules, anti-exploit rules, antiexploit, exploit rules, infection prevention rules, Microsoft Defender for Endpoint, configure ASR rules, ASR rule description

-# Attack surface reduction rules reference

-This article provides information about attack reduction rules:

-## Supported operating systems

-## Supported configuration management systems

-## Per rule alert and notification details

-For more information about configuring attack surface reduction rules, see [Enable attack surface reduction rules](enable-attack-surface-reduction.md).

-For specific details about notification and alert functionality, see: [Per rule alert and notification details](attack-surface-reduction-rules-reference.md#per-rule-alert-and-notification-details), in the article **Attack surface reduction rules reference**.

-classification | String | Specifies the specification of the specified alerts. The property values are: 'True positive', 'Informational, expected activity' and 'False positive'.

-determination | String | Specifies the determination of the specified alerts. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'

->Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.

-> - [Set attack surface reduction rules to block mode](attack-surface-reduction-rules-deployment.md)

-|Reports: Device health| In development| In development| In development|

-| Audit applies to individual rules | [Step 1: Test ASR rules using Audit mode](attack-surface-reduction-rules-deployment-test.md#step-1-test-asr-rules-using-audit) | [Step 2: Understand the Attack surface reduction rules reporting page](attack-surface-reduction-rules-deployment-test.md#step-2-understand-the-attack-surface-reduction-rules-reporting-page-in-the-microsoft-365-defender-portal) |

-Property|Type|Description

-Status|String|Specifies the current status of the alert. The property values are: 'New', 'InProgress' and 'Resolved'.

-assignedTo|String|Owner of the alert

-Classification|String|Specifies the specification of the alert. The property values are: 'Unknown', 'FalsePositive', 'TruePositive'.

-Determination|String|Specifies the determination of the alert. The property values are: 'NotAvailable', 'Apt', 'Malware', 'SecurityPersonnel', 'SecurityTesting', 'UnwantedSoftware', 'Other'

-Comment|String|Comment to be added to the alert.

->Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.

-classification | Enum | Specification of the incident. Possible values are: ```Unknown```, ```FalsePositive```, ```TruePositive```.

-determination | Enum | Specifies the determination of the incident. Possible values are: ```NotAvailable```, ```Apt```, ```Malware```, ```SecurityPersonnel```, ```SecurityTesting```, ```UnwantedSoftware```, ```Other```.

-tags | string List | List of Incident tags.

-alerts | Alert List | List of related alerts. See examples at [List incidents](api-list-incidents.md) API documentation.

->Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.

-classification|Enum|Specification of the incident. Possible values are: `Unknown`, `FalsePositive`, `TruePositive`.

-determination|Enum|Specifies the determination of the incident. Possible values are: `NotAvailable`, `Apt`, `Malware`, `SecurityPersonnel`, `SecurityTesting`, `UnwantedSoftware`, `Other`.

-tags|string List|List of Incident tags.

->Around August 29th, 2022, previously supported alert determination values ('Apt' and 'SecurityPersonnel') will be deprecated and no longer available via the API.

-Reporting a message that was incorrectly blocked as impersonation in the Submissions portal at <https://security.microsoft.com/reportsubmission> does not add the sender or domain as an allow entry in the Tenant Allow/Block List.

- - **Add trusted senders and domains**: : Specify impersonation protection exceptions for the policy by clicking on **Manage (nn) trusted sender(s) and domain(s)**. In the **Manage custom domains for impersonation protection** flyout that appears, configure the following settings:

- > If Microsoft 365 system messages from the following senders are identified as impersonation attempts, you can add the senders to the trusted senders list:

- > - `Γüánoreply@email.teams.microsoft.com`

- > - `noreply@emeaemail.teams.microsoft.com`

- > - `no-reply@sharepointonline.com`

- - Users in the organization can't send email to these blocked domains and addresses. They'll receive the following non-delivery report (also known as an NDR or bounce message): `5.7.1 Your message can't be delivered because one or more recipients are blocked by your organization's tenant allow/block list policy.`

-|User risk|Supported|Not supported|Not supported|

-|IP address location policy|Supported|Supported\*|Supported|

- > If Microsoft 365 system messages from the following senders are identified as impersonation attempts, you can add the senders to the trusted senders list:

- > - `Γüánoreply@email.teams.microsoft.com`

- > - `noreply@emeaemail.teams.microsoft.com`

- > - `no-reply@sharepointonline.com`