+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+The example is for Outlook, but applies to any other Office apps you want to install.

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+- highpri

+Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2209539).

+Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2209539).

+> [!IMPORTANT]

+> Currently, trainable classifiers for auto-labeling can't be used with [adaptive scopes](retention.md#adaptive-or-static-policy-scopes-for-retention). Use a static scope instead.

+- tier2

+- tier2

+- tier1

+- tier1

+- M365-security-compliance

+- tier1

+- highpri

+- tier1

+- tier1

+- tier1

+- tier1

+- tier2

+- tier1

+- tier1

+- tier1

+- tier1

+- highpri

+ > None of Windows Security components need to be active, but the [Real-time protection and Behavior monitor](/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) must be enabled.

+- tier1

+- highpri

+- tier1

+- highpri

+- tier1

+- highpri

+- tier1

+- highpri

+- tier2

+- tier2

+- tier1

+- highpri

+- tier1

+- highpri

+- tier1

+- highpri

+- tier2

+ Title: "Records management for documents and emails in Microsoft 365"

+>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance)*

+A records management system, also known as records and information management, is a solution for organizations to manage regulatory, legal, and business-critical records. Records management for Microsoft Purview helps you achieve your organization's legal obligations, provides the ability to demonstrate compliance with regulations, and increases efficiency with regular disposition of items that are no longer required to be retained, no longer of value, or no longer required for business purposes.

+Use the following capabilities to support your records management solution for Microsoft 365 data:

+- tier1

+- highpri

+- tier2

+ - Select **Encrypt** from the RMS template list.

+- tier1

+- highpri

+- tier1

+- highpri

+> If you are interested in previewing our new feature Domain Sharing for email alongside your cross-tenant mailbox migrations, please complete the form at [aka.ms/domainsharingpreview](https://aka.ms/domainsharingpreview). Domain sharing for email enables users in separate Microsoft 365 tenants to send and receive email using addresses from the same custom domain. The feature is intended to solve scenarios where users in separate tenants need to represent a common corporate brand in their email addresses. The current preview supports sharing domains indefinitely and shared domains during cross-tenant mailbox migration coexistence.

+Test-MigrationServerAvailability -EndPoint "Migration endpoint for cross-tenant mailbox moves" -TestMailbox "Primary SMTP of MailUser object in target tenant"

+During the migration process, Microsoft temporarily copies your address book data into Microsoft global resources where it is encrypted and only used to support business continuity and disaster recovery operations (BCDR). After Microsoft has completed the mailbox data moves, Microsoft deletes that temporary data from the global resources. Microsoft continues to invest in global and regional resources on a regular basis. In calendar year 2023, Microsoft plans to utilize regional resources for BCDR purposes during the migration process.

+ - highpri

+ - highpri

+ - highpri

+ - highpri

+- highpri

+### [What's new]()

+#### [What's new in Microsoft Defender for Endpoint?](whats-new-in-microsoft-defender-endpoint.md)

+#### [What's new in Microsoft Defender for Endpoint on Windows](windows-whatsnew.md)

+> - Changing this setting impacts future alert correlations only.

+>

+> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+>**Before you begin**:

+You first need to [create an app](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/apis-intro?view=o365-worldwide).

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+

+ >[!Note]

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+1. Review your settings in the **Review + create** pane. Click **Create** to apply the rules.

+> - The specific tabs you see in an investigation details page depends on what your subscription includes. For example, if your subscription does not include Microsoft Defender for Office 365 Plan 2, you won't see a **Mailboxes** tab.

+>

+> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> - Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications.

+> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> - Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. [Learn more about permission options](user-roles.md)

+> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device Group creation is supported in both Defender for Endpoint Plan 1 and Plan 2

+ > [!NOTE]

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+GET https://api.securitycenter.windows.com/api/remediationtasks/

+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#RemediationTasks",

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ > [!NOTE]

+ > Device Group creation is supported in both Defender for Endpoint Plan 1 and Plan 2

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ > [!NOTE]

+ > Device Group creation is supported in both Defender for Endpoint Plan 1 and Plan 2

+## Vulnerability assessment of apps

+Vulnerability assessment of apps on Microsoft Defender for Endpoint for iOS is now in public preview. Defender for Endpoint on iOS supports vulnerability assessments of apps only for enrolled (MDM) devices. For more details, see [Configure vulnerability assessment of apps](/microsoft-365/security/defender-endpoint/ios-configure-features#configure-vulnerability-assessment-of-apps). If you are interested in participating in the preview, share your tenant name and ID with us: mdatpmobile@microsoft.com.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ - python-apt (if you are deploying on distributions using apt as a package manager)

+ > [!NOTE]

+ > Device Group creation is supported in both Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ >

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+

+ >

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ - highpri

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ > [!NOTE]

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ - highpri

+> [!IMPORTANT]

+> Built-in protection (preview) includes turning tamper protection on by default. To learn more about built-in protection, see:

+> - [Built-in protection helps guard against ransomware](built-in-protection.md) (article)

+> - [Tamper protection will be turned on for all enterprise customers](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478) (Tech Community blog post)

+ > [!NOTE]

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ > [!NOTE]

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+|Tier |Description |

+|||

+|Tier 1 | **Local security operations team / IT team** <br> This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required. |

+|Tier 2 | **Regional security operations team** <br> This team can see all the devices for their region and perform remediation actions. |

+|Tier 3 |**Global security operations team** <br> This team consists of security experts and are authorized to see and perform all actions from the portal. |

+ > [!NOTE]

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ > [!NOTE]

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+- highpri

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+>

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+> [!NOTE]

+> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+ > [!NOTE]

+ > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.

+For more information on what's new with Microsoft Defender for Endpoint on Windows, see:

+[What's new in Microsoft Defender for Endpoint on Windows](windows-whatsnew.md)

+- [Built-in protection](built-in-protection.md) (preview) is rolling out. Built-in protection is a set of default settings, such as tamper protection turned on, to help protect devices from ransomware and other threats.

+ Title: What's new in Microsoft Defender for Endpoint on Windows

+description: Learn about the latest feature releases of Microsoft Defender for Endpoint on Windows Client and Server.

+keywords: microsoft, defender, Microsoft Defender for Endpoint, windows, windows client, windows server, whats new

+search.appverid: met150

+ms.mktglfcycl: secure

+ms.sitesec: library

+ms.pagetype: security

+ms.localizationpriority: medium

+audience: ITPro

+- m365-security-compliance

+# What's new in Microsoft Defender for Endpoint on Windows

+**Applies to:**

+- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037)

+- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037)

+- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)

+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-pullalerts-abovefoldlink)

+All updates contain:

+- Performance improvements

+- Serviceability improvements

+- Integration improvements (Cloud, [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804))

+<details>

+ <summary>Aug-2022 (Release version: 10.8210.*)</summary>

+|OS |KB |Release version |

+||||

+|Windows Server 2012 R2, 2016 |[KB 5005292](https://support.microsoft.com/en-us/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac)|10.8210.22621.1011|

+|Windows 11 21H2 (Cobalt)<br> (Windows 11 SV 21H2) | [KB 5016691](https://support.microsoft.com/en-us/topic/august-25-2022-kb5016691-os-build-22000-918-preview-59097044-915a-49a0-8870-49823236adbd) | 10.8210.22000.918 |

+|Server 2022 (Iron) | [KB 5016693](https://support.microsoft.com/en-us/topic/august-16-2022-kb5016693-os-build-20348-946-preview-ee90d0bc-c162-4124-b7c6-f963ee7b17ed) |10.8210.20348.946 |

+|Windows 10 20H2/21H1/21H2<br> Windows Server 20H2 (Vibranium) | [KB 5016688](https://support.microsoft.com/en-us/topic/august-26-2022-kb5016688-os-builds-19042-1949-19043-1949-and-19044-1949-preview-ec31ebdc-067d-44dd-beb0-eabcc984d843) | 10.8210.19041.1949 |

+|Windows Server 2019 (RS5) |[KB 5016690](https://support.microsoft.com/en-us/topic/august-23-2022-kb5016690-os-build-17763-3346-preview-b81d1ac5-75c7-42c1-b638-f13aa4242f42) |10.8210.17763.3346 |

+**What's new**

+- Added a fix to resolve a missing intermediate certificate issue with the use of ΓÇ£TelemetryProxyServerΓÇ¥ on Windows Server 2012 R2 running the unified agent.

+- Enhanced Endpoint DLP with ability to protect password protected and encrypted files and not label files.

+- Enhanced Endpoint DLP with support for context data in audit telemetry (short evidence).

+- Improved Microsoft Defender for Endpoint client authentication support for VDI devices.

+- Enhanced Microsoft Defender for EndpointΓÇÖs ability to identify and intercept ransomware and advanced attacks.

+- The Contain feature now supports more desktop and server versions to perform the Contain action and block discovered devices when these are contained.

+- Expanded the troubleshooting mode feature to additional desktop and server versions. For a complete list of supported OS versions and more information about prerequisites, see [Get started with troubleshooting mode in Microsoft Defender for Endpoint](enable-troubleshooting-mode.md).

+- Live Response improvements include reduced session creation latency when using proxies, an undo Remediation manual command, support for OneDrive share in FindFile action, and improved isolation and stability.

+- [Security Management for Microsoft Defender for Endpoint](security-config-management.md#configure-your-tenant-to-support-microsoft-defender-for-endpoint-security-configuration-management) now provides the ability to sync the device configuration on demand instead of waiting for a specific cadence.

+<br/>

+</details>

+See also:

+- [What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-endpoint.md)

+- [What's new in Defender for Endpoint on macOS](mac-whatsnew.md)

+- [What's new in Defender for Endpoint on iOS](ios-whatsnew.md)

+- [What's new in Defender for Endpoint on Linux](linux-whatsnew.md)

+ - highpri

+ - highpri

+ - highpri

+ - highpri

+ - highpri

+ - highpri

+ - highpri

+ - highpri