Category | Microsoft Docs article | Related commit history on GitHub | Change details |
---|---|---|---|
admin | Active Users Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/active-users-ww.md | Title: "Assess the Microsoft 365 Active Users report"--++ audience: Admin |
admin | Browser Usage Report | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/browser-usage-report.md | Title: "Microsoft 365 admin center browser usage reports"--++ audience: Admin |
admin | Email Activity Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/email-activity-ww.md | Title: "Microsoft 365 admin center email activity reports"--++ audience: Admin |
admin | Email Apps Usage Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/email-apps-usage-ww.md | Title: "Microsoft 365 admin center email apps usage reports"--++ audience: Admin |
admin | Forms Activity Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/forms-activity-ww.md | Title: "Microsoft 365 admin center forms activity reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Forms Pro Activity Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/forms-pro-activity-ww.md | Title: "Microsoft Dynamics 365 customer voice activity reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Mailbox Usage | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/mailbox-usage.md | Title: "Microsoft 365 admin center mailbox usage reports"--++ audience: Admin |
admin | Microsoft Office Activations Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-office-activations-ww.md | Title: "Microsoft 365 admin center Office activations reports"--++ audience: Admin |
admin | Microsoft Teams Device Usage Preview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-device-usage-preview.md | Title: "Microsoft 365 admin center Teams app usage reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Microsoft Teams Usage Activity | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-usage-activity.md | Title: "Microsoft 365 admin center Teams usage activity reports"--++ audience: Admin |
admin | Microsoft Teams User Activity Preview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft-teams-user-activity-preview.md | Title: "Microsoft 365 admin center Teams user activity reports"--++ audience: Admin |
admin | Microsoft365 Apps Usage Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/microsoft365-apps-usage-ww.md | Title: "Microsoft 365 admin center apps usage reports"--++ audience: Admin |
admin | Office 365 Groups Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/office-365-groups-ww.md | Title: "Microsoft 365 admin center groups reports"--++ audience: Admin |
admin | Onedrive For Business Activity Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/onedrive-for-business-activity-ww.md | Title: "Microsoft 365 OneDrive for Business activity reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Onedrive For Business Usage Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww.md | Title: "Microsoft 365 OneDrive for Business usage reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Project Activity | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/project-activity.md | Title: "Microsoft 365 admin center Project activity "--++ audience: Admin |
admin | Sharepoint Activity Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-activity-ww.md | Title: "Microsoft 365 admin center SharePoint activity reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Sharepoint Site Usage Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md | Title: "Microsoft 365 admin center SharePoint site usage reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Viva Insights Activity | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/viva-insights-activity.md | Title: "Microsoft 365 admin center Viva Insights activity reports"--++ audience: Admin |
admin | Viva Learning Activity | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/viva-learning-activity.md | Title: "Microsoft 365 admin center Viva Learning activity reports"--++ audience: Admin |
admin | Yammer Activity Report Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/yammer-activity-report-ww.md | Title: "Microsoft 365 admin center Yammer activity reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Yammer Device Usage Report Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/yammer-device-usage-report-ww.md | Title: "Microsoft 365 admin center Yammer device usage reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Yammer Groups Activity Report Ww | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/yammer-groups-activity-report-ww.md | Title: "Microsoft 365 admin center Yammer groups activity reports" f1.keywords: - NOCSH--++ audience: Admin |
admin | Adoption Score | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/adoption-score.md | Title: "Microsoft Adoption Score" f1.keywords: - NOCSH--++ audience: Admin |
admin | Apps Health | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/apps-health.md | Title: "Microsoft Adoption Score - Microsoft 365 apps health" f1.keywords: - NOCSH--++ audience: Admin |
admin | Communication | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/communication.md | Title: "Microsoft Adoption Score - Communication" f1.keywords: - NOCSH--++ audience: Admin |
admin | Content Collaboration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/content-collaboration.md | Title: "Microsoft Adoption Score - Content collaboration" f1.keywords: - NOCSH--++ audience: Admin |
admin | Meetings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/meetings.md | Title: "Microsoft Adoption Score - Meetings" f1.keywords: - NOCSH--++ audience: Admin |
admin | Mobility | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/mobility.md | Title: "Microsoft Adoption Score - Mobility" f1.keywords: - NOCSH--++ audience: Admin |
admin | Privacy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/privacy.md | Title: "Microsoft Adoption Score - Privacy" f1.keywords: - NOCSH--++ audience: Admin |
admin | Teamwork | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/adoption/teamwork.md | Title: "Microsoft Adoption Score - Teamwork" f1.keywords: - NOCSH--++ audience: Admin |
business-premium | Get Microsoft 365 Business Premium | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/get-microsoft-365-business-premium.md | +- highpri - Adm_O365 - Core_O365Admin_Migration |
business-premium | Get Microsoft 365 Campaigns | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/get-microsoft-365-campaigns.md | +- highpri - Adm_O365 - Core_O365Admin_Migration |
business-premium | Index | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/index.md | +- highpri - MiniMaven - intro-overview |
business-premium | M365 Campaigns Setup | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365-campaigns-setup.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Avoid Phishing And Attacks | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-avoid-phishing-and-attacks.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven - MSB365 |
business-premium | M365bp Collaborate Share Securely | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-collaborate-share-securely.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven - MSB365 |
business-premium | M365bp Conditional Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-conditional-access.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Devices Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-devices-overview.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Increase Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-increase-protection.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Install Office Apps | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-install-office-apps.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: Have them perform the following: Use the following instructions to install Office on an iPhone or an Android phone. After you follow these steps, your work files created in Office apps will be protected by Microsoft 365 for business. -The example is for Outlook, but applies tp any other Office apps you want to install. +The example is for Outlook, but applies to any other Office apps you want to install. ## [iPhone](#tab/iPhone) |
business-premium | M365bp Maintain Environment | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-maintain-environment.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Multifactor Authentication | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-multifactor-authentication.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Protect Admin Accounts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-admin-accounts.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Protect Devices | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-devices.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Protect Email Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-email-overview.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Protect Pcs Macs | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-protect-pcs-macs.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Secure Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-secure-users.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Security Incident Management | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-incident-management.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Security Incident Quick Start | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-incident-quick-start.md | Last updated 09/15/2022 ms.localizationpriority: high - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Security Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-security-overview.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | M365bp Setup Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/m365bp-setup-overview.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | Send Encrypted Email | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/send-encrypted-email.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | Set Up Meetings | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/set-up-meetings.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri - MiniMaven search.appverid: |
business-premium | Share Files And Videos | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/business-premium/share-files-and-videos.md | ms.localizationpriority: high - M365-Campaigns - m365solution-smb+- highpri search.appverid: - BCS160 |
commerce | Understand Your Invoice2 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/understand-your-invoice2.md | Your bill or invoice provides a summary of charges for your subscription and inc ## Watch: Understand your bill or invoice -Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2197915). +Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2209539). > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE53wxS?autoplay=false] |
commerce | View Your Bill Or Invoice | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md | You must be a Global or Billing admin to do the steps described in this article. ## Watch: View, download, or print your bill -Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2197915). +Check out this video and others on our [YouTube channel](https://go.microsoft.com/fwlink/?linkid=2209539). > [!VIDEO https://www.microsoft.com/videoplayer/embed/RE1FGmo?autoplay=false] |
compliance | Apply Retention Labels Automatically | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-retention-labels-automatically.md | Get-Label | Format-Table -Property DisplayName, Name, Guid #### Auto-apply labels to content by using trainable classifiers +> [!IMPORTANT] +> Currently, trainable classifiers for auto-labeling can't be used with [adaptive scopes](retention.md#adaptive-or-static-policy-scopes-for-retention). Use a static scope instead. + When you choose the option for a trainable classifier, you can select one or more of the pre-trained or custom trainable classifiers: ![Choose trainable classifier.](../media/retention-label-classifers.png) |
compliance | Archive Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-mailboxes.md | +- tier2 description: "Learn about archive mailboxes to provide extra mailbox storage." |
compliance | Autoexpanding Archiving | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/autoexpanding-archiving.md | +- tier2 search.appverid: - MOE150 - MET150 |
compliance | Classifier Get Started With | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-get-started-with.md | +- tier1 - M365-security-compliance - m365solution-mip - m365initiative-compliance |
compliance | Classifier How To Retrain Content Explorer | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-how-to-retrain-content-explorer.md | audience: Admin ms.localizationpriority: null-++- tier1 +- M365-security-compliance search.appverid: - MOE150 - MET150 |
compliance | Classifier Learn About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/classifier-learn-about.md | +- tier1 +- highpri - M365-security-compliance - m365solution-mip - m365initiative-compliance |
compliance | Create A Custom Sensitive Information Type In Scc Powershell | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell.md | +- tier1 - M365-security-compliance search.appverid: - MOE150 |
compliance | Create A Custom Sensitive Information Type | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type.md | +- tier1 - M365-security-compliance search.appverid: - MOE150 |
compliance | Create A Dlp Policy From A Template | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-dlp-policy-from-a-template.md | f1_keywords: ms.localizationpriority: medium +- tier1 - M365-security-compliance search.appverid: - MET150 |
compliance | Create A Keyword Dictionary | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-keyword-dictionary.md | +- tier1 - M365-security-compliance search.appverid: - MOE150 |
compliance | Create And Manage Inactive Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-and-manage-inactive-mailboxes.md | +- tier2 search.appverid: - MOE150 - MET150 |
compliance | Create Test Tune Dlp Policy | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-test-tune-dlp-policy.md | f1_keywords: - 'ms.o365.cc.NewPolicyFromTemplate' ms.localizationpriority: medium-++- tier1 - M365-security-compliance search.appverid: - MET150 |
compliance | Customize A Built In Sensitive Information Type | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/customize-a-built-in-sensitive-information-type.md | +- tier1 - M365-security-compliance search.appverid: - MOE150 |
compliance | Data Classification Activity Explorer Available Events | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-activity-explorer-available-events.md | +- tier1 - M365-security-compliance - m365solution-mip - m365initiative-compliance |
compliance | Data Classification Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/data-classification-overview.md | +- tier1 +- highpri - M365-security-compliance - m365solution-mip - m365initiative-compliance |
compliance | Device Onboarding Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/device-onboarding-overview.md | Make sure that the Windows devices that you need to onboard meet these requireme 2. Antimalware Client Version is 4.18.2110 or newer. Check your current version by opening Windows Security app, select the Settings icon, and then select About. The version number is listed under Antimalware Client Version. Update to the latest Antimalware Client Version by installing Windows Update KB4052623. > [!NOTE]- > None of Windows Security components need to be active, but the [Real-time protection and Behavior monitor](/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus)) must be enabled. + > None of Windows Security components need to be active, but the [Real-time protection and Behavior monitor](/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) must be enabled. 3. The following Windows Updates for Windows 10 are installed for devices that will be monitored. |
compliance | Dlp Learn About Dlp | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-learn-about-dlp.md | +- tier1 +- highpri - M365-security-compliance search.appverid: - MET150 |
compliance | Dlp Overview Plan For Dlp | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-overview-plan-for-dlp.md | audience: ITPro ms.localizationpriority: medium-++- tier1 +- highpri - M365-security-compliance search.appverid: - MET150 |
compliance | Dlp Policy Design | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-design.md | +- tier1 +- highpri - M365-security-compliance search.appverid: - MET150 |
compliance | Dlp Policy Reference | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md | search.appverid: - MET150 ms.assetid: 6501b5ef-6bf7-43df-b60d-f65781847d6c +- tier1 +- highpri - M365-security-compliance - SPO_Content recommendations: false |
compliance | Enable Archive Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-archive-mailboxes.md | +- tier2 search.appverid: - MOE150 - MET150 |
compliance | Enable Autoexpanding Archiving | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/enable-autoexpanding-archiving.md | +- tier2 - M365-security-compliance search.appverid: - MOE150 |
compliance | Endpoint Dlp Getting Started | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-getting-started.md | f1_keywords: ms.localizationpriority: high +- tier1 +- highpri - M365-security-compliance - m365solution-mip - m365initiative-compliance |
compliance | Endpoint Dlp Learn About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-learn-about.md | f1_keywords: ms.localizationpriority: high +- tier1 +- highpri - M365-security-compliance - m365solution-mip - m365initiative-compliance |
compliance | Endpoint Dlp Using | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/endpoint-dlp-using.md | f1_keywords: - 'ms.o365.cc.DLPLandingPage' ms.localizationpriority: high-++- tier1 +- highpri - M365-security-compliance - SPO_Content search.appverid: |
compliance | Inactive Mailboxes In Office 365 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/inactive-mailboxes-in-office-365.md | +- tier2 search.appverid: - MOE150 - MET150 |
compliance | Records Management | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/records-management.md | Title: "Learn about Microsoft Purview Records Management" + Title: "Records management for documents and emails in Microsoft 365" f1.keywords: - NOCSH description: Learn how Microsoft Purview Records Management supports high-value # Learn about records management ->*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance).* +>*[Microsoft 365 licensing guidance for security & compliance](/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance)* ++A records management system, also known as records and information management, is a solution for organizations to manage regulatory, legal, and business-critical records. Records management for Microsoft Purview helps you achieve your organization's legal obligations, provides the ability to demonstrate compliance with regulations, and increases efficiency with regular disposition of items that are no longer required to be retained, no longer of value, or no longer required for business purposes. > [!TIP] > *Did you know you can try the premium versions of all nine Microsoft Purview solutions for free?* Use the 90-day Purview solutions trial to explore how robust Purview capabilities can help your organization meet its compliance needs. Microsoft 365 E3 and Office 365 E3 customers can start now at the [Microsoft Purview compliance portal trials hub](https://compliance.microsoft.com/trialHorizontalHub?sku=ComplianceE5&ref=DocsRef). Learn details about [who can sign up and trial terms](compliance-easy-trials.md). -Organizations of all types require a records-management solution to manage regulatory, legal, and business-critical records across their corporate data. Records management for Microsoft Purview helps an organization manage their legal obligations, provides the ability to demonstrate compliance with regulations, and increases efficiency with regular disposition of items that are no longer required to be retained, no longer of value, or no longer required for business purposes. --Use the following capabilities to support your records management solution for Microsoft 365 services and apps: +Use the following capabilities to support your records management solution for Microsoft 365 data: - **Label content as a record**. Create and configure retention labels to mark content as a [record](#records) that can then be applied by users or automatically applied by identifying sensitive information, keywords, or content types. |
compliance | Sensitive Information Type Learn About | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-learn-about.md | f1_keywords: ms.localizationpriority: medium +- tier1 +- highpri - M365-security-compliance description: "This article gives an overview of sensitive information types and how they detect sensitive information like social security, credit card, or bank account numbers to identify sensitive items" |
compliance | Set Up An Archive And Deletion Policy For Mailboxes | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes.md | +- tier2 search.appverid: - MOE150 - MED150 |
compliance | Set Up New Message Encryption Capabilities | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-new-message-encryption-capabilities.md | To update existing rules to use Microsoft Purview Message Encryption: 3. For each rule, in **Do the following**: - Select **Modify the message security**. - Select **Apply Office 365 Message Encryption and rights protection**.- - Select an RMS template from the list. + - Select **Encrypt** from the RMS template list. - Select **Save**. - Select **OK**. |
compliance | Sit Get Started Exact Data Match Based Sits Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-get-started-exact-data-match-based-sits-overview.md | +- tier1 +- highpri - M365-security-compliance search.appverid: - MOE150 |
compliance | Sit Learn About Exact Data Match Based Sits | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sit-learn-about-exact-data-match-based-sits.md | +- tier1 +- highpri - M365-security-compliance search.appverid: - MOE150 |
enterprise | Cross Tenant Mailbox Migration | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/cross-tenant-mailbox-migration.md | This article describes the process for cross-tenant mailbox moves and provides g > Currently we are investigating an issue where in some scenarios, Teams chat data is also held in the mailbox, but the Teams chat data is not migrated. If Teams chat data must be preserved, do not use this feature to migrate the mailbox. > [!NOTE]-> If you are interested in previewing our new feature Domain Sharing for email alongside your cross-tenant mailbox migrations, please complete the form at [aka.ms/domainshringpreview](https://aka.ms/domainshringpreview). Domain sharing for email enables users in separate Microsoft 365 tenants to send and receive email using addresses from the same custom domain. The feature is intended to solve scenarios where users in separate tenants need to represent a common corporate brand in their email addresses. The current preview supports sharing domains indefinitely and shared domains during cross-tenant mailbox migration coexistence. +> If you are interested in previewing our new feature Domain Sharing for email alongside your cross-tenant mailbox migrations, please complete the form at [aka.ms/domainsharingpreview](https://aka.ms/domainsharingpreview). Domain sharing for email enables users in separate Microsoft 365 tenants to send and receive email using addresses from the same custom domain. The feature is intended to solve scenarios where users in separate tenants need to represent a common corporate brand in their email addresses. The current preview supports sharing domains indefinitely and shared domains during cross-tenant mailbox migration coexistence. ## Preparing source and target tenants To obtain the tenant ID of a subscription, sign in to the [Microsoft 365 admin c You can verify cross-tenant mailbox migration configuration by running the [Test-MigrationServerAvailability](/powershell/module/exchange/Test-MigrationServerAvailability) cmdlet against the cross-tenant migration endpoint that you created on your target tenant. ```powershell-Test-MigrationServerAvailability -EndPoint "Migration endpoint for cross-tenant mailbox moves" - TestMailbox "Primary SMTP of MailUser object in target tenant" +Test-MigrationServerAvailability -EndPoint "Migration endpoint for cross-tenant mailbox moves" -TestMailbox "Primary SMTP of MailUser object in target tenant" ``` ### Move mailboxes back to the original source |
enterprise | Moving Data To New Datacenter Geos | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/moving-data-to-new-datacenter-geos.md | Title: "Moving core data to new Microsoft 365 datacenter geos" Previously updated : 06/02/2022 Last updated : 09/23/2022 audience: ITPro Data moves are a back-end service operation with minimal impact to end-users. Fe Data moves to the new datacenter geo are completed at no additional cost to the customer. +During the migration process, Microsoft temporarily copies your address book data into Microsoft global resources where it is encrypted and only used to support business continuity and disaster recovery operations (BCDR). After Microsoft has completed the mailbox data moves, Microsoft deletes that temporary data from the global resources. Microsoft continues to invest in global and regional resources on a regular basis. In calendar year 2023, Microsoft plans to utilize regional resources for BCDR purposes during the migration process. + ## Related topics [How to request your data move](request-your-data-move.md) |
frontline | Pin Teams Apps Based On License | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/pin-teams-apps-based-on-license.md | appliesto: # Tailor Teams apps for your frontline workers -> [!NOTE] -> This feature is currently being rolled out and might not be available in your organization yet. To stay on top of upcoming Teams features, check out the [Microsoft 365 Roadmap](https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=microsoft%2Cteams). - ## Overview Teams pins apps based on license to give your frontline workers an out-of-the-box experience in Teams that's tailored to their needs. |
frontline | Teams For Retail Landing Page | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/teams-for-retail-landing-page.md | + - highpri ms.localizationpriority: high search.appverid: MET150 searchScope: |
frontline | Teams In Hc | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/teams-in-hc.md | + - highpri appliesto: - Microsoft Teams - Microsoft 365 for frontline workers |
frontline | Virtual Appointments Toolkit | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/virtual-appointments-toolkit.md | + - highpri description: Customizable resources and infographics you can add to your website to help your clients understand how to use virtual appointments with your organization. appliesto: |
frontline | Virtual Appointments | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/frontline/virtual-appointments.md | + - highpri f1.keywords: - NOCSH appliesto: |
security | Microsoft 365 Zero Trust | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/Microsoft-365-zero-trust.md | +- highpri # Microsoft 365 Zero Trust deployment plan |
security | TOC | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md | ### [Compare Microsoft endpoint security plans](defender-endpoint-plan-1-2.md) ### [Minimum requirements](minimum-requirements.md) ### [Supported Microsoft Defender for Endpoint capabilities by platform](supported-capabilities-by-platform.md) -### [What's new in Microsoft Defender for Endpoint?](whats-new-in-microsoft-defender-endpoint.md) +### [What's new]() +#### [What's new in Microsoft Defender for Endpoint?](whats-new-in-microsoft-defender-endpoint.md) +#### [What's new in Microsoft Defender for Endpoint on Windows](windows-whatsnew.md) ### [Preview features](preview.md) ### [Data storage and privacy](data-storage-privacy.md) ### [Overview of Microsoft Defender Security Center](use.md) |
security | Advanced Features | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/advanced-features.md | Turn on this feature so that potentially unwanted applications (PUA) are remedia This configuration can be used for scenarios where local SOC operations would like to limit alert correlations only to device groups that they can access. By turning on this setting, an incident composed of alerts that cross-device groups will no longer be considered a single incident. The local SOC can then take action on the incident because they have access to one of the device groups involved. However, global SOC will see several different incidents by device group instead of one incident. We don't recommend turning on this setting unless doing so outweighs the benefits of incident correlation across the entire organization. > [!NOTE]-> Changing this setting impacts future alert correlations only. +> - Changing this setting impacts future alert correlations only. +> +> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## Enable EDR in block mode |
security | Api Power Bi | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/api-power-bi.md | search.appverid: met150 [!include[Improve request performance](../../includes/improve-request-performance.md)] ++> [!NOTE] +>**Before you begin**: +You first need to [create an app](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/apis-intro?view=o365-worldwide). ++ In this section you will learn to create a Power BI report on top of Defender for Endpoint APIs. The first example demonstrates how to connect Power BI to Advanced Hunting API, and the second example demonstrates a connection to our OData APIs, such as Machine Actions or Alerts. |
security | Assign Portal Access | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/assign-portal-access.md | Defender for Endpoint supports two ways to manage permissions: > [!NOTE] > If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:-> > - Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Defender for Endpoint administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Defender for Endpoint administrator role after switching to RBAC. Only users assigned to the Defender for Endpoint administrator role can manage permissions using RBAC. > - Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC. > - After switching to RBAC, you will not be able to switch back to using basic permissions management.+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## Related topics |
security | Attack Surface Reduction Rules Deployment Test | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test.md | You can use Microsoft Endpoint Manager (MEM) Endpoint Security to configure cust 8. [Optional] In the **Scope tags** pane, you can add tag information to specific devices. You can also use role-based access control and scope tags to make sure that the right admins have the right access and visibility to the right Intune objects. Learn more: [Use role-based access control (RBAC) and scope tags for distributed IT in Intune](/mem/intune/fundamentals/scope-tags). 9. In the **Assignments** pane, you can deploy or "assign" the profile to your user or device groups. Learn more: [Assign device profiles in Microsoft Intune](/mem/intune/configuration/device-profile-assign#exclude-groups-from-a-profile-assignment)-10. Review your settings in the **Review + create** pane. Click **Create** to apply the rules. + + >[!Note] + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ++1. Review your settings in the **Review + create** pane. Click **Create** to apply the rules. > [!div class="mx-imgBorder"] > :::image type="content" source="images/asr-mem-review-create.png" alt-text="The Create profile page" lightbox="images/asr-mem-review-create.png"::: |
security | Autoir Investigation Results | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/autoir-investigation-results.md | Use the investigation details view to see past, current, and pending activity pe In the Investigation details view, you can see information on the **Investigation graph**, **Alerts**, **Devices**, **Identities**, **Key findings**, **Entities**, **Log**, and **Pending actions** tabs, described in the following table. > [!NOTE]-> The specific tabs you see in an investigation details page depends on what your subscription includes. For example, if your subscription does not include Microsoft Defender for Office 365 Plan 2, you won't see a **Mailboxes** tab. +> - The specific tabs you see in an investigation details page depends on what your subscription includes. For example, if your subscription does not include Microsoft Defender for Office 365 Plan 2, you won't see a **Mailboxes** tab. +> +> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. |Tab|Description| ||| |
security | Automation Levels | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/automation-levels.md | Automated investigation and remediation (AIR) capabilities in Microsoft Defender > [!TIP] > For best results, we recommend using full automation when you [configure AIR](configure-automated-investigations-remediation.md). Data collected and analyzed over the past year shows that customers who are using full automation had 40% more high-confidence malware samples removed than customers who are using lower levels of automation. Full automation can help free up your security operations resources to focus more on your strategic initiatives. +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + ## Levels of automation |Automation level|Description| |
security | Batch Update Alerts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/batch-update-alerts.md | Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' > > - The user needs to have at least the following role permission: 'Alerts investigation' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Collect Investigation Package | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/collect-investigation-package.md | Delegated (work or school account)|Machine.CollectForensics|'Collect forensics' > > - The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Configure Automated Investigations Remediation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation.md | To configure automated investigation and remediation: 1. [Turn on the features](#turn-on-automated-investigation-and-remediation); and 2. [Set up device groups](#set-up-device-groups). +> [!NOTE] +> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + ## Turn on automated investigation and remediation 1. As a global administrator or security administrator, go to the Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in. |
security | Configure Email Notifications | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-email-notifications.md | You can configure Defender for Endpoint to send email notifications to specified If you're using [Defender for Business](../defender-business/mdb-overview.md), you can set up email notifications for specific users (not roles or groups). > [!NOTE]-> Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. +> - Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. +> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. You can set the alert severity levels that trigger notifications. You can also add or remove recipients of the email notification. New recipients get notified about alerts triggered after they're added. For more information about alerts, see [View and organize the Alerts queue](alerts-queue.md). |
security | Configure Vulnerability Email Notifications | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-vulnerability-email-notifications.md | Configure Microsoft Defender for Endpoint to send email notifications to specifi If you're using [Defender for Business](../defender-business/mdb-overview.md), you can set up vulnerability notifications for specific users (not roles or groups). > [!NOTE]-> Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. [Learn more about permission options](user-roles.md) +> - Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. [Learn more about permission options](user-roles.md) +> - Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. The notification rules allow you to set the vulnerability events that trigger notifications, and add or remove email notification recipients. New recipients get notified about vulnerabilities after they are added. |
security | Create Alert By Reference | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/create-alert-by-reference.md | Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' > > - The user needs to have at least the following role permission: 'Alerts investigation' (For more information see [Create and manage roles](user-roles.md) ) > - The user needs to have access to the device associated with the alert, based on device group settings (For more information, see [Create and manage device groups](machine-groups.md)+> +> Device Group creation is supported in both Defender for Endpoint Plan 1 and Plan 2 ## HTTP request |
security | Defender Endpoint Trial Playbook | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/defender-endpoint-trial-playbook.md | Defender for Endpoint supports two ways to manage permissions: - Basic permissions management: Set permissions to either full access or read-only. Users with Global Administrator or Security Administrator roles in Azure Active Directory have full access. The Security reader role has read-only access and doesn't grant access to view machines/device inventory. - Role-based access control (RBAC): Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to device groups. For more information, see [Manage portal access using role-based access control](rbac.md). + > [!NOTE] + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + ## Step 3: Visit the Microsoft 365 Defender portal The Microsoft 365 Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) is where you can access your Defender for Endpoint capabilities. |
security | Edr In Block Mode | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/edr-in-block-mode.md | When EDR in block mode is turned on, and a malicious artifact is detected, Defen > [!TIP] > Make sure the [requirements](#requirements-for-edr-in-block-mode) are met before turning on EDR in block mode. +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + ### Security Portal 1. Go to the Microsoft 365 Defender portal ([https://security.microsoft.com/](https://security.microsoft.com/)) and sign in. |
security | Find Machines By Ip | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/find-machines-by-ip.md | Delegated (work or school account)|Machine.ReadWrite|'Read and write machine inf > - Response will include only devices that the user have access to based on device group settings (See [Create and manage device groups](machine-groups.md) for more information) > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - Response will include only devices that the user have access to based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Find Machines By Tag | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/find-machines-by-tag.md | Delegated (work or school account)|Machine.ReadWrite|'Read and write machine inf > - Response will include only devices that the user have access to based on device group settings (See [Create and manage device groups](machine-groups.md) for more information) > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - Response will include only devices that the user have access to based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Alert Info By Id | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-info-by-id.md | Delegated (work or school account)|Alert.ReadWrite|'Read and write alerts' > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Alert Related Domain Info | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-domain-info.md | Delegated (work or school account)|URL.Read.All|'Read URLs' > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Alert Related Files Info | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-files-info.md | Delegated (work or school account)|File.Read.All|'Read file profiles' > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Alert Related Ip Info | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-ip-info.md | Delegated (work or school account)|Ip.Read.All|'Read IP address profiles' > > - The user needs to have at least the following role permission: 'View Data' (For more information, see [Create and manage roles](user-roles.md) > - The user needs to have access to the device associated with the alert, based on device group settings (For more information, see [Create and manage device groups](machine-groups.md)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Alert Related Machine Info | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-machine-info.md | Delegated (work or school account)|Machine.ReadWrite|'Read and write machine inf > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Alert Related User Info | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alert-related-user-info.md | Delegated (work or school account)|User.Read.All|'Read user profiles' > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device associated with the alert, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Alerts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-alerts.md | Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - The response will include only alerts that are associated with devices that the user can access, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Domain Related Alerts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-domain-related-alerts.md | Delegated (work or school account)|Alert.ReadWrite|'Read and write alerts' > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Domain Related Machines | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-domain-related-machines.md | Delegated (work or school account)|Machine.ReadWrite|'Read and write machine inf > > - The user needs to have at least the following role permission: 'View Data' (For more information, see [Create and manage roles](user-roles.md) > - Response will include only devices that the user can access, based on device group settings (For more information, see [Create and manage device groups](machine-groups.md)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get File Related Alerts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-related-alerts.md | Delegated (work or school account)|Alert.ReadWrite|'Read and write alerts' > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get File Related Machines | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-file-related-machines.md | Delegated (work or school account)|Machine.ReadWrite|'Read and write machine inf > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Ip Related Alerts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-ip-related-alerts.md | Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Machine By Id | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-by-id.md | Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Machine Log On Users | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-log-on-users.md | Delegated (work or school account) | User.Read.All | 'Read user profiles' > > - The user needs to have at least the following role permission: 'View Data'. For more information, see [Create and manage roles](user-roles.md). > - Response will include users only if the device is visible to the user, based on device group settings. For more information, see [Create and manage device groups](machine-groups.md).+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Machine Related Alerts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machine-related-alerts.md | Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' > > - The user needs to have at least the following role permission: 'View Data'. For more information about permissions, see [Create and manage roles](user-roles.md). > - The user needs to have access to the device, based on device group settings. For more information about device group settings, see [Create and manage device groups](machine-groups.md).-+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request ```http |
security | Get Machines | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-machines.md | Delegated (work or school account)|Machine.ReadWrite|'Read and write machine inf > > - The user needs to have at least the following role permission: 'View Data' (See [Create and manage roles](user-roles.md) for more information) > - Response will include only devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Package Sas Uri | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-package-sas-uri.md | Delegated (work or school account)|Machine.CollectForensics|'Collect forensics' > > - The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get Remediation All Activities | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-remediation-all-activities.md | vendorId|String|Related vendor name|Microsoft ### Request example ```http-GET https://api-luna.securitycenter.windows.com/api/remediationtasks/ +GET https://api.securitycenter.windows.com/api/remediationtasks/ ``` ### Response example ```json {- "@odata.context": "https://wpatdadi-luna-stg.cloudapp.net/api/$metadata#RemediationTasks", + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#RemediationTasks", "value": [ { "id": "03942ef5-aewb-4w6e-b555-d6a97013844w", |
security | Get User Related Alerts | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-user-related-alerts.md | Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts' > > - The user needs to have at least the following role permission: 'View Data'. For more information, see [Create and manage roles](user-roles.md). > - Response will include only alerts, associated with devices, that the user have access to, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Get User Related Machines | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/get-user-related-machines.md | Delegated (work or school account) | Machine.ReadWrite | 'Read and write machine > > - The user needs to have at least the following role permission: 'View Data'. For more information, see [Create and manage roles](user-roles.md) > - Response will include only devices that the user can access, based on device group settings. For more information, see [Create and manage device groups](machine-groups.md).+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Indicator File | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/indicator-file.md | This feature is designed to prevent suspected malware (or potentially malicious - Indicator - Specify the entity details and define the expiration of the indicator. - Action - Specify the action to be taken and provide a description. - Scope - Define the scope of the device group (scoping isn't available in [Defender for Business](../defender-business/mdb-overview.md)).+ > [!NOTE] + > Device Group creation is supported in both Defender for Endpoint Plan 1 and Plan 2 5. Review the details in the Summary tab, then select **Save**. |
security | Initiate Autoir Investigation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/initiate-autoir-investigation.md | Delegated (work or school account)|Alert.ReadWrite|'Read and write alerts' > > - The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Ios Install | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-install.md | Configure the supervised mode for Defender for Endpoint app through an App confi 1. Provide a name of the profile. When prompted to import a Configuration profile file, select the one downloaded from the previous step. 1. In the **Assignment** section, select the device group to which you want to apply this profile. As a best practice, this should be applied to all managed iOS devices. Select **Next**.+ > [!NOTE] + > Device Group creation is supported in both Defender for Endpoint Plan 1 and Plan 2 + 1. On the **Review + create** page, when you're done, choose **Create**. The new profile is displayed in the list of configuration profiles. |
security | Ios Whatsnew | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/ios-whatsnew.md | search.appverid: met150 Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) +## Vulnerability assessment of apps ++Vulnerability assessment of apps on Microsoft Defender for Endpoint for iOS is now in public preview. Defender for Endpoint on iOS supports vulnerability assessments of apps only for enrolled (MDM) devices. For more details, see [Configure vulnerability assessment of apps](/microsoft-365/security/defender-endpoint/ios-configure-features#configure-vulnerability-assessment-of-apps). If you are interested in participating in the preview, share your tenant name and ID with us: mdatpmobile@microsoft.com. + ## Network protection Network Protection on Microsoft Defender for Endpoint is now in public preview. Network protection provides protection against rogue Wi-Fi related threats, rogue hardware like pineapple devices and notifies the user if a related threat is detected. Users will also see a guided experience to connect to secure networks and change networks when they are connected to an unsecure connection. |
security | Isolate Machine | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/isolate-machine.md | Delegated (work or school account)|Machine.Isolate|'Isolate machine' > > - The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Linux Install With Ansible | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/linux-install-with-ansible.md | In addition, for Ansible deployment, you need to be familiar with Ansible admini - SSH must be configured for an administrator account between the control node and all managed nodes (devices that will have Defender for Endpoint installed on them), and it is recommended to be configured with public key authentication. - The following software must be installed on all managed nodes: - curl- - python-apt + - python-apt (if you are deploying on distributions using apt as a package manager) - All managed nodes must be listed in the following format in the `/etc/ansible/hosts` or relevant file: |
security | Live Response | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/live-response.md | Before you can initiate a session on a device, make sure you fulfill the followi - **Ensure that the device has an Automation Remediation level assigned to it**. You'll need to enable, at least, the minimum Remediation Level for a given Device Group. Otherwise you won't be able to establish a Live Response session to a member of that group.+ > [!NOTE] + > Device Group creation is supported in both Defender for Endpoint Plan 1 and Plan 2. You'll receive the following error: |
security | Mac Jamfpro Device Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mac-jamfpro-device-groups.md | search.appverid: met150 > Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-investigateip-abovefoldlink) +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + Set up the device groups similar to Group policy organizational unite (OUs), Microsoft Endpoint Configuration Manager's device collection, and Intune's device groups. 1. Navigate to **Static Computer Groups**. |
security | Machine Groups | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine-groups.md | search.appverid: met150 > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink) +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + In an enterprise scenario, security operation teams are typically assigned a set of devices. These devices are grouped together based on a set of attributes such as their domains, computer names, or designated tags. In Microsoft Defender for Endpoint, you can create device groups and use them to: |
security | Machine Tags | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/machine-tags.md | search.appverid: met150 Add tags on devices to create a logical group affiliation. Device tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident. Tags can be used as a filter in the **Device inventory** view, or to group devices. For more information on device grouping, see [Create and manage device groups](machine-groups.md). +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + You can add tags on devices using the following ways: - Using the portal |
security | Manage Auto Investigation | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-auto-investigation.md | Depending on remediation actions can occur automatically or only upon approval by your organization's security operations team. +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + Here are a few examples: - **Example 1**: Fabrikam's device groups are set to **Full - remediate threats automatically** (the recommended setting). In this case, remediation actions are taken automatically for artifacts that are considered to be malicious following an automated investigation (see [Review completed actions](#review-completed-actions)). |
security | Network Protection Linux | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection-linux.md | Also, make sure that in **Microsoft Defender** > **Settings** > **Endpoints** > > [!NOTE] > If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment. > Pro tip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy.+ > + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + 4. [Integrate Microsoft Defender for Endpoint with Defender for Cloud Apps](/defender-cloud-apps/mde-integration) and your network protection-enabled macOS devices will have endpoint policy enforcement capabilities. > [!NOTE] > Discovery and other features are currently not supported on these platforms. |
security | Network Protection Macos | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/network-protection-macos.md | plutil -lint com.microsoft.wdav.xml > [!NOTE] > If you are removing a policy or changing device groups at the same time, this might cause a delay in policy deployment. > Pro tip: You can deploy a policy without selecting any category on a device group. This action will create an audit only policy, to help you understand user behavior before creating a block policy.+ > + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + 4. [Integrate Microsoft Defender for Endpoint with Defender for Cloud Apps](/defender-cloud-apps/mde-integration) and your network protection-enabled macOS devices will have endpoint policy enforcement capabilities. > [!NOTE] > Discovery and other features are currently not supported on these platforms. |
security | Non Windows | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/non-windows.md | audience: ITPro - M365-security-compliance - m365solution-evalutatemtp+ - highpri search.appverid: met150 |
security | Offboard Machine Api | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/offboard-machine-api.md | Delegated (work or school account)|Machine.Offboard|'Offboard machine' > > - The user needs to 'Global Admin' AD role > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Onboard Configure | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboard-configure.md | Defender for Endpoint supports two ways to manage permissions: - **Basic permissions management**: Sets permissions to either full access or read-only. Users with global administrator or security administrator roles in Azure Active Directory (Azure AD) have full access. The security reader role has read-only access and does not grant access to view machines/device inventory. - **Role-based access control (RBAC)**: Sets granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to device groups. For more information. see [Manage portal access using role-based access control](rbac.md).+ > [!NOTE] + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. We recommend leveraging RBAC to ensure that only users that have a business justification can access Defender for Endpoint. |
security | Onboarding Endpoint Configuration Manager | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/onboarding-endpoint-configuration-manager.md | + - highpri |
security | Prevent Changes To Security Settings With Tamper Protection | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection.md | During some kinds of cyber attacks, bad actors try to disable security features, - Suppressing notifications in the Windows Security app - Disabling scanning of archives and network files +> [!IMPORTANT] +> Built-in protection (preview) includes turning tamper protection on by default. To learn more about built-in protection, see: +> - [Built-in protection helps guard against ransomware](built-in-protection.md) (article) +> - [Tamper protection will be turned on for all enterprise customers](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478) (Tech Community blog post) + ### How it works Tamper protection essentially locks Microsoft Defender Antivirus to its secure, default values, and prevents your security settings from being changed through apps and methods such as: |
security | Raw Data Export Event Hub | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/raw-data-export-event-hub.md | search.appverid: met150 - For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](advanced-hunting-overview.md). - In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here every event will be decorated with this column as well. See [Device Groups](machine-groups.md) for more information.+ > [!NOTE] + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## Data types mapping |
security | Raw Data Export Storage | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/raw-data-export-storage.md | search.appverid: met150 - For more information about the schema of Microsoft Defender for Endpoint events, see [Advanced Hunting overview](advanced-hunting-overview.md). - In Advanced Hunting, the **DeviceInfo** table has a column named **MachineGroup** which contains the group of the device. Here every event will be decorated with this column as well. See [Device Groups](machine-groups.md) for more information.+ > [!NOTE] + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## Data types mapping |
security | Rbac | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/rbac.md | Using role-based access control (RBAC), you can create roles and groups within y Large geo-distributed security operations teams typically adopt a tier-based model to assign and authorize access to security portals. Typical tiers include the following three levels: -Tier|Description| -:|:| -Tier 1|**Local security operations team / IT team** <br> This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required.| -Tier 2|**Regional security operations team** <br> This team can see all the devices for their region and perform remediation actions.| -Tier 3|**Global security operations team** <br> This team consists of security experts and are authorized to see and perform all actions from the portal.| +|Tier |Description | +||| +|Tier 1 | **Local security operations team / IT team** <br> This team usually triages and investigates alerts contained within their geolocation and escalates to Tier 2 in cases where an active remediation is required. | +|Tier 2 | **Regional security operations team** <br> This team can see all the devices for their region and perform remediation actions. | +|Tier 3 |**Global security operations team** <br> This team consists of security experts and are authorized to see and perform all actions from the portal. | > [!NOTE] > For Tier 0 assets, refer to [Privileged Identity Management](/azure/active-directory/privileged-identity-management/pim-configure) for security admins to provide more granular control of Microsoft Defender for Endpoint and Microsoft 365 Defender. Defender for Endpoint RBAC is designed to support your tier- or role-based model - Create custom roles and control what Defender for Endpoint capabilities they can access with granularity. - **Control who can see information on specific device group or groups** - [Create device groups](machine-groups.md) by specific criteria such as names, tags, domains, and others, then grant role access to them using a specific Azure Active Directory (Azure AD) user group.+ > [!NOTE] + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. To implement role-based access, you'll need to define admin roles, assign corresponding permissions, and assign Azure AD user groups assigned to the roles. |
security | Restrict Code Execution | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/restrict-code-execution.md | Delegated (work or school account)|Machine.RestrictExecution|'Restrict code exec > > - The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Run Advanced Query Api | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-advanced-query-api.md | Delegated (work or school account)|AdvancedQuery.Read|'Run advanced queries' > > - The user needs to have 'View Data' AD role > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Run Av Scan | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-av-scan.md | Delegated (work or school account)|Machine.Scan|'Scan machine' > > - The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Run Live Response | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/run-live-response.md | Runs a sequence of live response commands on a device 5. Live response commands cannot be queued up and can only be executed one at a time. 6. If the machine that you are trying to run this API call is in an RBAC device group that does not have an automated remediation level assigned to it, you'll need to at least enable the minimum Remediation Level for a given Device Group.+ > [!NOTE] + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. 7. Multiple live response commands can be run on a single API call. However, when a live response command fails all the subsequent actions will not be executed. |
security | Score | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/score.md | Method|Return Type|Description [Get device secure score](get-device-secure-score.md)|[Score](score.md)|Get the organizational device secure score. [List exposure score by device group](get-machine-group-exposure-score.md)|[Score](score.md)|List scores by device group. +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + ## Properties Property|Type|Description |
security | Stop And Quarantine File | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/stop-and-quarantine-file.md | Delegated (work or school account)|Machine.StopAndQuarantine|'Stop And Quarantin > > - The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Switch To Mde Phase 2 | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-phase-2.md | Keep the following points in mind: Device groups, device collections, and organizational units enable your security team to manage and assign security policies efficiently and effectively. The following table describes each of these groups and how to configure them. Your organization might not use all three collection types. +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + |Collection type|What to do| ||| |[Device groups](/microsoft-365/security/defender-endpoint/machine-groups) (formerly called *machine groups*) enable your security operations team to configure security capabilities, such as automated investigation and remediation. <br/><br/> Device groups are also useful for assigning access to those devices so that your security operations team can take remediation actions if needed. <br/><br/> Device groups are created while the attack was detected and stopped, alerts, such as an "initial access alert," were triggered and appeared in the [Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender).|1. Go to the Microsoft 365 Defender portal (<https://security.microsoft.com>).<br/><br/>2. In the navigation pane on the left, choose **Settings** \> **Endpoints** \> **Permissions** \> **Device groups**.<br/><br/>3. Choose **+ Add device group**.<br/><br/>4. Specify a name and description for the device group.<br/><br/>5. In the **Automation level** list, select an option. (We recommend **Full - remediate threats automatically**.) To learn more about the various automation levels, see [How threats are remediated](/microsoft-365/security/defender-endpoint/automated-investigations#how-threats-are-remediated).<br/><br/>6. Specify conditions for a matching rule to determine which devices belong to the device group. For example, you can choose a domain, OS versions, or even use [device tags](/microsoft-365/security/defender-endpoint/machine-tags).<br/><br/>7. On the **User access** tab, specify roles that should have access to the devices that are included in the device group.<br/><br/>8. Choose **Done**.| |
security | Switch To Mde Troubleshooting | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting.md | audience: ITPro - m365solution-scenario - M365-security-compliance+- highpri Last updated 05/20/2022 |
security | Unisolate Machine | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/unisolate-machine.md | Delegated (work or school account)|Machine.Isolate|'Isolate machine' > > - The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Unrestrict Code Execution | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/unrestrict-code-execution.md | Delegated (work or school account)|Machine.RestrictExecution|'Restrict code exec > > - The user needs to have at least the following role permission: 'Active remediation actions' (See [Create and manage roles](user-roles.md) for more information) > - The user needs to have access to the device, based on device group settings (See [Create and manage device groups](machine-groups.md) for more information)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Update Alert | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/update-alert.md | Delegated (work or school account)|Alert.ReadWrite|'Read and write alerts' > > - The user needs to have at least the following role permission: 'Alerts investigation' (For more information, see [Create and manage roles](user-roles.md) ) > - The user needs to have access to the device associated with the alert, based on device group settings (For more information, see [Create and manage device groups](machine-groups.md)+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | Update Machine Method | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/update-machine-method.md | Delegated (work or school account)|Machine.ReadWrite|'Read and write machine inf > When obtaining a token using user credentials: > - The user needs to have at least the following role permission: 'Alerts investigation'. For more information, see [Create and manage roles](user-roles.md). > - The user needs to have access to the device associated with the alert, based on device group settings. For more information, see [Create and manage device groups](machine-groups.md).+> +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. ## HTTP request |
security | User Roles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/user-roles.md | The following steps guide you on how to create roles in Microsoft 365 Defender. > [!IMPORTANT] > After creating roles, you'll need to create a device group and provide access to the device group by assigning it to a role that you just created. +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + ### Permission options - **View data** |
security | Web Content Filtering | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-content-filtering.md | search.appverid: met150 > [!TIP] > Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-main-abovefoldlink&rtc=1) + ## What is web content filtering? Web content filtering is part of the [Web protection](web-protection-overview.md) capabilities in Microsoft Defender for Endpoint and Microsoft Defender for Business. Web content filtering enables your organization to track and regulate access to websites based on their content categories. Many of these websites (even if they're not malicious) might be problematic because of compliance regulations, bandwidth usage, or other concerns. Configure policies across your device groups to block certain categories. Blocking a category prevents users within specified device groups from accessing URLs associated with the category. For any category that's not blocked, the URLs are automatically audited. Your users can access the URLs without disruption, and you'll gather access statistics to help create a more custom policy decision. Your users will see a block notification if an element on the page they're viewing is making calls to a blocked resource. +> [!NOTE] +> Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. + Web content filtering is available on the major web browsers, with blocks performed by Windows Defender SmartScreen (Microsoft Edge) and Network Protection (Chrome, Firefox, Brave, and Opera). For more information about browser support, see the [prerequisites](#prerequisites) section. ## Benefits of web content filtering |
security | Web Protection Overview | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/web-protection-overview.md | Web content filtering includes: - Users are prevented from accessing websites in blocked categories, whether they are browsing on-premises or away. - You can conveniently deploy varied policies to various sets of users using the device groups defined in the [Microsoft Defender for Endpoint role-based access control settings](/microsoft-365/security/defender-endpoint/rbac).+ > [!NOTE] + > Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. - You can access web reports in the same central location, with visibility over actual blocks and web usage. For more information, see [Web content filtering](web-content-filtering.md). |
security | Whats New In Microsoft Defender Endpoint | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md | ms.pagetype: security ms.localizationpriority: medium Previously updated : 09/12/2022 Last updated : 09/23/2022 audience: ITPro For more information on preview features, see [Preview features](preview.md). > https://learn.microsoft.com/api/search/rss?search=%22features+are+generally+available+%28GA%29+in+the+latest+release+of+Microsoft+Defender+for+Endpoint%22&locale=en-us&facet= > ``` +For more information on what's new with Microsoft Defender for Endpoint on Windows, see: +[What's new in Microsoft Defender for Endpoint on Windows](windows-whatsnew.md) + For more information on what's new with other Microsoft Defender security products, see: - [What's new in Microsoft 365 Defender](../defender/whats-new.md) For more information on Microsoft Defender for Endpoint on other operating syste ## September 2022 +- [Built-in protection](built-in-protection.md) (preview) is rolling out. Built-in protection is a set of default settings, such as tamper protection turned on, to help protect devices from ransomware and other threats. + - [Device health reporting is now generally available](device-health-reports.md). <br/>The device health report provides information about the health and security of your endpoints. The report includes trending information showing the sensor health state, antivirus status, OS platforms, Windows 10 versions, and Microsoft Defender Antivirus update versions. - [Troubleshooting mode](enable-troubleshooting-mode.md) is now available for more Windows operating systems, including Windows Server 2012 R2 and above. See the article for more information about the required updates. |
security | Windows Whatsnew | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/windows-whatsnew.md | + + Title: What's new in Microsoft Defender for Endpoint on Windows +description: Learn about the latest feature releases of Microsoft Defender for Endpoint on Windows Client and Server. +keywords: microsoft, defender, Microsoft Defender for Endpoint, windows, windows client, windows server, whats new +search.appverid: met150 ++ms.mktglfcycl: secure +ms.sitesec: library +ms.pagetype: security +++ms.localizationpriority: medium Last updated : 09/20/2022++audience: ITPro ++- m365-security-compliance +++++# What's new in Microsoft Defender for Endpoint on Windows +++**Applies to:** ++- [Microsoft Defender for Endpoint Plan 1](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft Defender for Endpoint Plan 2](https://go.microsoft.com/fwlink/p/?linkid=2154037) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) ++> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-pullalerts-abovefoldlink) ++All updates contain: +- Performance improvements +- Serviceability improvements +- Integration improvements (Cloud, [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804)) ++<details> + <summary>Aug-2022 (Release version: 10.8210.*)</summary> ++|OS |KB |Release version | +|||| +|Windows Server 2012 R2, 2016 |[KB 5005292](https://support.microsoft.com/en-us/topic/microsoft-defender-for-endpoint-update-for-edr-sensor-f8f69773-f17f-420f-91f4-a8e5167284ac)|10.8210.22621.1011| +|Windows 11 21H2 (Cobalt)<br> (Windows 11 SV 21H2) | [KB 5016691](https://support.microsoft.com/en-us/topic/august-25-2022-kb5016691-os-build-22000-918-preview-59097044-915a-49a0-8870-49823236adbd) | 10.8210.22000.918 | +|Server 2022 (Iron) | [KB 5016693](https://support.microsoft.com/en-us/topic/august-16-2022-kb5016693-os-build-20348-946-preview-ee90d0bc-c162-4124-b7c6-f963ee7b17ed) |10.8210.20348.946 | +|Windows 10 20H2/21H1/21H2<br> Windows Server 20H2 (Vibranium) | [KB 5016688](https://support.microsoft.com/en-us/topic/august-26-2022-kb5016688-os-builds-19042-1949-19043-1949-and-19044-1949-preview-ec31ebdc-067d-44dd-beb0-eabcc984d843) | 10.8210.19041.1949 | +|Windows Server 2019 (RS5) |[KB 5016690](https://support.microsoft.com/en-us/topic/august-23-2022-kb5016690-os-build-17763-3346-preview-b81d1ac5-75c7-42c1-b638-f13aa4242f42) |10.8210.17763.3346 | ++**What's new** ++- Added a fix to resolve a missing intermediate certificate issue with the use of ΓÇ£TelemetryProxyServerΓÇ¥ on Windows Server 2012 R2 running the unified agent. +- Enhanced Endpoint DLP with ability to protect password protected and encrypted files and not label files. +- Enhanced Endpoint DLP with support for context data in audit telemetry (short evidence). +- Improved Microsoft Defender for Endpoint client authentication support for VDI devices. +- Enhanced Microsoft Defender for EndpointΓÇÖs ability to identify and intercept ransomware and advanced attacks. +- The Contain feature now supports more desktop and server versions to perform the Contain action and block discovered devices when these are contained. +- Expanded the troubleshooting mode feature to additional desktop and server versions. For a complete list of supported OS versions and more information about prerequisites, see [Get started with troubleshooting mode in Microsoft Defender for Endpoint](enable-troubleshooting-mode.md). +- Live Response improvements include reduced session creation latency when using proxies, an undo Remediation manual command, support for OneDrive share in FindFile action, and improved isolation and stability. +- [Security Management for Microsoft Defender for Endpoint](security-config-management.md#configure-your-tenant-to-support-microsoft-defender-for-endpoint-security-configuration-management) now provides the ability to sync the device configuration on demand instead of waiting for a specific cadence. ++<br/> +</details> ++See also: +- [What's new in Microsoft Defender for Endpoint](whats-new-in-microsoft-defender-endpoint.md) +- [What's new in Defender for Endpoint on macOS](mac-whatsnew.md) +- [What's new in Defender for Endpoint on iOS](ios-whatsnew.md) +- [What's new in Defender for Endpoint on Linux](linux-whatsnew.md) |
security | Integrate Microsoft 365 Defender Secops Plan | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-plan.md | audience: ITPro - M365-security-compliance - m365solution-m365dsecops+ - highpri search.appverid: - MOE150 |
security | Integrate Microsoft 365 Defender Secops Readiness | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-readiness.md | audience: ITPro - M365-security-compliance - m365solution-m365dsecops+ - highpri search.appverid: - MOE150 |
security | Integrate Microsoft 365 Defender Secops Roles | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-roles.md | audience: ITPro - M365-security-compliance - m365solution-m365dsecops+ - highpri search.appverid: - MOE150 |
security | Integrate Microsoft 365 Defender Secops Services | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-services.md | audience: ITPro - M365-security-compliance - m365solution-m365dsecops+ - highpri search.appverid: - MOE150 |
security | Integrate Microsoft 365 Defender Secops Tasks | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-tasks.md | audience: ITPro - M365-security-compliance - m365solution-m365dsecops+ - highpri search.appverid: - MOE150 |
security | Integrate Microsoft 365 Defender Secops Use Cases | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops-use-cases.md | audience: ITPro - M365-security-compliance - m365solution-m365dsecops+ - highpri search.appverid: - MOE150 |
security | Integrate Microsoft 365 Defender Secops | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/integrate-microsoft-365-defender-secops.md | + - highpri search.appverid: - MOE150 |
security | Teams Access Policies | https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/teams-access-policies.md | + - highpri search.appverid: met150 |