Updates from: 09/03/2021 03:12:31
Category Microsoft Docs article Related commit history on GitHub Change details
admin Activity Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/activity-reports.md
You can't generate a report where you enter a user's account and then get a list
There are circumstances where new users show up as **unknown**. This is usually due to occasional delays in creating user profiles.
-## Hide user details in the reports
+## Show user details in the reports
Reports provide information about your organizationΓÇÖs usage data. By default, reports display information with identifiable names for users, groups, and sites. Starting September 1, 2021, we are hiding user information by default for all reports as part of our ongoing commitment to help companies support their local privacy laws.
admin Browser Usage Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/browser-usage-report.md
The Microsoft 365 **Reports** dashboard shows you an activity overview across th
1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page. 2. From the dashboard homepage, click on the **View more** button on the Microsoft browser usage card.
+## How to notify users to upgrade their browser
+
+![Microsoft browser usage report action flow](../../media/1ef4eb08-18b8-4dda-aa15-1aad013ecd70.png)
+
+Global admins can opt-in to sending messages to users, who are using Microsoft 365 services on Edge Legacy (unsupported) and Internet Explorer (soon to be unsupported). This targeted message notifies users that support for these browsers will send soon and links to a support article with information on Microsoft Edge and simple steps to follow to switch browsers.
+
+You can find this feature on the report page. Once the message is created, users will get notified at the frequency specified until August 17, 2021. You can turn off this feature at any time to stop sending notifications to users. To begin sending notifications again, turn the feature back on.
+ ## Interpret the Microsoft browser usage report ![Microsoft browser usage report.](../../media/95557c88-24ee-417d-a828-96ba00b17aaf.png)
admin Scoped Certified Application Installation And Config https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/scoped-certified-application-installation-and-config.md
Title: "Scoped Certified application installation and configuration guide"
+ Title: "Microsoft 365 support integration with ServiceNow configuration guide"
f1.keywords: - NOCSH
search.appverid:
description: "Scoped Certified application installation and configuration guide for ServiceNow."
-# ­­­Scoped Certified application installation and configuration guide
+# Microsoft 365 support integration with ServiceNow configuration guide
[Overview](#overview)
Before setting up any configuration for Microsoft 365 support integration, revie
**Question #2** If you have multiple tenants, do you plan to use a single tenant integrated with your ServiceNow environment for Microsoft 365 support integration?
-This table identifies features available to you depending on the answers to these questions and the links to the specific instructions for how to set up Microsoft 365 support integration. For a description of each feature, see [Microsoft 365 support integration](https://store.servicenow.com/sn_appstore_store.do#!/store/application/6d05c93f1b7784507ddd4227cc4bcb9f).
+Depending on your answers to the questions above, this table tells you what features are available and how to set up Microsoft 365 support integration. For a description of each feature, see [Microsoft 365 support integration](https://store.servicenow.com/sn_appstore_store.do#!/store/application/6d05c93f1b7784507ddd4227cc4bcb9f).
|Question #1 Answer|Question #2 Answer|What features are available?|Configuration Steps| | | | | |
Some prerequisites are necessary to set up the Microsoft 365 support integration
1. Go to the App registrations page and create a new application.
- Select **Accounts in this organizational directory only ({TenantName} only ΓÇô Single tenant**.
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image3.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
- 1. Add redirect URL: `https://&lt;your-servicenow-instance&gt;.service-now.com/oauth\_redirect.do`.
+ 1. Add redirect URL: `https://{your-servicenow-instance}.service-now.com/oauth_redirect.do`.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image4.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
Some prerequisites are necessary to set up the Microsoft 365 support integration
2. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider in ServiceNow.
- 1. Go to **System OAuth** > **Application Registry**.
- 1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
+
+ 1. Go to **System OAuth** > **Application Registry**.
- 1. Create a new application with the values following values by selecting [Connect to a third party OAuth Provider](https://dev77417.service-now.com/wizard_view.do?sys_action=sysverb_wizard_ans&WIZARD:action=follow&wiz_referring_url=oauth_entity_list.do?sys_id=-1@99@sys_target=oauth_entity@99@sysparm_fixed_query=@99@sysparm_group_sort=@99@sysparm_parent=2c7cab53d7232100f20bc8170e61036b@99@sysparm_query=type%3dclient%5eORtype%3doauth_provider@99@sysparm_target=@99@sysparm_view=&wiz_collection_key=&wiz_collectionID=&wiz_collection=&wiz_collection_related_field=&wiz_view=&wiz_action=sysverb_new&sys_id=79ce2f53d7232100f20bc8170e610361&sysparm_query=type=client%5eORtype=oauth_provider&sysparm_target=&sys_target=oauth_entity).
+ 1. Create a new application with the values following values by selecting **Connect to a third party OAuth Provider**.
- Client ID: The Client ID of the application created in step \#1
Some prerequisites are necessary to set up the Microsoft 365 support integration
- Default Grant type: Client Credentials
- - Token URL: `https://login.microsoftonline.com/{M365\_Tenant\_Name}/oauth2/token`
+ - Token URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/oauth2/token`
- - Redirect URL:
+ - Redirect URL: https://{service-now-instance-name}.service-now.com/auth_redirect.do
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
3. \[The person who is a ServiceNow admin\] Set up Inbound OAuth Provider.
- 1. Go to **System OAuth** > **Application Registry**.
- 1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**. :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, application Description automatically generated":::
+ 1. Go to **System OAuth** > **Application Registry**.
+ 1. Create a new application by selecting **Create an OAuth API endpoint for external clients**. Name the inbound OAuth provider and leave other fields at their defaults. :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image7.png" alt-text="Graphical user interface, application Description automatically generated":::
Some prerequisites are necessary to set up the Microsoft 365 support integration
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image8.png" alt-text="Graphical user interface, application Description automatically generated":::
-### \[Optional\] Allow the serviceΓÇÖs Ips of Microsoft 365 support integration
+### \[Optional\] Allow the serviceΓÇÖs IPs of Microsoft 365 support integration
If your company is limiting internet access with your own policies, enable network access for the service of Microsoft 365 support integration by allowing the IP addresses below for both inbound and outbound API access.
Select the following settings, and then select **Next**.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image17.png" alt-text="Graphical user interface, text, application Description automatically generated":::
- 1. Go to Microsoft 365 [Admin Portal](https://admin.microsoft.com/) > **Settings** > **Settings** > **Organization profiles**.
+ 1. Go to Microsoft 365 [Admin Portal](https://admin.microsoft.com/) > **Settings** > **Org settings** > **Organization profiles**.
1. Set up support integration settings:
Select the following settings, and then select **Next**.
Microsoft 365 support integration is enabled only for the user with one of these roles: -- [x\_mioms\_m365\_assis.insights\_user](https://ven01306.service-now.com/sys_user_role.do?sys_id=802b2adfdb4cac507c80230bd3961911&sysparm_record_target=sys_user_role&sysparm_record_row=2&sysparm_record_rows=2&sysparm_record_list=nameSTARTSWITHx_mioms_m365%5EORDERBYname)
+- x\_mioms\_m365\_assis.insights\_user
-- [x\_mioms\_m365\_assis.administrator](https://ven01306.service-now.com/sys_user_role.do?sys_id=4b25c9fb1b7784507ddd4227cc4bcb3a&sysparm_record_target=sys_user_role&sysparm_record_row=1&sysparm_record_rows=2&sysparm_record_list=nameSTARTSWITHx_mioms_m365%5EORDERBYname)
+- x\_mioms\_m365\_assis.administrator
> [!NOTE] > The user with the role x\_mioms\_m365\_assis.insights\_user role can see Service Health Incidents, Recommended Solutions. The user with the role x\_mioms\_m365\_assis.administrator can also open a case with Microsoft 365 support.
-11. \[Optional\] \[The person who is a ServiceNow admin\] Link Microsoft 365 Admin account.
+11. \[Optional\] \[The user with role x_mioms_m365_assis.administrator\] Link Microsoft 365 Admin account.
If any user has the role x\_mioms\_m365\_assis.administrator and is using different Microsoft 365 accounts to manage a Microsoft 365 support case, they must go to Microsoft 365 support > Link Account to set up their Microsoft 365 admin email.
These prerequisite steps are necessary to set up the Microsoft 365 support integ
1. Go to the **App registrations** page and create a new application.
- Select **Accounts in this organizational directory only ({TenantName} only ΓÇô Single tenant**.
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image3.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
- 1. Add redirect URL: `https://&lt;your-servicenow-instance&gt;.service-now.com/auth\_redirect.do`
+ 1. Add redirect URL: `https://{your-servicenow-instance}.service-now.com/auth_redirect.do`
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image4.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
These prerequisite steps are necessary to set up the Microsoft 365 support integ
1. Go to **App registrations** and create a new application.
- Select **Accounts in this organizational directory only ({TenantName} only ΓÇô Single tenant**.
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image22.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
These prerequisite steps are necessary to set up the Microsoft 365 support integ
1. Log on to the [Azure Portal](https://portal.azure.com/) with your Microsoft 365 tenant credentials. 1. Go to the **App registrations** page and create a new application.
- 1. Select **Accounts in this organizational directory only ({TenantName} only ΓÇô Single tenant**.
+
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image23.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
These prerequisite steps are necessary to set up the Microsoft 365 support integ
4. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider in ServiceNow.
- 1. Go to **System OAuth** > **Application Registry**.
+ 1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**.
- 2. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
+ 1. Go to **System OAuth** > **Application Registry**.
- 3. Create a new application with the values below by selecting [Connect to a third party OAuth Provider](https://dev77417.service-now.com/wizard_view.do?sys_action=sysverb_wizard_ans&WIZARD:action=follow&wiz_referring_url=oauth_entity_list.do?sys_id=-1@99@sys_target=oauth_entity@99@sysparm_fixed_query=@99@sysparm_group_sort=@99@sysparm_parent=2c7cab53d7232100f20bc8170e61036b@99@sysparm_query=type%3dclient%5eORtype%3doauth_provider@99@sysparm_target=@99@sysparm_view=&wiz_collection_key=&wiz_collectionID=&wiz_collection=&wiz_collection_related_field=&wiz_view=&wiz_action=sysverb_new&sys_id=79ce2f53d7232100f20bc8170e610361&sysparm_query=type=client%5eORtype=oauth_provider&sysparm_target=&sys_target=oauth_entity).
+ 1. Create a new application with the values below by selecting **Connect to a third party OAuth Provider**.
- Client ID: The Client ID of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#1.
These prerequisite steps are necessary to set up the Microsoft 365 support integ
- Default Grant type: Client Credentials.
- - Token URL: `https://login.microsoftonline.com/{M365\_Tenan\_Name}/oauth2/token`
+ - Token URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/oauth2/token`
- Redirect URL:
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
-
-5. \[The person who is a ServiceNow admin\] Configure OIDC provider in ServiceNow, refer to the [online documentation](https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/security/task/add-OIDC-entity.html), otherwise go to step 7.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
- 1. Go to **System OAuth** > **Application Registry**.
+5. \[The person who is a ServiceNow admin\] Configure OIDC provider in ServiceNow, refer to the [online documentation](https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/security/task/add-OIDC-entity.html).
1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
+
+ 1. Go to **System OAuth** > **Application Registry**.
1. Select **New** > **Create new Open ID Connect Provider**.
These prerequisite steps are necessary to set up the Microsoft 365 support integ
- OIDC Provider: Contoso Azure
- - OIDC Metadata URL: `https://login.microsoftonline.com/{tenant\_name}/.well-known/openid-configuration`
+ - OIDC Metadata URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/.well-known/openid-configuration`
- UserClaim: **appId**
These prerequisite steps are necessary to set up the Microsoft 365 support integ
- OAuth OIDC Provider Configuration: The OIDC provider created in the last step. - Redirect URL:
- `https://{service\_now\_instance}.service-now.com/oauth\_redirect.do`
+ `https://{service-now-instance-name}.service-now.com/oauth_redirect.do`
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image25.png" alt-text="Graphical user interface, application Description automatically generated":::
These prerequisite steps are necessary to set up the Microsoft 365 support integ
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image26.png" alt-text="Graphical user interface, application Description automatically generated":::
-### \[Optional\] Allow the serviceΓÇÖs Ips of Microsoft 365 support integration
+### \[Optional\] Allow the serviceΓÇÖs IPs of Microsoft 365 support integration
If your company is limiting internet access with your own policies, enable network access for the service of Microsoft 365 support integration by allowing these IP addresses for both inbound and outbound API access:
Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD
1. Input the Client ID of the application that was created at [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#3 and select **Next**.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image14.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image39.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
7. \[The person who is a ServiceNow admin\] Set up the Repository ID.
Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD
1. Check the following information to make sure it's correct.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image17.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image40.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
- 1. Go to Microsoft 365 [Admin Portal](https://admin.microsoft.com) > **Settings** > **Settings** > **Organization profiles**.
+ 1. Go to Microsoft 365 [Admin Portal](https://admin.microsoft.com) > **Settings** > **Org settings** > **Organization profiles**.
1. Set up support integration settings.
- 1. On the **basic information** tab, select **Service Now** as the internal support tool, and type **Outbound App ID** as the value of Application ID on the Step - 6 Complete page, which was created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#1.
+ 1. On the **basic information** tab, select **Service Now** as the internal support tool, and type **Outbound App ID** as the value of Application ID on the Step - 6 Complete the integration page, which was created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#1.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image18.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD
1. Select **Next** to complete the integration.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image32.png" alt-text="Graphical user interface, application Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image32.png" alt-text="Graphical user interface, application Description automatically generated":::
10. \[The person who is a ServiceNow admin\] Enable Microsoft 365 support integration for an existing user. Microsoft 365 support integration is enabled only for users with the following roles: -- [x\_mioms\_m365\_assis.insights\_user](https://ven01306.service-now.com/sys_user_role.do?sys_id=802b2adfdb4cac507c80230bd3961911&sysparm_record_target=sys_user_role&sysparm_record_row=2&sysparm_record_rows=2&sysparm_record_list=nameSTARTSWITHx_mioms_m365%5EORDERBYname)
+- x\_mioms\_m365\_assis.insights\_user
-- [x\_mioms\_m365\_assis.administrator](https://ven01306.service-now.com/sys_user_role.do?sys_id=4b25c9fb1b7784507ddd4227cc4bcb3a&sysparm_record_target=sys_user_role&sysparm_record_row=1&sysparm_record_rows=2&sysparm_record_list=nameSTARTSWITHx_mioms_m365%5EORDERBYname)
+- x\_mioms\_m365\_assis.administrator
> [!NOTE] > The user with the role x\_mioms\_m365\_assis.insights\_user can see Service Health Incidents, Recommended Solutions. The user with the role x\_mioms\_m365\_assis.administrator also can open a case with Microsoft 365 support.
-11. **\[Optional\] \[The person who is a ServiceNow admin\] Link Microsoft 365 Admin account**
+11. **\[Optional\] \[The user with role x_mioms_m365_assis.administrator\] Link Microsoft 365 Admin account**
If any user has the role ΓÇ£x\_mioms\_m365\_assis.administratorΓÇ¥ and they're using different Microsoft 365 accounts to manage Microsoft support cases, they must go to Microsoft 365 support > Link Account to set up their Microsoft 365 admin email.
These prerequisite steps are necessary to set up Microsoft 365 support integrati
1. Go to the **App registrations** page and create a new application.
- 1. Select **Accounts in this organizational directory only ({TenantName} only ΓÇô Single tenant**.
+ Select **Accounts in this organizational directory only ({microsoft-365-tenant-name} only ΓÇô Single tenant**.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image3.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
- 1. Add redirect URL: `https://&lt;your-servicenow-instance&gt;.service-now.com/auth\_redirect.do`
+ 1. Add redirect URL: `https://{your-servicenow-instance}.service-now.com/auth_redirect.do`
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image4.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
These prerequisite steps are necessary to set up Microsoft 365 support integrati
1. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider in ServiceNow.
- 1. Go to **System OAuth** > **Application Registry**.
- 1. If the scope is not set to **Global**, open **Settings** > **Developer** > **Applications** to switch to **Global**. :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image5.png" alt-text="Graphical user interface, text, application, chat or text message Description automatically generated":::
- 1. Create a new application with the values below by selecting [Connect to a third party OAuth Provider](https://dev77417.service-now.com/wizard_view.do?sys_action=sysverb_wizard_ans&WIZARD:action=follow&wiz_referring_url=oauth_entity_list.do?sys_id=-1@99@sys_target=oauth_entity@99@sysparm_fixed_query=@99@sysparm_group_sort=@99@sysparm_parent=2c7cab53d7232100f20bc8170e61036b@99@sysparm_query=type%3dclient%5eORtype%3doauth_provider@99@sysparm_target=@99@sysparm_view=&wiz_collection_key=&wiz_collectionID=&wiz_collection=&wiz_collection_related_field=&wiz_view=&wiz_action=sysverb_new&sys_id=79ce2f53d7232100f20bc8170e610361&sysparm_query=type=client%5eORtype=oauth_provider&sysparm_target=&sys_target=oauth_entity).
+ 1. Go to **System OAuth** > **Application Registry**.
+
+ 1. Create a new application with the values below by selecting **Connect to a third party OAuth Provider**.
- Client ID: The **Client ID** of the application created in [Prerequisites (Insights ONLY)](#prerequisites-insights-only) step \#1
These prerequisite steps are necessary to set up Microsoft 365 support integrati
- Default Grant type: Client Credentials
- - Token URL: `https://login.microsoftonline.com/{M365\_Tenan\_Name}/oauth2/token`
+ - Token URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/oauth2/token`
- - Redirect URL: `https://{ServiceNow\_Istance\_Name}.service-now.com/oauth\_redirect.do`
+ - Redirect URL: `https://{servicenow-instance-name}.service-now.com/oauth_redirect.do`
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
Specify the repository ID and select **Next**.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image35.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
- 1. Go to Microsoft 365 [Admin Portal](https://admin.microsoft.com) > **Settings** > **Settings** > **Organization profiles**.
+ 1. Go to Microsoft 365 [Admin Portal](https://admin.microsoft.com) > **Settings** > **Org settings** > **Organization profiles**.
1. Set up support integration settings with the information shown in setup flow.
Specify the repository ID and select **Next**.
Microsoft 365 support integration is enabled only for these user roles: -- [x\_mioms\_m365\_assis.insights\_user](https://ven01306.service-now.com/sys_user_role.do?sys_id=802b2adfdb4cac507c80230bd3961911&sysparm_record_target=sys_user_role&sysparm_record_row=2&sysparm_record_rows=2&sysparm_record_list=nameSTARTSWITHx_mioms_m365%5EORDERBYname)
+- x\_mioms\_m365\_assis.insights\_user
-- [x\_mioms\_m365\_assis.administrator](https://ven01306.service-now.com/sys_user_role.do?sys_id=4b25c9fb1b7784507ddd4227cc4bcb3a&sysparm_record_target=sys_user_role&sysparm_record_row=1&sysparm_record_rows=2&sysparm_record_list=nameSTARTSWITHx_mioms_m365%5EORDERBYname)
+- x\_mioms\_m365\_assis.administrator
> [!NOTE]
-> The user with the role x\_mioms\_m365\_assis.insights\_user can see Service Health Incidents, Recommended Solutions. The user with the role x\_mioms\_m365\_assis.administrator also can open a case with Microsoft 365 support.
-
-11. \[Optional\] \[The person who is a ServiceNow admin\] Link Microsoft 365 Admin account.
-
-If any user has the role ΓÇ£x\_mioms\_m365\_assis.administrator and is using different Microsoft 365 accounts to manage a Microsoft support case, they must go to Microsoft 365 support > Link Account to set up their Microsoft 365 admin email.
-
+> The user with the role x_mioms_m365_assis.insights_user can see Service Health Incidents, Recommended Solutions. The user with the role x_mioms_m365_assis.administrator also can open a case with Microsoft 365 support. With Insights ONLY, no one should be assigned the role x_mioms_m365_assis.administrator.
## Testing the configuration
admin Setup Apps For Business https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-apps-for-business.md
To take a tour of Microsoft 365 and learn how to use all the Office mobile apps,
## Add a custom domain
-During the sign-up you chose an .onmicrosoft domain. You can also add a custom domain, like *contoso.com*, to your account to personalize the emails. For more information, see [add a domain](add-domain.md).
+During the sign-up you chose an .onmicrosoft domain. You can also add a custom domain, like *contoso.com*, to your account to personalize the emails. For more information, see [add a domain](add-domain.md).
admin Setup Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/setup/setup-business-standard.md
Title: "Set up Microsoft 365 Business Standard"
+ Title: "Set up Microsoft 365 Business Standard with a new or existing domain"
f1.keywords: - NOCSH--++ audience: Admin
search.appverid:
description: "When you purchase Microsoft 365 Business Standard, you have the option of using a domain you own, or buying one during the sign-up."
-# Set up Microsoft Business Standard
+# Set up Microsoft 365 Business Standard with a new or existing domain
+When you purchase Microsoft 365 Business Standard, you have the option of adding a domain you own, or buying one. Check out [Sign up for a Microsoft 365 Business Standard subscription](../simplified-signup/signup-business-standard.md).
+In this article, we'll walk you through the steps of adding an existing domain your already own or buying a new one. If you purchased a new domain when you signed up, your domain is all set up and you can move to [Add users and assign licenses](#add-users-and-assign-licenses).
-## Add your domain to personalize sign-in
+## Before you begin
-When you purchase Microsoft 365 Business Standard, you have the option of using a domain you own, or buying one during the sign-up.
+To add, modify or remove domains you must be a global administrator. For more info, see [About admin roles](../add-users/about-admin-roles.md).
-- If you purchased a new domain when you signed up, your domain is all set up and you can move to [Add users and assign licenses](#add-users-and-assign-licenses).
+> [!IMPORTANT]
+> The person who signs up for Microsoft 365 for business (usually the business owner) automatically becomes the technical administrator of the organization. You can add other people as admins if you want help managing your Microsoft 365 services. Check out [Add an admin](../../business-video/add-admin.md) for more info.
-1. Sign in to [Microsoft 365 admin center](https://admin.microsoft.com) by using your global admin credentials.
+## Watch: Add an existing domain to your Microsoft 365 Business Standard subscription
-2. Choose **Go to setup** to start the wizard.
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWxApu]
-3. On the **Install your Office apps** page, you can optionally install the apps on your own computer.
-
-4. In the **Add domain** step, enter the domain name you want to use (like contoso.com).
+## Steps: Add an existing domain to your Microsoft 365 Business Standard subscription
+
+1. From the **How you'll sign in** page on the Microsoft 365 Business Standard sign up, choose **Create a new business email account (advanced)**.
+
+2. On the **Install your Office apps** page, you can optionally install the apps on your own computer.
+
+3. In the **Add domain** step, enter the domain name you want to use (like contoso.com).
> [!IMPORTANT] > If you purchased a domain during the sign-up, you will not see **Add a domain** step here. Go to [Add users](#add-users-and-assign-licenses) instead.
-
-4. Follow the steps in the wizard to [Create DNS records at any DNS hosting provider for Office 365](/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider) that verifies you own the domain. If you know your domain host, see also [Add a domain to Microsoft 365](/microsoft-365/admin/setup/add-domain).
+4. Follow the steps to [Create DNS records at any DNS hosting provider for Office 365](/office365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider) that verifies you own the domain. If you know your domain host, see also [Add a domain to Microsoft 365](/microsoft-365/admin/setup/add-domain).
If your hosting provider is GoDaddy or another host enabled with [domain connect](/office365/admin/get-help-with-domains/domain-connect), the process is easy and you'll be automatically asked to sign in and let Microsoft authenticate on your behalf.
When you purchase Microsoft 365 Business Standard, you have the option of using
## Add users and assign licenses
-You can add users in the wizard, but you can also [add users later](../add-users/add-users.md) in the admin center. Additionally, if you have a local domain controller, you can add users with [Azure AD Connect](/azure/active-directory/hybrid/how-to-connect-install-express).
+You can add users now, but you can also [add users later](../add-users/add-users.md) in the admin center.
-## Add users in the wizard
+Any users you add get automatically assigned a Microsoft 365 Business Standard license.
-Any users you add in the wizard get automatically assigned a Microsoft 365 Business Standard license.
-
-1. If your Microsoft 365 Business Standard subscription has existing users (for example, if you used Azure AD Connect), you get an option to assign licenses to them now. Go ahead and add licenses to them as well.
+1. If your Microsoft 365 Business Standard subscription has existing users you get an option to assign licenses to them now. Go ahead and add licenses to them as well.
2. After you've added the users, you'll also get an option to share credentials with the new users you added. You can choose to print them out, email them, or download them. ## Connect your domain-
-> [!NOTE]
-> If you chose to use the .onmicrosoft domain, or used Azure AD Connect to set up users, you will not see this step.
-To set up services, you have to update some records at your DNS host or domain registrar.
+To set up services, you have to update records at your DNS host or domain registrar.
-1. The setup wizard typically detects your registrar and gives you a link to step-by-step instructions for updating your NS records at the registrar website. If it doesn't, [Change nameservers to set up Office 365 with any domain registrar](../get-help-with-domains/change-nameservers-at-any-domain-registrar.md).
+1. The setup wizard typically detects your registrar and gives you a link to step-by-step instructions for updating your NS records at the registrar website. If it doesn't, [Change nameservers to set up Office 365 with any domain registrar](../get-help-with-domains/change-nameservers-at-any-domain-registrar.md).
- If you have existing DNS records, for example an existing web site, but your DNS host is enabled for [domain connect](/office365/admin/get-help-with-domains/domain-connect), choose **Add records for me**. On the **Choose your online services** page, accept all the defaults, and choose **Next**, and choose **Authorize** on your DNS host's page. - If you have existing DNS records with other DNS hosts (not enabled for domain connect), you'll want to manage your own DNS records to make sure the existing services stay connected. See [domain basics](/office365/admin/get-help-with-domains/dns-basics) for more info.
To set up services, you have to update some records at your DNS host or domain r
For more information about the setup wizard and the admin center **Setup** page, see [Difference between the setup wizard and the Setup page](o365-setup-wizard-and-setup-page.md).
+## Watch: Set up business email with a new domain
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWyVVA]
+
+## Steps: Set up business email with a new domain
+
+1. From the **How you'll sign in** page on the Microsoft 365 Business Standard sign up, choose **Create a new business email account (advanced)**.
+
+2. Follow the steps to buy a new domain and enter the domain name you want to use (like contoso.com). After you've completed buying your domain, you can [add users and licenses](../add-users/add-users.md) and install your Office apps in the admin center.
+ ## Finish setting up
-### Set up Outlook for email
+Follow the steps below to set up Outlook, Teams, OneDrive and your website.
+
+### Step: Set up Outlook for email
1. On the Windows Start menu, search for Outlook, and select it.
If you were using Outlook with another email account, you can import your previo
More at [Import email with Outlook](https://support.microsoft.com/office/6a3771d4-4c1d-4a25-92a6-0b8e476335de). You can also use Exchange admin center to import everyone's email. For more information, see [migrate multiple email accounts](/Exchange/mailbox-migration/mailbox-migration).
-
-### Use a public website
+
+## Set up Microsoft Teams and OneDrive for business
+
+Select the OneDrive cloud icon from your taskbar and follow the steps to move your files to your new OneDrive for Business folder. Select **Next** to set up Microsoft Teams.
+
+1. Open Microsoft Teams, select your profile icon, and then **Add work or school account**. Follow the steps to add your new account to Teams.
+
+## Use a public website
Microsoft 365 doesn't include a public website for your business. If you want to set one up, consider using a Microsoft partner, such as GoDaddy or WIX.
Microsoft 365 doesn't include a public website for your business. If you want to
## Related content
-[Create a website](../../business-video/create-web-site.md) (video)\
-[Microsoft 365 for your business](../../business-video/index.yml) (link page)
+[Migrate data to my Microsoft 365 Business Standard subscription](../simplified-signup/migrate-data-business-standard.md)
+
+[Sign up for a Microsoft 365 Business Standard subscription](../simplified-signup/signup-business-standard.md)
+
+[Accept an invitation to a Microsoft 365 Business Standard subscription (User)](../simplified-signup/user-invite-business-standard.md)
admin Admin Invite Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/admin-invite-business-standard.md
+
+ Title: "Invite users to Microsoft 365 Business Standard subscription"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- Adm_TOC
+
+- AdminSurgePortfolio
+description: "Invite users to join Microsoft 365 Business Standard organization"
++
+# Invite users to Microsoft 365 Business Standard (Admin)
+
+As the admin of a Microsoft 365 Business Standard subscription, you can invite your colleagues and coworkers to share and use your Microsoft 365 for business subscription. When you invite your colleagues and coworkers to your subscription, you share all the following features and
+
+- Get desktop versions of Office apps, including Outlook, Word, Excel, PowerPoint, and OneNote (plus Access and Publisher for PC only).
+- Create a hub for teamwork to connect people using Microsoft Teams.
+- Store and share files with 1 TB of OneDrive cloud storage per user.
+- Use one license to cover fully installed Office apps on five mobile devices, five tablets, and five PCs or Macs per user.
+- Get help anytime with around-the-clock phone and web support from Microsoft.
+
+> [!IMPORTANT]
+> The person who signs up for Microsoft 365 for business (usually the business owner) automatically becomes the technical administrator of the organization. You can add other people as admins if you want help managing your Microsoft 365 services. Check out [Add an admin](../../business-video/add-admin.md) for more info.
+
+## Before you begin
+
+Make sure youΓÇÖve already [signed up for Microsoft 365 Business Standard](signup-business-standard.md) and youΓÇÖve [set up your Business Standard organization](../setup/setup-business-standard.md). Once youΓÇÖve completed those steps, you can share an invite to your users.
+
+## Share an invitation to a Microsoft 365 Business Standard subscription
+
+1. In the Microsoft 365 admin center, select **Invite people to Microsoft 365**.
+
+2. Add the usernames and email addresses for the people you want to invite and choose **Send**. An invitation email will be sent to all the users you selected to add their user account information to Microsoft 365.
+
+## Next steps
+
+Follow up with your users and make sure they got the email invite you sent about sharing your Microsoft 365 Business Standard subscription.
+
+## Frequently asked questions
+
+### I shared an email invite but the user didnΓÇÖt receive the email?
+
+- Ask user to check their spam folder.
+- Resend the invite email in the Microsoft 365 admin center. From the admin center, hover over the user and select the action to resend email invite.
+- Make sure the email address you entered for your user is correct.
+
+### How can I help an employee join my business and leave another business?
+
+There are a couple of options in this case:
+
+1. They can contact the business owner or admin of the other business and ask to be removed from that business. You can then add them to your organization.
+
+2. They can remove themselves by following the steps below:
+
+ 1. Go to https://myapps.microsoft.com/.
+ 2. Sign in to your account and select your profile initials.
+ 3. Select **View account** > **Manage organizations** > **Leave organization**
+ 4. Select **Leave** > **OK**.
+
+### How do I help someone install Microsoft Office?
+
+Send them this article to help them install Office: [Download and install Microsoft 365 Office or Office 2019 on a PC or a MAC](https://support.microsoft.com/office/download-and-install-or-reinstall-microsoft-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658).
+
+### How do I meet common GDPR (General Data Protection Regulation) obligations for my organization?
+
+Under GDPR, an employee or customer may ask that you retrieve, or delete all information about them in your Microsoft cloud. For more info, check out, [Data Subject Requests](/compliance/regulatory/gdpr-data-subject-requests).
+
+To search data that's been saved in the Microsoft cloud as part of your Microsoft 365 Business subscription, you and each user youΓÇÖve invited will need to visit [https://account.microsoft.com/account/privacy](https://account.microsoft.com/account/privacy) to search data in locations such as OneDrive. In addition, you (business or admin) may need to search for employee account data that's saved in the [Azure Active Directory portal](/compliance/regulatory/gdpr-dsr-office365).
+
+Depending on how you and other users save documents, you and every user youΓÇÖve invited may need to use built in search, and delete functionality to discover what is saved on your Windows PCs or Macs, on business apps on smartphones, and on non-Microsoft apps and sites.
+
+> [!NOTE]
+> Once you attach a domain, and you and your users use business accounts to save data into the Microsoft cloud, you can conduct data subject requests on behalf of all users by following guidance in the [Office 365 Data Subject Requests for the GDPR and CCPA](/compliance/regulatory/gdpr-dsr-office365) topic.
+
+## Related content
+
+[Set up Microsoft 365 Business Standard](../setup/setup-business-standard.md)
+
+[Accept invite to Microsoft 365 Business Standard (User)](user-invite-business-standard.md)
admin Migrate Data Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/migrate-data-business-standard.md
+
+ Title: "Migrate data to my Microsoft 365 Business Standard subscription"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- Adm_TOC
+
+- AdminSurgePortfolio
+description: "Migrate your Outlook, OneDrive and Teams data to Microsoft 365 Business Standard"
++
+# Migrate data to my Microsoft 365 Business Standard subscription
+
+Follow the steps in this article to move your OneDrive, Outlook and Teams data to your Microsoft 365 Business Standard subscription.
+
+> [!IMPORTANT]
+> You can still keep your data in your personal account. The data in your personal account wonΓÇÖt expire once you create a new business email account and migrate your data. You can move all your data to your new business account or you can move some of your data. For example, you can move your work documents to your business account, but keep your personal family photos in your personal account.
+
+## Move files to OneDrive for business
+
+This section describes how to move the files stored in your Microsoft 365 personal account to your Microsoft 365 business account. With both OneDrive accounts synced to your device, you can easily drag and drop the files between two OneDrive folders.
+
+1. Select the OneDrive white cloud icon in the Windows notification area and make sure your OneDrive personal account is synced to your device.
+
+ :::image type="content" source="../../media/ssu-onedrive-icons.png" alt-text="Screenshot: Select white cloud icon in the Windows notification area":::
+
+ > [!NOTE]
+ > You might need to select the **Show hidden icons** arrow next to the notification area to see the OneDrive icon. If the icon doesn't appear in the notification area, OneDrive might not be running. Select **Start**, type OneDrive in the search box, and then select OneDrive in the search results.
+
+2. To add your new business account, select **Help & Settings** > **Settings**.
+
+ :::image type="content" source="../../media/ssu-onedrive-help-settings.png" alt-text="Screenshot: Select Help & Settings to add an account":::
+
+3. In **Settings**, select **Account** > **Add an account**.
+
+4. When OneDrive Setup starts, enter your new business account, and then select **Sign in**.
+
+ :::image type="content" source="../../media/ssu-setup-onedrive.png" alt-text="Screenshot: Enter your email address on the OneDrive set up page":::
+
+ > [!NOTE]
+ > If you haven't set up OneDrive with your current Microsoft 365 personal account before, follow the steps above to set up your personal account on your device and sync your files before moving to the next steps.
+
+### Drag and drop files in OneDrive
+
+With both your Microsoft 365 personal and business accounts synced to your device, you can now move your files from your personal OneDrive folder to your new business OneDrive folder.
+
+1. In File Explorer, open your synced OneDrive folder that contains your files.
+
+2. Select and drag the files you want from your OneDrive personal folder to your new OneDrive business folder.
+
+ :::image type="content" source="../../media/ssu-onedrive-files-to-work-folder.png" alt-text="Screenshot: Drag and drop files to you new OneDrive for business folder":::
+
+### Notes about moving files from OneDrive personal to OneDrive for work
+
+- If youΓÇÖre moving a large number of files, we recommend that you move files in batches of no more than 100 files each.
+
+- Files you move from OneDrive personal to OneDrive for work are recognized as new files, and as a result, these files don’t retain metadata details such as Modified and Modified By.
+
+- If you shared files in OneDrive before, you'll need to share these files again in your new OneDrive for work after you move them. Also, once you share these files, we recommend that you delete the original files from OneDrive. This way, people won’t be able to refer to out-of-date copies of files you’d shared with them earlier.
+
+## Step: Set up Outlook for email
+
+1. On the Windows Start menu, search for Outlook, and select it.
+
+ (If you're using a Mac, open Outlook from the toolbar or locate it using the Finder.)
+
+ If you've just installed Outlook, on the Welcome page, select **Next**.
+
+2. Choose **File** \> **Info** \> **Add Account**.
+
+3. Enter your Microsoft email address and select **Connect**.
+
+## Watch: Set up Outlook for email
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/9fe86884-8a83-42cc-bca9-61a12e6dad31?autoplay=false]
+
+More at [Set up Outlook for email](https://support.microsoft.com/office/f5bf0cd1-e1f3-4b0d-a022-ecab17efe86f).
+
+### Import email
+
+If you were using Outlook with another email account, you can import your previous email, calendar, and contacts into your new Microsoft account.
+
+1. **Export your old email**
+
+ In Outlook, choose **File** \> **Open &amp; Export** \> **Import/Export**.
+
+ Select **Export to a File** and then follow the steps to export your Outlook Data File (.pst) and any subfolders.
+
+2. **Import your old email**
+
+ In Outlook, choose **File** \> **Open &amp; Export** \> **Import/Export** again.
+
+ This time, select **Import from another program or file** and follow the steps to import the backup file you created when you exported your old email.
+
+### Watch: Import and redirect email
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/40f7df36-9e24-44e5-8791-e9ed0dd8fd21?autoplay=false]
+
+More at [Import email with Outlook](https://support.microsoft.com/office/6a3771d4-4c1d-4a25-92a6-0b8e476335de).
+
+You can also use Exchange admin center to import everyone's email. For more information, see [migrate multiple email accounts](/Exchange/mailbox-migration/mailbox-migration).
+
+## Move data from your personal Microsoft Teams account to new Teams for work account
+
+1. Open Microsoft Teams, select your profile icon, and then **Add work or school account**.
+
+2. Follow the steps to add your new account to Teams for work. Check out [Sign in and get started with Teams](https://support.microsoft.com/office/sign-in-and-get-started-with-teams-6723dc43-dbc0-46e6-af49-8a2d1c5cb937) for more info.
+
+### Access Teams chats
+
+When you start using Teams with your new work account your data wonΓÇÖt be migrated over. The best way to see your old chats is to open your old Teams account and new work account side by side. You can do this by selecting the ME icon on the top right of Teams and choosing the accountΓÇÖs youΓÇÖd like to open. You can start using Teams with your new work account with your colleagues. Make sure to tell other users you chat with to start contacting you using your new Teams for work account.
+
+### Microsoft Teams meetings
+
+Once you have your new Microsoft Teams account for work set up, you can recreate your meetings in the Teams calendar. Remember to delete the original meetings in your old Teams account. This will allow you to access richer functionality - for example, calendar availability when scheduling, and the ability to record meetings. You can only delete meetings from your own Teams calendar, so make sure you let people who you have meetings with know that youΓÇÖll be recreating your meetings. As you transition to use your new Teams account for your meetings, if people who should be in your meetings are missing, contact them to make sure they havenΓÇÖt joined old meeting link.
+
+### Migrating contacts
+
+To migrate your contacts from your personal Teams account, find the contact's email address and add the user to your new Teams account for work.
+
+## Related content
+
+[Import or migrate email from Gmail or another email provider to Microsoft 365](../setup/migrate-email-and-contacts-admin.md)
+
+<!--## Download desktop apps
+
+Download Microsoft 365 apps by following the steps in this article.
+
+1. Open any of your Microsoft 365 apps, like Word, Excel or PowerPoint, select your profile icon and then **Sign in with a different account**. Follow the steps and choose **Next** to set up Outlook.
+
+2. Open Outlook, enter your new email address, and select **Connect**. Follow the steps and choose **Next** to set up OneDrive.
+
+3. Select the OneDrive cloud icon from your taskbar and follow the steps to move your files to your new OneDrive for Business folder. Select **Next** to set up Microsoft Teams.
+
+4. Open Teams, select your profile icon, and then **Add work or school account**. Follow the steps to add your new account to Teams. Select **I'm done** when Teams is set up.-->
+
+<!--## Next steps
+
+## Accept a new invitation to change your personal email account to a business email account
+
+Your email looks like this to set up your business user account. When you get this email, you'll have to complete a few steps before you can start using your new user account.
+
+(**Add screenshot here**)
+
+1. From the invitation email, select **Accept**.
+
+2. On the **Join Microsoft 365 Business...** page, select **Next**.
+
+3. On the Sign up page, make sure you use the email used in the invitation email, and create a password. Select **Create account**.
+
+3. Choose **Accept** on the **Terms and Conditions** page.
+
+1. On the Review permissions page, choose **Accept**.
+
+1. On the Welcome to Microsoft 365 page, you can download Office desktop and mobile apps, and set up OneDrive.-->
admin Signup Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/signup-business-standard.md
+
+ Title: "Sign up for a Microsoft 365 Business Standard"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- Adm_TOC
+
+- AdminSurgePortfolio
+description: "Purchase Microsoft 365 Business Standard and set up your organization."
++
+# Sign up for a Microsoft 365 Business Standard subscription
+
+There are a couple of ways to get Microsoft 365 Business Standard:
+- **[Buy](https://go.microsoft.com/fwlink/?linkid=2109397) Microsoft 365 Business Standard and complete your own setup**: To purchase Microsoft 365 Business Standard, [follow the steps below](#sign-up-steps).
+- **For Microsoft partners**: If you're a partner, see [Get Microsoft 365 Business](../../business/get-microsoft-365-business.md).
+
+**Need something different?** You can:
+
+- [Sign up for a home or family plan](https://go.microsoft.com/fwlink/?linkid=2109398) if you're not buying for a business.
+
+## Sign up steps
+
+To sign up and purchase Microsoft 365 Business Standard (or Microsoft 365 Apps) for your business, complete the following steps.
+
+> [!IMPORTANT]
+> The person who signs up for Microsoft 365 for business (usually the business owner) automatically becomes the technical administrator of the organization. You can add other people as admins if you want help managing your Microsoft 365 services. Check out [Add an admin](../../business-video/add-admin.md) for more info.
+
+1. On the [Microsoft 365 for business page](https://go.microsoft.com/fwlink/?linkid=2109654), select **See plans & pricing**.
+2. On the next page, find out the monthly cost, and then scroll down the page to find out more about what's included in Microsoft 365. Under Microsoft 365 Business Standard, select **Buy now**.
+3. On the **Thank you for choosing Microsoft 365 Business Standard** page, enter your information to get started. Select **Next**.
+4. Enter an email address that you already use. This can be any address you want Microsoft to use to communicate with you during setup. It is also the address where we'll send you information about your bill and renewals. Then select, **Set up account**.
+5. Enter your name, business phone number, business size, company name, and location. Your country or region determines the exact services you receive from Microsoft, and can't be changed after you complete this step. Select **Next**.
+
+ > [!NOTE]
+ > We display your company name in the admin center. This is where you manage Microsoft 365 users, licenses and other features and services. We also include it in any internal SharePoint site URLs.
+
+6. Help us make sure this is you. Enter a number that we can use to reach you and select **Send Verification Code**.
+
+ You'll receive a text. Enter your code and select **Verify**.
+
+7. Decide how you'll sign in to Microsoft 365. You can [create a new business email account](#option-2-create-a-new-business-email-account) by adding a domain or [sign in with your current personal email](#option-1-sign-in-with-your-outlook-hotmail-yahoo-gmail-or-other-email-account).
+
+### Option 1: Sign in with your Outlook, Hotmail, Yahoo, Gmail or other email account
+
+You'll sign into Microsoft 365 with this email address. For example, alliebellew@hotmail.com.
++
+1. Create a password on the next page, and select **Create account** to continue. On the next page, read about how we handle your data and select whether you want Microsoft Partners to contact you. Select **Next**.
+
+2. Select how many Microsoft 365 Business Standard licenses you want for your organization and select **Add payment method** and continue with checkout to **Place order**.
+
+3. On the **Confirmation details** page, we'll give you some more info about your subscription. You can now go to the Microsoft 365 admin center to add users, install Office apps, invite your team to use Microsoft 365 and more. We'll also send you an email with set up steps for Microsoft 365 Business Standard.
+
+This option provides the easiest, fastest way to get started with the core functionality of the Office desktop suite, Teams, Forms and OneDrive cloud storage. This option is recommended for very small businesses who don't need branded email immediately, or who already use branded email from a different provider and do not intend to switch to use Microsoft Exchange.
+
+<!--This option isn't recommended for larger businesses, including specialty industries such as healthcare or legal.-->
+
+You can add a business domain at any point to access the rest of the functionality of your Business Standard subscription, including:
+
+- Branded email, shared calendars within your business, Bookings appointment scheduling and Meeting recordings
+- Shared document storage and SharePoint sites
+- Microsoft Planner and Microsoft Lists
+- The widest range of integrations of non-Microsoft apps (e.g. Salesforce, Adobe) that work within Teams and Office.
+
+#### Next steps
+
+If you would like to add a domain and create a business email account, you can follow the steps in the articles below:
+
+- [Add a domain to Microsoft 365](../setup/add-domain.md)
+- [Finish setting up](../setup/setup-business-standard.md#finish-setting-up)
+
+### Option 2: Create a new business email account
+
+With this option, youΓÇÖll be able to use Microsoft 365 Exchange as your professional, branded email provider. All your users will have a shared domain email address. For example, their username, followed by @contoso.com. You and your users sign into Microsoft 365 with this new email address. When you follow this process (add a domain and create new business email accounts), youΓÇÖll get access to all the features provided in Microsoft 365 Business Standard. For steps on how to buy or add a domain, see [Set up Microsoft 365 Business Standard](../setup/setup-business-standard.md).
++
+This option provides immediate access to the full suite of features in your Microsoft 365 Business subscription but may require technical steps to be completed up front.
+
+> [!IMPORTANT]
+> You can follow these steps to purchase Microsoft 365 Apps as well. For more info, see [Set up Microsoft 365 Apps for business](../setup/setup-apps-for-business.md) after you purchase Microsoft 365 Apps for business.
+
+## Frequently asked questions
+
+### What is a business email and what are the advantages to setting one up?
+
+A business email is an email that uses your own domain name. For example, if you own the domain name `contoso.com`, you can build a website using the url `www.contoso.com`, but you can also have a custom email address such as yourname@contoso.com. This is referred to as a branded business email as it gives your email a professional look.
+
+### How do I get a new business email address?
+
+There are three options for getting a business email.
+
+- You can use a suggested onmicrosoft.com domain for free (someone@mybusiness.onmicrosoft.com).
+- You can buy a new domain to have a more compact email address (mybusinessname@contoso.com).
+- You use a domain name that you already own.
+
+### Why might I need to verify my domain to create a business email?
+
+If you choose to use a domain you already own, you can use it for your email address with Microsoft 365. As part of sign up process, we ask you to verify the domain so you can send emails via Microsoft 365. This confirms that you are the owner of the domain that is sending emails with that identity, which enhances security and prevents fraudulent activity.
+
+### Is there a benefit to paying monthly vs annually?
+
+To provide customers with the greatest amount of flexibility, different payment options are available.
+
+- Microsoft 365 Business Basic, Apps for business, Business Standard, and Business Premium plans are available for monthly commitment payment or annual commitment payment.
+- Monthly commitment payment: You pay month by month, and you can cancel at any time.
+- Annual commitment payment: You sign up for a one-year subscription, but you can choose to pay month to month or pay for the entire year at the time you sign up. There is a discount for using this payment option.
+
+### How does recurring billing work?
+
+When Recurring billing is on, your subscription will continue to be billed each year on the day you subscribed. You can turn it off or back on again in the admin center if your subscription is active. Learn more at [Turn recurring billing off or on](../../commerce/subscriptions/renew-your-subscription.md#turn-recurring-billing-off-or-on).
+
+### What if I want to change my business name in future? How do I do that?
+
+Contact our small business support experts who can help you change your business name. Learn more at [Get support](../../business-video/get-help-support.md).
+
+## Related articles
+
+[Set up Microsoft 365 Business Premium in the setup wizard](../../business/set-up.md)
+
+[Invite users to Microsoft 365 Business Standard](user-invite-business-standard.md)
admin User Invite Business Standard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/user-invite-business-standard.md
+
+ Title: "Accept an email invitation to Microsoft 365 Business Standard (User)"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- Adm_TOC
+
+- AdminSurgePortfolio
+description: "Accept invite to join a Microsoft 365 Business Standard organization"
++
+# Accept an email invitation to a Microsoft 365 Business Standard subscription (User)
+
+When youΓÇÖre already using Microsoft 365 Business with a Gmail, Outlook, Yahoo (or similar) email address, someone (for example your administrator or business owner) may invite you to upgrade Microsoft 365 to start using professional branded email. In this scenario, youΓÇÖll be switching email address and learning how to upgrade.
++
+If youΓÇÖre an admin of an organization where users are still using Gmail, Outlook, Yahoo or similar email addresses, and youΓÇÖre looking how to set up branded email, check out these steps instead: [Add a domain to Microsoft 365](../setup/add-domain.md) and [Set up your organization with email and cloud storage](../setup/setup-business-standard.md#finish-setting-up).
+
+> [!IMPORTANT]
+> If youΓÇÖre an admin and youΓÇÖre looking for steps on how to send a user an invite to your Microsoft 365 Business Standard subscription, check out [Invite users to Microsoft 365 Business Standard (Admin)](admin-invite-business-standard.md).
+
+## Join a business Microsoft 365 Business Standard organization
+
+Make sure you have your current account sign in details before you start these steps.
+
+1. From the invitation email, select **Set up this account**.
+
+2. Before you can sign in to your new business account, you'll have to set it up with your existing user account. Select **Sign in** to log into your existing user account.
+
+3. Read the information about how your data will be handled.
+
+4. On the **How you'll sign in** page, learn about your new account and select **Next**.
+
+5. On the **Add new account to desktop apps** page, open any Microsoft 365 app, select your profile and sign in with the new username and temporary password. select **Next**.
+
+6. Follow the steps on the **Add new account to Outlook** page to set up Outlook. Select **Next**.
+
+7. Follow the steps on the **Move files to OneDrive for Business** page to set up OneDrive. Select **Next**.
+
+8. On the **Add new account to Microsoft Teams** page, follow the steps to set up Teams. Select **I'm done** when you're complete.
+
+### Next steps - Migrate your data to Microsoft 365 Business Standard
+
+Follow the steps in the [Migrate data to my Microsoft 365 Business Standard subscription](migrate-data-business-standard.md) to move your OneDrive, Outlook and Teams data.
+
+### No data to migrate?
+
+Download and start using [Office apps for business](https://support.microsoft.com/office/install-office-apps-from-office-365-dcf2d841-dac7-455b-9a77-fc8f7ee92702).
+
+## Frequently asked questions
+
+### I didnΓÇÖt receive an upgrade email?
+
+Check your spam folder. If itΓÇÖs not there, contact your admin or business owner and ask them to send the email again.
+
+### I have a question about upgrading my account, who can I talk to?
+
+Contact our small business support experts who can help you upgrade your Microsoft 365 subscription. Learn more at [Get support](../../business-video/get-help-support.md).
+
+### What happens to my data and account when I upgrade?
+
+Your data will remain in your old account, nothing will be deleted. You will be still able to sign in to your old Gmail, Outlook, Yahoo, or other email account like you did before. You should now move your work files to your new work account. Learn how to do that here: [Migrate data to my Microsoft 365 Business Standard subscription](migrate-data-business-standard.md).
+
+### How can I copy data to my business account?
+
+<! For steps on copying your data from your old OneDrive account to your new OneDrive for business account, check out: [Migrate data to my Microsoft 365 Business Standard subscription](migrate-data-business-standard.md).-->
+- For moving emails or contacts, check out [Migrate email and contacts to Microsoft 365](../setup/migrate-email-and-contacts-admin.md).
+
+### Why does it say my admin now handles my data?
+
+When using an upgraded Microsoft 365 Business account, your documents, email and data that you create within Microsoft Office (and within other apps in Microsoft 365 Business Standard) will be owned by the technical administrator in your organization. For example, the person who sent you the invitation email or your business owner.
+
+### How do I get started with my new account?
+
+You should have received an email from your admin. Please follow the steps outlined. If you didn't receive an email, check your spam folder and if it's not there, contact your admin and ask them to send the email again.
+
+### Does the way I login to Windows change when I get a new business account?
+
+No it doesnΓÇÖt, you can still login the same way as before.
+
+### How can I send and receive emails with my new business email?
+
+When you launch Microsoft Outlook using your new business account, your new mailbox will be automatically set up for you.
+
+1. First follow: [Set up Outlook for business email](../../business-video/setup-outlook.md).
+2. Then follow: [Create and send email in Outlook](https://support.microsoft.com/office/create-and-send-email-in-outlook-19c32deb-08b6-4f90-a211-02bc5f77f360).
+
+### How can I leave this business (and stop using this license)?
+
+Contact your business owner or your admin. They can remove you as a user from this organization.
+
+<!--1. Open any of your Microsoft 365 apps, like Word, Excel or PowerPoint, select your profile icon and then **Sign in with a different account**. Follow the steps and choose **Next** to set up Outlook.
+
+2. Open Outlook, enter your new email address, and select **Connect**. Follow the steps and choose **Next** to set up OneDrive.
+
+3. Select the OneDrive cloud icon from your taskbar and follow the steps to move your files to your new OneDrive for Business folder. Select **Next** to set up Microsoft Teams.
+
+4. Open Teams, select your profile icon, and then **Add work or school account**. Follow the steps to add your new account to Teams. Select **I'm done** when Teams is set up.-->
admin User Invite Msa Nodomain Join https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/simplified-signup/user-invite-msa-nodomain-join.md
+
+ Title: "Accept an email invitation to a Microsoft 365 Business Standard subscription organization using an Outlook, Yahoo, Gmail or other account (User)"
+f1.keywords:
+- NOCSH
+++
+audience: Admin
++
+localization_priority: Normal
+
+- Adm_TOC
+
+- AdminSurgePortfolio
+description: "Accept an email invitation to join a Microsoft 365 Business Standard organization using an Outlook, Yahoo, Gmail or other account."
++
+# Accept an email invitation to a Microsoft 365 Business Standard subscription organization using an Outlook, Yahoo, Gmail or other account (User)
+
+When someone adds you to a Microsoft 365 for business organization, you'll get an email invitation with steps on how to join. In this scenario, you're joining an organization that doesn't have a different professional email for users. You'll sign in with your regular email account.
+
+> [!IMPORTANT]
+> If youΓÇÖre an admin and youΓÇÖre looking for steps on how to send a user an invite to your Microsoft 365 Business Standard subscription, check out [Invite users to Microsoft 365 Business Standard (Admin)](admin-invite-business-standard.md).
+
+## Join a Microsoft 365 Business Standard organization using an Outlook, Yahoo, Gmail or other account
+
+Your email looks like this to set up your user account. When you get this email, you'll have to complete a few steps before you can start using your new user account.
++
+1. From the invitation email, select **Accept**.
+
+2. On the **Join Microsoft 365 Business...** page, select **Next**.
+
+3. On the Sign up page, make sure you use the email used in the invitation email, and create a password. Select **Create account**.
+
+4. Choose **Accept** on the **Terms and Conditions** page.
+
+5. On the Review permissions page, choose **Accept**.
+
+6. On the Welcome to Microsoft 365 page, you can download Office desktop and mobile apps, and set up OneDrive.
+
+### Next steps
+
+Download and start using [Office apps for business](https://support.microsoft.com/office/install-office-apps-from-office-365-dcf2d841-dac7-455b-9a77-fc8f7ee92702).
+
+## Frequently asked questions
+
+### The webpage is asking me to agree that my business has access to my name, sign-in and other information ΓÇô what does that mean?
+
+In virtually all cases, any documents and chats you save into the Microsoft 365 cloud (OneDrive, Teams) using your Gmail, Outlook, Yahoo or other email account **won't be** accessible by your technical admin. You own your documents and chats.
+
+However, as part of setting up Microsoft 365 business, you are consenting that your technical admin will have access to a limited amount of account information, specifically, your account information, such as your name, profile picture, email address, and your sign-in details and activity.
+
+For further information about data privacy, refer to the [Terms of use](https://ssu.office.com/terms/en-US/smb_eula.txt).
+
+### How can I leave this business (and stop using this license)?
+
+There are a couple of options in this case:
+
+1. You can contact the business owner or admin of the other business and ask to be removed from that business.
+
+2. You can remove yourself by following the steps below:
+
+ 1. Go to https://myapps.microsoft.com/.
+ 2. Sign in to your account, and select your profile initials.
+ 3. Select **View account** > **Manage organizations** > **Leave organization**
+ 4. Select **Leave** > **OK**.
+
+### IΓÇÖm getting an error saying IΓÇÖm part of another business. What do I do?
+
+You will need to leave your previous Microsoft 365 Business subscription first. Either talk to your previous technical admin or business owner and ask them to remove you. You can also visit [https://myaccount.microsoft.com/](https://myaccount.microsoft.com/) and follow the steps below.
+
+1. Sign in to your account, and select your profile initials.
+2. Select **View account** > **Manage organizations** > **Leave organization**
+3. Select **Leave** > **OK**.
+
+### I have a question about using this account. Who can I talk to?
+
+Contact our small business support experts who can help you upgrade your Microsoft 365 subscription. Learn more at [Get support](../../business-video/get-help-support.md).
+
+### The Gmail, Outlook, Yahoo or other email account that IΓÇÖm using as a Microsoft Account already has some personal files in it. Can the technical administrator or business owner see these?
+
+**No**. Any documents or chats you saved in the Microsoft 365 cloud (OneDrive, Teams) under your old Gmail, Outlook, Yahoo or other email account **won't be** accessible by your administrator. You own your documents and chats.
+
+The only data that will be made accessible to your administrator is your account information, such as your name, profile picture, email address, and your sign-in details and activity.
+
+### Does the way I login to Windows change?
+
+No it doesnΓÇÖt, you can still log in the same way as before.
+
+### How can I send and receive emails with Microsoft 365 Business?
+
+You will still be using your Gmail, Outlook, Yahoo or other email account. You can continue to access your email in the browser as you did before. For the best experience, [connect these email accounts to Microsoft Outlook](https://support.microsoft.com/office/add-an-email-account-to-outlook-6e27792a-9267-4aa4-8bb6-c84ef146101b).
admin Whats New In Preview https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/whats-new-in-preview.md
search.appverid:
- MET150 - MOE150 - FRP150
-description: "The Microsoft 365 admin center - learn about the features that were added this month."
- MACDashWhatsNew - AdminSurgePortfolio - admindeeplinkMAC
+description: "The Microsoft 365 admin center - learn about the features that were added this month."
# What's new in the Microsoft 365 admin center
compliance Apply Sensitivity Label Automatically https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/apply-sensitivity-label-automatically.md
Finally, you can use simulation mode to provide an approximation of the time nee
6. For the page **Choose locations where you want to apply the label**: Select and specify locations for Exchange, SharePoint, and OneDrive. If you don't want to keep the default of **All** for your chosen locations, select the link to choose specific instances. Then select **Next**. ![Choose locations page auto-labelingwizard.](../media/locations-auto-labeling-wizard.png)-
- To specify individual OneDrive accounts: The URL for a user's OneDrive account is in the following format: `https://<tenant name>-my.sharepoint.com/personal/<user_name>_<tenant name>_com`
-
- For example, for a user in the contoso tenant that has a user name of "rsimone": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_onmicrosoft_com`
-
- To verify the syntax for your tenant and identify OneDrive URLs for users, see [Get a list of all user OneDrive URLs in your organization](/onedrive/list-onedrive-urls).
+
+ To specify individual OneDrive accounts, the URL for a user's OneDrive is usually in the following format. For the user principal name (UPN), any special characters such as a period, comma, space, and the at sign ("@") are converted to underscores ("_"): `https://<tenant name>-my.sharepoint.com/personal/<user principal name>`
+
+ For example, for a user in the Contoso tenant who has a UPN of "rsimone@contoso.onmicrosoft.com": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_onmicrosoft_com`. However, numbers or GUIDs can be appended when conflicts are detected.
+
+ It's always best to confirm a user's URL for their OneDrive account, which you can do with the Microsoft 365 admin center, or PowerShell. For more information, see [Get a list of all user OneDrive URLs in your organization](/onedrive/list-onedrive-urls).
7. For the **Set up common or advanced rules** page: Keep the default of **Common rules** to define rules that identify content to label across all your selected locations. If you need different rules per location, select **Advanced rules**. Then select **Next**.
compliance Archive Data From Celltrustsl2 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archive-data-from-celltrustsl2.md
CellTrust's SL2 platform captures communication data from multiple sources. SL2
- The user who creates the CellTrust SL2 data connector in Step 1 (and completes it in Step 3) must be assigned to the Mailbox Import Export role in Exchange Online. This role is required to add connectors on the **Data connectors** page in the Microsoft 365 compliance center. By default, this role is not assigned to a role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group in Exchange Online. Or you can create a role group, assign the Mailbox Import Export role, and then add the appropriate users as members. For more information, see the [Create role groups](/Exchange/permissions-exo/role-groups#create-role-groups) or [Modify role groups](/Exchange/permissions-exo/role-groups#modify-role-groups) sections in the article "Manage role groups in Exchange Online".
+- This data connector is available in GCC environments in the Microsoft 365 US Government cloud. Third-party applications and services might involve storing, transmitting, and processing your organization's customer data on third-party systems that are outside of the Microsoft 365 infrastructure and therefore are not covered by the Microsoft 365 compliance and data protection commitments. Microsoft makes no representation that use of this product to connect to third-party applications implies that those third-party applications are FEDRAMP compliant.
+ ## Step 1: Create a CellTrust SL2 connector The first step is to create a data connector in the Microsoft 365 compliance center.
compliance Archiving Third Party Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/archiving-third-party-data.md
Before you can archive third-party data in Microsoft 365, you have to work with
|[CellTrust SL2](archive-data-from-celltrustsl2.md) |![Check mark.](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|![Check mark](../media/checkmark.png)|| ||||||||
+The CellTrust SL2 data connector is also available in GCC environments in the Microsoft 365 US Government cloud. For more information, see the [Data connectors in the US Government cloud](#data-connectors-in-the-us-government-cloud) section in this article.
+ ## Overview of compliance solutions that support third-party data The following sections describe some of the things that the Microsoft 365 compliance solutions can help you to manage the third-party data listed in the previous table.
For more information about creating eDiscovery search queries, see [Keyword quer
## Data connectors in the US Government cloud
-As previously mentioned, data connectors provided by TeleMessage are available in the US Government cloud. The following table indicates the specific government environments that support each TeleMessage data connector. For more information about US Government clouds, see [Microsoft 365 US Government](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/microsoft-365-government-how-to-buy).
+Some data connectors are available in the US Government cloud. The following sections indicate the specific government environments that support third-party data connectors. For more information about US Government clouds, see [Microsoft 365 US Government](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/microsoft-365-government-how-to-buy).
+
+### Telemessage data connectors
-|TeleMessage data connector |GCC |GCC High |DoD |
+|Data connector |GCC |GCC High |DoD |
|:|:|:|:| |Android Archiver | Yes | No | No | |AT&T SMS/MMS Network Archiver | Yes | No | No |
As previously mentioned, data connectors provided by TeleMessage are available i
|WhatsApp Archiver | Yes | No | No | |||||
+### CellTrust data connectors
+
+|Data connector |GCC |GCC High |DoD |
+|:|:|:|:|
+|CellTrust SL2 | Yes | No | No |
+|||||
+ ## Working with a Microsoft partner to archive third-party data Another option for importing and archiving third-party data is for your organization to work with a Microsoft Partner. If a third-party data type isn't supported by the data connectors available in the Microsoft compliance center, you can work with a partner who can provide a custom connector that will be configured to extract items from the third-party data source on a regular basis and then connect to the Microsoft cloud by a third-party API and import those items to Microsoft 365. The partner connector also converts the content of an item from the third-party data source to an email message and then imports it to a mailbox in Microsoft 365.
compliance Create Retention Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-retention-policies.md
When you have more than one retention policy, and when you also use retention la
1. From the [Microsoft 365 compliance center](https://compliance.microsoft.com/), select **Policies** > **Retention**.
-2. Select **New retention policy** to start the Create retention policy wizard, and name your new retention policy.
+2. Select **New retention policy** to start the Create retention policy configuration, and name your new retention policy.
3. For the **Choose locations to apply the policy** page, select any or all of the locations for Teams: - **Teams channel message**: Messages from standard channel chats and standard channel meetings, but not from [private channels](/microsoftteams/private-channels) that have their own policy location.
When you have more than one retention policy, and when you also use retention la
- For group chat messages and private channel messages, because a copy of messages are saved in each user's mailbox who are included in the chat, copies of messages will continue to be returned in eDiscovery results from users who weren't assigned the policy. - For users who weren't assigned the policy, deleted messages will be returned in their Teams search results but won't display the contents of the message as a result of the permanent deletion from the policy assigned to users.
-4. For **Decide if you want to retain content, delete it, or both** page of the wizard, specify the configuration options for retaining and deleting content.
+4. For **Decide if you want to retain content, delete it, or both** page, specify the configuration options for retaining and deleting content.
You can create a retention policy that just retains content without deleting, retains and then deletes after a specified period of time, or just deletes content after a specified period of time. For more information, see [Settings for retaining and deleting content](#settings-for-retaining-and-deleting-content) on this page.
-5. Complete the wizard to save your settings.
+5. Complete the configuration to save your settings.
For guidance when to use retention policies for Teams and understand the end user experience, see [Manage retention policies for Microsoft Teams](/microsoftteams/retention-policies) from the Teams documentation.
It's possible that a retention policy that's applied to Microsoft 365 groups, Sh
- If you leave the default at **All**, Azure B2B guest users are not included. - If you select **Edit** for the **Included** column, you can apply a retention policy to external users if you know their account.
-4. For **Decide if you want to retain content, delete it, or both** page of the wizard, specify the configuration options for retaining and deleting content.
+4. For **Decide if you want to retain content, delete it, or both** page, specify the configuration options for retaining and deleting content.
You can create a retention policy that just retains content without deleting, retains and then deletes after a specified period of time, or just deletes content after a specified period of time. For more information, see [Settings for retaining and deleting content](#settings-for-retaining-and-deleting-content) on this page.
-5. Complete the wizard to save your settings.
+5. Complete the configuration to save your settings.
For more information about how retention policies work for Yammer, see [Learn about retention for Yammer](retention-policies-yammer.md).
Use the following instructions for retention policies that apply to any of these
1. From the [Microsoft 365 compliance center](https://compliance.microsoft.com/), select **Policies** > **Retention**.
-2. Select **New retention policy** to start the Create retention policy wizard, and name your new retention policy.
+2. Select **New retention policy** to start the Create retention policy configuration, and name your new retention policy.
3. For the **Choose locations to apply the policy** page, toggle on or off any of the locations except the locations for Teams. For each location, you can leave it at the default to [apply the policy to the entire location](#a-policy-that-applies-to-entire-locations), or [specify includes and excludes](#a-policy-with-specific-inclusions-or-exclusions).
Use the following instructions for retention policies that apply to any of these
- [Microsoft 365 Groups](#configuration-information-for-microsoft-365-groups) - [Skype for Business](#configuration-information-for-skype-for-business)
-4. For **Decide if you want to retain content, delete it, or both** page of the wizard, specify the configuration options for retaining and deleting content.
+4. For **Decide if you want to retain content, delete it, or both** page, specify the configuration options for retaining and deleting content.
You can create a retention policy that just retains content without deleting, retains and then deletes after a specified period of time, or just deletes content after a specified period of time. For more information, see [Settings for retaining and deleting content](#settings-for-retaining-and-deleting-content) on this page.
-5. Complete the wizard to save your settings.
+5. Complete the configuration to save your settings.
#### Configuration information for Exchange email and Exchange public folders
The **Exchange public folders** location applies retention settings to all publi
When you choose the **SharePoint sites** location, the retention policy can retain and delete documents in SharePoint communication sites, team sites that aren't connected by Microsoft 365 groups, and classic sites. Team sites connected by Microsoft 365 groups aren't supported with this option and instead, use the **Microsoft 365 Groups** location that applies to content in the group's mailbox, site, and files.
-Although the retention policy is applied at the site level, only documents have retention settings applied to them. For detailed information about what's included and excluded when you configure retention settings for SharePoint and OneDrive, see [What's included for retention and deletion](retention-policies-sharepoint.md#whats-included-for-retention-and-deletion).
+Although the retention policy is applied at the site level, only documents have retention settings applied to them. For detailed information about what's included and excluded when you configure retention settings for SharePoint and OneDrive, see [What's included for retention and deletion](retention-policies-sharepoint.md#whats-included-for-retention-and-deletion).
-When you specify your locations for SharePoint sites or OneDrive accounts, you don't need permissions to access the sites and no validation is done at the time you specify the URL on the **Edit locations** page. However, the SharePoint sites that you specify are checked that they exist at the end of the wizard. If this check fails, you see a message that validation failed for the URL you entered, and the wizard won't create the retention policy until the validation check passes. If you see this message, go back in the wizard to change the URL or remove the site from the retention policy.
+When you specify your locations for SharePoint sites or OneDrive accounts, you don't need permissions to access the sites and no validation is done at the time you specify the URL on the **Edit locations** page. However, the SharePoint sites that you specify are checked that they exist at the end of the configuration. If this check fails, you see a message that validation failed for the URL you entered, and the configuration process won't create the retention policy until the validation check passes. If you see this message, go back in the configuration to change the URL or remove the site from the retention policy.
-To specify individual OneDrive accounts to include or exclude, the URL has the following format: `https://<tenant name>-my.sharepoint.com/personal/<user_name>_<tenant name>_com`
+To specify individual OneDrive accounts to include or exclude, the URL for a user's OneDrive is usually in the following format. For the user principal name (UPN), any special characters such as a period, comma, space, and the at sign ("@") are converted to underscores ("_"): `https://<tenant name>-my.sharepoint.com/personal/<user principal name>`
-For example, for a user in the contoso tenant that has a user name of "rsimone": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_onmicrosoft_com`
+For example, for a user in the Contoso tenant who has a UPN of "rsimone@contoso.onmicrosoft.com": `https://contoso-my.sharepoint.com/personal/rsimone_contoso_onmicrosoft_com`. However, numbers or GUIDs can be appended when conflicts are detected.
-To verify the syntax for your tenant and identify URLs for users, see [Get a list of all user OneDrive URLs in your organization](/onedrive/list-onedrive-urls).
+It's always best to confirm a user's URL for their OneDrive account, which you can do with the Microsoft 365 admin center, or PowerShell. For more information, see [Get a list of all user OneDrive URLs in your organization](/onedrive/list-onedrive-urls).
### Configuration information for Microsoft 365 Groups
compliance Dlp Policy Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md
Data loss prevention (DLP) policies have many components that can be configured. In order to create an effective policy, you need to understand what the purpose of each component is and how its configuration alters the behavior of the policy. This article provides a detailed anatomy of a DLP policy.
-### Policy templates
+## Policy templates
DLP policy templates are pre-sorted into four categories:
Current as of 6/23/2021
-### Locations
+## Locations
<!--This section covers a mapping of data-at-rest, data-in-use, and data-in-motion to the locations/workloads. It introduces the idea that the options that are selected here have a direct impact on the UI that they will encounter further along in the policy creation/edit flow. It will also cover the dependencies between locations (eg. Teams chat and channel requires SharePoint and ODB). It will also include the impact of the different scope settings. eg. If you want the policy to be applied to DEF, but not HIJ, you should configure your include/exclude scopes like this......-->
If you choose to include or exclude specific SharePoint sites or OneDrive accoun
If you choose to include or exclude specific OneDrive accounts or groups, a DLP policy can contain no more than 100 user accounts or 50 groups as inclusion or exclusion.
-#### Location support for how content can be defined
+### Location support for how content can be defined
DLP policies detect sensitive items by matching them to a sensitive information type (SIT), to a sensitivity label, or a retention label. Each location supports different methods of defining sensitive content. Additionally, when you combine locations in a policy, how the content can be defined can change from how it can be defined by a single location.
DLP policies detect sensitive items by matching them to a sensitive information
-### Rules
+## Rules
<!--This section introduces the classifications of content that, when detected, can be protected. Link out to [Learn about sensitive information types]() and [Sensitive information type entity definitions](sensitive-information-type-entity-definitions.md#sensitive-information-type-entity-definitions) as well as labels (cross referenced by supporting workload). It will touch on the purpose of multiple conditions, confidence levels (link out to [more on confidence levels](sensitive-information-type-learn-about.md#more-on-confidence-levels)) and confidence levels video. How to use the confidence level to change the behavior of a policy in conjunction with the instance count. eg. if you want your policy to trigger when it encounters situation DEF, set your conditions like HIJ.--> <!--
Rules are the business logic of DLP policies. They consist of:
A policy contains one or more rules. Rules are executed sequentially, starting with the highest-priority rule in each policy.
-#### The priority by which rules are processed
+### The priority by which rules are processed
Each rule is assigned a priority in the order in which it's created ΓÇö meaning, the rule created first has first priority, the rule created second has second priority, and so on.
For example, you might have a DLP policy that helps you detect the presence of i
![Diagram shows that DLP policy contains locations and rules](../media/c006860c-2d00-42cb-aaa4-5b5638d139f7.png)
-#### Conditions
+### Conditions
Conditions are inclusive and are where you define what you want the rule to look for and context in which those items are being used. They tell the rule &#8212; when you find an item that looks like *this* and is being used like *that* &#8212; it's a match and the rest of the actions in the policy should be taken on it. You can use conditions to assign different actions to different risk levels. For example, sensitive content shared internally might be lower risk and require fewer actions than sensitive content shared with people outside the organization. > [!NOTE] > Users who have non-guest accounts in a host organization's Active Directory or Azure Active Directory tenant are considered as people inside the organization.
-##### Content contains
+#### Content contains
All locations support the **Content contains** contains condition. You can select multiple instances of each content type and further refine the conditions by using the **Any of these** (logical OR) or **All of these** (logical AND) operators:
SITs have a pre-defined [**confidence level**](https://www.microsoft.com/videopl
The rule will only look for the presence of any **sensitivity labels** and **retention labels** you pick.
-##### Condition context
+#### Condition context
The available context options change depending on which location you choose. If you select multiple locations, only the conditions that the locations have in common are available.
-###### Conditions Exchange supports:
+##### Conditions Exchange supports:
- Content contains - Content is shared from Microsoft 365
The available context options change depending on which location you choose. If
- Message type is - Message importance is
-###### Conditions SharePoint supports
+##### Conditions SharePoint supports
- Content contains - Content is shared from Microsoft 365 - File extension is - Document property is
-###### Conditions OneDrive accounts supports
+##### Conditions OneDrive accounts supports
- Content contains - Content is shared from Microsoft 365 - File extension is - Document property is
-###### Conditions Teams chat and channel messages support
+##### Conditions Teams chat and channel messages support
- Content contains - Content is shared from Microsoft 365
-###### Conditions Devices supports
+##### Conditions Devices supports
- content contains - See, [Endpoint activities you can monitor and take action on](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on)
-###### Conditions Microsoft Cloud App Security support
+##### Conditions Microsoft Cloud App Security support
- Content contains - Content is shared from Microsoft 365
-###### On-premises repositories
+##### On-premises repositories
- Content contains - File extension is - Document property is
-##### Condition groups
+#### Condition groups
Sometimes you need a rule to only identify one thing, like all content that contains a U.S. Social Security Number, which is defined by a single SIT. But in many scenarios, where the types of items you are trying to identify are more complex and therefore harder to define, more flexibility in defining conditions is required.
For the **U.S. Health Insurance Act (HIPPA)**, conditions are grouped like this:
The first group contains the SITs that identify and individual and the second group contains the SITs that identify medical diagnosis.
-#### Exceptions
+### Exceptions
In rules, exceptions define conditions that are used to exclude an item from the policy. Logically, exclusive conditions that are evaluated after the inclusive conditions and context. They tell the rule &#8212; when you find an item that looks like *this* and is being used like *that* its a match and the rest of the actions in the policy should be taken on it ***except if***... &#8212;
the exception would be:
- **Except if** content contains
-#### Actions
+### Actions
Any item that makes it through the inclusive ***conditions*** and exclusive ***exceptions*** filters will have any ***actions*** that are defined in the rule applied to it. You'll have to configure the required options to support the action. For example, if you select Exchange with the **Restrict access or encrypt the content in Microsoft 365 locations** action you need to choose from these options:
The actions that are available in a rule are dependent on the locations that hav
> [!IMPORTANT] > For SharePoint Online and OneDrive for Business locations documents will be proactively blocked right after detection of sensitive information, irrespective of whether the document is shared or not, for all external users, while internal users will continue to have access to the document.
-##### Exchange location actions:
+#### Exchange location actions:
- Restrict access or encrypt the content in Microsoft 365 locations - Set headers
The actions that are available in a rule are dependent on the locations that hav
- Prepend Email Subject - Add HTML Disclaimer
-##### SharePoint sites location actions:
+#### SharePoint sites location actions:
- Restrict access or encrypt the content in Microsoft 365 locations
-##### OneDrive account locations:
+#### OneDrive account locations:
- Restrict access or encrypt the content in Microsoft 365 locations
-##### Teams Chat and Channel Messages
+#### Teams Chat and Channel Messages
- Restrict access or encrypt the content in Microsoft 365 locations
-##### Devices:
+#### Devices:
- Audit or restrict activities on Windows devices
The actions that are available in a rule are dependent on the locations that hav
The devices location provide a number of sub-activities (conditions) and actions. To learn more, see [Endpoint activities you can monitor and take action on](endpoint-dlp-learn-about.md#endpoint-activities-you-can-monitor-and-take-action-on).
-##### Microsoft Cloud App Security:
+#### Microsoft Cloud App Security:
- Restrict access or encrypt the content in Microsoft 365 locations - Restrict Third Party Apps
-##### On-premises repositories:
+#### On-premises repositories:
- Restrict access or remove on-premises files
-##### Actions available when you combine locations
+#### Actions available when you combine locations
If you select Exchange and any other single location for the policy to be applied to, the
Whether actions take effect or not depends on how you configure the mode of the
<!-- This section needs to explain that the actions available depend on the locations selected AND that the observed behavior of a policy is produced through an interaction of the configured actions AND the configured status (off, test, apply) of a policy. It will detail the purpose of each of the available actions and the location/desired outcome interaction and provide examples eg. how to use the Restrict Third Party apps in the context of a policy that is applied to endpoints so that users can't use a upload content to a third party site or the interaction of on-premises scanner with restrict access or remove on-premises files. Also what happens when I select multiple locations? provide abundant examples for most common scenarios-->
-#### User notifications and policy tips
+### User notifications and policy tips
<!--This section introduces the business need for user notifications, what they are, their benefit, how to use them, how to customize them, and links out to
Here's what a policy tip looks like in a OneDrive for Business account.
> The default behavior of a DLP policy, when there is no alert configured, is not to alert or trigger. This applies only to default information types. For custom information types, the system will alert even if there is no action defined in the policy. -->
-#### User overrides
+### User overrides
The intent of **User overrides** is to give users a way to bypass, with justification, DLP policy blocking actions on sensitive items in Exchange, SharePoint, OneDrive or Teams so that they can continue their work. User overrides are enabled only when **Notify users in Office 365 services with a policy tip** is enabled, so user overrides go hand-in-hand with Notifications and Policy tips.
To learn more about user overrides, see:
- [View the justification submitted by a user for an override](view-the-dlp-reports.md#view-the-justification-submitted-by-a-user-for-an-override)
-#### Incident reports
+### Incident reports
<!--DLP interacts with other M365 information protection services, like IR. Link this to a process outline for triaging/managing/resolving DLP incidents
You can choose between having an alert sent every time an activity matches a rul
DLP scans email differently from items in SharePoint Online or OneDrive for Business. In SharePoint Online and OneDrive for Business, DLP scans existing items as well as new ones and generates an incident report whenever a match is found. In Exchange Online, DLP only scans new email messages and generates a report if there is a policy match. DLP ***does not*** scan or match previously existing email items that are stored in a mailbox or archive.
-#### Additional options
+### Additional options
If you have multiple rules in a policy, you can use the **Additional options** to control further rule processing if there is a match to the rule you are editing as well as setting the priority for evaluation of the rule.
compliance Document Metadata Fields In Advanced Ediscovery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/document-metadata-fields-in-Advanced-eDiscovery.md
The following table lists the metadata fields for documents in a review set in a
|Compliance labels|ComplianceLabels|Compliance_labels|[Retention labels](retention.md) applied to content in Office 365.| |Compound Path|CompoundPath|Compound_path|Human readable path that describes the source of the item.| |Content*|Content||Extracted text of the item.|
-|Conversation Body|Conversation Body||Conversation body of the item.|
+|Conversation Body|ConversationBody||Conversation body of the item.|
|Conversation ID|ConversationId|Conversation_ID|Conversation Id from the message. For Teams 1:1 and group chats, all transcript files and their family items within the same conversation share the same Conversation ID. For more information, see [Advanced eDiscovery workflow for content in Microsoft Teams](teams-workflow-in-advanced-ediscovery.md).| |Conversation Index||Conversation_index|Conversation index from the message.| |Conversation Name||ConversationName|Name of the channel in Teams. The format of the name depends on the type of channel: <br>Teams channel chats and private channel chats: \<Name of team, name of channel\> <br>Teams 1:1 and group chats: Display name and email address of all chat participants<br>Yammer community: Community name + first 120 chars of a post<br>Yammer private: Sender name and email address + first 120 chars of a message| |Conversation Pdf Time|ConversationPdfTime||Date when the PDF version of the conversation was created.| |Conversation Redaction Burn Time|ConversationRedactionBurnTime||Date when the PDF version of the conversation was created for Chat.|
-|Conversation Topic|Conversation Topic||Conversation topic of the item.|
+|Conversation Topic|ConversationTopic||Conversation topic of the item.|
|Conversation Type|ConversationType|ConversationType|The type of chat conversation. Values are: <br> Teams 1:1 and group chats and all Yammer conversations: **Group** for<br>Teams channels and private channels: **Channel**| |Contains Edited Message|ContainsEditedMessage|ContainsEditedMessage|Indicates if the Teams chat transcript includes an edited message |||Converted_file_path|The path of the converted export file. For internal Microsoft use only.|
The following table lists the metadata fields for documents in a review set in a
|File system date created||File_system_date_created|Created date from file system (only applies to non-Office 365 data).| |File system date modified||File_system_date_modified|Modified date from file system (only applies to non-Office 365 data).| |File Type|FileType||File type of the item based on file extension.|
-|Group Id|Group Id|Group_ID|Groups together all items for email and documents. For email, this includes the message and all attachments and extracted items. For documents, this includes the document and any embedded items.|
+|Group Id|GroupId|Group_ID|Groups together all items for email and documents. For email, this includes the message and all attachments and extracted items. For documents, this includes the document and any embedded items.|
|Has attachment|EmailHasAttachment|Email_has_attachment|Indicates whether or not the message has attachments.| |Has attorney|HasAttorney||**True** when at least one of the participants is found in the attorney list; otherwise, the value is **False**.| |HasText*||Has_text|Indicates whether or not the item has text; possible values are **True** and **False**.|
compliance Turn Audit Log Search On Or Off https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/turn-audit-log-search-on-or-off.md
You have to use Exchange Online PowerShell to turn off auditing.
- Go to the **Audit** page in the Microsoft 365 compliance center. If auditing is not turned on for your organization, a banner is displayed prompting you start recording user and admin activity.+
+## Audit records when auditing status is changed
+
+Changes to the auditing status in your organization are themselves audited. This means that audit records are logged when auditing is turned on or turned off. You can search the Exchange admin audit log for these audit records.
+
+To search the Exchange admin audit log for audit records that are generated when turning auditing on or off, run the following command in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell):
+
+```powershell
+Search-AdminAuditLog -Cmdlets Set-AdminAuditLogConfig -Parameters UnifiedAuditLogIngestionEnabled
+```
+
+Audit records for these events contain information about when the auditing status was changed, the admin who changed it, and the IP address of the computer that was used to make the change. The following screenshots show audit records that correspond to changing the auditing status in your organization.
+
+### Audit record for turning on auditing
+
+![Audit record for turning on auditing](../media/AuditStatusAuditingEnabled.png)
+
+The value of `Confirm` in the *CmdletParameters* property indicates that unified audit logging was turned on in the compliance center or by running the **Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true** cmdlet.
+
+### Audit record for turning off auditing
+
+![Audit record for turning off auditing](../media/AuditStatusAuditingDisabled.png)
+
+The value of `Confirm` is not included in the *CmdletParameters* property. This indicates that unified audit logging was turned off by running the **Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $false** command.
+
+For more information about searching the Exchange admin audit log, see [Search-AdminAuditLog](/powershell/module/exchange/search-adminauditlog).
compliance Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
Whether it be adding new solutions to the [Microsoft 365 compliance center](micr
> > And visit the [Microsoft 365 Roadmap](https://www.microsoft.com/microsoft-365/roadmap) to learn about Microsoft 365 features that were launched, are rolling out, are in development, have been cancelled, or previously released.
+## August 2021
+
+### App governance
+- [Expanded entries for alert insights](app-governance-anomaly-detection-alerts.md#collection-alerts). New entries were added to describe additional alert insights now available in app governance.
+
+### Communication compliance
+- [Communication compliance feature reference](communication-compliance-feature-reference.md) added new preview feature support for modern attachments scanning in Teams private chats and channels.
+
+### Data Loss Prevention
+
+- [Data loss prevention policy reference](dlp-policy-reference.md). Added a new policy reference page to assist you in creating policies.
+
+### Insider risk management
+- [Learn about and configure insider risk management browser signal detection](insider-risk-management-browser-support.md). Preview feature for configuring browser signal detection for Edge and Chrome browsers.
+
+### Retention and records management
+- [Flowchart to determine when an item will be retained or permanently deleted](retention-flowchart.md) to supplement the concepts and examples for the principles of retention.
+
+### Sensitivity labels
+- [Enhancements to auto-labeling policies](apply-sensitivity-label-automatically.md#recent-enhancements-for-auto-labeling-policies) that include higher supported numbers for sites and policies, support for all OneDrive and SharePoint sites and the ability to select available SharePoint sites instead of having to enter each site by URL, and simulation improvements.
+- Auto-labeling in Office apps as a sensitivity label setting now [supports Exact Data Match (EDM)](apply-sensitivity-label-automatically.md#custom-sensitive-information-types-with-exact-data-match).
+- Default labels are now extended to [Power BI (in preview)](/power-bi/admin/service-security-sensitivity-label-default-label-policy).
+- Auditing events for Outlook on the web that [surface in activity explorer](data-classification-activity-explorer-available-events.md) are now fully rolled out, which means that user activity for built-in labels is now available for all Office apps across all platform.
+- The [supported capabilities tables](sensitivity-labels-office-apps.md#support-for-sensitivity-label-capabilities-in-apps) have a new footnote for Windows to clarify that the minimum versions are for the Current Channel, and a tip to more easily compare older versions that omit leading zeros against newer versions.
+ ## July 2021 ### Advanced eDiscovery
Content was added or updated in the following topics:
- **DoD support**. Support for US government tenants with DoD environments. - **Encrypt-Only for Outlook**. Encryption options for Outlook now include Encrypt-Only when you select [Let users assign permissions](encryption-sensitivity-labels.md#let-users-assign-permissions). - **Enforcing built-in labels in Office apps**. Updated [guidance](sensitivity-labels-office-apps.md#office-built-in-labeling-client-and-the-azure-information-protection-client) how to enforce built-in labels in Office apps when you have the Azure Information Protection unified labeling client installed.-
-## February 2021
-
-Here are a few of the changes to Microsoft 365 compliance solutions and content for the month of February.
-
-### Auditing
--- **Manage audit log retention policies**. Learn more about the new [Audit retention policies dashboard](/microsoft-365/compliance/audit-log-retention-policies#manage-audit-log-retention-policies-1).-- **Search the audit log**. [Use PowerShell script to search the audit log](/microsoft-365/compliance/audit-log-search-script).-
-### Data Classification Content Explorer
-
-Content was added or updated in the following topics:
--- [Get started with content explorer](/microsoft-365/compliance/data-classification-content-explorer)-
-### Data loss prevention
-
-Content was added or updated in the following topics:
--- [Learn about Endpoint DLP](/microsoft-365/compliance/endpoint-dlp-learn-about)-- [Send email notifications and show policy tips for DLP policies](/microsoft-365/compliance/use-notifications-and-policy-tips)-- [Learn about the Microsoft 365 data loss prevention on-premises scanner](/microsoft-365/compliance/dlp-on-premises-scanner-learn)-- [Get started with the data loss prevention on-premises scanner](/microsoft-365/compliance/dlp-on-premises-scanner-get-started)-- [Create a DLP policy to protect documents with FCI or other properties](/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties)-- [Using Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-using)-- [Get started with Endpoint data loss prevention](/microsoft-365/compliance/endpoint-dlp-getting-started)-
-### eDiscovery
-
-Content was added or updated in the following topics:
--- [Decryption in Microsoft 365 eDiscovery tools](/microsoft-365/compliance/ediscovery-decryption)-- [Keyword queries and search conditions](/microsoft-365/compliance/keyword-queries-and-search-conditions#limitations-for-searching-sensitive-data-types)-- [Retirement of the Relevance module in Advanced eDiscovery](/microsoft-365/compliance/relevance-module-retirement)-- [Use a script to add users to a hold in a Core eDiscovery case](/microsoft-365/compliance/use-a-script-to-add-users-to-a-hold-in-ediscovery)-
-### Encryption
-
-Content was added or updated in the following topics:
-
-#### Azure Rights Management Service (RMS)
--- [Customer-managed encryption features](/microsoft-365/compliance/office-365-customer-managed-encryption-features)-- [Exchange Online mail encryption with AD RMS](/microsoft-365/compliance/information-rights-management-in-exchange-online). Support for this service has been deprecated. You can no longer use AD RMS in an Exchange hybrid environment. Instead, migrate to Azure RMS.-
-#### Customer Key
--- [Customer Key for Microsoft 365 at the tenant level](/microsoft-365/compliance/customer-key-tenant-level)-- [Overview of security and compliance](/microsoftteams/security-compliance-overview)-
-#### Information Rights Management (IRM)
--- [Apply Information Rights Management (IRM) to a list or library](/microsoft-365/compliance/configure-irm-to-use-an-on-premises-ad-rms-server). These national clouds do not support this setting:
- - Microsoft Cloud for US Government
- - Microsoft Cloud Germany
- - Azure and Microsoft 365 operated by 21Vianet in China)
-- [Configure IRM to use an on-premises AD RMS server](/microsoft-365/compliance/configure-irm-to-use-an-on-premises-ad-rms-server). Support for this service in an Exchange hybrid environment has been deprecated.-
-### Sensitive Information Types
-
-Content was added or updated in the following topics:
--- [Learn about sensitive information types](/microsoft-365/compliance/sensitive-information-type-learn-about)-- [Create a custom sensitive information type using PowerShell](/microsoft-365/compliance/create-a-custom-sensitive-information-type-in-scc-powershell)-- [Create a custom sensitive information types with Exact Data Match based classification](/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification)-- [Sensitive information type entity definitions](/microsoft-365/compliance/sensitive-information-type-entity-definitions)-
-### Sensitivity labels
-
-Content was added or updated in the following topics:
--- **SharePoint external sharing**. For [container labels](sensitivity-labels-teams-groups-sites.md) the option for external sharing from SharePoint sites is now released as generally available. Additionally, the Microsoft 365 admin center and Planner now support applying these sensitivity labels. -- **Co-authoring and AutoSave**. Support for [co-authoring and AutoSave](sensitivity-labels-coauthoring.md) for encrypted files is released as preview for testing in non-production tenants.
enterprise Microsoft 365 Networking China https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-networking-china.md
Many enterprises with global Microsoft 365 tenants and users in China have imple
As a first step, it is crucial that you follow our benchmark network guidance at [Network planning and performance tuning for Microsoft 365](./network-planning-and-performance.md). The primary goal should be to avoid accessing global Microsoft 365 services from the Internet in China if possible. -- Leverage your existing private network to carry Microsoft 365 network traffic between China office networks and offshore locations that egress on the public Internet outside China. Almost any location outside China will provide a clear benefit. Network administrators can further optimize by egressing in areas with low-latency interconnect with the [Microsoft global network](/azure/networking/microsoft-global-network). Hong Kong, Japan, and South Korea are examples.
+- Leverage your existing private network to carry Microsoft 365 network traffic between China office networks and offshore locations that egress on the public Internet outside China. Almost any location outside China will provide a clear benefit. Network administrators can further optimize by egressing in areas with low-latency interconnect with the [Microsoft global network](/azure/networking/microsoft-global-network). Hong Kong, Singapore, Japan, and South Korea are examples.
- Configure user devices to access the corporate network over a VPN connection to allow Microsoft 365 traffic to transit the corporate network's private offshore link. Ensure that VPN clients are either not configured to use split tunneling, or that user devices are configured to ignore split tunneling for Microsoft 365 traffic. For additional information on optimizing VPN connectivity for Teams and real-time media traffic, see [this section](#optimizing-microsoft-teams-meetings-network-performance-for-users-in-china). - Configure your network to route all Microsoft 365 traffic across your private offshore link. If you must minimize the volume of traffic on your private link, you can choose to only route endpoints in the **Optimize** category, and allow requests to **Allow** and **Default** endpoints to transit the Internet. This will improve performance and minimize bandwidth consumption by limiting optimized traffic to critical services that are most sensitive to high latency and packet loss. - If possible, use UDP instead of TCP for live media streaming traffic, such as for Teams. UDP offers better live media streaming performance than TCP.
security Configure Extension File Exclusions Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus.md
The following table describes how the wildcards can be used and provides some ex
The following table lists and describes the system account environment variables.
-<br>
|This system environment variable...|Redirects to this| |||
The following table lists and describes the system account environment variables
|`%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp`|`C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp`| |`%ALLUSERSPROFILE%\Microsoft\Windows\Templates`|`C:\ProgramData\Microsoft\Windows\Templates`| |`%ALLUSERSPROFILE%\Start Menu`|`C:\ProgramData\Start Menu`|
-|`%ALLUSERSPROFILE%\Start Menu\Programs`|C:\ProgramData\Start Menu\Programs|
+|`%ALLUSERSPROFILE%\Start Menu\Programs`| `C:\ProgramData\Start Menu\Programs`|
|`%ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools`|`C:\ProgramData\Start Menu\Programs\Administrative Tools`| |`%ALLUSERSPROFILE%\Templates`|`C:\ProgramData\Templates`| |`%LOCALAPPDATA%\Microsoft\Windows\ConnectedSearch\Templates`|`C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates`|