Updates from: 09/04/2021 03:14:07
Category Microsoft Docs article Related commit history on GitHub Change details
admin Activity Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/activity-reports.md
Global administrators can revert this change for their tenant and show identifia
2. Select **Reports**.
-3. Under **Choose how to show user information**, select the options you want, and then save your changes.
+3. Uncheck the statement **In all reports, display de-identified names for users, groups, and sites**, and then save your changes.
-It'll take a few minutes for these changes to take effect on the reports in the reports dashboard. This setting also applies to the reports API. Showing identifiable user information is a logged event in the Microsoft 365 compliance center audit log.
+It'll take a few minutes for these changes to take effect on the reports in the reports dashboard. This setting also applies to the Microsoft 365 usage reports in [Microsoft Graph](/graph/api/resources/report?view=graph-rest-1.0) and [Power BI](/microsoft-365/admin/usage-analytics/usage-analytics?view=o365-worldwide) and [the usage reports in Microsoft Teams Admin center](/microsoftteams/teams-analytics-and-reports/teams-reporting-reference). Showing identifiable user information is a logged event in the Microsoft 365 compliance center audit log.
## What happens to usage data when a user account is closed?
admin Browser Usage Report https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/browser-usage-report.md
description: "Learn how to get a Microsoft browser usage report using the Micros
The Microsoft 365 **Reports** dashboard shows you an activity overview across the products in your organization. It enables you to drill into individual product level reports to give you more granular insight about the activities within each product. Check out [the Reports overview topic](activity-reports.md). In the Microsoft browser usage report, you can gain insights on Internet Explorer, Microsoft Edge Legacy, and new Microsoft Edge usage. Usage reporting is based on Microsoft 365 online services accessed by using a Microsoft browser.
- > [!NOTE]
- > You must be a global administrator, global reader or reports reader in Microsoft 365 or an Exchange, SharePoint, or Skype for Business administrator to see reports.
+> [!NOTE]
+> You must be a global administrator, global reader or reports reader in Microsoft 365 or an Exchange, SharePoint, or Skype for Business administrator to see reports.
## How to get to the Microsoft browser usage report
-1. In the admin center, go to the **Reports** \> <a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a> page.
+1. In the admin center, go to the **Reports** \> <b><a href="https://go.microsoft.com/fwlink/p/?linkid=2074756" target="_blank">Usage</a></b> page.
+ 2. From the dashboard homepage, click on the **View more** button on the Microsoft browser usage card. ## How to notify users to upgrade their browser
-![Microsoft browser usage report action flow](../../media/1ef4eb08-18b8-4dda-aa15-1aad013ecd70.png)
Global admins can opt-in to sending messages to users, who are using Microsoft 365 services on Edge Legacy (unsupported) and Internet Explorer (soon to be unsupported). This targeted message notifies users that support for these browsers will send soon and links to a support article with information on Microsoft Edge and simple steps to follow to switch browsers.
You can find this feature on the report page. Once the message is created, users
## Interpret the Microsoft browser usage report
-![Microsoft browser usage report.](../../media/95557c88-24ee-417d-a828-96ba00b17aaf.png)
|Item|Description|
- |:--|:--|
- |1. <br/> |The **Microsoft browser usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. <br/> |
- |2. <br/> |The data in each report usually covers up to the last seven days. <br/> |
- |3. <br/> |The **Daily active users** chart shows you the daily user count for Microsoft Edge, Microsoft Edge Legacy and Internet Explorer when used to access to Microsoft 365 services. <br/> |
- |4.<br/>|The **Active Users** chart shows you the total number of users using Microsoft Edge, Microsoft Edge Legacy and Internet Explorer when used to access to Microsoft 365 services over the selected time period.<br/>|
- |5.<br/>|The table shows you a breakdown of data at the per-user level. You can add or remove columns from the table. <br/><br/>**Username** is the email address of the user who connected to Microsoft 365 services using Microsoft browsers.<br><br/>**Used Microsoft Edge** shows a tick mark if the user used Microsoft Edge to connect to Microsoft 365 services.<br/><br/>**Used Microsoft Edge Legacy** shows a tick mark if the user used Microsoft Edge Legacy to connect to Microsoft 365 services.<br/><br/>**Used Internet Explorer** shows a tick mark if the user used Internet Explorer to connect to Microsoft 365 services. |
- |6.<br/>|Select the **Choose columns** icon to add or remove columns from the report.|
- |7.<br/>|You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data for all users and enables you to do simple aggregation, sorting, and filtering for further analysis. If you have less than 100 users, you can sort and filter within the table in the report itself. If you have more than 100 users, in order to filter and sort, you will need to export the data.|
+|:--|:--|
+|1. |The **Microsoft browser usage** report can be viewed for trends over the last 7 days, 30 days, 90 days, or 180 days. |
+|2. |The data in each report usually covers up to the last seven days. |
+|3. |The **Daily active users** chart shows you the daily user count for Microsoft Edge, Microsoft Edge Legacy and Internet Explorer when used to access to Microsoft 365 services. |
+|4. |The **Active Users** chart shows you the total number of users using Microsoft Edge, Microsoft Edge Legacy and Internet Explorer when used to access to Microsoft 365 services over the selected time period. |
+|5. |The table shows you a breakdown of data at the per-user level. You can add or remove columns from the table. <br/><br/>**Username** is the email address of the user who connected to Microsoft 365 services using Microsoft browsers.<br><br/>**Used Microsoft Edge** shows a tick mark if the user used Microsoft Edge to connect to Microsoft 365 services.<br/><br/>**Used Microsoft Edge Legacy** shows a tick mark if the user used Microsoft Edge Legacy to connect to Microsoft 365 services.<br/><br/>**Used Internet Explorer** shows a tick mark if the user used Internet Explorer to connect to Microsoft 365 services. |
+|6. |Select the **Choose columns** icon to add or remove columns from the report.|
+|7. |You can also export the report data into an Excel .csv file by selecting the **Export** link. This exports data for all users and enables you to do simple aggregation, sorting, and filtering for further analysis. If you have less than 100 users, you can sort and filter within the table in the report itself. If you have more than 100 users, in order to filter and sort, you will need to export the data.|
admin Manage Deployment Of Add Ins https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-deployment-of-add-ins.md
Updates for add-ins happen as follows:
[Manage add-ins in the admin center](manage-addins-in-the-admin-center.md) (article)\ [Build your first Word task pane add-in](/office/dev/add-ins/quickstarts/word-quickstart?tabs=yeomangenerator) (article\
-[Minors and acquiring add-ins from the store](minors-and-acquiring-addins-from-the-store.md) (article)\
-[Use Centralized Deployment PowerShell cmdlets to manage add-ins](../../enterprise/use-the-centralized-deployment-powershell-cmdlets-to-manage-add-ins.md) (article)\
-[Troubleshoot: User not seeing add-ins](/office365/troubleshoot/access-management/user-not-seeing-add-ins) (article)
+[Minors and acquiring add-ins from the store](minors-and-acquiring-addins-from-the-store.md) (article)\
+[Use Centralized Deployment PowerShell cmdlets to manage add-ins](../../enterprise/use-the-centralized-deployment-powershell-cmdlets-to-manage-add-ins.md) (article)\
+[Troubleshoot: User not seeing add-ins](/office365/troubleshoot/access-management/user-not-seeing-add-ins) (article)
admin Scoped Certified Application Installation And Config https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/misc/scoped-certified-application-installation-and-config.md
These steps are required to set up the integration between your ServiceNow insta
5. \[The person who is a ServiceNow admin\] Set up Inbound OAuth Provider. -- Uncheck **Skip current step**.
+ - Uncheck **Skip current step**.
-- Uncheck **External OIDC Auth Token**.
+ - Uncheck **External OIDC Auth Token**.
-- Select OAuth Client created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#3 and select **Next**.
+ - Select OAuth Client created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#3 and select **Next**.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image13.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
6. \[The person who is a ServiceNow admin\] Set up inbound call integration user. -- Uncheck **Skip current step**.
+ - Uncheck **Skip current step**.
-- Select the integration user created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#4 and select **Next**.
+ - Select the integration user created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#4 and select **Next**.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image14.png" alt-text="Graphical user interface, text, application Description automatically generated":::
7. \[The person who is a ServiceNow admin\] Set up Repository ID.
-Specify the repository ID, and then select **Next**.
+ Specify the repository ID, and then select **Next**.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image15.png" alt-text="Graphical user interface, text, application Description automatically generated":::
8. \[The person who is a ServiceNow admin\] Set up Application settings.
-Select the following settings, and then select **Next**.
+ Select the following settings, and then select **Next**.
-- SSO with Microsoft 365: Check whether the ServiceNow instance is set up as SSO with Microsoft 365 tenants, otherwise uncheck it.
+ - SSO with Microsoft 365: Check whether the ServiceNow instance is set up as SSO with Microsoft 365 tenants, otherwise uncheck it.
-- Microsoft 365 admin email: The email of Microsoft 365 admin user who is contacted when Microsoft 365 support cases are created.
+ - Microsoft 365 admin email: The email of Microsoft 365 admin user who is contacted when Microsoft 365 support cases are created.
-- Test Environment: Check the box to indicate a test phase to avoid Microsoft support agents contacting you to address the issue. If you're ready to move forward officially with Microsoft 365 support integration, uncheck the box.
+ - Test Environment: Check the box to indicate a test phase to avoid Microsoft support agents contacting you to address the issue. If you're ready to move forward officially with Microsoft 365 support integration, uncheck the box.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image16.png" alt-text="Graphical user interface, text, application Description automatically generated":::
9. \[The person who is Helpdesk Admin or Service Request Admin in Microsoft 365 tenants\] Complete Integration.
Select the following settings, and then select **Next**.
1. In the tab **Repositories**, select **Add a repository** to create a new repository with the following settings:
- - Repository: The **Repository ID** value from page Step - 6 Complete the integration.
+ - Repository: The **Repository ID** value from page Step - 6 Complete the integration.
- - Endpoint: The **Endpoint** value from page Step - 6 Complete the integration.
+ - Endpoint: The **Endpoint** value from page Step - 6 Complete the integration.
- - Authentication type: Select **Basic Auth**.
+ - Authentication type: Select **Basic Auth**.
- - Client ID: The **Client ID** value from page Step - 6 Complete the integration.
+ - Client ID: The **Client ID** value from page Step - 6 Complete the integration.
- - Client secret: The secret of the inbound OAuth provider that was created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#3.
+ - Client secret: The secret of the inbound OAuth provider that was created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#3.
- - Refresh token expiry: 864000
+ - Refresh token expiry: 864000
- - Rest username: The **User Name** value from page Step - 6 Complete the integration.
+ - Rest username: The **User Name** value from page Step - 6 Complete the integration.
- - Rest user password: The password of the integration user that was created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#4.
+ - Rest user password: The password of the integration user that was created in [Prerequisites (Basic Authentication)](#prerequisites-basic-authentication) step \#4.
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image19.png" alt-text="Graphical user interface, application Description automatically generate":::
Select the following settings, and then select **Next**.
1. Select **Next** to complete the integration.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image20.png" alt-text="Graphical user interface, application, website Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image20.png" alt-text="Graphical user interface, application, website Description automatically generated":::
10. \[The person who is a ServiceNow admin\] Enable Microsoft 365 support integration for an existing user.
-Microsoft 365 support integration is enabled only for the user with one of these roles:
+ Microsoft 365 support integration is enabled only for the user with one of these roles:
-- x\_mioms\_m365\_assis.insights\_user
+ - x\_mioms\_m365\_assis.insights\_user
-- x\_mioms\_m365\_assis.administrator
+ - x\_mioms\_m365\_assis.administrator
-> [!NOTE]
-> The user with the role x\_mioms\_m365\_assis.insights\_user role can see Service Health Incidents, Recommended Solutions. The user with the role x\_mioms\_m365\_assis.administrator can also open a case with Microsoft 365 support.
+ > [!NOTE]
+ > The user with the role x\_mioms\_m365\_assis.insights\_user role can see Service Health Incidents, Recommended Solutions. The user with the role x\_mioms\_m365\_assis.administrator can also open a case with Microsoft 365 support.
11. \[Optional\] \[The user with role x_mioms_m365_assis.administrator\] Link Microsoft 365 Admin account.
-If any user has the role x\_mioms\_m365\_assis.administrator and is using different Microsoft 365 accounts to manage a Microsoft 365 support case, they must go to Microsoft 365 support > Link Account to set up their Microsoft 365 admin email.
+ If any user has the role x\_mioms\_m365\_assis.administrator and is using different Microsoft 365 accounts to manage a Microsoft 365 support case, they must go to Microsoft 365 support > Link Account to set up their Microsoft 365 admin email.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image21.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image21.png" alt-text="Graphical user interface, text, application Description automatically generated":::
## Set up Microsoft 365 support integration with AAD OAuth Token
These prerequisite steps are necessary to set up the Microsoft 365 support integ
1. In **OAuth OIDC Provider Configuration**, select **Search** and create a new OIDC provider configuration under ΓÇ£oidc\_provider\_configuration.listΓÇ¥ with these values:
- - OIDC Provider: Contoso Azure
+ - OIDC Provider: Contoso Azure
- - OIDC Metadata URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/.well-known/openid-configuration`
+ - OIDC Metadata URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/.well-known/openid-configuration`
- - UserClaim: **appId**
+ - UserClaim: **appId**
- - User Field: **User ID**
+ - User Field: **User ID**
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image24.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image24.png" alt-text="Graphical user interface, text, application Description automatically generated":::
1. Create a new application by selecting **Configure an OIDC provider to verify ID tokens** with these values:
- - Name: contoso\_application\_inbound\_api
+ - Name: contoso\_application\_inbound\_api
- - Client ID: The Client ID of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#2.
+ - Client ID: The Client ID of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#2.
- - Client Secret: The App Secret of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#2.
+ - Client Secret: The App Secret of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#2.
- - OAuth OIDC Provider Configuration: The OIDC provider created in the last step.
+ - OAuth OIDC Provider Configuration: The OIDC provider created in the last step.
- - Redirect URL:
- `https://{service-now-instance-name}.service-now.com/oauth_redirect.do`
+ - Redirect URL:
+ `https://{service-now-instance-name}.service-now.com/oauth_redirect.do`
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image25.png" alt-text="Graphical user interface, application Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image25.png" alt-text="Graphical user interface, application Description automatically generated":::
6. \[The person who is a ServiceNow admin\] Create Integration Users.
These steps are necessary to set up the integration between your ServiceNow inst
1. \[The person who is a ServiceNow admin\] Switch the scope to Microsoft 365 support integration.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image9.png" alt-text="Graphical user interface, table Description automatically generated":::
2. \[The person who is a ServiceNow admin\] Go to Microsoft 365 support > **Setup** to open the integration flow.
-> [!NOTE]
-> If you see the error "Read operation against 'oauth\_entity' from scope 'x\_mioms\_m365\_assis' has been refused due to the table's cross-scope access policy," it was caused by your table access policy. You must make sure **All application scopes** > **Can read** is checked for the table oauth\_entity.
+ > [!NOTE]
+ > If you see the error "Read operation against 'oauth\_entity' from scope 'x\_mioms\_m365\_assis' has been refused due to the table's cross-scope access policy," it was caused by your table access policy. You must make sure **All application scopes** > **Can read** is checked for the table oauth\_entity.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image27.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
3. \[The person who is a ServiceNow admin\] Select **Agree** to agree to the consent.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image11.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
4. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider.
-Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#4 and select **Next**.
+ Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#4 and select **Next**.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image12.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
5. \[The person who is a ServiceNow admin\] Set up Inbound OAuth Provider.
Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD
1. Select the OAuth Client created at [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step 5, and then select **Next**.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image28.png" alt-text="Graphical user interface, text, application Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image28.png" alt-text="Graphical user interface, text, application Description automatically generated":::
6. \[The person who is a ServiceNow admin\] Set up Inbound Call Integration User.
Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD
1. Input the Client ID of the application that was created at [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#3 and select **Next**.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image39.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image39.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
7. \[The person who is a ServiceNow admin\] Set up the Repository ID.
Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD
:::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image18.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
- 1. On the **Repositories** tab, select **Add a repository** to create a new repository with the following information:
+ 1. On the **Repositories** tab, select **Add a repository** to create a new repository with the following information:
- - Repository: Use the **Repository ID** value from the Step - 6 Complete the integration page.
+ - Repository: Use the **Repository ID** value from the Step - 6 Complete the integration page.
- - Endpoint: The **Endpoint** value from the Step - 6 Complete the integration page.
+ - Endpoint: The **Endpoint** value from the Step - 6 Complete the integration page.
- - Authentication type: Select **AAD Auth**.
+ - Authentication type: Select **AAD Auth**.
- - Client Id: The **Client ID** value on the Step - 6 Complete the integration page, which is the Client ID of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#2.
+ - Client Id: The **Client ID** value on the Step - 6 Complete the integration page, which is the Client ID of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#2.
- - Rest username: The **User Name** value on the Step - 6 Complete the integration page, which is the **Client ID** of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#3.
+ - Rest username: The **User Name** value on the Step - 6 Complete the integration page, which is the **Client ID** of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#3.
- - Rest user password: The App Secret of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#3.
+ - Rest user password: The App Secret of the application created in [Prerequisites (AAD OAuth Token)](#prerequisites-aad-oauth-token) step \#3.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image31.png" alt-text="Graphical user interface, application Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image31.png" alt-text="Graphical user interface, application Description automatically generated":::
- 1. Go back and select the button to save the integration.
+ 1. Go back and select the button to save the integration.
1. Select **Next** to complete the integration.
Select OAuth profile for Outbound OAuth Provider created at [Prerequisites (AAD
10. \[The person who is a ServiceNow admin\] Enable Microsoft 365 support integration for an existing user.
-Microsoft 365 support integration is enabled only for users with the following roles:
+ Microsoft 365 support integration is enabled only for users with the following roles:
-- x\_mioms\_m365\_assis.insights\_user
+ - x\_mioms\_m365\_assis.insights\_user
-- x\_mioms\_m365\_assis.administrator
+ - x\_mioms\_m365\_assis.administrator
-> [!NOTE]
-> The user with the role x\_mioms\_m365\_assis.insights\_user can see Service Health Incidents, Recommended Solutions. The user with the role x\_mioms\_m365\_assis.administrator also can open a case with Microsoft 365 support.
+ > [!NOTE]
+ > The user with the role x\_mioms\_m365\_assis.insights\_user can see Service Health Incidents, Recommended Solutions. The user with the role x\_mioms\_m365\_assis.administrator also can open a case with Microsoft 365 support.
11. **\[Optional\] \[The user with role x_mioms_m365_assis.administrator\] Link Microsoft 365 Admin account**
-If any user has the role ΓÇ£x\_mioms\_m365\_assis.administratorΓÇ¥ and they're using different Microsoft 365 accounts to manage Microsoft support cases, they must go to Microsoft 365 support > Link Account to set up their Microsoft 365 admin email.
+ If any user has the role ΓÇ£x\_mioms\_m365\_assis.administratorΓÇ¥ and they're using different Microsoft 365 accounts to manage Microsoft support cases, they must go to Microsoft 365 support > Link Account to set up their Microsoft 365 admin email.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image21.png" alt-text="Graphical user interface, text, application Description automatically generated":::
## Set up Microsoft 365 support integration for Insights ONLY
These prerequisite steps are necessary to set up Microsoft 365 support integrati
1. Create a new application with the values below by selecting **Connect to a third party OAuth Provider**.
- - Client ID: The **Client ID** of the application created in [Prerequisites (Insights ONLY)](#prerequisites-insights-only) step \#1
+ - Client ID: The **Client ID** of the application created in [Prerequisites (Insights ONLY)](#prerequisites-insights-only) step \#1
- - Client Secret: The App Secret of the application created in [Prerequisites (Insights ONLY)](#prerequisites-insights-only) step \#1
+ - Client Secret: The App Secret of the application created in [Prerequisites (Insights ONLY)](#prerequisites-insights-only) step \#1
- - Default Grant type: Client Credentials
+ - Default Grant type: Client Credentials
- - Token URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/oauth2/token`
+ - Token URL: `https://login.microsoftonline.com/{microsoft-365-tenant-name}/oauth2/token`
- - Redirect URL: `https://{servicenow-instance-name}.service-now.com/oauth_redirect.do`
+ - Redirect URL: `https://{servicenow-instance-name}.service-now.com/oauth_redirect.do`
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image6.png" alt-text="Graphical user interface, application Description automatically generated":::
### Set up Microsoft 365 support integration
The following steps are needed to set up the integration between your ServiceNow
1. \[The person who is a ServiceNow admin\] Switch the scope to Microsoft 365 support integration.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image9.png" alt-text="Graphical user interface, table Description automatically generated":::
2. \[The person who is a ServiceNow admin\] Go to Microsoft 365 support > **Setup** to open the integration flow.
-> [!NOTE]
-> If you see the error "Read operation against 'oauth\_entity' from scope 'x\_mioms\_m365\_assis' has been refused due to the table's cross-scope access policy," it was caused by your table access policy. You must make sure **All application scopes** > **Can read** is checked for the table oauth\_entity.
+ > [!NOTE]
+ > If you see the error "Read operation against 'oauth\_entity' from scope 'x\_mioms\_m365\_assis' has been refused due to the table's cross-scope access policy," it was caused by your table access policy. You must make sure **All application scopes** > **Can read** is checked for the table oauth\_entity.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image27.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
3. \[The person who is a ServiceNow admin\] Select **Agree** to agree to the consent.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image11.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
4. \[The person who is a ServiceNow admin\] Set up Outbound OAuth Provider.
-Select OAuth profile for Outbound OAuth Provider and select **Next**.
+ Select OAuth profile for Outbound OAuth Provider and select **Next**.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image12.png" alt-text="Graphical user interface, text, application, email Description automatically generated":::
5. \[The person who is a ServiceNow admin\] Skip Inbound OAuth Provider.
Select OAuth profile for Outbound OAuth Provider and select **Next**.
7. \[The person who is a ServiceNow admin\] Set up Repository ID.
-Specify the repository ID and select **Next**.
+ Specify the repository ID and select **Next**.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image15.png" alt-text="Graphical user interface, text, application Description automatically generated":::
8. \[The person who is a ServiceNow admin\] Set up Application Settings.
Specify the repository ID and select **Next**.
1. On the **Repositories** tab, select **Add a repository** to create a new repository with the following information:
- - Repository: The **Repository ID** value from the Step - 6 Complete the integration page.
+ - Repository: The **Repository ID** value from the Step - 6 Complete the integration page.
- - Endpoint: The **Endpoint** value from the Step - 6 Complete the integration page.
+ - Endpoint: The **Endpoint** value from the Step - 6 Complete the integration page.
- - Authentication type: Select **AAD Auth**.
+ - Authentication type: Select **AAD Auth**.
- - Client ID: A random value, such as **ignored**.
+ - Client ID: A random value, such as **ignored**.
- - Rest username: A random value, such as **ignored**.
+ - Rest username: A random value, such as **ignored**.
- - Rest user password: A random value, such as **ignored**.
+ - Rest user password: A random value, such as **ignored**.
- :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image36.png" alt-text="Graphical user interface, application Description automatically generated":::
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image36.png" alt-text="Graphical user interface, application Description automatically generated":::
1. Go back and select the button to save the integration.
Specify the repository ID and select **Next**.
10. \[The person who is a ServiceNow admin\] Enable Microsoft 365 support integration for an existing user.
-Microsoft 365 support integration is enabled only for these user roles:
+ Microsoft 365 support integration is enabled only for these user roles:
-- x\_mioms\_m365\_assis.insights\_user
+ - x\_mioms\_m365\_assis.insights\_user
-- x\_mioms\_m365\_assis.administrator
+ - x\_mioms\_m365\_assis.administrator
-> [!NOTE]
-> The user with the role x_mioms_m365_assis.insights_user can see Service Health Incidents, Recommended Solutions. The user with the role x_mioms_m365_assis.administrator also can open a case with Microsoft 365 support. With Insights ONLY, no one should be assigned the role x_mioms_m365_assis.administrator.
+ > [!NOTE]
+ > The user with the role x_mioms_m365_assis.insights_user can see Service Health Incidents, Recommended Solutions. The user with the role x_mioms_m365_assis.administrator also can open a case with Microsoft 365 support. With Insights ONLY, no one should be assigned the role x_mioms_m365_assis.administrator.
## Testing the configuration
Here are the steps to test the configuration of Microsoft 365 support integratio
3. Focus on **Microsoft 365 support** tab, and select **Microsoft 365 Insights** to determine if the recommended solutions were retrieved successfully.
+ :::image type="content" source="../../media/ServiceNow-guide/ServiceNow-guide-image38.png" alt-text="Graphical user interface, application, website Description automatically generated":::
## Troubleshooting
admin Enable Usage Analytics https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/usage-analytics/enable-usage-analytics.md
Tenant level aggregates will be available in all reports after opting in. **User
## Make the collected data anonymous
-To make the data that is collected for all reports anonymous, you have to be a global administrator. This will hide identifiable information such as user, group and site names in reports and in the template app .
-
-1. In the admin center, go to the **Settings** \> **Org Settings**, and under **Services** tab, choose **Reports**.
-
-2. Select **Reports**, and then choose to **Display anonymous identifiers**. This setting gets applied both to the usage reports as well as to the template app.
-
-3. Select **Save changes**.
+Reports provide information about your organizationΓÇÖs usage data. By default, reports display information with identifiable names for users, groups, and sites. Starting September 1, 2021, we are hiding user information by default for all reports as part of our ongoing commitment to help companies support their local privacy laws.
+
+Global administrators can revert this change for their tenant and show identifiable user information if their organization's privacy practices allow it. It can be achieved in the Microsoft 365 admin center by following these steps:
+
+1. In the admin center, go to the **Settings** \> **Org Settings** \> **Services** page.
+
+2. Select **Reports**.
+
+3. Uncheck the statement **In all reports, display de-identified names for users, groups, and sites**, and then save your changes.
+
+It'll take a few minutes for these changes to take effect. Showing identifiable user information is a logged event in the Microsoft 365 compliance center audit log.
## Related content [About usage analytics](usage-analytics.md) (article)\ [Get the latest version of usage analytics](get-the-latest-version-of-usage-analytics.md) (article)\
-[Navigate and utilize the reports in Microsoft 365 usage analytics](navigate-and-utilize-reports.md) (article)
+[Navigate and utilize the reports in Microsoft 365 usage analytics](navigate-and-utilize-reports.md) (article)
compliance Dlp Policy Tips Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-tips-reference.md
Please note that custom sensitive information types will also be detected in add
|**App and platform**|**DLP policy tip support**|**Sensitive information types supported**|**Predicates and actions supported**|**Comments**| |:--|:--|:--|:--|:--|
-|**Outlook Web Access**|:::image type="icon" source="../media/rightmrk.png" border="false":::|All|Subset|See [Data Loss Prevention policy tips reference](#data-loss-prevention-policy-tips-reference)|
-|**Outlook Win32 (Outlook 2013 and beyond)**|:::image type="icon" source="../media/rightmrk.png" border="false":::|Subset|Subset|See [Outlook 2013 and later supports showing policy tips for only some conditions and exceptions](#outlook-2013-and-later-supports-showing-policy-tips-for-only-some-conditions-and-exceptions) and [Outlook 2013 and later and Office apps on Desktop support showing policy tips for only some sensitive information types](#outlook-2013-and-later-and-office-apps-on-desktop-support-showing-policy-tips-for-only-some-sensitive-information-types) for details on support for sensitive information types and DLP conditions and actions supported for showing DLP policy tips on Outlook Win32.|
-|**Outlook Mobile (iOS, Android)/Outlook Mac**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|DLP policy tips are not supported on Outlook mobile|
-|**SharePoint Online/OneDrive for Business Web client**|:::image type="icon" source="../media/rightmrk.png" border="false":::|All|All SPO/ODB predicates and actions in DLP||
-|**SharePoint Win32/ OneDrive for Business Win32 client**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|DLP policy tips are not supported on SharePoint or OneDrive desktop client apps|
-|**Word, Excel, PowerPoint Web Client**|:::image type="icon" source="../media/rightmrk.png" border="false":::|All|All SPO/ODB predicates and actions in DLP|DLP policy tip is supported if the document is hosted on SPO or ODB web app and the DLP policy is already stamped.|
-|**Word, Excel, PowerPoint Mobile Client**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|DLP policy tips are not supported in mobile apps for Office.|
-|**Teams Web/ Teams Desktop/ Teams Mobile/ Teams Mac**|:::image type="icon" source="../media/rightmrk.png" border="false":::|All|All Teams predicates in DLP policy|Policy tips will show when a message is flagged as ΓÇ£This message has been flagged. What can I do?ΓÇ¥ When clicking the link, the user can review the sensitive info types detected and override or report an issue if allowed by the admin. Note that no policy tips are shown for files. When the recipient tries to access the document, they might get access denied if not allowed.|
-|**Win32 Endpoint Devices**|:::image type="icon" source="../media/rightmrk.png" border="false":::|Subset|All Endpoint DLP predicates and actions in DLP policy|See [Data Loss Prevention on Endpoint supports policy tips for only some sensitive information types](#data-loss-prevention-on-endpoint-devices-supports-policy-tips-for-only-some-sensitive-information-types)|
-|**Mac devices**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|Data loss prevention policies are not enforceable on Mac devices today|
-|**3rd party cloud apps**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None|Data Loss Prevention policy tips are not supported on 3rd party cloud apps|
-|**On-prem**|:::image type="icon" source="../media/crsmrk.png" border="false":::|None|None||
-|**Word, Excel, PowerPoint Win32 Client**|:::image type="icon" source="../medi#policy-tips-in-excel-powerpoint-and-word) for more details|
+|**Outlook On the Web**|:::image type="icon" source="../media/rightmrk.png" border="false":::|all|subset||
+|**Outlook Win32 (ver. 2105 build 14026.20000 and semi-annual channel ver. 2102 build 13801.20862)**|:::image type="icon" source="../media/rightmrk.png" border="false":::|all|subset|See [Outlook 2013 and later supports showing policy tips for only some conditions and exceptions](#outlook-2013-and-later-supports-showing-policy-tips-for-only-some-conditions-and-exceptions) and [Outlook 2013 and later and Office apps on Desktop support showing policy tips for only some sensitive information types](#outlook-2013-and-later-and-office-apps-on-desktop-support-showing-policy-tips-for-only-some-sensitive-information-types) for details on support for sensitive information types and DLP conditions and actions supported for showing DLP policy tips on Outlook Win32.|
+|**Outlook Mobile (iOS, Android)/Outlook Mac**|:::image type="icon" source="../media/crsmrk.png" border="false":::|none|none|DLP policy tips are not supported on Outlook mobile|
+|**SharePoint Online/OneDrive for Business Web client**|:::image type="icon" source="../media/rightmrk.png" border="false":::|all|all SPO/ODB predicates and actions in DLP||
+|**SharePoint Win32/ OneDrive for Business Win32 client**|:::image type="icon" source="../media/crsmrk.png" border="false":::|none|none|DLP policy tips are not supported on SharePoint or OneDrive desktop client apps|
+|**Word, Excel, PowerPoint Web Client**|:::image type="icon" source="../media/rightmrk.png" border="false":::|all|all SPO/ODB predicates and actions in DLP|DLP policy tip is supported if the document is hosted on SPO or ODB web app and the DLP policy is already stamped.|
+|**Word, Excel, PowerPoint Mobile Client**|:::image type="icon" source="../media/crsmrk.png" border="false":::|none|none|DLP policy tips are not supported in mobile apps for Office.|
+|**Teams Web/ Teams Desktop/ Teams Mobile/ Teams Mac**|:::image type="icon" source="../media/rightmrk.png" border="false":::|all|all Teams predicates in DLP policy|Policy tips will show when a message is flagged as ΓÇ£This message has been flagged. What can I do?ΓÇ¥ When clicking the link, the user can review the sensitive info types detected and override or report an issue if allowed by the admin. Note that no policy tips are shown for files. When the recipient tries to access the document, they might get access denied if not allowed.|
+|**Win32 Endpoint Devices**|:::image type="icon" source="../media/rightmrk.png" border="false":::|subset|all Endpoint DLP predicates and actions in DLP policy|See [Data Loss Prevention on Endpoint supports policy tips for only some sensitive information types](#data-loss-prevention-on-endpoint-devices-supports-policy-tips-for-only-some-sensitive-information-types)|
+|**Mac devices**|:::image type="icon" source="../media/crsmrk.png" border="false":::|none|none|Data loss prevention policies are not enforceable on Mac devices today|
+|**3rd party cloud apps**|:::image type="icon" source="../media/crsmrk.png" border="false":::|none|none|Data Loss Prevention policy tips are not supported on 3rd party cloud apps|
+|**On-prem**|:::image type="icon" source="../media/crsmrk.png" border="false":::|none|none||
+|**Word, Excel, PowerPoint Win32 Client**|:::image type="icon" source="../medi#policy-tips-in-excel-powerpoint-and-word) for more details|
||||||
compliance Sensitive Information Type Entity Definitions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-entity-definitions.md
A DLP policy has medium confidence that it's detected this type of sensitive inf
### Pattern
-Detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, and diner cards.
+Detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, diner's cards, Rupay and China UnionPay.
### Checksum
A DLP policy has low confidence that it's detected this type of sensitive inform
- no do cartao - no. do cartão - no. do cartao
+- rupay
+- union pay
+- unionpay
+- diner's
+- diners
- クレジットカード番号 - クレジットカードナンバー - クレジットカード#
A DLP policy has low confidence that it's detected this type of sensitive inform
- カードの名義 - デビット カード - デビットカード
+- 中国银联
+- Θô╢Φüö
+ ## Croatia driver's license number
A DLP policy has medium confidence that it's detected this type of sensitive inf
- áfa szám
+## India Driver's License Number
+
+### Format
+
+15 character alphanumeric pattern
+
+### Pattern
+
+15 letters or digits:
+- two letters indicating state code
+- optional space or dash
+- two digits indicating city code
+- optional space or dash
+- four digits indicating year of issue
+- optional space or dash
+- seven digits
+
+### Checksum
+
+No
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_india_driving_license` finds content that matches the pattern.
+- A keyword from `Keywords_eu_driver's_license_number_common` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_india_driving_license` finds content that matches the pattern.
++
+```xml
+ <!-- India Driver's License Number -->
+ <Entity id="680788a3-53b6-455a-b891-c38cd76dc917" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_india_driving_license" />
+ <Match idRef="Keywords_eu_driver's_license_number_common" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_india_driving_license" />
+ </Pattern>
+ </Entity>
+```
+
+### Keywords
+
+#### Keywords_eu_driver's_license_number_common
+
+- driverlic
+- driverlics
+- driverlicense
+- driverlicenses
+- driverlicence
+- driverlicences
+- driver lic
+- driver lics
+- driver license
+- driver licenses
+- driver licence
+- driver licences
+- driverslic
+- driverslics
+- driverslicence
+- driverslicences
+- driverslicense
+- driverslicenses
+- drivers lic
+- drivers lics
+- drivers license
+- drivers licenses
+- drivers licence
+- drivers licences
+- driver'lic
+- driver'lics
+- driver'license
+- driver'licenses
+- driver'licence
+- driver'licences
+- driver' lic
+- driver' lics
+- driver' license
+- driver' licenses
+- driver' licence
+- driver' licences
+- driver'slic
+- driver'slics
+- driver'slicense
+- driver'slicenses
+- driver'slicence
+- driver'slicences
+- driver's lic
+- driver's lics
+- driver's license
+- driver's licenses
+- driver's licence
+- driver's licences
+- dl#
+- dls#
+- driverlic#
+- driverlics#
+- driverlicense#
+- driverlicenses#
+- driverlicence#
+- driverlicences#
+- driver lic#
+- driver lics#
+- driver license#
+- driver licenses#
+- driver licences#
+- driverslic#
+- driverslics#
+- driverslicense#
+- driverslicenses#
+- driverslicence#
+- driverslicences#
+- drivers lic#
+- drivers lics#
+- drivers license#
+- drivers licenses#
+- drivers licence#
+- drivers licences#
+- driver'lic#
+- driver'lics#
+- driver'license#
+- driver'licenses#
+- driver'licence#
+- driver'licences#
+- driver' lic#
+- driver' lics#
+- driver' license#
+- driver' licenses#
+- driver' licence#
+- driver' licences#
+- driver'slic#
+- driver'slics#
+- driver'slicense#
+- driver'slicenses#
+- driver'slicence#
+- driver'slicences#
+- driver's lic#
+- driver's lics#
+- driver's license#
+- driver's licenses#
+- driver's licence#
+- driver's licences#
+- driving licence
+- driving license
+- dlno#
+- driv lic
+- driv licen
+- driv license
+- driv licenses
+- driv licence
+- driv licences
+- driver licen
+- drivers licen
+- driver's licen
+- driving lic
+- driving licen
+- driving licenses
+- driving licence
+- driving licences
+- driving permit
+- dl no
+- dlno
+- dl number
+++
+## India GST Number
+
+### Format
+
+15 character alphanumeric pattern
+
+### Pattern
+
+15 letters or digits:
+- two digits representing valid state code
+- an optional space or dash
+- ten characters representing Permanent Account Number (PAN)
+- one letter or digit
+- an optional space or dash
+- one letter 'z' or 'Z'
+- an optional space or dash
+- one check digit
+
+### Checksum
+
+Yes
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_india_gst_number` finds content that matches the pattern.
+- A keyword from `Keyword_india_gst_number` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The function `Func_india_gst_number` finds content that matches the pattern.
++
+```xml
+ <!-- India GST number -->
+ <Entity id="9f5a721c-2fd2-446a-a27e-0c02fbe4630c" patternsProximity="300" recommendedConfidence="85" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Func_india_gst_number" />
+ <Match idRef="Keyword_india_gst_number" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Func_india_gst_number" />
+ </Pattern>
+ </Entity>
+```
+
+### Keywords
+
+#### Keyword_india_gst_number
+
+- gst
+- gstin
+- goods and services tax
+- goods and service tax
++ ## India permanent account number (PAN) ### Format
A DLP policy has high confidence that it's detected this type of sensitive infor
- The function Func_india_aadhaar finds content that matches the pattern. - A keyword from Keyword_india_aadhar is found. - The checksum passes.--+ A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters: - The function Func_india_aadhaar finds content that matches the pattern.
A DLP policy has medium confidence that it's detected this type of sensitive inf
- आधार - uidai +
+## India Voter Id Card
+
+### Format
+
+10 character alphanumeric pattern
+
+### Pattern
+
+10 letters or digits:
+- three letters
+- seven digits
+
+### Checksum
+
+No
+
+### Definition
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.
+- A keyword from `Keyword_india_voter_id_card` is found.
+
+A DLP policy has low confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_india_voter_id_card` finds content that matches the pattern.
++
+```xml
+ <!-- India Voter Id Card -->
+ <Entity id="646d643f-5228-4408-acc8-f2e81a6df897" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_india_voter_id_card" />
+ <Match idRef="Keyword_india_voter_id_card" />
+ </Pattern>
+ <Pattern confidenceLevel="65">
+ <IdMatch idRef="Regex_india_voter_id_card" />
+ </Pattern>
+ </Entity>
+```
+
+### Keywords
+
+#### Keyword_india_voter_id_card
+
+- voter
+- voterid
+- votercard
+- voteridcard
+- electoral photo identity card
+- EPIC
+- ECI
+- election commmision
++ ## Indonesia identity card (KTP) number ### Format
For IPv6, a DLP policy has high confidence that it's detected this type of sensi
- ip addresses - internet protocol - IP-כתובת ה
- -->
++
+## IP Address v4
+
+### Format
+
+Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses
+
+### Pattern
++
+### Checksum
+
+No
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_ipv4_address` finds content that matches the pattern.
+- A keyword from `Keyword_ipaddress` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_ipv4_address` finds content that matches the pattern.
++
+```xml
+ <!-- IP Address v4-->
+ <Entity id="a7dd5e5f-e7f9-4626-a2c6-86a8cb6830d2" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_ipv4_address" />
+ <Match idRef="Keyword_ipaddress" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_ipv4_address" />
+ </Pattern>
+ </Entity>
+```
+
+### Keywords
+
+#### Keyword_ipaddress
+
+- IP (case sensitive)
+- ip address
+- ip addresses
+- internet protocol
+- IP-כתובת ה
++
+## IP Address v6
+
+### Format
+
+Complex pattern that accounts for formatted IPv6 numbers (which include colons)
+
+### Pattern
++
+### Checksum
+
+No
+
+### Definition
+
+A DLP policy has high confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_ipv6_address` finds content that matches the pattern.
+- A keyword from `Keyword_ipaddress` is found.
+
+A DLP policy has medium confidence that it's detected this type of sensitive information if, within a proximity of 300 characters:
+- The regular expression `Regex_ipv6_address` finds content that matches the pattern.
++
+```xml
+ <!-- IP Address v6-->
+ <Entity id="3f691089-7413-4926-ab3b-3c5ea8a1c17e" patternsProximity="300" recommendedConfidence="75" relaxProximity="true">
+ <Pattern confidenceLevel="85">
+ <IdMatch idRef="Regex_ipv6_address" />
+ <Match idRef="Keyword_ipaddress" />
+ </Pattern>
+ <Pattern confidenceLevel="75">
+ <IdMatch idRef="Regex_ipv6_address" />
+ </Pattern>
+ </Entity>
+```
+
+### Keywords
+
+#### Keyword_ipaddress
+
+- IP (case sensitive)
+- ip address
+- ip addresses
+- internet protocol
+- IP-כתובת ה
+ ## Ireland driver's license number
compliance Turn Audit Log Search On Or Off https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/turn-audit-log-search-on-or-off.md
You have to use Exchange Online PowerShell to turn off auditing.
- Go to the **Audit** page in the Microsoft 365 compliance center. If auditing is not turned on for your organization, a banner is displayed prompting you start recording user and admin activity.-
-## Audit records when auditing status is changed
-
-Changes to the auditing status in your organization are themselves audited. This means that audit records are logged when auditing is turned on or turned off. You can search the Exchange admin audit log for these audit records.
-
-To search the Exchange admin audit log for audit records that are generated when turning auditing on or off, run the following command in [Exchange Online PowerShell](/powershell/exchange/connect-to-exchange-online-powershell):
-
-```powershell
-Search-AdminAuditLog -Cmdlets Set-AdminAuditLogConfig -Parameters UnifiedAuditLogIngestionEnabled
-```
-
-Audit records for these events contain information about when the auditing status was changed, the admin who changed it, and the IP address of the computer that was used to make the change. The following screenshots show audit records that correspond to changing the auditing status in your organization.
-
-### Audit record for turning on auditing
-
-![Audit record for turning on auditing](../media/AuditStatusAuditingEnabled.png)
-
-The value of `Confirm` in the *CmdletParameters* property indicates that unified audit logging was turned on in the compliance center or by running the **Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true** cmdlet.
-
-### Audit record for turning off auditing
-
-![Audit record for turning off auditing](../media/AuditStatusAuditingDisabled.png)
-
-The value of `Confirm` is not included in the *CmdletParameters* property. This indicates that unified audit logging was turned off by running the **Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $false** command.
-
-For more information about searching the Exchange admin audit log, see [Search-AdminAuditLog](/powershell/module/exchange/search-adminauditlog).
scheduler Scheduler Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/scheduler/scheduler-setup.md
Tenant admins need to setup a Scheduler assistant mailbox and obtain Scheduler l
Learn more: [Scheduler for Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/meeting-scheduler-pricing)
->[Note]
->Meeting attendees do not need a Scheduler or Microsoft 365 license. <br>The Scheduler assistant mailbox does not require a Microsoft 365 or a Scheduler license.
+> [!Note]
+> Meeting attendees do not need a Scheduler or Microsoft 365 license. <br>The Scheduler assistant mailbox does not require a Microsoft 365 or a Scheduler license.
## Prerequisites | Prerequisite | Description | |-|-|
-|A Scheduler assistant mailbox for the tenant |An Exchange equipment type resource mailbox that acts as the Scheduler assistant mailbox for your tenant to send and receive emails to and from Cortana. All emails sent to Cortana are retained in your tenantΓÇÖs Cortana mailbox based on your retention policy. The Scheduler assistant mailbox is typically named ΓÇ£CortanaΓÇ¥ or ΓÇ£Cortana SchedulerΓÇ¥ since all the emails from the assistant will be signed Cortana.</br> - Create an equipment type Exchange resource mailbox</br> - Name the mailboxΓÇÖs display name and primary SMTP address ΓÇ£Cortana <cortana@yourdomain.com>ΓÇ¥ or ΓÇ£Cortana Scheduler <cortana.scheduler@yourdomain.com>ΓÇ¥.</br>**Note:** The Scheduler assistant mailbox does not require a Microsoft 365 or a Scheduler license.|
-|Exchange Online mailbox |Meeting organizers must have an Exchange Online mailbox and calendar typically as part of their Microsoft 365 license. In addition, meeting organizers must have a Scheduler license. The Scheduler license enables the Scheduler assistant to use the meeting organizerΓÇÖs mailbox and calendar to schedule meetings for them.</br></br> See Scheduler for Microsoft 365 for licensing and pricing information. </br></br>**Note:** Meeting attendees do not need a Scheduler or Microsoft 365 license. Meeting attendees can be internal or external to the tenant. Meeting attendees only need access to an email address.|
+|A Scheduler assistant mailbox for the tenant |An Exchange equipment type resource mailbox that acts as the Scheduler assistant mailbox for your tenant to send and receive emails to and from Cortana. All emails sent to Cortana are retained in your tenantΓÇÖs Cortana mailbox based on your retention policy. The Scheduler assistant mailbox is typically named ΓÇ£CortanaΓÇ¥ or ΓÇ£Cortana SchedulerΓÇ¥ since all the emails from the assistant will be signed Cortana.<ul><li>Create an equipment type Exchange resource mailbox</li><li>Name the mailboxΓÇÖs display name and primary SMTP address `Cortana <cortana@yourdomain.com>` or `Cortana Scheduler <cortana.scheduler@yourdomain.com>`.</li></ul>**Note:** The Scheduler assistant mailbox does not require a Microsoft 365 or a Scheduler license.|
+|Exchange Online mailbox |Meeting organizers must have an Exchange Online mailbox and calendar typically as part of their Microsoft 365 license. In addition, meeting organizers must have a Scheduler license. The Scheduler license enables the Scheduler assistant to use the meeting organizerΓÇÖs mailbox and calendar to schedule meetings for them.<br/><br/> See Scheduler for Microsoft 365 for licensing and pricing information. <br/><br/>**Note:** Meeting attendees do not need a Scheduler or Microsoft 365 license. Meeting attendees can be internal or external to the tenant. Meeting attendees only need access to an email address.|
## Setting up the Scheduler assistant mailbox
-Scheduler assistant mailbox is an Exchange equipment type mailbox that does not require an additional Microsoft 365 or Scheduler license. The display name and the primary SMTP address of the mailbox should contain Cortana since all the emails from the Scheduler assistant will be signed Cortana (i.e. ΓÇ£Cortana <cortana@yourdomain.com>ΓÇ¥ or ΓÇ£Cortana Scheduler <cortana.scheduler@yourdomain.com>ΓÇ¥). After the Scheduler assistant mailbox has been created, you must designate the mailbox as the Scheduler assistant mailbox. After you designate the Scheduler assistant mailbox, Cortana will be available to schedule meetings on behalf of your users.
--
+Scheduler assistant mailbox is an Exchange equipment type mailbox that does not require an additional Microsoft 365 or Scheduler license. The display name and the primary SMTP address of the mailbox should contain Cortana since all the emails from the Scheduler assistant will be signed Cortana (i.e., `Cortana <cortana@yourdomain.com>` or `Cortana Scheduler <cortana.scheduler@yourdomain.com>`). After the Scheduler assistant mailbox has been created, you must designate the mailbox as the Scheduler assistant mailbox. After you designate the Scheduler assistant mailbox, Cortana will be available to schedule meetings on behalf of your users.
- Use the Microsoft 365 admin center to create a user mailbox. A 30-day retention policy is recommended. -- Use the name Cortana in your mailboxΓÇÖs primary SMTP address. Names such as ΓÇ£Cortana@yourdomain.com,ΓÇÖ ΓÇÿCortanaScheduler@contoso.com,ΓÇÖ or ΓÇÿCortana.Scheduler@yourdomain.comΓÇÖ are recommended.
+- Use the name Cortana in your mailboxΓÇÖs primary SMTP address. Names such as `Cortana@yourdomain.com`, `CortanaScheduler@contoso.com`, or `Cortana.Scheduler@yourdomain.com` are recommended.
## Designate the mailbox as the Scheduler Assistant
After a unique mailbox for Cortana Scheduler has been created, you must designat
#### Connect to PowerShell Use the Microsoft 365 admin center to create a user mailbox. A 30-day retention policy is recommended.
-Use the name Cortana in your mailboxΓÇÖs primary SMTP address. Names such as ΓÇ£Cortana@yourdomain.com,ΓÇÖ ΓÇÿCortanaScheduler@contoso.com,ΓÇÖ or ΓÇÿCortana.Scheduler@yourdomain.comΓÇÖ are recommended.
+Use the name Cortana in your mailboxΓÇÖs primary SMTP address. Names such as `Cortana@yourdomain.com`, `CortanaScheduler@contoso.com`, or `Cortana.Scheduler@yourdomain.com` are recommended.
```PowerShell- $domain="yourdomain.com " $tenantAdmin="<tenantadmin>@$domain" Import-Module ExchangeOnlineManagement Connect-ExchangeOnline -UserPrincipalName $tenantAdmin- ``` #### Create the Scheduler Assistant Mailbox
Connect-ExchangeOnline -UserPrincipalName $tenantAdmin
```PowerShell New-Mailbox -Name Cortana -Organization $domain -DisplayName "Cortana Scheduler" -Equipment Set-CalendarProcessing Cortana@$domain -DeleteNonCalendarItems $false - ``` #### Designate the Scheduler Assistant Mailbox ```PowerShell- Set-mailbox cortana@$domain -SchedulerAssistant:$true-- ```+ After running this "set" command on the Cortana Scheduler assistant mailbox, a new "PersistedCapability" is set on the mailbox to note that this mailbox is the "SchedulerAssistant".
->[!Note]
+> [!Note]
> To learn how to connect your organization to PowerShell, see: [Connect to Microsoft 365 with PowerShell](/microsoft-365/enterprise/connect-to-microsoft-365-powershell)
After running this "set" command on the Cortana Scheduler assistant mailbox, a n
To verify the Scheduler assistant mailbox has been created ```PowerShell- Get-CalendarProcessing cortana$domain <cortana>@microsoft.com | fl DeleteNonCalendarItems`- ``` The result should be ΓÇ£falseΓÇ¥.
The result should be ΓÇ£falseΓÇ¥.
<br> ```PowerShell- Get-Mailbox -Identity <cortana>@microsoft.com$domain -Organization microsoft.com$domain | fl *type*- ``` The result should be
The result should be
- RecipientType: UserMailbox - RecipientTypeDetails: EquipmentMailbox
-</br>
+<br/>
### To discover which mailbox is the Scheduler assistant mailbox ```PowerShell- Get-Mailbox -ResultSize Unlimited | where {$_.PersistedCapabilities -Match "SchedulerAssistant"}- ```
->[Important]
->It might take several hours for the Scheduler assistant mailbox to complete full provisioning to set the SchedulerAssistant capability.
+> [!Important]
+> It might take several hours for the Scheduler assistant mailbox to complete full provisioning to set the SchedulerAssistant capability.
## Exchange Online mailbox+ A Scheduler license is an add-on to Microsoft 365, which enables the meeting organizer to delegate their meeting scheduling tasks to their Scheduler assistant. In addition to designating a mailbox as a Scheduler assistant mailbox, meeting organizers will also need a Scheduler license and Exchange Online mailbox and calendar, typically through Microsoft 365 license for Scheduler to work. Meeting attendees do not need a Scheduler license or a Microsoft 365 license. To purchase the Scheduler add-on, you require one of the following licenses:
To purchase the Scheduler add-on, you require one of the following licenses:
- Exchange Online Plan 1 or Plan 2 license. > [!Note]- > Scheduler for Microsoft 365 is available in worldwide multi-tenant environments in English only. **Scheduler for Microsoft 365** isn't available to users of:--- Microsoft 365 operated by 21Vianet in China-- Microsoft 365 with German cloud that uses the data trustee German Telekom-- Government cloud including GCC, Consumer, GCC High, or DoD-
-Scheduler does support users in Germany whose data location is not the German datacenter.
+>
+> - Microsoft 365 operated by 21Vianet in China
+> - Microsoft 365 with German cloud that uses the data trustee German Telekom
+> - Government cloud including GCC, Consumer, GCC High, or DoD
+>
+> Scheduler does support users in Germany whose data location is not the German datacenter.
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
##### [Customize controlled folder access](customize-controlled-folders.md) #### [Device Control]()
-##### [Device Control Reports](device-control-report.md)
##### [Control USB devices and other removable media](control-usb-devices-using-intune.md) ##### [Removable Storage Protection](device-control-removable-storage-protection.md) ##### [Removable Storage Access Control](device-control-removable-storage-access-control.md) ##### [Device Control Printer Protection](printer-protection.md)
-##### [Device Control reports](device-control-report.md)
+##### [Device Control Reports](device-control-report.md)
#### [Behavioral blocking and containment]() ##### [Behavioral blocking and containment](behavioral-blocking-containment.md)
security Device Control Removable Storage Access Control https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control.md
Microsoft Endpoint Manager admin center (<https://endpoint.microsoft.com/>) \> *
2. For each policy, also create an OMA-URI: - OMA-URI:
- `./Vendor/MSFT/Defender/Configuration/DeviceControl/PolicyRules/%7bFA6BE102-0784-4A2A-B010-A0BEBEBF68E1%7d/RuleData`
+ `./Vendor/MSFT/Defender/Configuration/DeviceControl/PolicyRules/%7b**PolicyRuleGUID**%7d/RuleData`
For example, for the **Block Write and Execute Access but allow approved USBs** rule in the sample, the link must be:
security Manage Protection Updates Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-protection-updates-microsoft-defender-antivirus.md
ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] - **Applies to:** - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=22154037)
This article describes how to specify from where updates should be downloaded (t
> Microsoft Defender Antivirus Security intelligence updates are delivered through Windows Update and starting Monday, October 21, 2019, all security intelligence updates will be SHA-2 signed exclusively. Your devices must be updated to support SHA-2 in order to update your security intelligence. To learn more, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](https://support.microsoft.com/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus). <a id="fallback-order"></a>+ ## Fallback order Typically, you configure endpoints to individually download updates from a primary source followed by other sources in order of priority, based on your network configuration. Updates are obtained from sources in the order you specify. If a source is not available, the next source in the list is used immediately.
The older the updates on an endpoint, the larger the download will be. However,
There are five locations where you can specify where an endpoint should obtain updates: - [Microsoft Update](https://support.microsoft.com/help/12373/windows-update-faq)-- [Windows Server Update Service](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus)
+- [Windows Server Update Service](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) (Intune Internal Definition Update Server - If you use SCCM/SUP to get definition updates for Microsoft Defender Antivirus, and need to access Windows Update on blocked on client devices, you can transition to co-management and offload the endpoint protection workload to Intune. In the AntiMalware policy configured in Intune there is an option for 'internal definition update server' which can be configured to use on-premises WSUS as the update source)
- [Microsoft Endpoint Configuration Manager](/configmgr/core/servers/manage/updates) - [Network file share](#unc-share) - [Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware](https://www.microsoft.com/wdsi/defenderupdates) (Your policy and registry might have this listed as Microsoft Malware Protection Center (MMPC) security intelligence, its former name.)
For example, suppose that Contoso has hired Fabrikam to manage their security so
> Microsoft does not test third-party solutions for managing Microsoft Defender Antivirus. <a id="unc-share"></a>+ ## Create a UNC share for security intelligence updates Set up a network file share (UNC/mapped drive) to download security intelligence updates from the MMPC site by using a scheduled task. 1. On the system on which you want to provision the share and download the updates, create a folder to which you will save the script.
- ```DOS
+ ```console
Start, CMD (Run as admin) MD C:\Tool\PS-Scripts\ ``` 2. Create the folder to which you will save the signature updates.
- ```DOS
+ ```console
MD C:\Temp\TempSigs\x64 MD C:\Temp\TempSigs\x86 ```
Set up a network file share (UNC/mapped drive) to download security intelligence
8. Use the command line to set up the scheduled task.
- > [!NOTE]
- > There are two types of updates: full and delta.
+ > [!NOTE]
+ > There are two types of updates: full and delta.
- For x64 delta:
- ```DOS
+ ```powershell
Powershell (Run as admin) C:\Tool\PS-Scripts\
Set up a network file share (UNC/mapped drive) to download security intelligence
- For x64 full:
- ```DOS
+ ```powershell
Powershell (Run as admin) C:\Tool\PS-Scripts\
Set up a network file share (UNC/mapped drive) to download security intelligence
- For x86 delta:
- ```DOS
+ ```powershell
Powershell (Run as admin) C:\Tool\PS-Scripts\
Set up a network file share (UNC/mapped drive) to download security intelligence
- For x86 full:
- ```DOS
+ ```powershell
Powershell (Run as admin) C:\Tool\PS-Scripts\
Set up a network file share (UNC/mapped drive) to download security intelligence
".\SignatureDownloadCustomTask.ps1 -action create -arch x86 -isDelta $false -destDir C:\Temp\TempSigs\x86 -scriptPath C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1 -daysInterval 1" ```
- > [!NOTE]
- > When the scheduled tasks are created, you can find these in the Task Scheduler under Microsoft\Windows\Windows Defender
+ > [!NOTE]
+ > When the scheduled tasks are created, you can find these in the Task Scheduler under Microsoft\Windows\Windows Defender
+ 9. Run each task manually and verify that you have data (mpam-d.exe, mpam-fe.exe, and nis_full.exe) in the following folders (you might have chosen different locations): - C:\Temp\TempSigs\x86
Set up a network file share (UNC/mapped drive) to download security intelligence
If the scheduled task fails, run the following commands:
- ```DOS
+ ```console
C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command "&\"C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\" -action run -arch x64 -isDelta $False -destDir C:\Temp\TempSigs\x64" C:\windows\system32\windowspowershell\v1.0\powershell.exe -NoProfile -executionpolicy allsigned -command "&\"C:\Tool\PS-Scripts\SignatureDownloadCustomTask.ps1\" -action run -arch x64 -isDelta $True -destDir C:\Temp\TempSigs\x64"
Set up a network file share (UNC/mapped drive) to download security intelligence
> [!NOTE] > Issues could also be due to execution policy.
-10. Create a share pointing to C:\Temp\TempSigs (e.g. \\server\updates).
+10. Create a share pointing to C:\Temp\TempSigs (e.g., \\server\updates).
> [!NOTE] > At a minimum, authenticated users must have "Read" access.
security Manage Updates Baselines Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus.md
ms.technology: mde Previously updated : 08/27/2021 Last updated : 09/03/2021 # Manage Microsoft Defender Antivirus updates and apply baselines
When this update is installed, the device needs the jump package 4.18.2001.10 to
## Microsoft Defender Antivirus platform support+ Platform and engine updates are provided on a monthly cadence. To be fully supported, keep current with the latest platform updates. Our support structure is dynamic, evolving into two phases depending on the availability of the latest platform version: - **Security and Critical Updates servicing phase** - When running the latest platform version, you will be eligible to receive both Security and Critical updates to the anti-malware platform.
Platform and engine updates are provided on a monthly cadence. To be fully suppo
During the technical support (only) phase, commercially reasonable support incidents will be provided through Microsoft Customer Service & Support and Microsoft's managed support offerings (such as Premier Support). If a support incident requires escalation to development for further guidance, requires a non-security update, or requires a security update, customers will be asked to upgrade to the latest platform version or an intermediate update (*). ### Platform version included with Windows 10 releases+ The below table provides the Microsoft Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases: |Windows 10 release |Platform version |Engine version |Support phase |
We recommend updating your Windows 10 (Enterprise, Pro, and Home editions), Wind
For more information, see [Microsoft Defender update for Windows operating system installation images](https://support.microsoft.com/help/4568292/defender-update-for-windows-operating-system-installation-images). <details>
+<summary>1.1.2109.01</summary>
+
+&ensp;Package version: **1.1.2109.01**
+&ensp;Platform version: **4.18.2107.4**
+&ensp;Engine version: **1.1.18400.5**
+&ensp;Signature version: **1.347.891.0**
+
+### Fixes
+- None
+
+### Additional information
+- None
+<br/>
+</details><details>
<summary>1.1.2108.01</summary> &ensp;Package version: **1.1.2108.01**
security Configure Advanced Delivery https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/configure-advanced-delivery.md
To create the SecOps override policy, use the following syntax:
New-SecOpsOverridePolicy -Name SecOpsOverridePolicy -SentTo <EmailAddress1>,<EmailAddress2>,...<EmailAddressN> ```
-**Note**: Regardless of the Name value you specify, the policy name will be SecOpsOverridePolicy, so you might as well use that value.
+> [!NOTE]
+> Regardless of the Name value you specify, the policy name will be _SecOpsOverridePolicy_, so you might as well use that value.
This example creates the SecOps mailbox policy.
This example creates the SecOps mailbox rule with the specified settings.
New-SecOpsOverrideRule -Name SecOpsOverrideRule -Policy SecOpsOverridePolicy ```
-**Note**: Regardless of the Name value you specify, the rule name will be SecOpsOverrideRule\<GUID\> where \<GUID\> is a unique GUID value (for example, 6fed4b63-3563-495d-a481-b24a311f8329).
+> [!NOTE]
+> Regardless of the Name value you specify, the rule name will be _SecOpsOverrideRule_\<GUID\> where \<GUID\> is a unique GUID value (for example, 6fed4b63-3563-495d-a481-b24a311f8329).
For detailed syntax and parameter information, see [New-SecOpsOverrideRule](/powershell/module/exchange/new-secopsoverriderule).
Get-SecOpsOverrideRule | Format-Table Name,Mode
After you identify the invalid rules, you can remove them by using the **Remove-SecOpsOverrideRule** cmdlet as described [later in this article](#use-powershell-to-remove-secops-override-rules).
-For detailed syntax and parameter information, see [Get-SecOpsOverrideRule](/powershell/module/exchange/get-secopsoverriderule)
+For detailed syntax and parameter information, see [Get-SecOpsOverrideRule](/powershell/module/exchange/get-secopsoverriderule).
### Use PowerShell to modify the SecOps override policy
To modify the SecOps override policy, use the following syntax:
Set-SecOpsOverridePolicy -Identity SecOpsOverridePolicy [-AddSentTo <EmailAddress1>,<EmailAddress2>,...<EmailAddressN>] [-RemoveSentTo <EmailAddress1>,<EmailAddress2>,...<EmailAddressN>] ```
-This example adds secops2@contoso.com to the SecOps override policy.
+This example adds `secops2@contoso.com` to the SecOps override policy.
```powershell Set-SecOpsOverridePolicy -Identity SecOpsOverridePolicy -AddSentTo secops2@contoso.com ```
-**Note**: If an associated, valid SecOps override rule exists, the email addresses in the rule will also be updated.
+> [!NOTE]
+> If an associated, valid SecOps override rule exists, the email addresses in the rule will also be updated.
For detailed syntax and parameter information, see [Set-SecOpsOverridePolicy](/powershell/module/exchange/set-secopsoverridepolicy).
This example creates the phishing simulation override policy.
New-PhishSimOverridePolicy -Name PhishSimOverridePolicy ```
-**Note**: Regardless of the Name value you specify, the policy name will be PhishSimOverridePolicy, so you might as well use that value.
+**Note**: Regardless of the Name value you specify, the policy name will be _PhishSimOverridePolicy_, so you might as well use that value.
For detailed syntax and parameter information, see [New-PhishSimOverridePolicy](/powershell/module/exchange/new-phishsimoverridepolicy).
Use the following syntax:
New-PhishSimOverrideRule -Name PhishSimOverrideRule -Policy PhishSimOverridePolicy -SenderDomainIs <Domain1>,<Domain2>,...<DomainN> -SenderIpRanges <IPAddressEntry1>,<IPAddressEntry2>,...<IPAddressEntryN> ```
-Regardless of the Name value you specify, the rule name will be PhishSimOverrideRule\<GUID\> where \<GUID\> is a unique GUID value (for example, a0eae53e-d755-4a42-9320-b9c6b55c5011).
+Regardless of the Name value you specify, the rule name will be _PhishSimOverrideRule_\<GUID\> where \<GUID\> is a unique GUID value (for example, a0eae53e-d755-4a42-9320-b9c6b55c5011).
A valid IP address entry is one of the following values:
security Tenant Allow Block List https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/tenant-allow-block-list.md
This article describes how to configure entries in the Tenant Allow/Block List i
- The available URL values are described in the [URL syntax for the Tenant Allow/Block List](#url-syntax-for-the-tenant-allowblock-list) section later in this article. -- The Tenant Allow/Block List allows a maximum of 500 entries for senders, 500 entries for URLs, and 500 entries for file hashes.
+- The Tenant Allow/Block List allows a maximum of 500 entries for senders, 500 entries for URLs, 500 entries for file hashes, and 1024 entries for spoofing (spoofed senders).
- The maximum number of characters for each entry is: - File hashes = 64