Updates from: 09/09/2021 03:09:59
Category Microsoft Docs article Related commit history on GitHub Change details
admin Mailbox Usage https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/activity-reports/mailbox-usage.md
You can get a view into your organization's **Mailbox usage** by looking at the
|6. <br/> | On the **Mailbox** chart, the Y axis is the count of user mailboxes. <br/> On the **Storage** chart, the Y axis is the amount of storage being used by user mailboxes in your organization. <br/> On the **Quota** chart, the Y axis is the number of user mailboxes in each storage quota. <br/> The X axis on the Mailbox and Storage charts is the selected date range for this specific report. <br/> The X axis on the Quota charts is the quota category. <br/> | |7. <br/> |You can filter charts you see by selecting an item in the legend. <br/> | |8. <br/> | The table shows you a breakdown of mailbox usage at the per-user level. You can add additional columns to the table. <br/> **User name** is the email address of the user. <br/> **Display Name** is the full name if the user. <br/> **Deleted** refers to the mailbox whose current state is deleted, but was active during some part of the reporting period of the report. <br/> **Deleted date** is the date the mailbox was deleted. <br/> **Create date** is the date the mailbox was created. <br/> **Last activity date** refers to the date the mailbox had an email send or read activity. <br/> **Item count** refers to the total number of items in the mailbox. <br/> **Storage used (MB)** refers to the total storage used. <br/> **Deleted Item Count** refers to the total number of deleted items in the mailbox. <br/> **Deleted Item Size (MB)** refers to the total size of all deleted items in the mailbox. <br/> **Issue warning quota (MB)** refers to the storage limit when the mailbox owner will receive a warning that it's about to hit the storage quota. <br/> **Prohibit send quota (MB)** refers to the storage limit when the mailbox can no longer send emails. <br/> **Prohibit send receive quota (MB)** refers to the storage limit when the mailbox can no longer send or receive emails. <br/> **Recoverable Item Quota (MB)** refers to the storage limit for recoverable (deleted) items in the mailbox when the mailbox can no longer delete emails. <br/> **Has Archive** shows if the mailbox has an online archive enabled. <br/> If your organization's policies prevents you from viewing reports where user information is identifiable, you can change the privacy setting for all these reports. Check out the **Hide user details in the reports** section in the [Activity Reports in the Microsoft 365 admin center](activity-reports.md). <br/> |
-|9. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Mailbox usage report - choose columns.](https://user-images.githubusercontent.com/34358966/132123544-20321d4f-ecd2-4787-b8fc-2fcda3a63781.png)|
+|9. <br/> |Select **Choose columns** to add or remove columns from the report. <br/> ![Mailbox usage report - choose columns.](../../media/ea3d0b18-6ac6-41b0-9bb9-4844f040ea75.png)|
|10. <br/> |You can also export the report data into an Excel .csv file, by selecting the **Export** link. <br/> | |||
admin Manage Industry News https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/admin/manage/manage-industry-news.md
description: "Provide your users with up-to-date news headlines about your indus
# Manage Industry news
-To provide your users with up-to-date news headlines about your industry and info from your organization, use the News service to enable a customized news feed for your organization. You can also enable a daily Industry Updates email, and manage settings for the Bing homepage and Microsoft Edge new tab page.
+To provide your users with up-to-date news headlines about your industry and info from your organization, use the News service to enable a customized news feed for your organization. You can also enable a daily Industry Updates email, and manage settings for the Bing homepage and Microsoft Edge new tab page.
## What your users will see
-You have the option to send your users a daily Industry Updates email with headlines and links to full articles. Users can customize their email updates by following additional topics, choosing when the update is delivered, excluding articles behind paywalls, and selecting the number of articles they want to see.
-
-Signed-in users who go to the Bing homepage see your industry's news feed under the personalized info for your organization. 
-
+You have the option to send your users a daily Industry Updates email with headlines and links to full articles. Users can customize their email updates by following additional topics, choosing when the update is delivered, excluding articles behind paywalls, and selecting the number of articles they want to see.
+
+Signed-in users who go to the Bing homepage see your industry's news feed under the personalized info for your organization.
+ :::image type="content" source="../../media/manage-industry-news-2.jpg" alt-text="Screenshot of image carousel with industry news from the web."::: :::image type="content" source="../../media/industry-updates-new.png" alt-text="Industry Updates page with date and headlines.":::
-They can also see company, industry, and internal news or personalized work information on their Microsoft Edge new tab page.
+They can also see company, industry, and internal news or personalized work information on their Microsoft Edge new tab page.
:::image type="content" source="../../media/manage-industry-news-3.png" alt-text="Microsoft in news homepage.":::
They can also see company, industry, and internal news or personalized work info
As an admin, you control the News feed settings for your organization, including the selected industry and the Bing homepage, the Microsoft Edge new tab page (Starting with the release of Edge 87), and the email experiences.
-1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > [**News**](https://admin.microsoft.com/adminportal/home?#/Settings/Services/:/Settings/L1/BingNews).
+1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > [**News**](https://admin.microsoft.com/adminportal/home?#/Settings/Services/:/Settings/L1/BingNews).
1. In the **News** panel, click the **General** tab.
-1. In the **Industry** list, select your organization's industries. This determines the general news that appears in your organization news feed. Microsoft may pre-select an industry using information from your account. You can remove or add industries by updating the **Industry** list.
+1. In the **Industry** list, select your organization's industries. This determines the general news that appears in your organization news feed. Microsoft may pre-select an industry using information from your account. You can remove or add industries by updating the **Industry** list.
-1. In the **Topics** field, enter topics that you want see news articles about. Your users can't change these topics.
+1. In the **Topics** field, enter topics that you want see news articles about. Your users can't change these topics.
-1. You can block articles containing keywords in the **Exclude content** field. For example, to avoid articles containing the keyword ΓÇ£bakeΓÇ¥ from showing up in the news feed, add the keyword ΓÇ£bakeΓÇ¥ in the **Exclude content** field. Avoid including general terms (the, it, and, etc.); they can block relevant content from appearing in your enterprise news feeds.
+1. You can block articles containing keywords in the **Exclude content** field. For example, to avoid articles containing the keyword ΓÇ£bakeΓÇ¥ from showing up in the news feed, add the keyword ΓÇ£bakeΓÇ¥ in the **Exclude content** field. Avoid including general terms (the, it, and, etc.); they can block relevant content from appearing in your enterprise news feeds.
-1. Select **Save**. It may take up to 24 hours for changes to appear.
+1. Select **Save**. It may take up to 24 hours for changes to appear.
-## Industry updates in email
+## Industry updates in email
-You can send a daily email update with relevant industry news to your users' inboxes. To set daily email updates for users:
+You can send a daily email update with relevant industry news to your users' inboxes. To set daily email updates for users:
1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > [**News**](https://admin.microsoft.com/adminportal/home?#/Settings/Services/:/Settings/L1/BingNews). 1. In the **News** panel, click the **Industry Updates** tab.
+1. Select **Send daily email updates** to send an email to your users.
+1. To give users the ability to customize the news they get in their email updates, select **Allow users to customize their own topics**.
-1. Select **Send daily email updates** to send an email to your users.
+## Bing homepage
-1. To give users the ability to customize the news they get in their email updates, select **Allow users to customize their own topics**.
+You can customize the Bing homepage to include news about your industry.
-## Bing homepage
+### Toggle news for Business or Enterprise plans
-You can customize the Bing homepage to include news about your industry.
+1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > [**News**](https://admin.microsoft.com/adminportal/home?#/Settings/Services/:/Settings/L1/BingNews).
-1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > [**News**](https://admin.microsoft.com/adminportal/home?#/Settings/Services/:/Settings/L1/BingNews).
+1. In the **News** panel, click the **Bing homepage** tab, and select **Include on Bing homepage**.
+
+ The industry news appears under the personalized info from your organization on Bing.com.
+
+### Toggle news types for Education plans
+
+1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > [**News**](https://admin.microsoft.com/adminportal/home?#/Settings/Services/:/Settings/L1/BingNews).
+
+1. In the **News** panel, click the **Bing homepage** tab, you have the option to select whether *trending news* or *industry news* show for your users.
-1. In the **News** panel, click the **Bing homepage** tab, and select **Include on Bing homepage**.
- The industry news appears under the personalized info from your organization on Bing.com.
+## Microsoft Edge new tab page
-## Microsoft Edge new tab page
When your users sign in to Microsoft Edge (release 87 or higher) with a valid work or school account, they can see news tailored to your organization. 1. In the Microsoft 365 admin center, go to **Settings** > **Org settings** > **Services** > [News](https://admin.microsoft.com/adminportal/home?#/Settings/Services/:/Settings/L1/BingNews).
bookings Define Service Offerings https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/bookings/define-service-offerings.md
You can also add customized information and URLs to the email confirmation and r
3. On the **Basic details** page, add your selections.
-**Service name**: enter the name of your service. This is the name that will appear in the drop-down menu on the Calendar page. This name will also appear when anyone manually adds an appointment on the Calendar page, and it will appear as a tile on the Self-service page.
+ **Service name**: enter the name of your service. This is the name that will appear in the drop-down menu on the Calendar page. This name will also appear when anyone manually adds an appointment on the Calendar page, and it will appear as a tile on the Self-service page.
-**Description**: The description you enter is what will appear when a user clicks the information icon on the Self-service page.
+ **Description**: The description you enter is what will appear when a user clicks the information icon on the Self-service page.
-**Default location**: This location is what will be displayed on confirmation and reminder emails for both staff and customers, and it will be displayed on the calendar event created for the booking.
+ **Default location**: This location is what will be displayed on confirmation and reminder emails for both staff and customers, and it will be displayed on the calendar event created for the booking.
-**Add online meeting**: This setting enables or disables online meetings for each appointment, either via Teams or Skype, depending on which one you configure as the default client for the staff member.
+ **Add online meeting**: This setting enables or disables online meetings for each appointment, either via Teams or Skype, depending on which one you configure as the default client for the staff member.
- - Enabled:
+ - Enabled:
+ - A link to a Teams or Skype meeting, unique to the booking, will be added to the calendar event on both the staff's and the customers' calendars, along with dial-in information.
+ - The link to join the meeting will be added to all confirmation and reminder emails, as shown in the following example:
- - A link to a Teams or Skype meeting, unique to the booking, will be added to the calendar event on both the staff's and the customers' calendars, along with dial-in information.
- - The link to join the meeting will be added to all confirmation and reminder emails, as shown in the following example:
+ :::image type="content" source="media/bookings-teams-meeting-link.jpg" alt-text="Example of link to join Teams meeting in Bookings.":::
- :::image type="content" source="media/bookings-teams-meeting-link.jpg" alt-text="Example of link to join Teams meeting in Bookings.":::
+ > [!NOTE]
+ > Teams meetings can be joined via the Teams mobile app, the Teams desktop app, in a Web browser, or via the phone dial-in. We strongly recommend enabling Teams as the default online meeting service for your tenant, for the best experience booking virtual appointments.
- > [!NOTE]
- > Teams meetings can be joined via the Teams mobile app, the Teams desktop app, in a Web browser, or via the phone dial-in. We strongly recommend enabling Teams as the default online meeting service for your tenant, for the best experience booking virtual appointments.
+ - Disabled:
+ - Appointments will not contain a meeting option, and all of the meeting-related fields that appear when **Add online meeting** is enabled will not be shown.
- - Disabled:
- - Appointments will not contain a meeting option, and all of the meeting-related fields that appear when **Add online meeting** is enabled will not be shown.
+ **Duration**: This is how long all meetings will be booked for. The time is blocked beginning from the start time, which is selected during booking. The full appointment time will be blocked on the staff's calendars.
-**Duration**: This is how long all meetings will be booked for. The time is blocked beginning from the start time, which is selected during booking. The full appointment time will be blocked on the staff's calendars.
+ **Buffer time**: Enabling this setting allows for the addition of extra time to the staffΓÇÖs calendar every time an appointment is booked.
-**Buffer time**: Enabling this setting allows for the addition of extra time to the staffΓÇÖs calendar every time an appointment is booked.
+ The time will be blocked on the staffΓÇÖs calendar and impact free/busy information. This means if an appointment ends at 3:00 pm and 10 minutes of buffer time has been added to the end of the meeting, the staffΓÇÖs calendar will show as busy and non-bookable until 3:10pm. This can be useful if your staff needs time before a meeting to prepare, such as a doctor reviewing a patientΓÇÖs chart, or a financial advisor preparing relevant account information. It can also be useful after a meeting, such as when someone needs time to travel to another location.
- The time will be blocked on the staffΓÇÖs calendar and impact free/busy information. This means if an appointment ends at 3:00 pm and 10 minutes of buffer time has been added to the end of the meeting, the staffΓÇÖs calendar will show as busy and non-bookable until 3:10pm. This can be useful if your staff needs time before a meeting to prepare, such as a doctor reviewing a patientΓÇÖs chart, or a financial advisor preparing relevant account information. It can also be useful after a meeting, such as when someone needs time to travel to another location.
+ **Price not set**: Select the price options that will display on the Self-Service page. If **Price not set** is selected, then no price or reference to cost or pricing will appear.
-**Price not set** Select the price options that will display on the Self-Service page. If **Price not set** is selected, then no price or reference to cost or pricing will appear.
+ **Notes**: This field appears in the booking event for booked staff, as well as on the event that appears on the Calendar tab in the Bookings web app.
-**Notes** This field appears in the booking event for booked staff, as well as on the event that appears on the Calendar tab in the Bookings web app.
+ **Maximum attendees per event**: This setting allows you to create services that require the ability for multiple people to book the same appointment time and the same staff (such as a fitness class). The appointment time slot for the selected service, staff, and time will be available to book until the maximum number of attendees, specified by you, has been reached. Current appointment capacity and attendees can be viewed in the Calendar tab in the Bookings Web app.
-**Maximum attendees per event** This setting allows you to create services that require the ability for multiple people to book the same appointment time and the same staff (such as a fitness class). The appointment time slot for the selected service, staff, and time will be available to book until the maximum number of attendees, specified by you, has been reached. Current appointment capacity and attendees can be viewed in the Calendar tab in the Bookings Web app.
+ :::image type="content" source="media/bookings-maximum-attendees.jpg" alt-text="Example of setting maximum attendees in Bookings":::
- :::image type="content" source="media/bookings-maximum-attendees.jpg" alt-text="Example of setting maximum attendees in Bookings":::
+ **Let the customer manage their booking**: This setting determines whether or not the customer can modify or cancel their booking, provided it was booked through the Calendar tab on the Bookings Web app.
-**Let the customer manage their booking**: This setting determines whether or not the customer can modify or cancel their booking, provided it was booked through the Calendar tab on the Bookings Web app.
+ - Enabled:
- - Enabled:
+ The **Manage Booking** button appears on the customer confirmation email. When this button is selected by the customer, three options appear:
- The **Manage Booking** button appears on the customer confirmation email. When this button is selected by the customer, three options appear:
- - **Reschedule** Selecting this option brings the user to a service-specific Self-Service page, where they can select a new time and/or date for the same service and same staff member from the original booking. Note that even though the original staff member is attached to the rescheduled booking by default, the user does have the option of changing the staff member as well.
- - **Cancel booking** This cancels the booking and removes it from the staff's calendar.
- - **New booking** This option brings the user to the Self-Service page with all services and staff listed, for scheduling a new booking.
+ - **Reschedule** Selecting this option brings the user to a service-specific Self-Service page, where they can select a new time and/or date for the same service and same staff member from the original booking. Note that even though the original staff member is attached to the rescheduled booking by default, the user does have the option of changing the staff member as well.
+ - **Cancel booking** This cancels the booking and removes it from the staff's calendar.
+ - **New booking** This option brings the user to the Self-Service page with all services and staff listed, for scheduling a new booking.
:::image type="content" source="media/bookings-manage-booking-button.jpg" alt-text="The Manage Bookings button in Bookings.":::
- We only recommend leaving this setting enabled if you are comfortable with customers accessing the Self-Service page.
+ We only recommend leaving this setting enabled if you are comfortable with customers accessing the Self-Service page.
- - Disabled:
+ - Disabled:
- The user will have no ability to reschedule or cancel their booking when they book through the Calendar tab on the Bookings Web app. When booking through the Self-Service page, however, customers will still have the **Manage Booking** button and all of its options, even when this setting is disabled.
+ The user will have no ability to reschedule or cancel their booking when they book through the Calendar tab on the Bookings Web app. When booking through the Self-Service page, however, customers will still have the **Manage Booking** button and all of its options, even when this setting is disabled.
- We recommend disabling this setting if you want to limit access to the Self-Service page. Additionally, we suggest adding text to your confirmation and reminder emails that tells your customers how to make changes to their booking through other means, such as by calling the office or emailing the help desk.
+ We recommend disabling this setting if you want to limit access to the Self-Service page. Additionally, we suggest adding text to your confirmation and reminder emails that tells your customers how to make changes to their booking through other means, such as by calling the office or emailing the help desk.
4. On the **Availability options** page, you can see the options you've selected from your **Booking page** for your scheduling policy and availability for your staff. For more information, see [Set your scheduling policies](set-scheduling-policies.md). :::image type="content" source="media/bookings-maximum-attendees.jpg" alt-text="Example of setting maximum attendees in Bookings.":::
-10. **Default price** This is the price that will display on the Self-Service page. If **Price not set** is selected, then no price or reference to cost or pricing will appear.
+5. **Default price** This is the price that will display on the Self-Service page. If **Price not set** is selected, then no price or reference to cost or pricing will appear.
-11. **Notes** This field appears in the booking event for booked staff, as well as on the event that appears on the Calendar tab in the Bookings web app.
+6. **Notes** This field appears in the booking event for booked staff, as well as on the event that appears on the Calendar tab in the Bookings web app.
-6. **Custom fields** can be useful when collecting information that is needed every time the specific appointment is booked. Examples include insurance provider prior to a clinic visit, loan type for loan consultations, major of study for academic advising, or applicant ID for candidate interviews. These fields will appear on the Booking page when your customers book appointments with you and your staff.
+7. **Custom fields** can be useful when collecting information that is needed every time the specific appointment is booked. Examples include insurance provider prior to a clinic visit, loan type for loan consultations, major of study for academic advising, or applicant ID for candidate interviews. These fields will appear on the Booking page when your customers book appointments with you and your staff.
- - Customer email, phone number, address, and notes are non-removable fields, but you can make them optional by deselecting **Required** beside each field.
+ Customer email, phone number, address, and notes are non-removable fields, but you can make them optional by deselecting **Required** beside each field.
-7. On the **Reminders and Confirmations** page, you can set up reminders and notifications you send. Reminders and notifications are sent out to customers, staff members, or both, at a specified time before the appointment. Multiple messages can be created for each appointment, according to your preference.
+8. On the **Reminders and Confirmations** page, you can set up reminders and notifications you send. Reminders and notifications are sent out to customers, staff members, or both, at a specified time before the appointment. Multiple messages can be created for each appointment, according to your preference.
- :::image type="content" source="media/bookings-remind-confirm.jpg" alt-text="A confirmation email from Bookings.":::
+ :::image type="content" source="media/bookings-remind-confirm.jpg" alt-text="A confirmation email from Bookings.":::
- - You can include any additional text you would like here, such as information about rescheduling or what customers should bring for the appointment. The following is an example of customized text added to the original confirmation email, seen in the **Additional information for Email Confirmation** field:
+ You can include any additional text you would like here, such as information about rescheduling or what customers should bring for the appointment. The following is an example of customized text added to the original confirmation email, seen in the **Additional information for Email Confirmation** field:
- :::image type="content" source="media/bookings-additional-info.jpg" alt-text="Additional information in a Bookings email.":::
+ :::image type="content" source="media/bookings-additional-info.jpg" alt-text="Additional information in a Bookings email.":::
-8. **Enable text message notifications for your customer** If selected, SMS messages are sent to the customer, but only if they opt-in.
+9. **Enable text message notifications for your customer** If selected, SMS messages are sent to the customer, but only if they opt-in.
- - Opt-in box on the manual booking and Self-Service Page:
+ - Opt-in box on the manual booking and Self-Service Page:
- :::image type="content" source="media/bookings-opt-In-boc.jpg" alt-text="The opt-in box in Bookings.":::
+ :::image type="content" source="media/bookings-opt-In-boc.jpg" alt-text="The opt-in box in Bookings.":::
- - Text message notifications will look like the following (note that SMS notifications are currently only available in North America):
+ - Text message notifications will look like the following (note that SMS notifications are currently only available in North America):
- :::image type="content" source="media/bookings-text-notifications.jpg" alt-text="A text notification from Bookings.":::
+ :::image type="content" source="media/bookings-text-notifications.jpg" alt-text="A text notification from Bookings.":::
-9. The **Default scheduling options** is on by default. Turn the toggle off if you want to customize how customers book a particular staff member.
+10. The **Default scheduling options** is on by default. Turn the toggle off if you want to customize how customers book a particular staff member.
-10. **Publishing options** Choose whether to have this service appear as bookable on the Self-Service page, or to make the service bookable only on the Calendar tab within the Bookings Web app.
+11. **Publishing options** Choose whether to have this service appear as bookable on the Self-Service page, or to make the service bookable only on the Calendar tab within the Bookings Web app.
compliance App Governance App Policies Create https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-app-policies-create.md
On the **Define Policy Status** page, select one of these options:
- **Active**: Policies are evaluated and configured actions will occur. - **Inactive**: Policies are not evaluated and configured actions will not occur.
-<!--
-## Configure a user-based policy
-
-## Create an app metadata-based policy
-
-Publish metadata-based policies
-
-## Configure access permissions
>
+## Create a custom policy
+
+App governance provides some basic templates that make it easy to create useful policies for monitoring apps in your tenant.
+
+1. On the app governance page, select the **Policy** tab.
+1. Select **Create policy**.
+1. Under **Categories** select **Custom**. Under **Templates** select **Custom policy**. Select **Next**.
+1. Enter a name for your policy, type a description, and then in the **Policy severity** drop down list, select a severity. Select **Next**.
+1. Select **No, I want to customize the policy** and then select **Next**.
+1. Choose whether you want this policy to apply to all apps in your tenant or choose specific apps. If you choose specific apps for this policy, select **Add apps** and select the desired apps from the list. In the **Choose apps** pane, you can select multiple apps to which this policy will be applied, and then select **Add**. Select **Next** when you are satisfied with the list.
+1. Select **Set new conditions for the policy** and then select **Edit conditions**. Select **Add condition** and choose a condition from the list and then select the condition to apply. Repeat to add more conditions. Select **Save** to save the rule, and when you are finished adding rules, select **Next**.
+1. By default, this policy will trigger alerts when the conditions are met. You can choose to take action when the policy triggers such as **Disable app**. Use caution when applying actions because a policy may affect users and legitimate app use. Select **Next**.
+1. Choose the policy status:
+ - **Audit** - policy evaluation is active but policy action is disabled.
+ - **Active** - policy evaluation and action are active.
+ - **Inactive** - policy evaluation and action are disabled.
+
+ You should use Audit mode for testing a new policy. Select **Next**.
+1. Carefully review all parameters of your custom policy. Select **Submit** when you are satisfied. You can also go back and change settings by selecting **Edit** beneath any of the settings.
## Test and monitor your new app policy
compliance App Governance Visibility Insights Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/app-governance-visibility-insights-get-started.md
The dashboard contains a summary of the components of the Microsoft 365 app ecos
- **App only**: [Application permissions](/azure/active-directory/develop/v2-permissions-and-consent#permission-types) are used by apps that can run without a signed-in user present. Apps with permissions to access data across the tenant are potentially a higher risk. - **New apps**: New Microsoft 365 apps that have been registered in the last seven days.
+## View app insights
+
+One of the primary value points for app governance is the ability to quickly view app alerts and insights. To view insights for your apps:
+
+1. On your app governance portal page, select **Apps**.
+1. Use the **Categories** drop down list to select from the following options:
+ - All apps
+ - High privilege
+ - Overprivileged
+ - Unverified Publisher
+ - App only
+ - New apps
+1. Select the name of an app to view details. You can select multiple apps to save them as a saved query by placing a check mark to the left of the app name. Selecting an app name opens a detail pane on the right as show in the following graphic.
++
+> [!NOTE]
+> The apps listed will depend on the apps present in your tenant.
+
+The details pane also lets you view the usage of the app over the past 30 days, the users who have consented to the app, and the permissions assigned to the app. An administrator could review the activity and permissions of an app that is generating alerts and make a decision to disable the app using the **Disable App** button in the Details pane.
+ ## Next step [Get detailed insights on a specific app](app-governance-visibility-insights-view-apps.md).
compliance Create A Custom Sensitive Information Type https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-custom-sensitive-information-type.md
Here are the definitions and some examples for the available additional checks.
> [!TIP] > To detect patterns containing Chinese/Japanese characters and single byte characters or to detect patterns containing Chinese/Japanese and English, define two variants of the keyword or regex.
+> - For example, to detect a keyword like "机密的document", use two variants of the keyword; one with a space between the Japanese and English text and another without a space between the Japanese and English text. So, the keywords to be added in the SIT should be "机密的 document" and "机密的document". Similarly, to detect a phrase "東京オリンピック2020", two variants should be used; "東京オリンピック 2020" and "東京オリンピック2020".
>
-> For example, to detect a keyword like "机密的document", use two variants of the keyword; one with a space between the Japanese and English text and another without a space between the Japanese and English text. So, the keywords to be added in the SIT should be "机密的 document" and "机密的document". Similarly, to detect a phrase "東京オリンピック2020", two variants should be used; "東京オリンピック 2020" and "東京オリンピック2020".
+> Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (like English only), it is recommended to create two dictionaries/keyword lists. One for keywords containing Chinese/Japanese/double byte characters and another one for English only.
+> - For example, if you want to create a keyword dictionary/list with three phrases "Highly confidential", "機密性が高い" and "机密的document", the it you should create two keyword lists.
+> 1. Highly confidential
+> 2. 機密性が高い, 机密的document and 机密的 document
> > While creating a regex using a double byte hyphen or a double byte period, make sure to escape both the characters like one would escape a hyphen or period in a regex. Here is a sample regex for reference:
->
> - (?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4} > > We recommend using a string match instead of a word match in a keyword list.
compliance Create A Keyword Dictionary https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-a-keyword-dictionary.md
Paste the identity into your custom sensitive information type's XML and upload
> [!TIP] > To detect patterns containing Chinese/Japanese characters and single byte characters or to detect patterns containing Chinese/Japanese and English, define two variants of the keyword or regex.
->
-> For example, to detect a keyword like "机密的document", use two variants of the keyword; one with a space between the Japanese and English text and another without a space between the Japanese and English text. So, the keywords to be added in the SIT should be "机密的 document" and "机密的document". Similarly, to detect a phrase "東京オリンピック2020", two variants should be used; "東京オリンピック 2020" and "東京オリンピック2020".
->
+> - For example, to detect a keyword like "机密的document", use two variants of the keyword; one with a space between the Japanese and English text and another without a space between the Japanese and English text. So, the keywords to be added in the SIT should be "机密的 document" and "机密的document". Similarly, to detect a phrase "東京オリンピック2020", two variants should be used; "東京オリンピック 2020" and "東京オリンピック2020".
+
+> Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (like English only), it is recommended to create two dictionaries/keyword lists. One for keywords containing Chinese/Japanese/double byte characters and another one for English only.
+> - For example, if you want to create a keyword dictionary/list with three phrases "Highly confidential", "機密性が高い" and "机密的document", the it you should create two keyword lists.
+> 1. Highly confidential
+> 2. 機密性が高い, 机密的document and 机密的 document
+>
> While creating a regex using a double byte hyphen or a double byte period, make sure to escape both the characters like one would escape a hyphen or period in a regex. Here is a sample regex for reference:
->
> - (?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4} > > We recommend using a string match instead of a word match in a keyword list.
compliance Create Custom Sensitive Information Types With Exact Data Match Based Classification https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/create-custom-sensitive-information-types-with-exact-data-match-based-classification.md
This computer must have direct access to your Microsoft 365 tenant.
5. To hash and upload the sensitive data, run the following command in Command Prompt window: ```dos
- EdmUploadAgent.exe /UploadData /DataStoreName [DS Name] /DataFile [data file] /HashLocation [hash file location] /Schema [Schema file] /ColumnSeparator ["{Tab}"|"|"]
+ EdmUploadAgent.exe /UploadData /DataStoreName [DS Name] /DataFile [data file] /HashLocation [hash file location] /Schema [Schema file] /ColumnSeparator ["{Tab}"|"|"] /AllowedBadLinesPercentage [value]
```
- Example: **EdmUploadAgent.exe /UploadData /DataStoreName PatientRecords /DataFile C:\Edm\Hash\PatientRecords.csv /HashLocation C:\Edm\Hash /Schema edm.xml**
+ Example: **EdmUploadAgent.exe /UploadData /DataStoreName PatientRecords /DataFile C:\Edm\Hash\PatientRecords.csv /HashLocation C:\Edm\Hash /Schema edm.xml /AllowedBadLinesPercentage 5**
The default format for the sensitive data file is comma-separated values. You can specify a tab-separated file by indicating the "{Tab}" option with the /ColumnSeparator parameter, or you can specify a pipe-separated file by indicating the "|" option.
+ If your sensitive information table has some incorrectly formatted values, but you want to import the remaining data while ignoring invalid rows anyway, you can use the /AllowedBadLinesPercentage parameter in the command. The example above specifies a five percent threshold. This means that the tool will hash and upload the sensitive information table even if up to five percent of the rows are invalid. The default value for this setting is one percent.
This command will automatically add a randomly generated salt value to the hash for greater security. Optionally, if you want to use your own salt value, add the **/Salt <saltvalue>** to the command. This value must be 64 characters in length and can only contain the a-z characters and 0-9 characters. 6. Check the upload status by running this command:
EdmUploadAgent.exe /SaveSchema /DataStoreName <schema name> /OutputDir <path to
1. Run the following command in Command Prompt windows: ```dos
- EdmUploadAgent.exe /CreateHash /DataFile [data file] /HashLocation [hash file location] /Schema [Schema file]
+ EdmUploadAgent.exe /CreateHash /DataFile [data file] /HashLocation [hash file location] /Schema [Schema file] /AllowedBadLinesPercentage [value]
``` For example: ```dos
- EdmUploadAgent.exe /CreateHash /DataFile C:\Edm\Data\PatientRecords.csv /HashLocation C:\Edm\Hash /Schema edm.xml
+ EdmUploadAgent.exe /CreateHash /DataFile C:\Edm\Data\PatientRecords.csv /HashLocation C:\Edm\Hash /Schema edm.xml /AllowedBadLinesPercentage 5
``` This will output a hashed file and a salt file with these extensions if you didn't specify the **/Salt <saltvalue>** option:
compliance Dlp Chrome Get Started https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-chrome-get-started.md
Use this setup method for organization-wide deployments.
4. Browse to the location of the script created when prompted. 5. Select the following settings:
- 1. Run this script using the logged-on credentials: YES
+ 1. Run this script using the logged-on credentials: NO
1. Enforce script signature check: NO 1. Run script in 64-bit PowerShell Host: YES
compliance Dlp Microsoft Teams https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-microsoft-teams.md
To learn more about licensing requirements, see [Microsoft 365 Tenant-Level Serv
DLP protection are applied differently to Teams entities.
-|User Accounts/Groups/List |Teams Entity |DLP protection available|
+|When policy is scoped by |these Teams Entities |will have DLP protection available|
|||| |individual user accounts |1:1/n chats |yes | | |general chats |no |
compliance Dlp Policy Reference https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/dlp-policy-reference.md
The available context options change depending on which location you choose. If
- Content contains - Content is shared from Microsoft 365
+- Sender is (Preview)
+- Sender domain is (Preview)
+- Recipient domain is (Preview)
+- Recipient is (Preview)
##### Conditions Devices supports
If you have multiple rules in a policy, you can use the **Additional options** t
- [Learn about data loss prevention](dlp-learn-about-dlp.md#learn-about-data-loss-prevention) - [Plan for data loss prevention (DLP)](dlp-overview-plan-for-dlp.md#plan-for-data-loss-prevention-dlp) - [Create a DLP policy from a template](create-a-dlp-policy-from-a-template.md#create-a-dlp-policy-from-a-template)-- [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md#create-test-and-tune-a-dlp-policy)
+- [Create, test, and tune a DLP policy](create-test-tune-dlp-policy.md#create-test-and-tune-a-dlp-policy)
compliance Ediscovery Decryption https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/ediscovery-decryption.md
Prior to this new capability, only the content of an email message protected by
Microsoft eDiscovery tools support items encrypted with Microsoft encryption technologies. These technologies are Azure Rights Management and Microsoft Information Protection (specifically sensitivity labels). For more information about Microsoft encryption technologies, see [Encryption](encryption.md). Content encrypted by third-party encryption technologies isn't supported. For example, previewing or exporting content encrypted with non-Microsoft technologies isn't supported. > [!NOTE]
-> The decryption of email messages encrypted with Office 365 Message Encryption (OME) is not supported by Microsoft eDiscovery tools.
+> The decryption of email messages sent with an [Office 365 Message Encryption (OME) custom branding template](add-your-organization-brand-to-encrypted-messages.md) is not supported by Microsoft eDiscovery tools. When using an OME custom branding template, email messages are delivered to the OME portal instead of the recipient's mailbox. Therefore, you won't be able to use eDiscovery tools to search for OME-encrypted messages because those messages are never received by the recipient's mailbox.
## eDiscovery activities that support encrypted items
compliance Import Hr Data https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/import-hr-data.md
After you complete this step, be sure to copy the job ID that's generated when y
1. **Job ID.** You'll need this job ID to run the script in the next step. You can copy it from this page or from the connector flyout page.
- 1. **Link to sample script.** Click the **here** link to go to the GitHub site to access the sample script (the link opens a new window). Keep this window open so that you can copy the script in Step 4. Alternatively, you can bookmark the destination or copy the URL so you can access it again when you run the script. This link is also available on the connector flyout page.
+ 2. **Link to sample script.** Click the **here** link to go to the GitHub site to access the sample script (the link opens a new window). Keep this window open so that you can copy the script in Step 4. Alternatively, you can bookmark the destination or copy the URL so you can access it again when you run the script. This link is also available on the connector flyout page.
9. Click **Done**.
You can also click **Edit** to change the Azure App ID or the column header name
The last step in setting up an HR connector is to run a sample script that will upload the HR data in the CSV file (that you created in Step 1) to the Microsoft cloud. Specifically, the script uploads the data to the HR connector. After you run the script, the HR connector that you created in Step 3 imports the HR data to your Microsoft 365 organization where it can accessed by other compliance tools, such as the Insider risk management solution. After you run the script, consider scheduling a task to run it automatically on a daily basis so the most current employee termination data is uploaded to the Microsoft cloud. See [Schedule the script to run automatically](#optional-step-6-schedule-the-script-to-run-automatically).
-1. Go to window that you left open from the previous step to access the GitHub site with the sample script. Alternatively, open the bookmarked site or use the URL that you copied.
+1. Go to window that you left open from the previous step to access the GitHub site with the sample script. Alternatively, open the bookmarked site or use the URL that you copied. You can also access the script [here](https://github.com/microsoft/m365-hrconnector-sample-scripts/blob/master/upload_termination_records.ps1).
2. Click the **Raw** button to display the script in text view.
The last step in setting up an HR connector is to run a sample script that will
4. Modify the sample script for your organization, if necessary.
-5. Save the text file as a Windows PowerShell script file by using a filename suffix of `.ps1`; for example, `HRConnector.ps1`.
+5. Save the text file as a Windows PowerShell script file by using a filename suffix of `.ps1`; for example, `HRConnector.ps1`. Alternatively, you can use the GitHub filename for the script, which is `upload_termination_records.ps1`.
-6. Open a Command Prompt on your local computer, and go to the directory where you saved the script.
+6. Open a command prompt on your local computer, and go to the directory where you saved the script.
7. Run the following command to upload the HR data in the CSV file to the Microsoft cloud; for example:
compliance Keyword Queries And Search Conditions https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/keyword-queries-and-search-conditions.md
The following table lists email message properties that can be searched by using
||||| |AttachmentNames|The names of files attached to an email message.|`attachmentnames:annualreport.ppt` <p> `attachmentnames:annual*` <br/> `attachmentnames:.pptx`|Messages that have an attached file named annualreport.ppt. In the second example, using the wildcard character ( * ) returns messages with the word "annual" in the file name of an attachment. The third example returns all attachments with the pptx file extension.| |Bcc|The Bcc field of an email message.<sup>1</sup>|`bcc:pilarp@contoso.com` <p> `bcc:pilarp` <p> `bcc:"Pilar Pinilla"`|All examples return messages with Pilar Pinilla included in the Bcc field.|
-|Category|The categories to search. Categories can be defined by users by using Outlook or Outlook on the web (formerly known as Outlook Web App). The possible values are: <ul><li>blue<li></li>green<li></li>orange<li></li>purple<li></li>red<li></li>yellow</li></ul>|`category:"Red Category"`|Messages that have been assigned the red category in the source mailboxes.|
+|Category|The categories to search. Categories can be defined by users by using Outlook or Outlook on the web (formerly known as Outlook Web App). The possible values are: <ul><li>blue<li>green<li>orange<li>purple<li>red<li>yellow</li></ul>|`category:"Red Category"`|Messages that have been assigned the red category in the source mailboxes.|
|Cc|The Cc field of an email message.<sup>1</sup>|`cc:pilarp@contoso.com` <p> `cc:"Pilar Pinilla"`|In both examples, messages with Pilar Pinilla specified in the Cc field.| |Folderid|The folder ID (GUID) of a specific mailbox folder. If you use this property, be sure to search the mailbox that the specified folder is located in. Only the specified folder will be searched. Any subfolders in the folder won't be searched. To search subfolders, you need to use the Folderid property for the subfolder you want to search. <p> For more information about searching for the Folderid property and using a script to obtain the folder IDs for a specific mailbox, see [Use Content search for targeted collections](use-content-search-for-targeted-collections.md).|`folderid:4D6DD7F943C29041A65787E30F02AD1F00000000013A0000` <p> `folderid:2370FB455F82FC44BE31397F47B632A70000000001160000 AND participants:garthf@contoso.com`|The first example returns all items in the specified mailbox folder. The second example returns all items in the specified mailbox folder that were sent or received by garthf@contoso.com.| |From|The sender of an email message.<sup>1</sup>|`from:pilarp@contoso.com` <p> `from:contoso.com`|Messages sent by the specified user or sent from a specified domain.|
compliance Mip Dbcs Relnotes https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/mip-dbcs-relnotes.md
search.appverid:
description: "Release notes for support for double byte character sets."
-# Support for double byte character set release notes (preview)
+# Support for double byte character set release notes
Microsoft 365 Information Protection now supports double byte character set languages for:
compliance Partially Indexed Items In Content Search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/partially-indexed-items-in-content-search.md
Keep the following in mind about partially indexed items:
|Export indexed and partially indexed items <br/> |Exported<br/> |Exported (included with the indexed items that are exported)<br/> |Exported (as partially indexed items)<br/>| ||||
+## Workaround for using a date range to exclude partially indexed items
+
+In Content search and Core eDiscovery, you can't use a date range to exclude partially indexed items from being returned by a search query. In other words, partially indexed items that fall outside of a date range are still included as partially indexed items in the search statistics and when you export partially indexed items. In Advanced eDiscovery, you can exclude partially indexed items by using a date range in a search query.
+
+As a workaround for this limitation, we recommend the following procedure.
+
+1. Create and run a search using a search query that meets your requirements and returns the desired results.
+
+2. Export the results of the search from step 1, but don't include partially indexed items in the export. To do this, you would select the **All items, excluding ones that have unrecognized format, are encrypted, or weren't indexed for other reasons** export option.
+
+ ![Export output options.](../media/ExportOutputOptions.png)
+
+3. Create and run a second search that uses the same search query (and searches the same locations) that you used in step 1. Append the following clause to the original query by using the **AND** operator:
+
+ ```text
+ ((IndexingErrorCode>0 OR IndexingErrorCode<0) AND Date:date1…date2))
+ ```
+
+ Adding this clause will return partially indexed items that match your original search query and that fall within a specific date range.
+
+4. Export the results of the search from step 3, and this time include partially indexed items in the export. To do this, you would select the **All items, including ones that have unrecognized format, are encrypted, or weren't indexed for other reasons** export option.
+
+> [!NOTE]
+> In the previous procedure, you can export the actual search results or only export a report.
+
+Use the second search that you created in step 3 and the corresponding export to view and gain understanding about the partially indexed items that match your original search query. The export from the second search also includes all partially indexed items that were exported so that you can review them if necessary.
+ ## Indexing limits for messages The following table describes the indexing limits that might result in an email message being returned as a partially indexed item in an eDiscovery search in Microsoft 365.
For a list of indexing limits for SharePoint documents, see [Search limits for S
- If a partially indexed item is included in the search results because it matched the search query criteria, then it won't be included as a partially indexed item in the estimated search statistics. Also, it won't be included with partially indexed items when you export search results. -- Although a file type is supported for indexing and is indexed, there can be indexing or search errors that will cause a file to be returned as a partially indexed item. For example, searching a very large Excel file might be partially successful (because the first 4 MB are indexed), but then fails because the file size limit is exceeded. In this case, it's possible that the same file is returned with the search results and as a partially indexed item.
+- Although a file type is supported for indexing and is indexed, there can be indexing or search errors that will cause a file to be returned as a partially indexed item. For example, searching a large Excel file might be partially successful (because the first 4 MB are indexed), but then fails because the file size limit is exceeded. In this case, it's possible that the same file is returned with the search results and as a partially indexed item.
- Files that are encrypted with [Microsoft encryption technologies](encryption.md) and are attached to an email message that matches the criteria of a search can be previewed and will be decrypted when exported. At this time, files that are encrypted with Microsoft encryption technologies (and stored in SharePoint or OneDrive for Business) are partially indexed.
compliance Permissions Filtering For Content Search https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/permissions-filtering-for-content-search.md
Title: "Configure permissions filtering for Content search"
+ Title: "Configure permissions filtering for eDiscovery"
f1.keywords: - NOCSH
search.appverid:
- MOE150 - MET150 ms.assetid: 1adffc35-38e5-4f7d-8495-8e0e8721f377
-description: "Use Content search permissions filtering to let an eDiscovery manager search only a subset of mailboxes and sites in your organization."
+description: "Use search permissions filtering to let eDiscovery managers search only a subset of mailboxes and sites in your organization."
-# Configure permissions filtering for Content search
+# Configure permissions filtering for eDiscovery
You can use search permissions filtering to let an eDiscovery manager search only a subset of mailboxes and sites in your organization. You can also use permissions filtering to let that same eDiscovery manager search only for mailbox or site content that meets a specific search criteria. For example, you might let an eDiscovery manager search only the mailboxes of users in a specific location or department. You do this by creating a filter that uses a supported recipient filter to limit which mailboxes a specific user or group of users can search. You can also create a filter that specifies what mailbox content a user can search for. This is done by creating a filter that uses a searchable message property. Similarly, you can let an eDiscovery manager search only specific SharePoint sites in your organization. You do this by creating a filter that limits which site can be searched. You can also create a filter that specifies what site content can be searched. This is done by creating a filter that uses a searchable site property.
-You can also use search permissions filtering to create logical boundaries (called *compliance boundaries*) within an organization that control the user content locations (such as mailboxes, SharePoint sites, and OneDrive accounts) that specific eDiscovery managers can search. For more information, see [Set up compliance boundaries for eDiscovery investigations in Office 365](tagging-and-assessment-in-advanced-ediscovery.md).
+Search permissions filters are applied when you search for content using Content search, Core eDiscovery, and Advanced eDiscovery in the Microsoft 365 compliance center. When a search permissions filter is applied to a specific user, that user can perform the following search-related actions:
+
+- Search for content
+
+- Preview search results
+
+- Export search results
+
+- Purge items returned by a search
+
+You can also use search permissions filtering to create logical boundaries (called *compliance boundaries*) within an organization that control the user content locations (such as mailboxes, SharePoint sites, and OneDrive accounts) that specific eDiscovery managers can search. For more information, see [Set up compliance boundaries for eDiscovery investigations](set-up-compliance-boundaries.md).
-Search permissions filtering is supported by the Content search feature in the Microsoft 365 compliance center. These four cmdlets let you configure and manage search permissions filters:
+The following four cmdlets in Security & Compliance PowerShell let you configure and manage search permissions filters:
[New-ComplianceSecurityFilter](#new-compliancesecurityfilter)
Search permissions filtering is supported by the Content search feature in the M
- Search permissions filtering can't be used to limit who can search public folders in Exchange. -- There is no limit to the number of search permissions filters that can be created in an organization. But search performance will be impacted when there are more than 100 search permissions filters. To keep the number of search permissions filters in your organization as small as possible, create filters that combine rules for Exchange, SharePoint, and OneDrive in a single filter whenever possible.
+- There is no limit to the number of search permissions filters that can be created in an organization. However, a search query can have a maximum of 100 conditions. In this case, a condition is defined as something that's connected to the query by a Boolean operator (such as **AND**, **OR**, and **NEAR**). The limit for the number of conditions includes the search query itself plus all search permissions filters that are applied to the user who runs the search. Therefore, the more search permissions filters you have (especially if these filters are applied to the same user or group of users), the better the chance of exceeding the maximum number of conditions for a search. To prevent your organization from reaching the conditions limit, keep the number of search permissions filters in your organization to few as possible to meet your business requirements. For more information, see [Set up compliance boundaries for eDiscovery investigations](set-up-compliance-boundaries.md#frequently-asked-questions).
## Connect to Exchange Online and Security & Compliance Center PowerShell in a single session
For troubleshooting PowerShell connection errors, see:
## New-ComplianceSecurityFilter
-The **New-ComplianceSecurityFilter** is used to create a search permissions filter. The following table describes the parameters for this cmdlet. All parameters are required to create a compliance security filter.
+The **New-ComplianceSecurityFilter** is used to create a search permissions filter. Here's the basic syntax for this cmdlet:
+
+```powershell
+New-ComplianceSecurityFilter -FilterName <name of filter> -Users <user or role group> -Filters <filter>
+```
+
+The following sections describe the parameters for this cmdlet. All parameters are required to create a search permissions filter.
+
+### *FilterName*
+
+The _FilterName_ parameter specifies the name of the permissions filter. This name is used to identity a filter when using the **Get-ComplianceSecurityFilter**, **Set-ComplianceSecurityFilter,** and **Remove-ComplianceSecurityFilter** cmdlets.
+
+### *Filters*
+
+The _Filters_ parameter specifies the search criteria for the compliance security filter. You can create three different types of filters:
+
+- **Mailbox or OneDrive filtering:** This type of filter specifies the mailboxes and OneDrive accounts the assigned users (specified by the _Users_ parameter) can search. This type of filter is called a *content location* filter because it defines the content locations that a user can search. The syntax for this type of filter is **Mailbox_** _MailboxPropertyName_, where _MailboxPropertyName_ specifies a mailbox property used to scope the mailboxes and OneDrive accounts that can be searched. For example, the mailbox filter `"Mailbox_CustomAttribute10 -eq 'OttawaUsers'"` would allow the user assigned this filter to search only the mailboxes and OneDrive accounts that have the value "OttawaUsers" in the CustomAttribute10 property.
+
+ Any supported filterable recipient property can be used for the _MailboxPropertyName_ property. For a list of searchable properties, see [Filterable properties for the -RecipientFilter parameter](/powershell/exchange/recipientfilter-properties).
+
+- **Mailbox content filtering:** This type of filter is applied on the content that can be searched. This type of filter is called a *content filter* because it specifies the mailbox content the assigned users can search for. The syntax for this type of filter is **MailboxContent_** _SearchablePropertyName: value_, where _SearchablePropertyName_ specifies a Keyword Query Language (KQL) property that can be specified in a search. For example, the mailbox content filter `MailboxContent_recipients:contoso.com` would allow the user assigned this filter to only search for messages sent to recipients in the contoso.com domain. For a list of searchable message properties, see [Keyword queries and search conditions for eDiscovery](keyword-queries-and-search-conditions.md#searchable-email-properties).
+
+ > [!IMPORTANT]
+ > A single search filter can't contain a mailbox filter and a mailbox content filter. To combine these in a single filter, you have to use a [filters list](#using-a-filters-list-to-combine-filter-types). But a filter can contain a more complex query of the same type. For example, `"Mailbox_CustomAttribute10 -eq 'FTE' -and Mailbox_MemberOfGroup -eq '$($DG.DistinguishedName)'"`
+
+- **Site and site content filtering:** There are two SharePoint- and OneDrive-related filters that you can use to specify what site or site content the assigned users can search.
+
+ - **Site_**_SearchableSiteProperty_
+
+ - **SiteContent_**_SearchableSiteProperty_
-| Parameter | Description |
-|:--|:--|
-| _Action_ <br/> | The _Action_ parameter specifies that type of search action that the filter is applied to. The possible Content search actions are: <br/><br/> **Export:** The filter is applied when exporting search results. <br/> **Preview:** The filter is applied when previewing search results. <br/> **Purge:** The filter is applied when purging search results. <br/> **Search:** The filter is applied when running a search. <br/> **All:** The filter is applied to all search actions. <br/> |
-| _FilterName_ <br/> |The _FilterName_ parameter specifies the name of the permissions filter. This name is used to identity a filter when using the **Get-ComplianceSecurityFilter**, **Set-ComplianceSecurityFilter,** and **Remove-ComplianceSecurityFilter** cmdlets. <br/> |
-| _Filters_ <br/> | The _Filters_ parameter specifies the search criteria for the compliance security filter. You can create three different types of filters: <br/><br/> **Mailbox or OneDrive filtering:** This type of filter specifies the mailboxes and OneDrive accounts the assigned users (specified by the _Users_ parameter) can search. The syntax for this type of filter is **Mailbox_** _MailboxPropertyName_, where _MailboxPropertyName_ specifies a mailbox property used to scope the mailboxes and OneDrive accounts that can be searched. For example, the mailbox filter `"Mailbox_CustomAttribute10 -eq 'OttawaUsers'"` would allow the user assigned this filter to search only the mailboxes and OneDrive accounts that have the value "OttawaUsers" in the CustomAttribute10 property. <br/> Any supported filterable recipient property can be used for the _MailboxPropertyName_ property. For a list of supported properties, see [Filterable properties for the -RecipientFilter parameter](/powershell/exchange/recipientfilter-properties). <br/><br/> **Mailbox content filtering:** This type of filter is applied on the content that can be searched. It specifies the mailbox content the assigned users can search for. The syntax for this type of filter is **MailboxContent_** _SearchablePropertyName: value_, where _SearchablePropertyName_ specifies a Keyword Query Language (KQL) property that can be specified in a Content search. For example, the mailbox content filter `MailboxContent_recipients:contoso.com` would allow the user assigned this filter to only search for messages sent to recipients in the contoso.com domain. <br/> For a list of searchable message properties, see [Keyword queries and search conditions for Content search](keyword-queries-and-search-conditions.md). <br/> <br/> **Important:** A single search filter can't contain a mailbox filter and a mailbox content filter. To combine these in a single filter, you have to use a [filters list](#using-a-filters-list-to-combine-filter-types). But a filter can contain a more complex query of the same type. For example, `"Mailbox_CustomAttribute10 -eq 'FTE' -and Mailbox_MemberOfGroup -eq '$($DG.DistinguishedName)'"` <br/><br/> **Site and site content filtering:** There are two SharePoint and OneDrive for Business site-related filters that you can use to specify what site or site content the assigned users can search: <br/><br/> - **Site_** _SearchableSiteProperty_ <br/> - **SiteContent_** _SearchableSiteProperty_ <br/><br/> These two filters are interchangeable. For example, `"Site_Path -like 'https://contoso.sharepoint.com/sites/doctors*'"` and `"SiteContent_Path -like 'https://contoso.sharepoint.com/sites/doctors*'"` return the same results. But to help you identify what a filter does, you can use `Site_` to specify site-related properties (such as a site URL) and `SiteContent_` to specify content-related properties (such as document types. For example, the filter `"Site_Path -like 'https://contoso.sharepoint.com/sites/doctors*'"` would allow the user assigned this filter to only search for content in the https://contoso.sharepoint.com/sites/doctors site collection. The filter `"SiteContent_FileExtension -eq 'docx'"` would allow the user assigned this filter to only search for Word documents (Word 2007 and later). <br/><br/> For a list of searchable site properties, see [Overview of crawled and managed properties in SharePoint](/SharePoint/technical-reference/crawled-and-managed-properties-overview). Properties marked with a **Yes** in the **Queryable** column can be used to create a site or site content filter. <br/><br/> **Important:** <br/><br/> - Setting up a site filter with one of the supported properties does not mean the site property in the filter will propagate to all files on that site. This means the user is still responsible for populating the specific property fields associated with the files on that site in order for the site filter to work and capture the right content. For example, if the user has a security filter "Site_RefineableString00 -eq 'abc'" applied and then the user runs a search using keyword query "xyz". The security filter gets appended to the query and the actual query running would be "xyz **AND RefineableString0:'abc'**". The user needs to ensure the files on the site indeed have values in the RefineableString00 field as abc. If not, this search query will not return any results. <br/><br/>- You have to create a search permissions filter to explicitly prevent users from searching content locations in a specific service (such as preventing a user from searching any Exchange mailbox or any SharePoint site). In other words, creating a search permissions filter that allows a user to search all SharePoint sites in the organization doesn't prevent that user from searching mailboxes. For example, to allow SharePoint admins to only search SharePoint sites, you have to create a filter that prevents them from searching mailboxes. Similarly, to allow Exchange admins to only search mailboxes, you have to create a filter that prevents them from searching sites. |
-| _Users_ <br/> |The _Users_ parameter specifies the users who get this filter applied to their Content searches. Identify users by their alias or primary SMTP address. You can specify multiple values separated by commas, or you can assign the filter to all users by using the value **All**. <br/> You can also use the _Users_ parameter to specify a Microsoft 365 compliance center role group. This lets you create a custom role group and then assign that role group a search permissions filter. For example, let's say you have a custom role group for eDiscovery managers for the U.S. subsidiary of a multi-national corporation. You can use the _Users_ parameter to specify this role group (by using the Name property of the role group) and then use the _Filter_ parameter to allow only mailboxes in the U.S. to be searched. <br/> You can't specify distribution groups with this parameter. <br/> |
-
+ These two filters are interchangeable. For example, `"Site_Path -like 'https://contoso.sharepoint.com/sites/doctors'"` and `"SiteContent_Path -like 'https://contoso.sharepoint.com/sites/doctors'"` return the same results. For a list of searchable site properties, see [Keyword queries and search conditions for eDiscovery](keyword-queries-and-search-conditions.md#searchable-site-properties) For a more complete list, see [Overview of crawled and managed properties in SharePoint](/SharePoint/technical-reference/crawled-and-managed-properties-overview). Properties marked with a **Yes** in the **Queryable** column can be used to create a site or site content filter.
+
+ > [!IMPORTANT]
+ > Setting up a site filter with one of the supported properties doesn't mean the site property in the filter will propagate to all documents on that site. This means the user is still responsible for populating the specific property fields associated with the documents on that site in order for the site filter to work and capture the right content. For example, if the user has a security filter "Site_RefineableString00 -eq 'abc'" applied and then the user runs a search using keyword query "xyz". The security filter gets appended to the query and the actual query running would be "xyz **AND RefineableString0:'abc'**". The user needs to ensure that documents on the site indeed have values in the RefineableString00 field as"abc". If not, the search query won't return any results.
+
+Keep the following considerations in mind when configuring the *Filters* parameter for search permissions filters:
+
+- Unlike mailboxes, there isn't a content location filter for sites even though the *Site* filter looks like a location filter. All filters for SharePoint and OneDrive are content filters (which is also why *Site_* and *SiteContent_* filters are interchangeable) because site-related properties like *Path* are stamped directly on the documents. Why is this? It's a result of the way that SharePoint is designed. In SharePoint, there isn't a "site object" with properties, like there is with Exchange mailboxes. Therefore, the *Path* property is stamped on the document and contains the URL of the site where the document is located. This is why a *Site* filter is considered a content filter and not a content location filter.
+
+- You have to create a search permissions filter to explicitly prevent users from searching content locations in a specific service (such as preventing a user from searching any Exchange mailbox or any SharePoint site). In other words, creating a search permissions filter that allows a user to search all SharePoint sites in the organization doesn't prevent that user from searching mailboxes. For example, to allow SharePoint admins to only search SharePoint sites, you have to create a filter that prevents them from searching mailboxes. Similarly, to allow Exchange admins to only search mailboxes, you have to create a filter that prevents them from searching sites.
+
+### *Users*
+
+The _Users_ parameter specifies the users who get this filter applied to their searches. Identify users by their alias or primary SMTP address. You can specify multiple values separated by commas, or you can assign the filter to all users by using the value **All**.
+
+You can also use the _Users_ parameter to specify a Microsoft 365 compliance center role group. This lets you create a custom role group and then assign that role group a search permissions filter. For example, let's say you have a custom role group for eDiscovery managers for the U.S. subsidiary of a multi-national corporation. You can use the _Users_ parameter to specify this role group (by using the Name property of the role group) and then use the _Filter_ parameter to allow only mailboxes in the U.S. to be searched. You can't specify distribution groups with this parameter.|
+ ### Using a filters list to combine filter types
-A *filters list* is a filter that includes a mailbox filter and a site filter separated by a comma. Using a filters list is the only supported method for combining different types of filters. In the following example, notice that a comma separates the **Mailbox** and **Site** filters:
+A *filters list* is a filter that includes a mailbox filter and a site filter separated by a comma. This comma also functions as an **OR** operator. Using a filters list is the only supported method for combining different types of filters. In the following example, notice that a comma separates the **Mailbox** and **Site** filters:
```powershell--Filters "Mailbox_CustomAttribute10 -eq 'OttawaUsers'", "Site_Path -like 'https://contoso.sharepoint.com/sites/doctors*'"
+-Filters "Mailbox_CustomAttribute10 -eq 'OttawaUsers'", "SiteContent_Path -like 'https://contoso.sharepoint.com/sites/doctors'"
```
-When a filter that contains a filters list is processed during the running of a content search, two search permissions filters are created from the filters list: One for each filter that's separated by a comma. So in the previous example, one mailbox search permissions filter and one site search permissions filter would be created.
+When a filter that contains a filters list is processed during the running of a search, two search permissions filters are created from the filters list: One for each filter that's separated by a comma. So in the previous example, one mailbox search permissions filter and one site search permissions filter would be created. These filters are connected by the **OR** operator.
An alternative to using a filters list would be to create two separate search permissions filters. So in the previous example, you'd create one filter for the mailbox attribute and one filter for the site attribute. In either case, the results are the same. Using a filters list or creating separate search permissions filters is a matter of preference.
Keep the following things in mind about using a filters list:
- Each component of a filters list can contain a complex filter syntax. For example, the mailbox and site filters can contain multiple filters separated by an **-or** operator: ```powershell
- -Filters "Mailbox_Department -eq 'CohoWinery' -or Mailbox_CustomAttribute10 -eq 'CohoUsers'", "Site_Path -like 'https://contoso.sharepoint.com/sites/CohoWinery*'"
+ -Filters "Mailbox_Department -eq 'CohoWinery' -or Mailbox_CustomAttribute10 -eq 'CohoUsers'", "SiteContent_Path -like 'https://contoso.sharepoint.com/sites/CohoWinery*'"
``` ## Examples of creating search permissions filters
-Here are examples of using the **New-ComplianceSecurityFilter** cmdlet to create a search permissions filter.
+Here are examples of using the **New-ComplianceSecurityFilter** cmdlet to create a search permissions filter.
-This example allows the user annb@contoso.com to perform all Content search actions only for mailboxes in Canada. This filter contains the three-digit numeric country code for Canada from ISO 3166-1.
+This example allows the user annb@contoso.com to perform search actions only for mailboxes and OneDrive accounts in Canada. This filter contains the three-digit numeric country code for Canada from ISO 3166-1.
```powershell
-New-ComplianceSecurityFilter -FilterName CountryFilter -Users annb@contoso.com -Filters "Mailbox_CountryCode -eq '124'" -Action All
+New-ComplianceSecurityFilter -FilterName CountryFilter -Users annb@contoso.com -Filters "Mailbox_CountryCode -eq '124'"
```
-This example allows the users donh and suzanf to search only the mailboxes that have the value 'Marketing' for the CustomAttribute1 mailbox property.
+This example allows the users donh and suzanf to search only the mailboxes and OneDrive accounts that have the value 'Marketing' for the CustomAttribute1 mailbox property.
```powershell
-New-ComplianceSecurityFilter -FilterName MarketingFilter -Users donh,suzanf -Filters "Mailbox_CustomAttribute1 -eq 'Marketing'" -Action Search
+New-ComplianceSecurityFilter -FilterName MarketingFilter -Users donh,suzanf -Filters "Mailbox_CustomAttribute1 -eq 'Marketing'"
```
-This example allows members of the "US Discovery Managers" role group to perform all Content search actions only on mailboxes in the United States. This filter contains the three-digit numeric country code for the United States from ISO 3166-1.
+This example allows members of the "US Discovery Managers" role group to search only the mailboxes and OneDrive accounts in the United States. This filter contains the three-digit numeric country code for the United States from ISO 3166-1.
```powershell
-New-ComplianceSecurityFilter -FilterName USDiscoveryManagers -Users "US Discovery Managers" -Filters "Mailbox_CountryCode -eq '840'" -Action All
+New-ComplianceSecurityFilter -FilterName USDiscoveryManagers -Users "US Discovery Managers" -Filters "Mailbox_CountryCode -eq '840'"
```
-This example allows members of the eDiscovery Manager role group to search only the mailboxes of members of the Ottawa Users distribution group. The Get-DistributionGroup cmdlet in Exchange Online PowerShell is used to find the members of the Ottawa Users group.
+This example allows members of the "Fourth Coffee eDiscovery Managers" role group to search only the mailboxes and OneDrive accounts that have the value 'FourthCoffee' for the Department mailbox property. The filter also allows the role group members to search for documents in the Fourth Coffee SharePoint site.
+
+```powershell
+New-ComplianceSecurityFilter -FilterName "Fourth Coffee Security Filter" -Users "Fourth Coffee eDiscovery Managers", "Fourth Coffee Investigators" -Filters "Mailbox_Department -eq 'FourthCoffee'", "SiteContent_Path -like 'https://contoso.sharepoint.com/sites/FourthCoffee' -or SiteContent_Path -like 'https://contoso-my.sharepoint.com/personal'"
+```
+
+> [!NOTE]
+> In the previous example, an additional site content filter (`SiteContent_Path -like 'https://contoso-my.sharepoint.com/personal'`) has to be included so that role group members can search for documents in OneDrive accounts. If this filter isn't included, the the filter would only allow role group members to search for documents located in `https://contoso.sharepoint.com/sites/FourthCoffee`.
+
+This example allows members of the eDiscovery Manager role group to search only the mailboxes and OneDrive accounts of members of the Ottawa Users distribution group. The Get-DistributionGroup cmdlet in Exchange Online PowerShell is used to find the members of the Ottawa Users group.
```powershell $DG = Get-DistributionGroup "Ottawa Users" ``` ```powershell
-New-ComplianceSecurityFilter -FilterName DGFilter -Users eDiscoveryManager -Filters "Mailbox_MemberOfGroup -eq '$($DG.DistinguishedName)'" -Action Search
+New-ComplianceSecurityFilter -FilterName DGFilter -Users eDiscoveryManager -Filters "Mailbox_MemberOfGroup -eq '$($DG.DistinguishedName)'"
```
-This example prevents any user from deleting content from the mailboxes of members of the Executive Team distribution group. The Get-DistributionGroup cmdlet in Exchange Online PowerShell is used to find the members of the Executive Team group.
+This example prevents any user from performing search actions on the mailboxes and OneDrive accounts of members of the Executive Team distribution group. That means users can delete content from these mailboxes. The Get-DistributionGroup cmdlet in Exchange Online PowerShell is used to find the members of the Executive Team group.
```powershell $DG = Get-DistributionGroup "Executive Team" ``` ```powershell
-New-ComplianceSecurityFilter -FilterName NoExecutivesPreview -Users All -Filters "Mailbox_MemberOfGroup -ne '$($DG.DistinguishedName)'" -Action Purge
+New-ComplianceSecurityFilter -FilterName NoExecutivesPreview -Users All -Filters "Mailbox_MemberOfGroup -ne '$($DG.DistinguishedName)'"
```
-This example allows members of the OneDrive eDiscovery Managers custom role group to only search for content in OneDrive for Business locations in the organization.
+This example allows members of the OneDrive eDiscovery Managers custom role group to only search for content in OneDrive accounts in the organization.
```powershell
-New-ComplianceSecurityFilter -FilterName OneDriveOnly -Users "OneDrive eDiscovery Managers" -Filters "Site_Path -like 'https://contoso-my.sharepoint.com/personal*'" -Action Search
+New-ComplianceSecurityFilter -FilterName OneDriveOnly -Users "OneDrive eDiscovery Managers" -Filters "SiteContent_Path -like 'https://contoso-my.sharepoint.com/personal'"
```-
-> [!NOTE]
-> To restrict users to searching specific sites, use the filter `Site_Path`, as shown in the previous example. Using `Site_Site` will not work.
-This example restricts the user to performing all Content search actions only on email messages sent during the calendar year 2015.
+This example restricts the user to performing search actions only on email messages sent during the calendar year 2015.
```powershell
-New-ComplianceSecurityFilter -FilterName EmailDateRestrictionFilter -Users donh@contoso.com -Filters "MailboxContent_Received -ge '01-01-2015' -and MailboxContent_Received -le '12-31-2015'" -Action All
+New-ComplianceSecurityFilter -FilterName EmailDateRestrictionFilter -Users donh@contoso.com -Filters "MailboxContent_Received -ge '01-01-2015' -and MailboxContent_Received -le '12-31-2015'"
```
-Similar to the previous example, this example restricts the user to performing all Content search actions on documents that were last changed sometime in the calendar year 2015.
+Similar to the previous example, this example restricts the user to performing search actions only on documents that were last changed sometime in the calendar year 2015.
```powershell
-New-ComplianceSecurityFilter -FilterName DocumentDateRestrictionFilter -Users donh@contoso.com -Filters "SiteContent_LastModifiedTime -ge '01-01-2015' -and SiteContent_LastModifiedTime -le '12-31-2015'" -Action All
+New-ComplianceSecurityFilter -FilterName DocumentDateRestrictionFilter -Users donh@contoso.com -Filters "SiteContent_LastModifiedTime -ge '01-01-2015' -and SiteContent_LastModifiedTime -le '12-31-2015'"
```
-This example prevents members of the "OneDrive Discovery Managers" role group from performing content search actions on any mailbox in the organization.
+This example prevents members of the "OneDrive Discovery Managers" role group from performing search actions on any mailbox in the organization.
```powershell
-New-ComplianceSecurityFilter -FilterName NoEXO -Users "OneDrive Discovery Managers" -Filters "Mailbox_Alias -notlike '*'" -Action All
+New-ComplianceSecurityFilter -FilterName NoEXO -Users "OneDrive Discovery Managers" -Filters "Mailbox_Alias -notlike '*'"
```
-This example prevents anyone in the organization from searching for email messages that were sent or received by janets or sarad.
+This example prevents anyone in the organization from performing search actions on email messages that were sent or received by janets or sarad.
```powershell
-New-ComplianceSecurityFilter -FilterName NoSaraJanet -Users All -Filters "MailboxContent_Participants -notlike 'janets@contoso.onmicrosoft.com' -and MailboxContent_Participants -notlike 'sarad@contoso.onmicrosoft.com'" -Action Search
+New-ComplianceSecurityFilter -FilterName NoSaraJanet -Users All -Filters "MailboxContent_Participants -notlike 'janets@contoso.onmicrosoft.com' -and MailboxContent_Participants -notlike 'sarad@contoso.onmicrosoft.com'"
```
-This example uses a filters list to combine mailbox and site filters.
+This example uses a filters list to combine mailbox and site filters. In this example, the mailbox filter is a content location filter and the site filter is a content filter.
```powershell
-New-ComplianceSecurityFilter -FilterName "Coho Winery Security Filter" -Users "Coho Winery eDiscovery Managers", "Coho Winery Investigators" -Filters "Mailbox_Department -eq 'CohoWinery'", "Site_Path -like 'https://contoso.sharepoint.com/sites/CohoWinery*'" -Action ALL
+New-ComplianceSecurityFilter -FilterName "Coho Winery Security Filter" -Users "Coho Winery eDiscovery Managers", "Coho Winery Investigators" -Filters "Mailbox_Department -eq 'CohoWinery'", "SiteContent_Path -like 'https://contoso.sharepoint.com/sites/CohoWinery'"
``` ## Get-ComplianceSecurityFilter
-The **Get-ComplianceSecurityFilter** is used to return a list of search permissions filters. Use the _FilterName_ parameter to return information for a specific search filter.
+The **Get-ComplianceSecurityFilter** is used to return a list of search permissions filters. Use the _FilterName_ parameter to return information for a specific search filter.
## Set-ComplianceSecurityFilter
-The **Set-ComplianceSecurityFilter** is used to modify an existing search permissions filter. The only required parameter is _FilterName_.
+The **Set-ComplianceSecurityFilter** is used to modify an existing search permissions filter. The following sections describe the parameters for this cmdlet. The only required parameter is _FilterName_.
+
+### *FilterName*
+
+The _FilterName_ parameter specifies the name of the permissions filter.
+
+### *Users*
+
+The _Users_ parameter specifies the users who get this filter applied to their searches. Because this is a multi-value property, specifying a user or group of users with this parameter overwrite the existing list of users. See the following examples for the syntax to add and remove selected users.
+
+You can also use the _Users_ parameter to specify a Microsoft 365 compliance center role group. This lets you create a custom role group and then assign that role group a search permissions filter. For example, let's say you have a custom role group for eDiscovery managers for the U.S. subsidiary of a multi-national corporation. You can use the _Users_ parameter to specify this role group (by using the Name property of the role group) and then use the _Filter_ parameter to allow only mailboxes in the U.S. to be searched. You can't specify distribution groups with this parameter.
+
+### *Filters*
+
+The _Filters_ parameter specifies the search criteria for the compliance security filter. You can create three different types of filters:
+
+- **Mailbox and OneDrive filtering:** This type of filter specifies the mailboxes and OneDrive accounts the assigned users (specified by the _Users_ parameter) can search. The syntax for this type of filter is **Mailbox_** _MailboxPropertyName_, where _MailboxPropertyName_ specifies a mailbox property used to scope the mailboxes that can be searched. For example, the mailbox filter `"Mailbox_CustomAttribute10 -eq 'OttawaUsers'"` would allow the user assigned this filter to search only the mailboxes that have the value "OttawaUsers" in the CustomAttribute10 property. Any supported filterable recipient property can be used for the _MailboxPropertyName_ property. For a list of supported properties, see [Filterable properties for the -RecipientFilter parameter](/powershell/exchange/recipientfilter-properties).
+
+- **Mailbox content filtering:** This type of filter is applied on the content that can be searched. It specifies the mailbox content the assigned users can search for. The syntax for this type of filter is **MailboxContent_** _SearchablePropertyName:value_, where _SearchablePropertyName_ specifies a Keyword Query Language (KQL) property that can be specified in a search. For example, the mailbox content filter `MailboxContent_recipients:contoso.com` would allow the user assigned this filter to only search for messages sent to recipients in the contoso.com domain. For a list of searchable message properties, see [Keyword queries and search conditions for eDiscovery](keyword-queries-and-search-conditions.md).
+
+- **Site and site content filtering:** There are two SharePoint and OneDrive for Business site-related filters that you can use to specify what site or site content the assigned users can search:
+
+ - **Site_** *SearchableSiteProperty*
+ - **SiteContent**_*SearchableSiteProperty*
-| Parameter | Description |
-|:--|:--|
-| _Action_| The _Action_ parameter specifies that type of search action that the filter is applied to. The possible Content search actions are: <br/><br/> **Export:** The filter is applied when exporting search results. <br/> **Preview:** The filter is applied when previewing search results. <br/> **Purge:** The filter is applied when purging search results. <br/> **Search:** The filter is applied when running a search. <br/> **All:** The filter is applied to all search actions. <br/> |
-| _FilterName_|The _FilterName_ parameter specifies the name of the permissions filter. |
-| _Filters_| The _Filters_ parameter specifies the search criteria for the compliance security filter. You can create two different types of filters: <br/><br/>**Mailbox and OneDrive filtering:** This type of filter specifies the mailboxes and OneDrive accounts the assigned users (specified by the _Users_ parameter) can search. The syntax for this type of filter is **Mailbox_** _MailboxPropertyName_, where _MailboxPropertyName_ specifies a mailbox property used to scope the mailboxes that can be searched. For example, the mailbox filter `"Mailbox_CustomAttribute10 -eq 'OttawaUsers'"` would allow the user assigned this filter to search only the mailboxes that have the value "OttawaUsers" in the CustomAttribute10 property. Any supported filterable recipient property can be used for the _MailboxPropertyName_ property. For a list of supported properties, see [Filterable properties for the -RecipientFilter parameter](/powershell/exchange/recipientfilter-properties). <br/><br/>**Mailbox content filtering:** This type of filter is applied on the content that can be searched. It specifies the mailbox content the assigned users can search for. The syntax for this type of filter is **MailboxContent_** _SearchablePropertyName:value_, where _SearchablePropertyName_ specifies a Keyword Query Language (KQL) property that can be specified in a Content search. For example, the mailbox content filter `MailboxContent_recipients:contoso.com` would allow the user assigned this filter to only search for messages sent to recipients in the contoso.com domain. For a list of searchable message properties, see [Keyword queries for Content search](keyword-queries-and-search-conditions.md). <br/><br/>**Site and site content filtering:** There are two SharePoint and OneDrive for Business site-related filters that you can use to specify what site or site content the assigned users can search: <br/><br/>- **Site_** *SearchableSiteProperty* <br/>- **SiteContent**_*SearchableSiteProperty*<br/><br/>These two filters are interchangeable. For example, `"Site_Path -like 'https://contoso.spoppe.com/sites/doctors*'"` and `"SiteContent_Path -like 'https://contoso.spoppe.com/sites/doctors*'"` returns the same results. But to help you identify what a filter does, you can use `Site_` to specify site-related properties (such as a site URL) and `SiteContent_` to specify content-related properties (such as document types. For example, the filter `"Site_Path -like 'https://contoso.spoppe.com/sites/doctors*'"` would allow the user assigned this filter to only search for content in the https://contoso.spoppe.com/sites/doctors site collection. The filter `"SiteContent_FileExtension -eq 'docx'"` would allow the user assigned this filter to only search for Word documents (Word 2007 and later). <br/><br/>For a list of searchable site properties, see [Overview of crawled and managed properties in SharePoint](/SharePoint/technical-reference/crawled-and-managed-properties-overview). Properties marked with a **Yes** in the **Queryable** column can be used to create a site or site content filter. <br/><br/> |
-| _Users_|The _Users_ parameter specifies the users who get this filter applied to their Content searches. Because this is a multi-value property, specifying a user or group of users with this parameter overwrite the existing list of users. See the following examples for the syntax to add and remove selected users. <br/><br/>You can also use the _Users_ parameter to specify a Microsoft 365 compliance center role group. This lets you create a custom role group and then assign that role group a search permissions filter. For example, let's say you have a custom role group for eDiscovery managers for the U.S. subsidiary of a multi-national corporation. You can use the _Users_ parameter to specify this role group (by using the Name property of the role group) and then use the _Filter_ parameter to allow only mailboxes in the U.S. to be searched. <br/><br/>You can't specify distribution groups with this parameter. |
+ These two filters are interchangeable. For example, `"Site_Path -like 'https://contoso.spoppe.com/sites/doctors*'"` and `"SiteContent_Path -like 'https://contoso.spoppe.com/sites/doctors*'"` return the same results. For a list of searchable site properties, see [Overview of crawled and managed properties in SharePoint](/SharePoint/technical-reference/crawled-and-managed-properties-overview). Properties marked with a **Yes** in the **Queryable** column can be used to create a site or site content filter.
-## Examples of changing search permissions filters
+### Examples of changing search permissions filters
-These examples show how to use the **Get-ComplianceSecurityFilter** and **Set-ComplianceSecurityFilter** cmdlets to add or remove a user to the existing list of users that the filter is assigned to. When you add or remove users from a filter, specify the user by using their SMTP address.
+These examples show how to use the **Get-ComplianceSecurityFilter** and **Set-ComplianceSecurityFilter** cmdlets to add or remove a user to the existing list of users that the filter is assigned to. When you add or remove users from a filter, specify the user by using their SMTP address.
This example adds a user to the filter.
Set-ComplianceSecurityFilter -FilterName OttawaUsersFilter -Users $filterusers.u
## Remove-ComplianceSecurityFilter
-The **Remove-ComplianceSecurityFilter** is used to delete a search filter. Use the _FilterName_ parameter to specify the filter you want to delete.
+The **Remove-ComplianceSecurityFilter** is used to delete a search filter. Use the _FilterName_ parameter to specify the filter you want to delete.
## More information -- **How does search permissions filtering work?** The permissions filter is appended to the search query when a Content search is run. The permissions filter is joined to the search query by the **AND** Boolean operator. The query logic for the search query and the permissions filter would look like this:
+- **How does search permissions filtering work?** The permissions filter is appended to the search query when a search is run. The permissions filter is joined to the search query by the **AND** Boolean operator. The query logic for the search query and the permissions filter would look like this:
```text <SearchQuery> AND <PermissionsFilter> ```
- For example, you have a permissions filter that allows Bob to perform all search actions on the mailboxes of members of the Workers distribution group. Then Bob runs a Content search on all mailboxes in the organization with the search query `sender:jerry@adatum.com`. Because the permissions filter and the search query are logically combined by an **AND** operator, the search returns any message sent by jerry@adatum.com to any member of the Workers distribution group.
+ For example, you have a permissions filter that allows Bob to perform all search actions on the mailboxes of members of the Workers distribution group. Then Bob runs a search on all mailboxes in the organization with the search query `sender:jerry@adatum.com`. Because the permissions filter and the search query are logically combined by an **AND** operator, the search returns any message sent by jerry@adatum.com to any member of the Workers distribution group.
-- **What happens if you have multiple search permissions filters?** In a Content search query, multiple permissions filters are combined by **OR** Boolean operators. So results will be returned if any of the filters are true. In a Content search, all filters (combined by **OR** operators) are then combined with the search query by the **AND** operator.
+- **What happens if you have multiple search permissions filters?** In a search query, multiple permissions filters are combined by **OR** Boolean operators. So results will be returned if any of the filters are true. In a search, all filters (combined by **OR** operators) are then combined with the search query by the **AND** operator.
```text <SearchQuery> AND (<PermissionsFilter1> OR <PermissionsFilter2> OR <PermissionsFilter3>) ```
- Let's take the previous example, where a search filter allows Bob to search only the mailboxes of the members of the Workers distribution group. Then we create another filter that prevents Bob from searching Phil's mailbox ("Mailbox_Alias -ne 'Phil'"). And let's also assume that Phil is a member of the Workers group. When Bob runs a Content search (from the previous example) on all mailboxes in the organization, search results are returned for Phil's mailbox even though you applied filter to prevent Bob from searching Phil's mailbox. This is because the first filter, which allows Bob to search the Workers group, is true. And because Phil is a member of the Workers group, Bob can search Phil's mailbox.
+ Let's take the previous example, where a search filter allows Bob to search only the mailboxes of the members of the Workers distribution group. Then we create another filter that prevents Bob from searching Phil's mailbox ("Mailbox_Alias -ne 'Phil'"). And let's also assume that Phil is a member of the Workers group. When Bob runs a search (from the previous example) on all mailboxes in the organization, search results are returned for Phil's mailbox even though you applied filter to prevent Bob from searching Phil's mailbox. This is because the first filter, which allows Bob to search the Workers group, is true. And because Phil is a member of the Workers group, Bob can search Phil's mailbox.
-- **Does search permissions filtering work for inactive mailboxes?** Yes, you can use mailbox and mailbox content filters to limit who can search inactive mailboxes in your organization. Like a regular mailbox, an inactive mailbox has to be configured with the recipient property that's used to create a permissions filter. If necessary, you can use the **Get-Mailbox -InactiveMailboxOnly** command to display the properties of inactive mailboxes. For more information, see [Create and manage inactive mailboxes in Office 365](create-and-manage-inactive-mailboxes.md).
-
-- **Does search permissions filtering work for public folders?** No. As previously explained, search permissions filtering can't be used to limit who can search public folders in Exchange. For example, items in public folder locations can't be excluded from the search results by a permissions filter.
+- **Does search permissions filtering work for inactive mailboxes?** Yes, you can use mailbox and mailbox content filters to limit who can search inactive mailboxes in your organization. Like a regular mailbox, an inactive mailbox has to be configured with the recipient property that's used to create a permissions filter. If necessary, you can use the **Get-Mailbox -InactiveMailboxOnly** command to display the properties of inactive mailboxes. For more information, see [Create and manage inactive mailboxes](create-and-manage-inactive-mailboxes.md).
+
+- **Does search permissions filtering work for public folders?** No. As previously explained, search permissions filtering can't be used to limit who can search public folders in Exchange. For example, items in public folder locations can't be excluded from the search results by a permissions filter.
- **Does allowing a user to search all content locations in a specific service also prevent them from searching content locations in a different service?** No. As previously explained, you have to create a search permissions filter to explicitly prevent users from searching content locations in a specific service (such as preventing a user from searching any Exchange mailbox or any SharePoint site). In other words, creating a search permissions filter that allows a user to search all SharePoint sites in the organization doesn't prevent that user from searching mailboxes. For example, to allow SharePoint admins to only search SharePoint sites, you have to create a filter that prevents them from searching mailboxes. Similarly, to allow Exchange admins to only search mailboxes, you have to create a filter that prevents them from searching sites. - **Do search permissions filters count against search query character limits?** Yes. Search permissions filters count against the character limit for search queries. For more information, see [Limits in Advanced eDiscovery](limits-ediscovery20.md).+
+**What is the maximum number of search permissions filters that can be created in an organization?**
+
+There is no limit to the number of search permissions filters that can be created in an organization. However, a search query can have a maximum of 100 conditions. In this case, a condition is defined as something that's connected to the query by a Boolean operator (such as **AND**, **OR**, and **NEAR**). The limit of the number of conditions includes the search query itself plus all search permissions filters that are applied to the user who runs the search. Therefore, the more search permissions filters you have (especially if these filters are applied to the same user or group of users), the better the chance of exceeding the maximum number of conditions for a search.
+
+To understand how this limit works, you need to understand that a search permissions filter is appended to the search query when a search is run. A search permissions filter is joined to the search query by the **AND** Boolean operator. The query logic for the search query and a single search permissions filter would look like this:
+
+```text
+<SearchQuery> AND <PermissionsFilter>
+```
+
+Multiple search permissions filters are combined together by the **OR** Boolean operator, and then those conditions are connected to the search query by the **AND** operator.
+
+The query logic for the search query and multiple search permissions filters would look like this:
+
+```text
+<SearchQuery> AND (<PermissionsFilter1> OR <PermissionsFilter2> OR <PermissionsFilter3>...)
+```
+
+It's possible the search query itself may consist of multiple conditions connected by Boolean operators. Each condition in the search query would also count against the 100-condition limit.
+
+Also, the number of search permissions filters appended to a query depends on the user who is running the search. When a specific user runs a search, the search permissions filters that are applied to the user (which is defined by the *Users* parameter in the filter) are appended to the query. Your organization could have hundreds of search permissions filters, but if more than 100 filters are applied to the same users, then it's likely the 100-condition limit will be exceeded when those users run searches.
+
+There's one more thing to keep in mind about the condition limit. The number of specific SharePoint sites that are included in the search query or search permissions filters also count against this limit.
+
+To prevent your organization from reaching the conditions limit, keep the number of search permissions filters in your organization to few as possible to meet your business requirements.
compliance Reports In Security And Compliance https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/reports-in-security-and-compliance.md
- Title: "Reports in the Security & Compliance Center"-- NOCSH------ 'ms.o365.cc.AuditingHelp'--- MET150
-localization_priority: Normal
-description: "Use the Security & Compliance Center to get various reports for your SharePoint Online and Exchange Online organization, plus Azure Active Directory reports."
--
-# Reports in the Security & Compliance Center
-
-You can use the **View reports** page in the Security & Compliance Center to quickly access audit reports for your SharePoint Online and Exchange Online organizations. You can also access Azure Active Directory (AD) user sign-in reports, user activity reports, and the Azure AD audit log from the **View reports** page. This is because your paid Microsoft 365 subscription includes a free subscription to Microsoft Azure. The first time that you try to access these Azure reports, you will have to complete a one-time registration process.
-
-> [!TIP]
-> To view additional reports about activity in your organization, see [Activity Reports in the Microsoft 365 admin center](../admin/activity-reports/activity-reports.md).
-
- **Before you begin**
-
-You need the following permissions to view reports in the Security & Compliance Center.
-
-- You have to be assigned the Security Reader role in the Exchange admin center (EAC) to view reports in the Security & Compliance Center. By default, this role is assigned to the Organization Management and Security Reader role groups in the EAC.
-
-- You have to be assigned the View-Only DLP Compliance Management role in the Security & Compliance Center to view DLP reports in the Security & Compliance Center. By default, this role is assigned to the Compliance Administrator, Organization Management, Security Administrator, and Security Reader role groups in the Security & Compliance Center.--- Additionally, you have to be assigned the View-Only Recipients role in the EAC to view DLP reports in the EAC. By default, this role is assigned to the Compliance Management, Organization Management, and View-Only Organization Management role groups in the EAC.
-
- **To open the View reports page in the Security & Compliance Center:**
-
-1. Go to [https://protection.office.com/#/viewreports](https://protection.office.com/#/viewreports).
-
-2. Sign in using the credentials for a user account in your organization.
-
-On the **View reports** page, you can view the following types of reports:
-
-- [Auditing reports](#auditing-reports)-- [Supervisory review report](#supervisory-review-report)-- [Data loss prevention reports](#data-loss-prevention-reports)
-
-## Auditing reports
-
-The following table describes the reports in the **Auditing** section on the **View reports** page in the Security & Compliance Center.
-
-|**Report**|**Description**|
-|:--|:--|
-|**audit log report** <br/> |You can search the audit log for user and admin activity in your organization. The report contains entries user and admin activity in Exchange Online, SharePoint Online, OneDrive for Business, and Azure Active Directory, which is the directory service for Office 365. For more information, see [Search the audit log in the Office 365](search-the-audit-log-in-security-and-compliance.md). <br/> |
-|**Azure AD reports** <br/> |To look for unusual or suspicious sign-in activity in your organization, you can use sign-in and activity reports in Microsoft Azure. You can also view events in the Azure AD audit log. To view reports in Azure, just click **View Azure AD reports**. For more information, see: <br/><br/>[Use your free Azure Active Directory subscription in Office 365](use-your-free-azure-ad-subscription-in-office-365.md). <br/> [View your access and usage reports](/azure/active-directory/reports-monitoring/overview-reports). <br/> |
-|**Exchange audit reports** <br/> | You can use the auditing functionality in Microsoft 365 to track changes made to your Exchange Online configuration by your organization's administrators. Changes made to your Exchange Online organization by a Microsoft data center administrator or by a delegated administrator are also logged. For Exchange Online, administrator audit logging is enabled by default, so you don't have to do anything to turn it on. Exchange Online also provides mailbox audit logging to let you track access to mailboxes by someone other than the mailbox owner. You have to enable mailbox audit logging for each mailbox that you want to track non-owner access. <br/> For both admin and mailbox audit logging, you can run audit reports to view the audit log entries. You can also export mailbox and admin audit logs, which are sent to you within 24 hours in an XML file that is attached to email message. <br/><br/>For more information about exporting audit logs, see: <br/><br/> [Export mailbox audit logs](/exchange/security-and-compliance/exchange-auditing-reports/export-mailbox-audit-logs) <br/> [View and export the datacenter admin audit log](/exchange/security-and-compliance/exchange-auditing-reports/view-external-admin-audit-log) <br/> [Search the role group changes or administrator audit logs](/exchange/security-and-compliance/exchange-auditing-reports/search-role-group-changes) <br/> [Exchange auditing reports](/exchange/security-and-compliance/exchange-auditing-reports/exchange-auditing-reports). <br/> |
-
-## Supervisory review report
-
-With the supervisory review report, you can see the status of all the supervisory review policies in your organization. For more information, see [Configure supervisory review policies for your organization](./communication-compliance-configure.md).
-
-## Data loss prevention reports
-
-Data loss prevention (DLP) reports contain information about the DLP policies and rules that have been applied to content contain sensitive data in your organization. You can also configure the report to display information about DLP actions that were based on your DLP policy and rules. For more information, see [View the report for data loss prevention](view-the-dlp-reports.md).
compliance Sensitive Information Type Learn About https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/sensitive-information-type-learn-about.md
To create custom sensitive information types in the Security & Compliance Center
> [!TIP] > To detect patterns containing Chinese/Japanese characters and single byte characters or to detect patterns containing Chinese/Japanese and English, define two variants of the keyword or regex.
+> - For example, to detect a keyword like "机密的document", use two variants of the keyword; one with a space between the Japanese and English text and another without a space between the Japanese and English text. So, the keywords to be added in the SIT should be "机密的 document" and "机密的document". Similarly, to detect a phrase "東京オリンピック2020", two variants should be used; "東京オリンピック 2020" and "東京オリンピック2020".
>
-> For example, to detect a keyword like "机密的document", use two variants of the keyword; one with a space between the Japanese and English text and another without a space between the Japanese and English text. So, the keywords to be added in the SIT should be "机密的 document" and "机密的document". Similarly, to detect a phrase "東京オリンピック2020", two variants should be used; "東京オリンピック 2020" and "東京オリンピック2020".
+> Along with Chinese/Japanese/double byte characters, if the list of keywords/phrases also contain non Chinese/Japanese words also (like English only), it is recommended to create two dictionaries/keyword lists. One for keywords containing Chinese/Japanese/double byte characters and another one for English only.
+> - For example, if you want to create a keyword dictionary/list with three phrases "Highly confidential", "機密性が高い" and "机密的document", the it you should create two keyword lists.
+> 1. Highly confidential
+> 2. 機密性が高い, 机密的document and 机密的 document
> > While creating a regex using a double byte hyphen or a double byte period, make sure to escape both the characters like one would escape a hyphen or period in a regex. Here is a sample regex for reference: > - (?<!\d)([4][0-9]{3}[\-?\-\t]*[0-9]{4}
compliance Set Up Compliance Boundaries https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/set-up-compliance-boundaries.md
We use the example in the following illustration to explain how compliance bound
In this example, Contoso LTD is an organization that consists of two subsidiaries, Fourth Coffee and Coho Winery. The business requires that eDiscovery managers and investigators can only search the Exchange mailboxes, OneDrive accounts, and SharePoint sites in their agency. Also, eDiscovery managers and investigators can only see eDiscovery cases in their agency, and they can only access the cases that they're a member of. Additionally in this scenario, investigators cannot place content locations on hold or export content from a case. Here's how compliance boundaries meet these requirements. -- The search permissions filtering functionality in Content search controls the content locations that eDiscovery managers and investigators can search. This means eDiscovery managers and investigators in the Fourth Coffee agency can only search content locations in the Fourth Coffee subsidiary. The same restriction applies to the Coho Winery subsidiary.
+- The search permissions filtering functionality for eDiscovery controls the content locations that eDiscovery managers and investigators can search. This means eDiscovery managers and investigators in the Fourth Coffee agency can only search content locations in the Fourth Coffee subsidiary. The same restriction applies to the Coho Winery subsidiary.
- [Role groups](assign-ediscovery-permissions.md#rbac-roles-related-to-ediscovery) provide the following functions for compliance boundaries:
In this example, Contoso LTD is an organization that consists of two subsidiarie
- Control the eDiscovery-related tasks that members can perform by adding or removing roles that assign specific permissions.
+- When a search permissions filter is applied to a role group, members of the role group can perform the following search-related actions as long as the permissions to perform an action is assigned to the role group:
+
+ - Search for content
+
+ - Preview search results
+
+ - Export search results
+
+ - Purge items returned by a search
+ Here's the process for setting up compliance boundaries: [Step 1: Identify a user attribute to define your agencies](#step-1-identify-a-user-attribute-to-define-your-agencies)
To meet the requirements of the Contoso compliance boundaries scenario, you woul
After you've created role groups for each agency, the next step is to create the search permissions filters that associate each role group to its specific agency and defines the compliance boundary itself. You need to create one search permissions filter for each agency. For more information about creating security permissions filters, see [Configure permissions filtering for Content Search](permissions-filtering-for-content-search.md).
-Here's the syntax that's used to create a search permissions filter used for compliance boundaries.
+Here's the syntax that's used to create a search permissions filter used for compliance boundaries for the scenario in this article.
```powershell
-New-ComplianceSecurityFilter -FilterName <name of filter> -Users <role groups> -Filters "Mailbox_<MailboxPropertyName> -eq '<Value> '", "Site_Path -like '<SharePointURL>*'" -Action <Action>
+New-ComplianceSecurityFilter -FilterName <name of filter> -Users <role groups> -Filters "Mailbox_<MailboxPropertyName> -eq '<Value> '", "SiteContent_Path -like '<SharePointURL>' -or SiteContent_Path -like '<OneDriveURL>'"
``` Here's a description of each parameter in the command:
Here's a description of each parameter in the command:
- `Users`: Specifies the users or groups who get this filter applied to the search actions they perform. For compliance boundaries, this parameter specifies the role groups (that you created in Step 3) in the agency that you're creating the filter for. Note this is a multi-value parameter so you can include one or more role groups, separated by commas. -- `Filters`: Specifies the search criteria for the filter. For the compliance boundaries, you define the following filters. Each one applies to a content location.-
- - `Mailbox`: Specifies the mailboxes or OneDrive accounts that the role groups defined in the `Users` parameter can search. This filter allows members of the role group to search only the mailboxes or OneDrive accounts in a specific agency; for example, `"Mailbox_Department -eq 'FourthCoffee'"`.
+- `Filters`: Specifies the search criteria for the filter. For compliance boundaries, you define the following filters. Each one applies to different content locations.
- - `Site_Path`: Specifies the SharePoint sites that the role groups defined in the `Users` parameter can search. The *SharePointURL* specifies the sites in the agency that members of the role group can search. For example, `"Site_Path -like 'https://contoso.sharepoint.com/sites/FourthCoffee*'"`. Notice the `Site` and `Site_Path` filters are connected by an **-or** operator.
+ - `Mailbox`: Specifies the mailboxes or OneDrive accounts that the role groups defined in the `Users` parameter can search. This filter allows members of the role group to search only the mailboxes or OneDrive accounts in a specific agency; for example, `"Mailbox_Department -eq 'FourthCoffee'"`.
- > [!NOTE]
- > The syntax for the `Filters` parameter includes a *filters list*. A filters list is a filter that includes a mailbox filter and a site path filter separated by a comma. In the previous example, notice that a comma separates **Mailbox_MailboxPropertyName** and **Site_Path**: `-Filters "Mailbox_<MailboxPropertyName> -eq '<Value> '", "Site_Path -like '<SharePointURL>*'"`. When this filter is processed during the running of a content search, two search permissions filters are created from the filters list: one mailbox filter and one SharePoint filter. An alternative to using a filters list would be to create two separate search permissions filters for each agency: one search permissions filter for the mailbox attribute and one filter for the SharePoint site attributes. In either case, the results will be the same. Using a filters list or creating separate search permissions filters is a matter of preference.
+ - `SiteContent`: This filter includes two separate filters. The first `SiteContent_Path` specifies the SharePoint sites in the agency that the role groups defined in the `Users` parameter can search. For example, `SiteContent_Path -like 'https://contoso.sharepoint.com/sites/FourthCoffee'`. The second `SiteContent_Path` filter (connected to the first `SiteContent_Path` filter by the `or` operator) specifies the agency's OneDrive domain (also called the *MySite* domain). For example, `SiteContent_Path -like 'https://contoso-my.sharepoint.com/personal'`. You can also use the `Site_Path` filter in place of the `SiteContent` filter. The `Site` and `SiteContent` filters are interchangeable, and don't affect search permissions filters described in this article.
-- `Action`: Specifies the type of search action the filter is applied to. For example, `-Action Search` would only apply the filter when members of the role group defined in the `Users` parameter run a search. In this case, the filter wouldn't be applied when exporting search results. For compliance boundaries, use `-Action All` so the filter applies to all search actions. -
- For a list of the search actions, see the "New-ComplianceSecurityFilter" section in [Configure permissions filtering for Content Search](permissions-filtering-for-content-search.md#new-compliancesecurityfilter).
+ > [!IMPORTANT]
+ > Why is the `SiteContent` filter for OneDrive included in the previous search permissions filter? Although the `Mailbox` filter applies to *both* mailboxes and OneDrive accounts, the inclusion of the SharePoint filter would exclude OneDrive accounts if you didn't also include the OneDrive `Site` filter. If the search permissions filter didn't include a SharePoint filter, then you wouldn't have to include a separate OneDrive filter because the Mailbox filter would include OneDrive accounts in the scope of the compliance boundary. In other words, a search permissions filter with only the `Mailbox` filter would include both mailboxes and OneDrive accounts.
Here are examples of the two search permissions filters that would be created to support the Contoso compliance boundaries scenario. Both of these examples include a comma-separated filters list, in which the mailbox and site filters are included in the same search permissions filter and are separated by a comma. ### Fourth Coffee ```powershell
-New-ComplianceSecurityFilter -FilterName "Fourth Coffee Security Filter" -Users "Fourth Coffee eDiscovery Managers", "Fourth Coffee Investigators" -Filters "Mailbox_Department -eq 'FourthCoffee'", "Site_Path -like 'https://contoso.sharepoint.com/sites/FourthCoffee*'" -Action ALL
+New-ComplianceSecurityFilter -FilterName "Fourth Coffee Security Filter" -Users "Fourth Coffee eDiscovery Managers", "Fourth Coffee Investigators" -Filters "Mailbox_Department -eq 'FourthCoffee'", "SiteContent_Path -like 'https://contoso.sharepoint.com/sites/FourthCoffee' -or SiteContent_Path -like 'https://contoso-my.sharepoint.com/personal'"
``` ### Coho Winery ```powershell
-New-ComplianceSecurityFilter -FilterName "Coho Winery Security Filter" -Users "Coho Winery eDiscovery Managers", "Coho Winery Investigators" -Filters "Mailbox_Department -eq 'CohoWinery'", "Site_Path -like 'https://contoso.sharepoint.com/sites/CohoWinery*'" -Action ALL
+New-ComplianceSecurityFilter -FilterName "Coho Winery Security Filter" -Users "Coho Winery eDiscovery Managers", "Coho Winery Investigators" -Filters "Mailbox_Department -eq 'CohoWinery'", "SiteContent_Path -like 'https://contoso.sharepoint.com/sites/CohoWinery' -or SiteContent_Path -like 'https://contoso-my.sharepoint.com/personal'"
```
+> [!NOTE]
+> The syntax for the `Filters` parameters in the previous examples includes a *filters list*. A filters list is a filter that includes a mailbox filter and a site path filter separated by a comma. In the previous example, notice that a comma separates `Mailbox` and `SiteContent` filters: `-Filters "Mailbox_<MailboxPropertyName> -eq '<Value> '", "SiteContent_Path -like '<SharePointURL>' -or SiteContent_Path -like '<OneDriveURL>'"`. When this filter is processed during the running of an eDiscovery search, two search permissions filters are created from the filters list: one mailbox filter and one SharePoint/OneDrive filter. An alternative to using a filters list would be to create two separate search permissions filters for each agency: one search permissions filter for the mailbox attribute and one filter for the SharePoint and OneDrive site attributes. In either case, the results will be the same. Using a filters list or creating separate search permissions filters is a matter of preference.
+
+### How do the search permissions filters work in this scenario?
+
+Here's how the search permission filters are applied for each agency in this scenario.
+
+1. The `Mailbox` filter is first applied to define the content locations that eDiscovery managers can search. In this case, Coho Winery eDiscovery managers can only search the mailboxes and OneDrive accounts of users whose *Department* mailbox property has a value of **FourthCoffee**; Coho Winery eDiscovery managers can only search the mailboxes and OneDrive accounts of users whose *Department* mailbox property has a value of **CohoWinery**. The `Mailbox` filter is a *content location filter*, because it specifies the content locations that eDiscovery managers can search. In both filters, eDiscovery managers can only search content locations with a specific mailbox property value.
+
+2. After the content locations that can be searched are defined, the next part of the filter defines the content that eDiscovery managers can search. The first `SiteContent` filter lets Fourth Coffee eDiscovery managers only search for documents that have a site path property that contains (or starts with) `https://contoso.sharepoint.com/sites/FourthCoffee`; Coho Winery eDiscovery managers can only search documents that have a site path property that contains (or starts with) `https://contoso.sharepoint.com/sites/CohoWinery`. Therefore, the two `SiteContent` filters are *content filters* because they define the content that can be searched for. In both filters, eDiscovery managers can only search for documents with a specific document property value. All SharePoint-related filters are content filters because searchable site properties are stamped on all documents. For more information, see [Configure permissions filtering for eDiscovery](permissions-filtering-for-content-search.md#new-compliancesecurityfilter).
+
+ > [!NOTE]
+ > Although the scenario in this article doesn't use them, you can also use mailbox content filters to specify the content that eDiscovery managers can search for. The syntax for mailbox content filters is `MailboxContent_<Property:value>`. For example, you can create content filters based on date ranges, recipients, or domains. For more information about mailbox content filters, see [Configure search permissions filtering](permissions-filtering-for-content-search.md#new-compliancesecurityfilter).
+
+3. The search permissions filter is joined to the search query by the **AND** Boolean operator. That means when an eDiscovery manager in one of the agencies runs an eDiscovery search, the items returned by the search must match the search query and the conditions defined in the search permissions filter.
+ ## Step 4: Create an eDiscovery case for intra-agency investigations The final step is to create a Core eDiscovery case or Advanced eDiscovery case in the Microsoft 365 compliance center and then add the role group that you created in Step 2 as a member of the case. This results in two important characteristics of using compliance boundaries:
Search permissions filters also let you control where content is routed for expo
- **Export search results:** You can export the search results from Exchange mailboxes, SharePoint sites, and OneDrive accounts from a specific datacenter. This means that you can specify the datacenter location that search results will be exported from.
- Use the **Region** parameter for **New-ComplianceSecurityFilter** or **Set-ComplianceSecurityFilter** cmdlets to create or change which datacenter the export will be routed through.
+ Use the *Region* parameter for **New-ComplianceSecurityFilter** or **Set-ComplianceSecurityFilter** cmdlets to create or change which datacenter the export will be routed through.
|**Parameter value**|**Datacenter location**| |:--|:--|
Search permissions filters also let you control where content is routed for expo
- **Route content searches:** You can route the content searches of SharePoint sites and OneDrive accounts to a satellite datacenter. This means you can specify the datacenter location where searches will be run.
- Use one of the following values for the **Region** parameter to control the datacenter location that searches will run in when searching SharePoint sites and OneDrive accounts.
+ Use one of the following values for the *Region* parameter to control the datacenter location that searches will run in when searching SharePoint sites and OneDrive accounts.
|**Parameter value**|**Datacenter routing locations for SharePoint**| |:--|:--|
Search permissions filters also let you control where content is routed for expo
|BRA <br/> |North American datacenters | |||
- If you don't specify the **Region** parameter for a search permissions filter, the organization's primary SharePoint region will be searched. Search results are exported to the closest datacenter.
+ If you don't specify the *Region* parameter for a search permissions filter, the organization's primary SharePoint region will be searched. Search results are exported to the closest datacenter.
- To simplify the concept, the **Region** parameter controls the datacenter that is used to search for content in SharePoint and OneDrive. This doesn't apply to searching for content in Exchange because Exchange content searches aren't bound by the geographic location of datacenters. Also, the same **Region** parameter value may also dictate the datacenter that exports are routed through. This is often necessary to control the movement of data across geographic boarders.
+ To simplify the concept, the *Region* parameter controls the datacenter that is used to search for content in SharePoint and OneDrive. This doesn't apply to searching for content in Exchange because Exchange content searches aren't bound by the geographic location of datacenters. Also, the same *Region* parameter value may also dictate the datacenter that exports are routed through. This is often necessary to control the movement of data across geographic boarders.
> [!NOTE]
-> If you're using Advanced eDiscovery, the **Region** parameter doesn't control the region that data is exported from. Data is exported from the organization's central location. Also, searching for content in SharePoint and OneDrive isn't bound by the geographic location of datacenters. All datacenters are searched. For more information about Advanced eDiscovery, see [Overview of the Advanced eDiscovery solution in Microsoft 365](overview-ediscovery-20.md).
+> If you're using Advanced eDiscovery, the *Region* parameter doesn't control the region that data is exported from. Data is exported from the organization's central location. Also, searching for content in SharePoint and OneDrive isn't bound by the geographic location of datacenters. All datacenters are searched. For more information about Advanced eDiscovery, see [Overview of the Advanced eDiscovery solution in Microsoft 365](overview-ediscovery-20.md).
-Here are examples of using the **Region** parameter when creating search permission filters for compliance boundaries. This assumes that the Fourth Coffee subsidiary is located in North America and that Coho Winery is in Europe.
+Here are examples of using the *Region* parameter when creating search permission filters for compliance boundaries. This assumes that the Fourth Coffee subsidiary is located in North America and that Coho Winery is in Europe.
```powershell
-New-ComplianceSecurityFilter -FilterName "Fourth Coffee Security Filter" -Users "Fourth Coffee eDiscovery Managers", "Fourth Coffee Investigators" -Filters "Mailbox_Department -eq 'FourthCoffee'" -or Site_Path -like 'https://contoso.sharepoint.com/sites/FourthCoffee*'" -Action ALL -Region NAM
+New-ComplianceSecurityFilter -FilterName "Fourth Coffee Security Filter" -Users "Fourth Coffee eDiscovery Managers", "Fourth Coffee Investigators" -Filters "Mailbox_Department -eq 'FourthCoffee'", "SiteContent_Path -like 'https://contoso.sharepoint.com/sites/FourthCoffee' -or SiteContent_Path -like 'https://contoso-my.sharepoint.com/personal'" -Region NAM
``` ```powershell
-New-ComplianceSecurityFilter -FilterName "Coho Winery Security Filter" -Users "Coho Winery eDiscovery Managers", "Coho Winery Investigators" -Filters "Mailbox_Department -eq 'CohoWinery'" -or Site_Path -like 'https://contoso.sharepoint.com/sites/CohoWinery*'" -Action ALL -Region EUR
+New-ComplianceSecurityFilter -FilterName "Coho Winery Security Filter" -Users "Coho Winery eDiscovery Managers", "Coho Winery Investigators" -Filters "Mailbox_Department -eq 'CohoWinery'", "SiteContent_Path -like 'https://contoso.sharepoint.com/sites/CohoWinery' -or SiteContent_Path -like 'https://contoso-my.sharepoint.com/personal'" -Region EUR
``` Keep the following things in mind when searching and exporting content in multi-geo environments. -- The **Region** parameter doesn't control searches of Exchange mailboxes. All datacenters will be searched when you search mailboxes. To limit the scope of which Exchange mailboxes are searched, use the **Filters** parameter when creating or changing a search permissions filter.
+- The *Region* parameter doesn't control searches of Exchange mailboxes. All datacenters will be searched when you search mailboxes. To limit the scope of which Exchange mailboxes are searched, use the *Filters* parameter when creating or changing a search permissions filter.
- If it's necessary for an eDiscovery Manager to search across multiple SharePoint regions, you need to create a different user account for that eDiscovery manager to use in the search permissions filter to specify the region where the SharePoint sites or OneDrive accounts are located. For more information about setting this up, see the "Searching for content in a SharePoint Multi-Geo environment" section in [Content Search](content-search-reference.md#searching-for-content-in-a-sharepoint-multi-geo-environment). -- When searching for content in SharePoint and OneDrive, the **Region** parameter directs searches to either the primary or satellite location where the eDiscovery manager will conduct eDiscovery investigations. If an eDiscovery manager searches SharePoint and OneDrive sites outside of the region that's specified in the search permissions filter, no search results are returned.
+- When searching for content in SharePoint and OneDrive, the *Region* parameter directs searches to either the primary or satellite location where the eDiscovery manager will conduct eDiscovery investigations. If an eDiscovery manager searches SharePoint and OneDrive sites outside of the region that's specified in the search permissions filter, no search results are returned.
-- When exporting search results from Core eDiscovery, content from all content locations (including Exchange, Skype for Business, SharePoint, OneDrive, and other services that you can search by using the Content Search tool) are uploaded to the Azure Storage location in the datacenter that's specified by the **Region** parameter. This helps organizations stay within compliance by not allowing content to be exported across controlled borders. If no region is specified in the search permissions filter, content is uploaded to the organization's primary datacenter.
+- When exporting search results from Core eDiscovery, content from all content locations (including Exchange, Skype for Business, SharePoint, OneDrive, and other services that you can search by using the Content Search tool) are uploaded to the Azure Storage location in the datacenter that's specified by the *Region* parameter. This helps organizations stay within compliance by not allowing content to be exported across controlled borders. If no region is specified in the search permissions filter, content is uploaded to the organization's primary datacenter.
- When exporting content from Advanced eDiscovery, you can't control where content is uploaded by using the **Region** parameter. Content is uploaded to an Azure Storage location in a datacenter in your organization's central location. For a list of geo locations based on your central location, see [Microsoft 365 Multi-Geo eDiscovery configuration](../enterprise/multi-geo-ediscovery-configuration.md).
+ When exporting content from Advanced eDiscovery, you can't control where content is uploaded by using the *Region* parameter. Content is uploaded to an Azure Storage location in a datacenter in your organization's central location. For a list of geo locations based on your central location, see [Microsoft 365 Multi-Geo eDiscovery configuration](../enterprise/multi-geo-ediscovery-configuration.md).
- You can edit an existing search permissions filter to add or change the region by running the following command:
Keep the following things in mind when searching and exporting content in multi-
Use the following syntax to create a search permissions filter for a SharePoint hub site: ```powershell
-New-ComplianceSecurityFilter -FilterName <Filter Name> -Users <User or Group> -Filters "Site_Departmentid -eq '{SiteId of hub site}'" -Action ALL
+New-ComplianceSecurityFilter -FilterName <Filter Name> -Users <User or Group> -Filters "Site_Departmentid -eq '{SiteId of hub site}'"
``` Here's an example of creating a search permissions filter for a hub site for the Coho Winery agency: ```powershell
-New-ComplianceSecurityFilter -FilterName "Coho Winery Hub Site Security Filter" -Users "Coho Winery eDiscovery Managers", "Coho Winery Investigators" -Filters "Site_Departmentid -eq '44252d09-62c4-4913-9eb0-a2a8b8d7f863'" -Action ALL
+New-ComplianceSecurityFilter -FilterName "Coho Winery Hub Site Security Filter" -Users "Coho Winery eDiscovery Managers", "Coho Winery Investigators" -Filters "Site_Departmentid -eq '44252d09-62c4-4913-9eb0-a2a8b8d7f863'"
``` ## Compliance boundary limitations
compliance Use Drive Shipping To Import Pst Files To Office 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/use-drive-shipping-to-import-pst-files-to-office-365.md
The next step is to use the WAImportExport.exe tool to copy PST files to the har
3. Run the following command the first time that you use the WAImportExport.exe to copy PST files to a hard drive. ```powershell
- WAImportExport.exe PrepImport /j:<Name of journal file> /t:<Drive letter> /id:<Name of session> /srcdir:<Location of PST files> /dstdir:<PST file path> /sk:<Storage account key> /blobtype:BlockBlob /encrypt /logdir:<Log file location>
+ WAImportExport.exe PrepImport /j:<Name of journal file> /t:<Drive letter> /id:<Name of session> /srcdir:<Location of PST files> /dstdir:<PST file path> /blobtype:BlockBlob /encrypt /logdir:<Log file location>
``` The following table describes the parameters and their required values.
The next step is to use the WAImportExport.exe tool to copy PST files to the har
| `/id:` <br/> |Specifies the name of the copy session. A session is defined as each time you run the WAImportExport.exe tool to copy files to the hard drive. The PST files are copied to a folder named with the session name specified by this parameter. <br/> | `/id:driveship1` <br/> | | `/srcdir:` <br/> |Specifies the source directory in your organization that contains the PST files that will be copied during the session. Be sure to surround the value of this parameter with double-quotation marks (" "). <br/> | `/srcdir:"\\FILESERVER01\PSTs"` <br/> | | `/dstdir:` <br/> |Specifies the destination directory in the Azure Storage area in the Microsoft cloud where the PSTs will be uploaded. You must use the value `ingestiondata/`. Be sure to surround the value of this parameter with double-quotation marks (" "). <br/> Optionally, you can also add an extra file path to the value of this parameter. For example, you can use the file path of the source directory on the hard drive (converted to a URL format), which is specified in the `/srcdir:` parameter. For example, `\\FILESERVER01\PSTs` is changed to `FILESERVER01/PSTs`. In this case, you still must include `ingestiondata` in the file path. So in this example, the value for the `/dstdir:` parameter would be `"ingestiondata/FILESERVER01/PSTs"`. <br/> One reason to add the additional file path is if you have PSTs files with the same filename. <br/> > [!NOTE]> If you include the optional pathname, the namespace for a PST file after it's uploaded to the Azure Storage area includes the pathname and the name of the PST file; for example, `FILESERVER01/PSTs/annb.pst`. If you don't include a pathname, the namespace is only the PST filename; for example `annb.pst`. | `/dstdir:"ingestiondata/"` <br/> Or <br/> `/dstdir:"ingestiondata/FILESERVER01/PSTs"` <br/> |
- | `/sk:` <br/> |Specifies the storage account key that you obtained in Step 1. Be sure to surround the value of this parameter with double-quotation marks (" "). <br/> | `"yaNIIs9Uy5g25Yoak+LlSHfqVBGOeNwjqtBEBGqRMoidq6/e5k/VPkjOXdDIXJHxHvNoNoFH5NcVUJXHwu9ZxQ=="` <br/> |
| `/blobtype:` <br/> |Specifies the type of blobs in the Azure Storage area to import the PST files to. For importing PST files, use the value **BlockBlob**. This parameter is required. <br/> | `/blobtype:BlockBlob` <br/> | | `/encrypt` <br/> |This switch turns on BitLocker for the hard drive. This parameter is required the first time you run the WAImportExport.exe tool. <br/> The BitLocker encryption key is copied to the journal file and the log file that is created if you use the `/logfile:` parameter. As previously explained, the journal file is saved to the same folder where the WAImportExport.exe tool is located. <br/> | `/encrypt` <br/> | | `/logdir:` <br/> |This optional parameter specifies a folder to save log files to. If not specified, the log files are saved to the same folder where the WAImportExport.exe tool is located. Be sure to surround the value of this parameter with double-quotation marks (" "). <br/> | `/logdir:"c:\users\admin\desktop\PstImportLogs"` <br/> |
The next step is to use the WAImportExport.exe tool to copy PST files to the har
Here's an example of the syntax for the WAImportExport.exe tool using actual values for each parameter: ```powershell
- WAImportExport.exe PrepImport /j:PSTHDD1.jrn /t:f /id:driveship1 /srcdir:"\\FILESERVER01\PSTs" /dstdir:"ingestiondata/" /sk:"yaNIIs9Uy5g25Yoak+LlSHfqVBGOeNwjqtBEBGqRMoidq6/e5k/VPkjOXdDIXJHxHvNoNoFH5NcVUJXHwu9ZxQ==" blobtype:BlockBlob /encrypt /logdir:"c:\users\admin\desktop\PstImportLogs"
+ WAImportExport.exe PrepImport /j:PSTHDD1.jrn /t:f /id:driveship1 /srcdir:"\\FILESERVER01\PSTs" /dstdir:"ingestiondata/" blobtype:BlockBlob /encrypt /logdir:"c:\users\admin\desktop\PstImportLogs"
``` After you run the command, status messages are displayed that show the progress of copying the PST files to the hard drive. A final status message shows the total number of files that were successfully copied.
To install the Azure Storage Explorer and connect to your Azure Storage area:
First time:
- WAImportExport.exe PrepImport /j:<Name of journal file> /t:<Drive letter> /id:<Name of session> /srcdir:<Location of PST files> /dstdir:<PST file path> /sk:<Storage account key> /blobtype:BlockBlob /encrypt /logdir:<Log file location>
+ WAImportExport.exe PrepImport /j:<Name of journal file> /t:<Drive letter> /id:<Name of session> /srcdir:<Location of PST files> /dstdir:<PST file path> /blobtype:BlockBlob /encrypt /logdir:<Log file location>
Subsequent times:
To install the Azure Storage Explorer and connect to your Azure Storage area:
First time:
- WAImportExport.exe PrepImport /j:PSTHDD1.jrn /t:f /id:driveship1 /srcdir:"\\FILESERVER1\PSTs" /dstdir:"ingestiondata/" /sk:"yaNIIs9Uy5g25Yoak+LlSHfqVBGOeNwjqtBEBGqRMoidq6/e5k/VPkjOXdDIXJHxHvNoNoFH5NcVUJXHwu9ZxQ==" /blobtype:BlockBlob /encrypt /logdir:"c:\users\admin\desktop\PstImportLogs"
+ WAImportExport.exe PrepImport /j:PSTHDD1.jrn /t:f /id:driveship1 /srcdir:"\\FILESERVER1\PSTs" /dstdir:"ingestiondata/"
+ /blobtype:BlockBlob /encrypt /logdir:"c:\users\admin\desktop\PstImportLogs"
Subsequent times:
compliance Whats New https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/compliance/whats-new.md
Whether it be adding new solutions to the [Microsoft 365 compliance center](micr
### Compliance & service assurance -- [Service assurance](https://docs.microsoft.com/en-us/compliance/) has been updated with quarterly review content updates for certifications and statements of applicability:
+- [Service assurance](/compliance/) has been updated with quarterly review content updates for certifications and statements of applicability:
- Architecture - Audit logging - Encryption and key management
contentunderstanding Adoption Getstarted https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/adoption-getstarted.md
Think of the intelligent content services available in SharePoint Syntex as havi
- **Content processing:** Automate capture, ingestion, and categorization of content and streamline content-centric processes using Power Automate. Learn more about [content processing](form-processing-overview.md). - **Content compliance:** Control and manage content to improve security and governance with integration to Microsoft Information Protection.
-With new AI services and capabilities, you can build content understanding and classification apps directly into the content management flow using SharePoint Syntex. There are two different ways of understanding your content. The model type you use is based on file format and use case:
+With new AI services and capabilities, you can build content understanding and classification apps directly into the content management flow using SharePoint Syntex. There are two different ways of understanding your content. The model type you use is based on file format and use case.
| Form processing | Document understanding | |:-|:-|
Use the [example scenarios and use cases](adoption-scenarios.md) to prompt ideas
## Identify roles & responsibilities
-Determine who in your organization will build and manage the models? The following roles might be involved:
+Determine who in your organization will build and manage the models. The following roles might be involved.
| SharePoint/Knowledge admin | Power Platform admin | Knowledge manager | Model owner | |:-|:-|:-|:-|
To get ready for implementing SharePoint Syntex, you need to:
## See also [Scenarios and use cases for SharePoint Syntex](adoption-scenarios.md)+ [Manage contracts using a Microsoft 365 solution](solution-manage-contracts-in-microsoft-365.md)
contentunderstanding Set Up Content Understanding https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/set-up-content-understanding.md
To use SharePoint Syntex, your organization must have a subscription to SharePoi
To use form processing, you also need AI Builder credits. If you have 300 or more licensed users, an allocation of AI Builder credits is provided each month.
+For details about SharePoint Syntex licensing, see [SharePoint Syntex licensing](syntex-licensing.md)
+ ## To set up SharePoint Syntex 1. In the Microsoft 365 admin center, select **Setup**, and then view the **Files and content** section.
contentunderstanding Syntex Licensing https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/contentunderstanding/syntex-licensing.md
+
+ Title: 'Licensing for SharePoint Syntex'
++++
+audience: admin
++
+ - enabler-strategic
+ - m365initiative-syntex
+search.appverid: MET150
+localization_priority: Priority
+description: "Learn about licensing for SharePoint Syntex"
++
+# Licensing for SharePoint Syntex
+
+To use SharePoint Syntex, your organization must have a subscription to SharePoint Syntex, and each Syntex user must have a license. If you cancel your SharePoint Syntex subscription at a future date (or your trial expires), users will no longer be able to create, publish, or run document understanding or form processing models. Additionally, term store reports, SKOS taxonomy import, and Content type push will no longer be available. No models, content, or metadata will be deleted and site permissions will not be changed.
+
+## Tasks requiring a license
+
+The following tasks require a SharePoint Syntex license for the user performing them:
+
+- Applying a document understanding model to a library. (Unlicensed users can be granted access to a content center and can create document understanding models there but can't apply them to a document library.)
+- Creating a form processing model via the entry point in a library
+- Uploading content to a library where a document understanding or form processing model has been applied
+- Running a document understanding model on-demand
+- Viewing the metadata extracted from files using a document understanding or forms processing model. (Users must be licensed to access and use metadata associated with processed files, regardless of where the files are moved.)
+- Use premium taxonomy services. (Premium taxonomy services comprise SKOS-based term set import, pushing enterprise content types to hub-associated sites, and term store reports.)
+
+Unlicensed users can be granted access to a content center and can create document understanding models there but can't apply them to a document library.
+
+## Cost of running models
+
+The cost of running document understanding models is included in the cost of a SharePoint Syntex license. However, form processing models use AI Builder capacity, for both training and runtime processing. Capacity must be allocated to the Power Apps environment where you will use AI Builder.
+
+If you have 300 or more SharePoint Syntex licenses for SharePoint Syntex in your organization, you will be allocated one million AI Builder credits. This capacity is renewed each month if you maintain the 300-license minimum. (Unused credits don't roll over from month to month.) If you have fewer than 300 licenses, you must purchase AI Builder credits in order to use forms processing.
+
+You can estimate the AI Builder capacity thatΓÇÖs right for you with the [AI Builder calculator](https://powerapps.microsoft.com/ai-builder-calculator).
+
+If you plan to use a custom Power Platform environment, you must [allocate credits to that environment](/power-platform/admin/capacity-add-on).
+
+Go to the [Power Platform admin center](https://admin.powerplatform.microsoft.com/resources/capacity) to check your credits and usage.
+
+## Additional term store features
+
+A subscription to SharePoint Syntex features the following additional term store features:
+
+- SKOS-based term set import
+- Pushing enterprise content types to a hub site, which also adds them to the associated sites and any newly created lists or libraries
+- Term store reports providing insights into published term sets and their use across your tenant
++
+## See also
+
+[Licensing overview for Microsoft Power Platform](/power-platform/admin/pricing-billing-skus)
+
+[Power Apps and Power Automate licensing FAQ](/power-platform/admin/powerapps-flow-licensing-faq)
enterprise Portallaunchscheduler https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/PortalLaunchScheduler.md
If you are planning to launch a portal with over 100,000 users, submit a support
**Follow these steps:**
-1. Go to <https://admin.microsoft.com>.
-2. Ensure you are using the new admin center preview
-3. On the left navigational pane, select **Support**, and then select **New Service Request**
+1. As an administrator , click the following link which will populate a help query in the admin center.
- This will activate the **Need Help?** pane on the right-hand side of your screen.
+[Launch SharePoint Portal with 100k users](https://admin.microsoft.com/AdminPortal/?searchSolutions=Launch%20SharePoint%20Portal%20with%20100k%20users)
-4. For **Briefly describe your issue**, enter "Launch SharePoint Portal with 100k users"</br>
-5. Then, select **Contact Support**
-6. Under **Description**, enter "Launch SharePoint Portal with 100k users"
-7. Fill out the remaining information, and then select **Contact me**
-8. After the ticket has been created, ensure you provide the support agent with the following information:
+2. At the bottom of the pane, select **Contact Support**, and then select **New Service Request**.
+
+3. Under **Description**, enter "Launch SharePoint Portal with 100k users".
+
+4. Fill out the remaining info, and select **Contact me**.
+
+5. After the ticket has been created, ensure you provide the support agent with the following information:
- Portal URL's - Number of users expected - Estimated launch schedule
enterprise Setup Guides For Microsoft 365 https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/setup-guides-for-microsoft-365.md
description: "Get step-by-step tools to plan, migrate, and implement the feature
Microsoft 365 and Office 365 setup guides give you tailored guidance and resources for planning and deploying your tenant, apps, and services. These guides are created using the same best practices that [Microsoft 365 FastTrack](https://www.microsoft.com/fasttrack/microsoft-365) onboarding specialists share in individual interactions, and they're available to all admins within the Microsoft 365 admin center. They give information on product setup, enabling security features, deploying collaboration tools, and provide scripts to speed up advanced deployments.
+> [!NOTE]
+> You must be assigned an admin role like Global Reader to access the Microsoft 365 setup guides. Only admins with the Global Administrator role can use the guides to change settings in the tenant.
+
+## How to access setup guides in the Microsoft 365 admin center
+
+The setup guides are accessible from the [Setup guidance](https://aka.ms/setupguidance) page in the Microsoft 365 admin center. You can keep track of the status of your progress and return at any time to complete a guide. To reach the **Setup guidance** page:
+
+1. In the [Microsoft 365 admin center](https://admin.microsoft.com/), go to the **Home** page.
+
+2. Find the **Training & guides** card.
+
+ ![Training & guides card in the Microsoft 365 admin center](../media/setup-guides-for-microsoft-365/adminportal-trainingandguides.png)
+
+3. Select **Step-by-step guides**.
+
+ ![Screenshot of the Setup guidance page in the Microsoft 365 admin center](../media/setup-guides-for-microsoft-365/adminportal-setupguidance.png)
+ ## Guides for initial setup ### Prepare your environment
-The [Prepare your environment](https://aka.ms/prepareyourenvironment) guide helps you prepare your organization's environment for Microsoft 365 and Office 365 services. Regardless of your goals, there are tasks you'll need to complete to ensure a successful deployment. To avoid any errors while preparing your environment, you're provided with step-by-step instructions to connect your domain, add users, assign licenses, set up email with Exchange Online, and install or deploy Office apps.
+The [Prepare your environment](https://aka.ms/prepareyourenvironment) guide helps you prepare your organization's environment for Microsoft 365 and Office 365 services. Whatever your goals are, there are tasks you'll need to complete to ensure a successful deployment. To avoid any errors while preparing your environment, you're provided with step-by-step instructions to connect your domain, add users, assign licenses, set up email with Exchange Online, and install or deploy Office apps.
### Email setup guide
-The [Email setup guide](https://aka.ms/office365setup) provides you with the step-by-step guidance needed for configuring Exchange Online for your organization. This includes setting up new email accounts, migrating email, and configuring email protection. For a successful email setup, use this advisor and you'll receive the recommended migration method based on your organization's current mail system, the number of mailboxes being migrated, and how you want to manage users and their access.
+The [Email setup guide](https://aka.ms/office365setup) provides you with the step-by-step guidance needed for configuring Exchange Online for your organization. This guidance includes setting up new email accounts, migrating email, and configuring email protection. For a successful email setup, use this advisor and you'll receive the recommended migration method based on your organization's current mail system, the number of mailboxes being migrated, and how you want to manage users and their access.
### Migrate Gmail contacts and calendar items
The [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide) pr
You'll receive guidance and access to resources to enable your cloud services, update devices to the latest supported version of Windows 10, and join devices to Azure Active Directory (Azure AD), all in one central location. - ### Remote work setup guide The [Remote work setup guide](https://aka.ms/remoteworksetup) provides organizations with the tips and resources needed to ensure your users can successfully work remotely, your data is secure, and users' credentials are safeguarded.
You'll receive guidance to optimize remote workers' device traffic to both Micro
Windows Virtual Desktop is a comprehensive desktop and app virtualization service running in the cloud. It's the only virtual desktop infrastructure (VDI) that delivers simplified management, multi-session Windows 10, optimizations for Microsoft 365 Apps, and support for Remote Desktop Services (RDS) environments. Deploy and scale your Windows desktops and apps to Azure in minutes and get built-in security and compliance features.
-The [Windows Virtual Desktop setup guide](https://aka.ms/wvdsetupguide) provides administrators with planning resources and the prerequisites for deployment, setup guidance, and additional resources.
+The [Windows Virtual Desktop setup guide](https://aka.ms/wvdsetupguide) provides administrators with planning resources and the prerequisites for deployment, setup guidance, and other resources.
### Microsoft Edge setup guide Microsoft Edge has been rebuilt from the ground up to bring you world-class compatibility and performance, the security and privacy you deserve, and new features designed to bring you the best of the web.
-The [Microsoft Edge setup guide](https://aka.ms/edgeadvisor) will help you configure Enterprise Site Discovery to see which sites accessed in your org might need to use IE mode, review and configure important security features, configure privacy policies and additional policies to meet your org's requirements, and manage web access on your devices. You can download Microsoft Edge to individual devices, or we'll show you how to deploy to multiple users in your org with Configuration Manager or Microsoft Intune.
+The [Microsoft Edge setup guide](https://aka.ms/edgeadvisor) will help you configure Enterprise Site Discovery to see which sites accessed in your org might need to use IE mode, review and configure important security features, configure privacy policies and compliance policies to meet your org's requirements, and manage web access on your devices. You can download Microsoft Edge to individual devices, or we'll show you how to deploy to multiple users in your org with Group Policy, Configuration Manager, or Microsoft Intune.
### Configure IE mode for Microsoft Edge
If you've already deployed Microsoft Edge and only want to configure IE mode, th
Microsoft Search helps your organization find what they need to complete what they're working on. Whether it's searching for people, files, org charts, sites, or answers to common questions, your org can use Microsoft Search throughout their workday to get answers.
-The [Microsoft Search setup guide](https://aka.ms/MicrosoftSearchSetup) helps you configure Microsoft Search whether you want to pilot it to a group of users or roll it out to everyone in your org. You'll assign Search admins and Search editors and then customize the search experience for your users with answers and additional options, like adding the Bing extension to Chrome or setting Bing as your default search engine.
+The [Microsoft Search setup guide](https://aka.ms/MicrosoftSearchSetup) helps you configure Microsoft Search whether you want to pilot it to a group of users or roll it out to everyone in your org. You'll assign Search admins and Search editors and then customize the search experience for your users with answers and more options, like adding the Bing extension to Chrome or setting Bing as your default search engine.
### Intune Configuration Manager co-management setup guide
Use the [Intune Configuration Manager co-management setup guide](https://aka.ms/
### Azure AD setup guide
-The [Azure AD setup guide](https://aka.ms/aadpguidance) provides information to ensure your organization has a strong security foundation. In this guide youΓÇÖll set up initial features, like Azure role-based access control (Azure RBAC) for admins, Azure AD Connect for your on-premises directory, and Azure AD Connect Health, so you can monitor your hybrid identity's health during automated syncs.
+The [Azure AD setup guide](https://aka.ms/aadpguidance) provides information to ensure your organization has a strong security foundation. In this guide youΓÇÖll set up initial features, like Azure Role-based access control (Azure RBAC) for admins, Azure AD Connect for your on-premises directory, and Azure AD Connect Health, so you can monitor your hybrid identity's health during automated syncs.
-It also includes essential information on enabling self-service password resets, conditional access and integrated third-party sign-on including optional advanced identity protection and user provisioning automation.
+It also includes essential information on enabling self-service password resets, conditional access and integrated third party sign-on including optional advanced identity protection and user provisioning automation.
### Sync users from your Windows Server Active Directory
-The [Sync users from your Windows Server Active Directory wizard](https://aka.ms/directorysyncsetup) walks you through turning on directory synchronization. This brings your on-premises and cloud identities together for easier access and simplified management. Unlock new capabilities, like single sign-on, self-service options, automatic account provisioning, conditional access controls, and compliance policies. This ensures that your users have access to the resources they need from anywhere.
+The [Sync users from your Windows Server Active Directory](https://aka.ms/directorysyncsetup) guide walks you through turning on directory synchronization. Directory synchronization brings your on-premises and cloud identities together for easier access and simplified management. Unlock new capabilities, like single sign-on, self-service options, automatic account provisioning, conditional access controls, and compliance policies. These capabilities ensure your users have access to the resources they need from anywhere.
### Plan your passwordless deployment
Upgrade to an alternative sign-in approach that allows users to access their dev
- The Microsoft Authenticator app - Security keys
-Use the [Plan your passwordless deployment wizard](https://aka.ms/passwordlesssetup) to discover the best passwordless authentication methods to use and receive guidance on how to deploy them.
+Use the [Plan your passwordless deployment](https://aka.ms/passwordlesssetup) guide to discover the best passwordless authentication methods to use and receive guidance on how to deploy them.
### Plan your self-service password reset (SSPR) deployment Give users the ability to change or reset their password independently, if their account is locked, or they forget their password without the need to contact a helpdesk engineer.
-Use the [Plan your self-service password reset deployment wizard](https://aka.ms/SSPRSetupGuide) to receive relevant articles and instructions for configuring the appropriate Azure portal options to help you deploy SSPR in your environment.
+Use the [Plan your self-service password reset deployment](https://aka.ms/SSPRSetupGuide) guide to receive relevant articles and instructions for configuring the appropriate Azure portal options to help you deploy SSPR in your environment.
### Active Directory Federation Services (AD FS) deployment advisor
Use the [Exchange Online Protection setup guide](https://aka.ms/EOPguidance) to
### Microsoft Defender for Office 365 setup guide
-The [Microsoft Defender for Office 365 setup guide](https://aka.ms/oatpsetup) safeguards your organization against malicious threats that your environment might encounter through email messages, links, and third-party collaboration tools. This guide provides you with the resources and information to help you prepare and identify the Defender for Office 365 plan to fit your organization's needs.
+The [Microsoft Defender for Office 365 setup guide](https://aka.ms/oatpsetup) safeguards your organization against malicious threats that your environment might come across through email messages, links, and third party collaboration tools. This guide provides you with the resources and information to help you prepare and identify the Defender for Office 365 plan to fit your organization's needs.
### Microsoft Defender for Identity setup guide
Get an overview of the capabilities you can apply to your Information Protection
The [Microsoft Information governance setup guide](https://aka.ms/migsetupguide) provides you with the information you'll need to set up and manage your organization's governance strategy, to ensure that your data is classified and managed according to the specific lifecycle guidelines you set. With this guide, you'll learn how to create, auto-apply, or publish labels, label policies, and retention policies that are applied to your organization's reusable content and compliance records. You'll also get information on importing CSV files with a file plan for bulk scenarios or for applying them manually to individual documents.
+### Microsoft Cloud App Security setup guide
+
+The [Microsoft Cloud App Security setup guide](https://aka.ms/cloudappsecuritysetup) provides easy to follow deployment and management guidance to set up your Cloud Discovery solution. With Cloud Discovery, you'll integrate your supported security apps, and then you'll use traffic logs to dynamically discover and analyze the cloud apps that your organization uses. You'll also set up features available through the Cloud App Security solution, including threat detection policies to identify high-risk use, information protection policies to define access, and real-time session controls to monitor activity. With these features, your environment gets enhanced visibility, control over data movement, and analytics to identify and combat cyberthreats across all your Microsoft and third party cloud services.
+ ## Guides for collaboration ### Build your employee experience
The [Mobile apps setup guide](https://aka.ms/officeappguidance) provides instruc
### Microsoft Teams setup guide
-The [Microsoft Teams setup guide](https://aka.ms/teamsguidance) provides your organization with guidance to set up team workspaces that host real-time conversations through messaging, calls, and audio or video meetings for both team and private communication. You'll receive the instructions for determining your organization's network requirements by using the Network Planner tool and the Teams advisor within the Teams admin center. Once your deployment is complete, the guide includes helpful resources to get started using Teams.
+The [Microsoft Teams setup guide](https://aka.ms/teamsguidance) provides your organization with guidance to set up team workspaces that host real-time conversations through messaging, calls, and audio or video meetings for both team and private communication. Use the tools in this guide to configure Guest access, set who can create teams, and add team members from a .csv file, all without the need to open a PowerShell session. You'll also get best practices for determining your organization's network requirements and ensuring a successful Teams deployment.
+
+### Microsoft Teams for Education setup guide
+
+The [Microsoft Teams for Education setup guide](https://aka.ms/teamsedusetup) provides your school with guidance that brings collaborative classrooms, conversations, meetings, files, and apps together in one place. The guide also provides instructions to prepare, plan, and configure Teams for your school. After your deployment is complete, use built-in tools to configure who can create teams, and optionally create teams yourself while populating members with a .csv file.
### SharePoint setup guide
-The [SharePoint setup guide](https://aka.ms/spoguidance) helps you set up your SharePoint document storage and content management, create sites, configure external sharing, migrate data and configure advanced settings, and drive user engagement and communication within your organization. You'll follow steps for configuring your content-sharing permission policies, choose your migration sync tools, as well as enable the security settings for your SharePoint environment.
+The [SharePoint setup guide](https://aka.ms/spoguidance) helps you set up your SharePoint document storage and content management, create sites, configure external sharing, migrate data and configure advanced settings, and drive user engagement and communication within your organization. You'll follow steps for configuring your content-sharing permission policies, choose your migration sync tools, and enable the security settings for your SharePoint environment.
### OneDrive setup guide
Use the [OneDrive setup guide](https://aka.ms/ODfBquickstartguide) to get starte
Connect and engage across your organization with Yammer. The [Yammer deployment advisor](https://aka.ms/yammerdeploymentguide) prepares your Yammer network by adding domains, defining admins, and combining Yammer networks. You'll get guidance to deploy Yammer and then customize the look, configure security and compliance, and refine the settings.
-## Advanced wizards
+## Advanced guides
### In-place upgrade with Configuration Manager
Use the [In-place upgrade with Configuration Manager guide](https://aka.ms/win10
### Deploy Office to your users
-Deploy Office apps from the cloud with the ability to customize your installation by using the Office Deployment Tool. The [Deploy Office to your users guide](https://aka.ms/proplusodt) helps you create a customized Office configuration with advanced settings, or you can use a pre-built recommended configuration. Whether your users are conducting a self-install or you're deploying to your users individually or in bulk, this advanced wizard provides you with step-by-step instructions to give users an Office installation tailored to your organization.
+Deploy Office apps from the cloud with the ability to customize your installation by using the Office Deployment Tool. The [Deploy Office to your users guide](https://aka.ms/proplusodt) helps you create a customized Office configuration with advanced settings, or you can use a pre-built recommended configuration. Whether your users are conducting a self-install or you're deploying to your users individually or in bulk, this advanced guide provides you with step-by-step instructions to give users an Office installation tailored to your organization.
### Deploy Office to remote users
For organizations using Configuration Manager, you can use the [Deploy and updat
### Intune Configuration Manager co-management setup guide Use the [Intune Configuration Manager co-management setup guide](https://aka.ms/comanagementsetup) to set up existing Configuration Manager client devices and new internet-based devices that your org wants to co-manage with both Microsoft Intune and Configuration Manager. Co-management allows you to manage Windows 10 devices and adds new functionality to your org's devices, while receiving the benefits of both solutions.-
-## How to access setup guides in the Microsoft 365 admin center
-
-The setup guides are accessible from the [Setup guidance](https://aka.ms/setupguidance) page in the Microsoft 365 admin center. You can keep track of the status of your progress and you have the option to return at any time to complete a guide. To reach the **Setup guidance** page:
-
-1. In the [Microsoft 365 admin center](https://admin.microsoft.com/), go to the **Home** page.
-
-2. Find the **Training & guides** card.
-
- ![Training & guides card in the Microsoft 365 admin center.](../media/setup-guides-for-microsoft-365/adminportal-trainingandguides.png)
-
-3. Select **Step-by-step guides**.
-
- ![Screenshot of the Setup guidance page in the Microsoft 365 admin center.](../media/setup-guides-for-microsoft-365/adminportal-setupguidance.png)
-
-> [!NOTE]
-> Tenant administrator permissions are required to access the Microsoft 365 admin center.
-
-## How do setup guides work in the Microsoft 365 admin center?
-
-Each guide provides you with step-by-step instructions, resources, articles, and when needed, scripts you can use to make configuration changes. These guides provide you with choices that reflect the specific needs of both small and large organizations. Additionally, the guidance includes assistance for both new and more experienced admins.
-
-![Example of a setup guide.](../media/setup-guides-for-microsoft-365/m365-setupguide-example.png)
-
-You can use the guides to learn more about specific Microsoft 365 and Office 365 features during the planning phase, during deployment and rollout, or to revisit them after you've completed a deployment to modify a setting.
security TOC https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/TOC.md
##### [Customize controlled folder access](customize-controlled-folders.md) #### [Device Control]()+ ##### [Control USB devices and other removable media](control-usb-devices-using-intune.md) ##### [Removable Storage Protection](device-control-removable-storage-protection.md) ##### [Removable Storage Access Control](device-control-removable-storage-access-control.md)
+##### [Device Installation](mde-device-control-device-installation.md)
##### [Device Control Printer Protection](printer-protection.md) ##### [Device Control Reports](device-control-report.md)
security Contact Support Usgov https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/contact-support-usgov.md
- Title: Contact Microsoft Defender for Endpoint support for US Government customers
-description: Learn how to contact Microsoft Defender for Endpoint support for US Government customers
-keywords: support, contact, premier support, solutions, problems, case, government, gcc, gcc-m, gcc-h, defender, endpoint, Microsoft Defender for Endpoint, mde
-search.product: eADQiWindows 10XVcnh
-ms.sitesec: library
-ms.pagetype: security
--
-localization_priority: Normal
------
-# Contact Microsoft Defender for Endpoint support for US Government customers
---
-**Applies to:**
-- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2154037)-
-Defender for Endpoint has recently upgraded the support process to offer a more modern and advanced support experience.
-
-## Using the right portal
-
-In order to open a support case, you will need to login to your Microsoft Defender for Endpoint portal:
-
-Environment|Portal URL
-|
-GCC-M on Commercial|<https://securitycenter.microsoft.com>
-GCC-M|<https://gcc.securitycenter.microsoft.us>
-GCC-H|<https://securitycenter.microsoft.us>
-DoD|<https://securitycenter.microsoft.us>
-
-If you are unable to login to the portal, you can also open a support case using the [phone](../../business-video/get-help-support.md).
-
-## Opening a support case
-
-For prerequisites and instructions, see [Contact Microsoft Defender for Endpoint support](contact-support.md).
security Manage Updates Baselines Microsoft Defender Antivirus https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus.md
ms.technology: mde Previously updated : 09/03/2021 Last updated : 09/08/2021 # Manage Microsoft Defender Antivirus updates and apply baselines
All our updates contain
- integration improvements (Cloud, [Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-365-defender)). <br/> <details>
+<summary> August-2021 (Platform: 4.18.2108.7 | Engine: 1.1.18500.10)</summary>
+
+&ensp;Security intelligence update version: **1.349.22.0**<br/>
+&ensp;Released: **September 2, 2021**<br/>
+&ensp;Platform: **4.18.2108.7**<br/>
+&ensp;Engine: **1.1.18500.10**<br/>
+&ensp;Support phase: **Security and Critical Updates**<br/>
+
+### What's new
+- Improvements to the behavior monitoring engine
+- Released new [performance analyzer for Microsoft Defender Antivirus](tune-performance-defender-antivirus.md)
+- Microsoft Defender Antivirus hardened against loading malicious DLLs
+- Microsoft Defender Antivirus hardened against the TrustedInstaller bypass
+- Added support for configuring per-rule [attack surface reduction rule exclusions](customize-attack-surface-reduction.md)
+- Extending file change notifications to include more data for Human-Operated Ransomware (HumOR)
+
+### Known Issues
+No known issues
+<br/>
+</details><details>
<summary> July-2021 (Platform: 4.18.2107.4 | Engine: 1.1.18400.4)</summary>
-&ensp;Security intelligence update version: **1.345.13.0**
-&ensp;Released: **August 5, 2021**
-&ensp;Platform: **4.18.2107.4**
-&ensp;Engine: **1.1.18400.4**
-&ensp;Support phase: **Security and Critical Updates**
+&ensp;Security intelligence update version: **1.345.13.0**<br/>
+&ensp;Released: **August 5, 2021**<br/>
+&ensp;Platform: **4.18.2107.4**<br/>
+&ensp;Engine: **1.1.18400.4**<br/>
+&ensp;Support phase: **Security and Critical Updates**<br/>
### What's new - Device control support added for Windows Portable Devices
No known issues
</details><details> <summary> June-2021 (Platform: 4.18.2106.5 | Engine: 1.1.18300.4)</summary>
-&ensp;Security intelligence update version: **1.343.17.0**
-&ensp;Released: **June 28, 2021**
-&ensp;Platform: **4.18.2106.5**
-&ensp;Engine: **1.1.18300.4**
-&ensp;Support phase: **Security and Critical Updates**
+&ensp;Security intelligence update version: **1.343.17.0**<br/>
+&ensp;Released: **June 28, 2021**<br/>
+&ensp;Platform: **4.18.2106.5**<br/>
+&ensp;Engine: **1.1.18300.4**<br/>
+&ensp;Support phase: **Security and Critical Updates**<br/>
### What's new - New controls for managing the gradual rollout process of Microsoft Defender updates. See [Manage the gradual rollout process for Microsoft Defender updates](manage-gradual-rollout.md).
No known issues
### Known Issues No known issues <br/>
-</details><details>
+</details>
+
+### Previous version updates: Technical upgrade support only
+
+After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only.
+<details>
<summary> May-2021 (Platform: 4.18.2105.4 | Engine: 1.1.18200.4)</summary>
-&ensp;Security intelligence update version: **1.341.8.0**
-&ensp;Released: **June 3, 2021**
-&ensp;Platform: **4.18.2105.4**
-&ensp;Engine: **1.1.18200.4**
-&ensp;Support phase: **Security and Critical Updates**
+&ensp;Security intelligence update version: **1.341.8.0**<br/>
+&ensp;Released: **June 3, 2021**<br/>
+&ensp;Platform: **4.18.2105.4**<br/>
+&ensp;Engine: **1.1.18200.4**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new - Improvements to [behavior monitoring](client-behavioral-blocking.md)
No known issues
### Known Issues No known issues <br/>
-</details>
-
-### Previous version updates: Technical upgrade support only
-
-After a new package version is released, support for the previous two versions is reduced to technical support only. Versions older than that are listed in this section, and are provided for technical upgrade support only.
-<details>
+</details><details>
<summary> April-2021 (Platform: 4.18.2104.14 | Engine: 1.1.18100.5)</summary>
-&ensp;Security intelligence update version: **1.337.2.0**
-&ensp;Released: **April 26, 2021** (Engine: 1.1.18100.6 released May 5, 2021)
-&ensp;Platform: **4.18.2104.14**
-&ensp;Engine: **1.1.18100.5**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.337.2.0**<br/>
+&ensp;Released: **April 26, 2021** (Engine: 1.1.18100.6 released May 5, 2021)<br/>
+&ensp;Platform: **4.18.2104.14**<br/>
+&ensp;Engine: **1.1.18100.5**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new-- Additional behavior monitoring logic
+- More behavior monitoring logic
- Improved kernel mode key logger detection - Added new controls to manage the gradual rollout process for [Microsoft Defender updates](manage-gradual-rollout.md)
No known issues
</details><details> <summary> March-2021 (Platform: 4.18.2103.7 | Engine: 1.1.18000.5)</summary>
-&ensp;Security intelligence update version: **1.335.36.0**
-&ensp;Released: **April 2, 2021**
-&ensp;Platform: **4.18.2103.7**
-&ensp;Engine: **1.1.18000.5**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.335.36.0**<br/>
+&ensp;Released: **April 2, 2021**<br/>
+&ensp;Platform: **4.18.2103.7**<br/>
+&ensp;Engine: **1.1.18000.5**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new - Improvement to the Behavior Monitoring engine - Expanded network brute-force-attack mitigations-- Additional failed tampering attempt event generation when [Tamper Protection](prevent-changes-to-security-settings-with-tamper-protection.md) is enabled
+- More failed tampering attempt event generation when [Tamper Protection](prevent-changes-to-security-settings-with-tamper-protection.md) is enabled
### Known Issues No known issues
No known issues
</details><details> <summary> February-2021 (Platform: 4.18.2102.3 | Engine: 1.1.17900.7)</summary>
-&ensp;Security intelligence update version: **1.333.7.0**
-&ensp;Released: **March 9, 2021**
-&ensp;Platform: **4.18.2102.3**
-&ensp;Engine: **1.1.17900.7**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.333.7.0**<br/>
+&ensp;Released: **March 9, 2021**<br/>
+&ensp;Platform: **4.18.2102.3**<br/>
+&ensp;Engine: **1.1.17900.7**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
</details><details> <summary> January-2021 (Platform: 4.18.2101.9 | Engine: 1.1.17800.5)</summary>
-&ensp;Security intelligence update version: **1.327.1854.0**
-&ensp;Released: **February 2, 2021**
-&ensp;Platform: **4.18.2101.9**
-&ensp;Engine: **1.1.17800.5**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.327.1854.0**<br/>
+&ensp;Released: **February 2, 2021**<br/>
+&ensp;Platform: **4.18.2101.9**<br/>
+&ensp;Engine: **1.1.17800.5**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
</details><details> <summary> November-2020 (Platform: 4.18.2011.6 | Engine: 1.1.17700.4)</summary>
-&ensp;Security intelligence update version: **1.327.1854.0**
-&ensp;Released: **December 03, 2020**
-&ensp;Platform: **4.18.2011.6**
-&ensp;Engine: **1.1.17700.4**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.327.1854.0**<br/>
+&ensp;Released: **December 03, 2020**<br/>
+&ensp;Platform: **4.18.2011.6**<br/>
+&ensp;Engine: **1.1.17700.4**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
</details><details> <summary> October-2020 (Platform: 4.18.2010.7 | Engine: 1.1.17600.5)</summary>
-&ensp;Security intelligence update version: **1.327.7.0**
-&ensp;Released: **October 29, 2020**
-&ensp;Platform: **4.18.2010.7**
-&ensp;Engine: **1.1.17600.5**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.327.7.0**<br/>
+&ensp;Released: **October 29, 2020**<br/>
+&ensp;Platform: **4.18.2010.7**<br/>
+&ensp;Engine: **1.1.17600.5**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
</details><details> <summary> September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)</summary>
-&ensp;Security intelligence update version: **1.325.10.0**
-&ensp;Released: **October 01, 2020**
-&ensp;Platform: **4.18.2009.7**
-&ensp;Engine: **1.1.17500.4**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.325.10.0**<br/>
+&ensp;Released: **October 01, 2020**<br/>
+&ensp;Platform: **4.18.2009.7**<br/>
+&ensp;Engine: **1.1.17500.4**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
<details> <summary> August-2020 (Platform: 4.18.2008.9 | Engine: 1.1.17400.5)</summary>
-&ensp;Security intelligence update version: **1.323.9.0**
-&ensp;Released: **August 27, 2020**
-&ensp;Platform: **4.18.2008.9**
-&ensp;Engine: **1.1.17400.5**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.323.9.0**<br/>
+&ensp;Released: **August 27, 2020**<br/>
+&ensp;Platform: **4.18.2008.9**<br/>
+&ensp;Engine: **1.1.17400.5**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
<details> <summary> July-2020 (Platform: 4.18.2007.8 | Engine: 1.1.17300.4)</summary>
-&ensp;Security intelligence update version: **1.321.30.0**
-&ensp;Released: **July 28, 2020**
-&ensp;Platform: **4.18.2007.8**
-&ensp;Engine: **1.1.17300.4**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.321.30.0**<br/>
+&ensp;Released: **July 28, 2020**<br/>
+&ensp;Platform: **4.18.2007.8**<br/>
+&ensp;Engine: **1.1.17300.4**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
<details> <summary> June-2020 (Platform: 4.18.2006.10 | Engine: 1.1.17200.2)</summary>
-&ensp;Security intelligence update version: **1.319.20.0**
-&ensp;Released: **June 22, 2020**
-&ensp;Platform: **4.18.2006.10**
-&ensp;Engine: **1.1.17200.2**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.319.20.0**<br/>
+&ensp;Released: **June 22, 2020**<br/>
+&ensp;Platform: **4.18.2006.10**<br/>
+&ensp;Engine: **1.1.17200.2**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
<details> <summary> May-2020 (Platform: 4.18.2005.4 | Engine: 1.1.17100.2)</summary>
-&ensp;Security intelligence update version: **1.317.20.0**
-&ensp;Released: **May 26, 2020**
-&ensp;Platform: **4.18.2005.4**
-&ensp;Engine: **1.1.17100.2**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.317.20.0**<br/>
+&ensp;Released: **May 26, 2020**<br/>
+&ensp;Platform: **4.18.2005.4**<br/>
+&ensp;Engine: **1.1.17100.2**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
<details> <summary> April-2020 (Platform: 4.18.2004.6 | Engine: 1.1.17000.2)</summary>
-&ensp;Security intelligence update version: **1.315.12.0**
-&ensp;Released: **April 30, 2020**
-&ensp;Platform: **4.18.2004.6**
-&ensp;Engine: **1.1.17000.2**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.315.12.0**<br/>
+&ensp;Released: **April 30, 2020**<br/>
+&ensp;Platform: **4.18.2004.6**<br/>
+&ensp;Engine: **1.1.17000.2**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new - WDfilter improvements
No known issues
<details> <summary> March-2020 (Platform: 4.18.2003.8 | Engine: 1.1.16900.2)</summary>
-&ensp;Security intelligence update version: **1.313.8.0**
-&ensp;Released: **March 24, 2020**
-&ensp;Platform: **4.18.2003.8**
-&ensp;Engine: **1.1.16900.4**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.313.8.0**<br/>
+&ensp;Released: **March 24, 2020**<br/>
+&ensp;Platform: **4.18.2003.8**<br/>
+&ensp;Engine: **1.1.16900.4**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
<summary> February-2020 (Platform: - | Engine: 1.1.16800.2)</summary>
-&ensp;Security intelligence update version: **1.311.4.0**
-&ensp;Released: **February 25, 2020**
-&ensp;Platform/Client: **-**
-&ensp;Engine: **1.1.16800.2**
-&ensp;Support phase: **Technical upgrade support (only)**
+&ensp;Security intelligence update version: **1.311.4.0**<br/>
+&ensp;Released: **February 25, 2020**<br/>
+&ensp;Platform/Client: **-**<br/>
+&ensp;Engine: **1.1.16800.2**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
No known issues
<summary> January-2020 (Platform: 4.18.2001.10 | Engine: 1.1.16700.2)</summary>
-Security intelligence update version: **1.309.32.0**
-Released: **January 30, 2020**
-Platform/Client: **4.18.2001.10**
-Engine: **1.1.16700.2**
-&ensp;Support phase: **Technical upgrade support (only)**
+Security intelligence update version: **1.309.32.0**<br/>
+Released: **January 30, 2020**<br/>
+Platform/Client: **4.18.2001.10**<br/>
+Engine: **1.1.16700.2**<br/>
+&ensp;Support phase: **Technical upgrade support (only)**<br/>
### What's new
Engine: **1.1.16700.2**
<details> <summary> November-2019 (Platform: 4.18.1911.3 | Engine: 1.1.16600.7)</summary>
-Security intelligence update version: **1.307.13.0**
-Released: **December 7, 2019**
-Platform: **4.18.1911.3**
-Engine: **1.1.17000.7**
-Support phase: **No support**
+Security intelligence update version: **1.307.13.0**<br/>
+Released: **December 7, 2019**<br/>
+Platform: **4.18.1911.3**<br/>
+Engine: **1.1.17000.7**<br/>
+Support phase: **No support**<br/>
### What's new
For more information, see [Microsoft Defender update for Windows operating syste
<details> <summary>1.1.2109.01</summary>
-&ensp;Package version: **1.1.2109.01**
-&ensp;Platform version: **4.18.2107.4**
-&ensp;Engine version: **1.1.18400.5**
-&ensp;Signature version: **1.347.891.0**
+&ensp;Package version: **1.1.2109.01**<br/>
+&ensp;Platform version: **4.18.2107.4**<br/>
+&ensp;Engine version: **1.1.18400.5**<br/>
+&ensp;Signature version: **1.347.891.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2108.01</summary>
-&ensp;Package version: **1.1.2108.01**
-&ensp;Platform version: **4.18.2107.4**
-&ensp;Engine version: **1.1.18300.4**
-&ensp;Signature version: **1.343.2244.0**
+&ensp;Package version: **1.1.2108.01**<br/>
+&ensp;Platform version: **4.18.2107.4**<br/>
+&ensp;Engine version: **1.1.18300.4**<br/>
+&ensp;Signature version: **1.343.2244.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2107.02</summary>
-&ensp;Package version: **1.1.2107.02**
-&ensp;Platform version: **4.18.2105.5**
-&ensp;Engine version: **1.1.18300.4**
-&ensp;Signature version: **1.343.658.0**
+&ensp;Package version: **1.1.2107.02**<br/>
+&ensp;Platform version: **4.18.2105.5**<br/>
+&ensp;Engine version: **1.1.18300.4**<br/>
+&ensp;Signature version: **1.343.658.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2106.01</summary>
-&ensp;Package version: **1.1.2106.01**
-&ensp;Platform version: **4.18.2104.14**
-&ensp;Engine version: **1.1.18100.6**
-&ensp;Signature version: **1.339.1923.0**
+&ensp;Package version: **1.1.2106.01**<br/>
+&ensp;Platform version: **4.18.2104.14**<br/>
+&ensp;Engine version: **1.1.18100.6**<br/>
+&ensp;Signature version: **1.339.1923.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2105.01</summary>
-&ensp;Package version: **1.1.2105.01**
-&ensp;Platform version: **4.18.2103.7**
-&ensp;Engine version: **1.1.18100.6**
-&ensp;Signature version: **1.339.42.0**
+&ensp;Package version: **1.1.2105.01**<br/>
+&ensp;Platform version: **4.18.2103.7**<br/>
+&ensp;Engine version: **1.1.18100.6**<br/>
+&ensp;Signature version: **1.339.42.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2104.01</summary>
-&ensp;Package version: **1.1.2104.01**
-&ensp;Platform version: **4.18.2102.4**
-&ensp;Engine version: **1.1.18000.5**
-&ensp;Signature version: **1.335.232.0**
+&ensp;Package version: **1.1.2104.01**<br/>
+&ensp;Platform version: **4.18.2102.4**<br/>
+&ensp;Engine version: **1.1.18000.5**<br/>
+&ensp;Signature version: **1.335.232.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2103.01</summary>
-&ensp;Package version: **1.1.2103.01**
-&ensp;Platform version: **4.18.2101.9**
-&ensp;Engine version: **1.1.17800.5**
-&ensp;Signature version: **1.331.2302.0**
+&ensp;Package version: **1.1.2103.01**<br/>
+&ensp;Platform version: **4.18.2101.9**<br/>
+&ensp;Engine version: **1.1.17800.5**<br/>
+&ensp;Signature version: **1.331.2302.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2102.03</summary>
-&ensp;Package version: **1.1.2102.03**
-&ensp;Platform version: **4.18.2011.6**
-&ensp;Engine version: **1.1.17800.5**
-&ensp;Signature version: **1.331.174.0**
+&ensp;Package version: **1.1.2102.03**<br/>
+&ensp;Platform version: **4.18.2011.6**<br/>
+&ensp;Engine version: **1.1.17800.5**<br/>
+&ensp;Signature version: **1.331.174.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2101.02</summary>
-&ensp;Package version: **1.1.2101.02**
-&ensp;Platform version: **4.18.2011.6**
-&ensp;Engine version: **1.1.17700.4**
-&ensp;Signature version: **1.329.1796.0**
+&ensp;Package version: **1.1.2101.02**<br/>
+&ensp;Platform version: **4.18.2011.6**<br/>
+&ensp;Engine version: **1.1.17700.4**<br/>
+&ensp;Signature version: **1.329.1796.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2012.01</summary>
-&ensp;Package version: **1.1.2012.01**
-&ensp;Platform version: **4.18.2010.7**
-&ensp;Engine version: **1.1.17600.5**
-&ensp;Signature version: **1.327.1991.0**
+&ensp;Package version: **1.1.2012.01**<br/>
+&ensp;Platform version: **4.18.2010.7**<br/>
+&ensp;Engine version: **1.1.17600.5**<br/>
+&ensp;Signature version: **1.327.1991.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2011.02</summary>
-&ensp;Package version: **1.1.2011.02**
-&ensp;Platform version: **4.18.2010.7**
-&ensp;Engine version: **1.1.17600.5**
-&ensp;Signature version: **1.327.658.0**
+&ensp;Package version: **1.1.2011.02**<br/>
+&ensp;Platform version: **4.18.2010.7**<br/>
+&ensp;Engine version: **1.1.17600.5**<br/>
+&ensp;Signature version: **1.327.658.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2011.01</summary>
-&ensp;Package version: **1.1.2011.01**
-&ensp;Platform version: **4.18.2009.7**
-&ensp;Engine version: **1.1.17600.5**
-&ensp;Signature version: **1.327.344.0**
+&ensp;Package version: **1.1.2011.01**<br/>
+&ensp;Platform version: **4.18.2009.7**<br/>
+&ensp;Engine version: **1.1.17600.5**<br/>
+&ensp;Signature version: **1.327.344.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
</details><details> <summary>1.1.2009.10</summary>
-&ensp;Package version: **1.1.2011.01**
-&ensp;Platform version: **4.18.2008.9**
-&ensp;Engine version: **1.1.17400.5**
-&ensp;Signature version: **1.327.2216.0**
+&ensp;Package version: **1.1.2011.01**<br/>
+&ensp;Platform version: **4.18.2008.9**<br/>
+&ensp;Engine version: **1.1.17400.5**<br/>
+&ensp;Signature version: **1.327.2216.0**<br/>
### Fixes - None
For more information, see [Microsoft Defender update for Windows operating syste
<br/> </details>
-## Additional resources
+## More resources
| Article | Description | |:|:|
security Mde Device Control Device Installation https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/mde-device-control-device-installation.md
+
+ Title: Microsoft Defender for Endpoint Device Control Device Installation
+description: This topic provides a walk through about Microsoft Defender for Endpoint Device Control Device Installation
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
++
+localization_priority: Normal
+
+audience: ITPro
++
+ms.technology: mde
++
+# Microsoft Defender for Endpoint Device Control Device Installation
+
+Microsoft Defender for Endpoint Device Control Removable Storage Access Control enables you to do the following task:
+
+- Prevent people from installing specific devices.
+- Allow people from installing specific devices but prevent others.
+
+> [!NOTE]
+> To find the difference between Device Installation and Removable storage access control, see [Microsoft Defender for Endpoint Device Control Removable Storage Protection](/microsoft-365/security/defender-endpoint/device-control-removable-storage-protection?view=o365-worldwide&preserve-view=true).
+
+|Privilege|Permission|
+|||
+|Access|Device installation |
+|Action Mode|Allow, Prevent |
+|CSP Support|Yes|
+|GPO Support|Yes|
+|User-based Support|No|
+|Machine-based Support|Yes|
+|||
+
+## Prepare your endpoints
+
+Deploy Device Installation on Windows 10 devices, Windows Server 2022.
+
+## Device properties
+
+The following device properties are supported by Device Installation support:
+
+- Device ID
+- Hardware ID
+- Compatible ID
+- Device Class
+- ΓÇÿRemovable DeviceΓÇÖ Device type: Some devices could be classified as Removable Device. A device is considered removable when the driver for the device to which it's connected indicates that the device is removable. For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected.
+For more information, see [Device Installation in Windows](/windows/client-management/manage-device-installation-with-group-policy).
+
+## Policies
+
+### Allow installation of devices that match any of these Device IDs
+
+This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install. This policy setting is intended to be used only when the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting is enabled.
+
+When this policy setting is enabled together with the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting, Windows is allowed to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
+
+- Prevent installation of devices that match these device IDs.
+- Prevent installation of devices that match any of these device instance IDs.
+
+If the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+
+> [!NOTE]
+> The **Prevent installation of devices not described by other policy settings** policy setting has been replaced by the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting for supported target Windows 10 versions. It is recommended that you use the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting when possible.
+
+### Allow installation of devices that match any of these device instance IDs
+
+This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is allowed to install. This policy setting is intended to be used only when the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting is enabled.
+
+When this policy setting is enabled together with the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting, Windows is allowed to install or update any device whose Plug and Play device instance ID appears in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
+
+- Prevent installation of devices that match any of these device instance IDs
+
+If the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+
+### Allow installation of devices using drivers that match these device setup classes
+
+This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is allowed to install. This policy setting is intended to be used only when the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting is enabled.
+
+When this policy setting is enabled together with the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting, Windows is allowed to install or update driver packages whose device setup class GUIDs appear in the list you create, unless another policy setting at the same or higher layer in the hierarchy specifically prevents that installation, such as the following policy settings:
+
+- Prevent installation of devices for these device classes
+- Prevent installation of devices that match these device IDs
+- Prevent installation of devices that match any of these device instance IDs
+
+If the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting is not enabled with this policy setting, then any other policy settings specifically preventing installation will take precedence.
+
+### Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria
+
+This policy setting will change the evaluation order in which Allow and Prevent policy settings are applied when more than one install policy setting is applicable for a given device. Enable this policy setting to ensure that overlapping device match criteria is applied based on an established hierarchy where more specific match criteria supercedes less specific match criteria. The hierarchical order of evaluation for policy settings that specify device match criteria is as follows:
+
+**Device instance IDs > Device IDs > Device setup class > Removable devices**
+
+#### Device instance IDs
+
+1. Prevent installation of devices using drivers that match these device instance IDs.
+2. Allow installation of devices using drivers that match these device instance IDs.
+
+#### Device IDs
+
+1. Prevent installation of devices using drivers that match these device IDs.
+2. Allow installation of devices using drivers that match these device IDs.
+
+#### Device setup class
+
+1. Prevent installation of devices using drivers that match these device setup classes.
+2. Allow installation of devices using drivers that match these device setup classes.
+
+#### Removable devices
+
+Prevent installation of removable devices
+
+> [!NOTE]
+> This policy setting provides more granular control than the **Prevent installation of devices not described by other policy settings** policy setting. If these conflicting policy settings are enabled at the same time, the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting will be enabled and the other policy setting will be ignored.
+
+### Prevent installation of devices that match any of these device IDs
+
+This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.
+
+> [!NOTE]
+> To enable the **Allow installation of devices that match any of these device instance IDs** policy setting to supersede this policy setting for applicable devices, enable the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting.
+
+If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+If you disable or don't configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
+
+### Prevent installation of devices that match any of these device instance IDs
+
+This policy setting allows you to specify a list of Plug and Play device instance IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+
+If you enable this policy setting, Windows is prevented from installing a device whose device instance ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+If you disable or don't configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
+
+### Prevent installation of devices using drivers that match these device setup classes
+
+This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for driver packages that Windows is prevented from installing. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.
+
+> [!NOTE]
+> To enable the **Allow installation of devices that match any of these device IDs** and **Allow installation of devices that match any of these device instance IDs** policy settings to supersede this policy setting for applicable devices, enable the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting.
+
+If you enable this policy setting, Windows is prevented from installing or updating driver packages whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+If you disable or don't configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
+
+### Prevent installation of removable devices
+
+This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it's connected indicates that the device is removable. For example, a Universal Serial Bus (USB) device is reported to be removable by the drivers for the USB hub to which the device is connected. By default, this policy setting takes precedence over any other policy setting that allows Windows to install a device.
+
+> [!NOTE]
+> To enable the **Allow installation of devices using drivers that match these device setup classes**, **Allow installation of devices that match any of these device IDs**, and **Allow installation of devices that match any of these device instance IDs** policy settings to supersede this policy setting for applicable devices, enable the **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria** policy setting.
+
+If you enable this policy setting, Windows is prevented from installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop client to the remote desktop server.
+
+If you disable or don't configure this policy setting, Windows can install and update driver packages for removable devices as allowed or prevented by other policy settings.
+
+## Common Removable Storage Access Control scenarios
+
+To help familiarize you with Microsoft Defender for Endpoint Removable Storage Access Control, we have put together some common scenarios for you to follow.
+
+### Scenario 1: Prevent installation of all USB devices while allowing an installation of only an authorized USB thumb-drive
+
+For this scenario, following policies will be used:
+
+- Prevent installation of devices using drivers that match these device setup classes.
+- Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria.
+- Allow installation of devices that match any of these device instance IDs or Allow installation of devices that match any of these device IDs.
+
+#### Deploying and managing policy via Intune
+
+The Device installation feature allows you to apply policy through Intune to device.
+
+#### Licensing
+
+Before you get started with Device installation, you should confirm yourΓÇ»[Microsoft 365 subscription](https://www.microsoft.com/en-in/microsoft-365/compare-microsoft-365-enterprise-plans?rtc=2). To access and use Device installation, you must have Microsoft 365 E3.
+
+#### Permission
+
+For Policy deployment in Intune, the account must have permissions to create, edit, update, or delete device configuration profiles. You can create custom roles or use any of the built-in roles with these permissions:
+
+- Policy and profile Manager role
+- Or custom role with Create/Edit/Update/Read/Delete/View Reports permissions turned on for Device Configuration profiles
+- Or Global admin
+
+#### Deploying policy
+
+In Microsoft Endpoint Manager [https://endpoint.microsoft.com/](https://endpoint.microsoft.com/)
+
+1. Configure **Prevent installation of devices using drivers that match these device setup classes**.
+
+ - Open Endpoint security > Attack surface reduction > Create Policy > Platform: Windows 10 (and later) & Profile: Device control.
+
+ :::image type="content" source="../../media/devicepolicy-editprofile.png" alt-text="edit profile":::
+
+2. Plug in a USB, device and you will see following error message:
+
+ :::image type="content" source="../../media/devicepolicy-errormsg.png" alt-text="error message":::
+
+3. Enable **Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria**.
+
+ - **only support OMA-URI for now**: Devices > Configuration profiles > Create profile > Platform: Windows 10 (and later) & Profile: Custom
+
+ :::image type="content" source="../../media/devicepolicy-editrow.png" alt-text="edit row":::
+
+4. Enable and add allowed USB Instance ID ΓÇô **Allow installation of devices that match any of these device IDs**.
+
+ - Update the step 1 Device control profile
+
+ :::image type="content" source="../../media/devicepolicy-devicecontrol.png" alt-text="devicecontrol":::
+
+ Adding PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST; USB\ROOT_HUB30; USB\ROOT_HUB20; USB\USB20_HUB on above screen capture is because it's not enough to enable only a single hardware ID to enable a single USB thumb-drive. You have to ensure all the USB devices that preceding the target one aren't blocked (allowed) as well. You can open Device Manager and change view to ΓÇÿDevices by connectionsΓÇÖ to see the way devices are installed in the PnP tree. In Our case the following devices has to be allowed so the target USB thumb-drive could be allowed as well:
+
+ - ΓÇ£Intel(R) USB 3.0 eXtensible Host Controller ΓÇô 1.0 (Microsoft)ΓÇ¥ -> PCI\CC_0C03
+ - ΓÇ£USB Root Hub (USB 3.0)ΓÇ¥ -> USB\ROOT_HUB30
+ - ΓÇ£Generic USB HubΓÇ¥ -> USB\USB20_HUB
+
+ :::image type="content" source="../../media/devicepolicy-devicemgr.png" alt-text="device control":::
+
+ > [!NOTE]
+ > Some device in the system have several layers of connectivity to define their installation on the system. USB thumb-drives are such devices. Thus, when looking to either block or allow them on a system, it's important to understand the path of connectivity for each device. There are several generic Device IDs that are commonly used in systems and could provide a good start to build an ΓÇÿAllow listΓÇÖ in such cases. See below for the list:
+ >
+ > PCI\CC_0C03; PCI\CC_0C0330; PCI\VEN_8086; PNP0CA1; PNP0CA1&HOST (for Host Controllers)/ USB\ROOT_HUB30; USB\ROOT_HUB20 (for USB Root Hubs)/ USB\USB20_HUB (for Generic USB Hubs)/
+ >
+ > Specifically for desktop machines, it's important to list all the USB devices that your keyboards and mice are connected through in the above list. Failing to do so could block a user from accessing its machine through HID devices.
+ >
+ > Different PC manufacturers sometimes have different ways to nest USB devices in the PnP tree, but in general this is how it's done.
+
+5. Plug in the allowed USB again. YouΓÇÖll see that it's now allowed and available.
+
+ :::image type="content" source="../../media/devicepolicy-removedrive.png" alt-text="remove drive":::
+
+#### Deploying and managing policy via Group Policy
+
+The Device installation feature allows you to apply policy through Group Policy.
+
+#### Licensing
+
+To access and use Device installation, you must have Windows E3.
+
+#### Deploying policy
+
+You can find the deployment detail here: [Manage Device Installation with Group Policy (Windows 10) - Windows Client](/windows/client-management/manage-device-installation-with-group-policy).
+
+## View Device Control Removable Storage Access Control data in Microsoft Defender for Endpoint
+
+The [Microsoft 365 security](https://sip.security.microsoft.com/homepage) portal shows removable storage blocked by the Device Control Device Installation. To access the Microsoft 365 security, you must have the following subscription:
+
+- Microsoft 365 for E5 reporting
+
+```kusto
+//events triggered by Device Installation policies
+DeviceEvents
+| where ActionType == "PnpDeviceBlocked" or ActionType == "PnpDeviceAllowed"
+| extend parsed=parse_json(AdditionalFields)
+| extend MediaClassGuid = tostring(parsed.ClassGuid)
+| extend MediaInstanceId = tostring(parsed.DeviceInstanceId)
+| extend MediaDeviceId = tostring(parsed.MatchingDeviceId)
+| project Timestamp , DeviceId, DeviceName, ActionType, MediaClassGuid, MediaDeviceId, MediaInstanceId, AdditionalFields
+| order by Timestamp desc
+```
++
+## Frequently asked questions
+
+### How can I know whether the target machine gets the deployed policy?
+You can use following query to get antimalware client version on the Microsoft 365 security portal:
+
+```kusto
+//check whether the Device installation policy has been deployed to the target machine, event only when modification happens
+DeviceRegistryEvents
+| where RegistryKey contains "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\"
+| order by Timestamp desc
+```
+
+## Why the Allow policy doesn't work?
+It is not enough to enable only a single hardware ID to enable a single USB thumb-drive. Ensure that all the USB devices that precede the target one aren't blocked (allowed) as well.
++
security Microsoft Defender Endpoint https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint.md
Defender for Endpoint directly integrates with various Microsoft solutions, incl
**[Microsoft 365 Defender](/microsoft-365/security/defender/microsoft-threat-protection)** With Microsoft 365 Defender, Defender for Endpoint and various Microsoft security solutions form a unified pre- and post-breach enterprise defense suite that natively integrates across endpoint, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.++
+## Training for security analysts
+
+With this learning path from Microsoft Learn, you can understand Defender for Endpoint and how it can help prevent, detect, investigate, and respond to threats across your organization's endpoints ΓÇô your devices and systems.
+
+|Training:|Detect and respond to cyber attacks with Microsoft 365 Defender|
+|||
+|![Microsoft 365 Defender training icon.](../../media/microsoft-365-defender/m365-defender-secure-organization.svg)|Defender for Endpoint is an endpoint security solution that offers vulnerability management, endpoint protection, endpoint detection and response, mobile threat defense, and managed services in a single, unified platform.<p> 2 hr 25 min - Learning Path - 9 Modules|
+
+> [!div class="nextstepaction"]
+> [Start >](/learn/paths/defender-endpoint-fundamentals/)
+
security Microsoft 365 Defender https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-365-defender.md
With this learning path from Microsoft Learn, you can understand Microsoft 365 D
|Training:|Detect and respond to cyber attacks with Microsoft 365 Defender| |||
-|![Microsoft 365 Defender training icon.](../../media/microsoft-365-defender/m365-defender-training.png)|Microsoft 365 Defender unifies threat signals across endpoints, identities, email, and applications to provide integrated protection against sophisticated cyber attacks. Microsoft 365 Defender is the central experience to investigate and respond to incidents and proactively search for ongoing malicious cyber security activities.<p> 1 hr 38 min - Learning Path - 5 Modules|
+|![Microsoft 365 Defender training icon.](../../media/microsoft-365-defender/m365-defender-secure-organization.svg)|Microsoft 365 Defender unifies threat signals across endpoints, identities, email, and applications to provide integrated protection against sophisticated cyber attacks. Microsoft 365 Defender is the central experience to investigate and respond to incidents and proactively search for ongoing malicious cyber security activities.<p> 1 hr 38 min - Learning Path - 5 Modules|
> [!div class="nextstepaction"] > [Start >](/learn/paths/defender-detect-respond/)
security Quarantine Policies https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/quarantine-policies.md
For detailed syntax and parameter information, see [New-QuarantineTag](/powershe
## Step 2: Assign a quarantine policy to supported features
-In _supported_ protection features that quarantine messages or files (automatically or as a configurable action), you can assign a quarantine policy to the available quarantine actions. Features that quarantine messages and the availability of quarantine policies are described in the following table:
+In _supported_ protection features that quarantine email messages, you can assign a quarantine policy to the available quarantine actions. Features that quarantine messages and the availability of quarantine policies are described in the following table:
<br>
In _supported_ protection features that quarantine messages or files (automatica
|[Anti-spam policies](configure-your-spam-filter-policies.md): <ul><li>**Spam** (_SpamAction_)</li><li>**High confidence spam** (_HighConfidenceSpamAction_)</li><li>**Phishing** (_PhishSpamAction_)</li><li>**High confidence phishing** (_HighConfidencePhishAction_)</li><li>**Bulk** (_BulkSpamAction_)</li></ul>|Yes|<ul><li>DefaultFullAccessPolicy (Full access)</li><li>DefaultFullAccessPolicy (Full access)</li><li>DefaultFullAccessPolicy (Full access)</li><li>AdminOnlyAccessPolicy (No access)</li><li>DefaultFullAccessPolicy (Full access)</li></ul>| |Anti-phishing policies: <ul><li>[Spoof intelligence protection](set-up-anti-phishing-policies.md#spoof-settings) (_AuthenticationFailAction_)</li><li>[Impersonation protection in Defender for Office 365](set-up-anti-phishing-policies.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365):<ul><li>**If message is detected as an impersonated user** (_TargetedUserProtectionAction_)</li><li>**If message is detected as an impersonated domain** (_TargetedDomainProtectionAction_)</li><li>**If mailbox intelligence detects and impersonated user** (_MailboxIntelligenceProtectionAction_)</li></ul></li></ul>|Yes|<ul><li>DefaultFullAccessPolicy (Full access)</li><li>Impersonation protection:<ul><li>DefaultFullAccessPolicy (Full access)</li><li>DefaultFullAccessPolicy (Full access)</li><li>DefaultFullAccessPolicy (Full access)</li></ul></li></ul>| |[Anti-malware policies](configure-anti-malware-policies.md): All detected messages are always quarantined.|Yes|AdminOnlyAccessPolicy (No access)|
-|[Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](mdo-for-spo-odb-and-teams.md) (Defender for Office 365)|Yes|AdminOnlyAccessPolicy (No access)|
+|[Safe Attachments policies in Defender for Office 365](safe-attachments.md) (_Enable_ and _Action_)|Yes|AdminOnlyAccessPolicy (No access)|
|[Mail flow rules](/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules) (also known as transport rules) with the action: **Deliver the message to the hosted quarantine** (_Quarantine_).|No|n/a| |
If you'd rather use PowerShell to assign quarantine policies in anti-spam polici
**Notes**: -- The default value for the _PhishSpamAction_ and _HighConfidencePhishAction_ parameters is Quarantine, so you don't need to use these parameters when you create new spam filter polices in PowerShell. For the _SpamAction_, _HighConfidenceSpamAction_, and _BulkSpamAction_ parameters in new or existing anti-spam policies, the quarantine policy is effective only if the value is Quarantine.
+- The default value for the _PhishSpamAction_ and _HighConfidencePhishAction_ parameters is Quarantine, so you don't need to use those parameters when you create new spam filter polices in PowerShell. For the _SpamAction_, _HighConfidenceSpamAction_, and _BulkSpamAction_ parameters in new or existing anti-spam policies, the quarantine policy is effective only if the value is Quarantine.
To see the important parameter values in existing anti-spam policies, run the following command:
If you'd rather use PowerShell to assign quarantine policies in anti-spam polici
For information about the default action values and the recommended action values for Standard and Strict, see [EOP anti-spam policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-spam-policy-settings). -- A spam filtering verdict without a corresponding quarantine policy parameter means the [default quarantine policy](#step-2-assign-a-quarantine-policy-to-supported-features) for that verdict is used.
+- When you create new anti-spam policies, a spam filtering verdict without a corresponding quarantine policy parameter means the [default quarantine policy](#step-2-assign-a-quarantine-policy-to-supported-features) for that verdict is used.
- You need to replace a default quarantine policy with a custom quarantine policy only if you want to change the default end-user capabilities on quarantined messages for that particular verdict.
+ You need to replace a default quarantine policy with a custom quarantine policy only if you want to change the default end-user capabilities on quarantined messages for that particular spam filtering verdict.
- A new anti-spam policy in PowerShell requires a spam filter policy (settings) using the **New-HostedContentFilterPolicy** cmdlet and an exclusive spam filter rule (recipient filters) using the **New-HostedContentFilterRule** cmdlet. For instructions, see [Use PowerShell to create anti-spam policies](configure-your-spam-filter-policies.md#use-powershell-to-create-anti-spam-policies).
If you'd rather use PowerShell to assign quarantine policies in anti-phishing po
For information about the default action values and the recommended action values for Standard and Strict, see [EOP anti-phishing policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-phishing-policy-settings) and [Impersonation settings in anti-phishing policies in Microsoft Defender for Office 365](recommended-settings-for-eop-and-office365.md#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365). -- An anti-phishing action without a corresponding quarantine policy parameter means the [default quarantine policy](#step-2-assign-a-quarantine-policy-to-supported-features) for that verdict is used.
+- When you create anti-phishing policies, an anti-phishing action without a corresponding quarantine policy parameter means the [default quarantine policy](#step-2-assign-a-quarantine-policy-to-supported-features) for that verdict is used.
You need to replace a default quarantine policy with a custom quarantine policy only if you want to change the default end-user capabilities on quarantined messages for that particular verdict.
If you'd rather use PowerShell to assign quarantine policies in anti-malware pol
**Notes**: -- You need to replace the default quarantine policy with a custom quarantine policy only if you want to change the default end-user capabilities on messages that were quarantined for malware.
+- When you create new anti-malware policies without using the QuarantineTag parameter when you create a new anti-malware policy, the default quarantine policy for malware detections is used (AdminOnlyAccessPolicy).
+
+ You need to replace the default quarantine policy with a custom quarantine policy only if you want to change the default end-user capabilities on messages that are quarantined as malware.
To see the important parameter values in existing anti-phish policies, run the following command:
If you'd rather use PowerShell to assign quarantine policies in anti-malware pol
- A new anti-malware policy in PowerShell requires a malware filter policy (settings) using the **New-MalwareFilterPolicy** cmdlet and an exclusive malware filter rule (recipient filters) using the **New-MalwareFilterRule** cmdlet. For instructions, see [Use Exchange Online PowerShell or standalone EOP PowerShell to configure anti-malware policies](configure-anti-malware-policies.md#use-exchange-online-powershell-or-standalone-eop-powershell-to-configure-anti-malware-policies).
-This example creates a malware filter policy named Research Department that uses the custom quarantine policy named NoAccess that assigns **No access** permissions.
+This example creates a malware filter policy named Research Department that uses the custom quarantine policy named NoAccess that assigns **No access** permissions to the quarantined messages.
```powershell New-MalwareFilterPolicy -Name "Research Department" -QuarantineTag NoAccess
New-MalwareFilterPolicy -Name "Research Department" -QuarantineTag NoAccess
For detailed syntax and parameter information, see [New-MalwareFilterPolicy](/powershell/module/exchange/new-malwarefilterpolicy).
-This example modifies the existing malware filter policy named Human Resources by assigning the custom quarantine policy named NoAccess that assigns **No access** permissions.
+This example modifies the existing malware filter policy named Human Resources by assigning the custom quarantine policy named NoAccess that assigns **No access** permissions to the quarantined messages.
```powershell New-MalwareFilterPolicy -Identity "Human Resources" -QuarantineTag NoAccess
New-MalwareFilterPolicy -Identity "Human Resources" -QuarantineTag NoAccess
For detailed syntax and parameter information, see [Set-MalwareFilterPolicy](/powershell/module/exchange/set-malwarefilterpolicy).
-### Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
-
-Typically, protection by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams does not require membership in a Safe Attachments polices (you turn the protection on or off in the **Global settings** of Safe Attachments policies). However, to assign a quarantine policy for messages that were quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams, the affected users need to be assigned in a quarantine policy.
+### Safe Attachments policies in Defender for Office 365
-1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Safe Attachments** in the **Rules** section.
+1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Policies & rules** \> **Threat policies** \> **Safe Attachments** in the **Policies** section.
Or, to go directly to the **Safe Attachments** page, use <https://security.microsoft.com/safeattachmentv2>.
Typically, protection by Safe Attachments for SharePoint, OneDrive, and Microsof
- **Edit existing**: Select the policy by clicking on the name of the policy. In the policy details flyout, go to the **Settings** section and then click **Edit settings**. - **Create new**: In the new policy wizard, get to the **Settings** page.
-4. On the **Settings** page, select a quarantine policy in the **Quarantine policy** box.
+4. On the **Settings** page, do the following steps:
+ 1. **Safe Attachments unknown malware response**: Select **Block**, **Replace**, or **Dynamic Delivery**.
+ 2. Select a quarantine policy in the **Quarantine policy** box.
**Note**: When you create a new policy, a blank **Quarantine policy** value indicates the default quarantine policy is used. When you later edit the policy, the blank value is replaced by the actual default quarantine policy name as described in the previous table. Full instructions for creating and modifying Safe Attachments policies are described in [Set up Safe Attachments policies in Microsoft Defender for Office 365](set-up-safe-attachments-policies.md).
-#### Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in PowerShell
+#### Safe Attachments policies in PowerShell
-If you'd rather use PowerShell to assign quarantine policies for Safe Attachments for SharePoint, OneDrive, and Microsoft Teams, connect to Exchange Online PowerShell or Exchange Online Protection PowerShell and use the following syntax:
+If you'd rather use PowerShell to assign quarantine policies in Safe Attachments policies, connect to Exchange Online PowerShell or Exchange Online Protection PowerShell and use the following syntax:
```powershell
-Set-AtpPolicyForO365 -EnableATPForSPOTeamsODB $true
-<New-SafeAttachmentPolicy -Name "<Unique name>" | Set-SafeAttachmentPolicy -Identity "<Policy name>"> [-QuarantineTag <QuarantineTagName>]
+<New-SafeAttachmentPolicy -Name "<Unique name>" | Set-SafeAttachmentPolicy -Identity "<Policy name>"> -Enable $true -Action <Block | Replace | DynamicDelivery> [-QuarantineTag <QuarantineTagName>]
``` **Notes**: -- You need to replace the default quarantine policy with a custom quarantine policy only if you want to change the default end-user capabilities on files that were quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.
+- The _Action_ parameter values Block, Replace, or DynamicDelivery can result in quarantined messages (the value Allow does not quarantine messages). The value of the _Action_ parameter in meaningful only when the value of the _Enable_ parameter is `$true`.
+
+- When you create new Safe Attachments policies without using the QuarantineTag parameter, the default quarantine policy for Safe Attachments detections in email is used (AdminOnlyAccessPolicy).
+
+ You need to replace the default quarantine policy with a custom quarantine policy only if you want to change the default end-user capabilities on email messages that are quarantined by Safe Attachments policies.
To see the important parameter values, run the following command: ```powershell
- Get-AtpPolicyForO365 | Format-Table EnableATPForSPOTeamsODB; Get-SafeAttachmentPolicy | Format-Table Name,QuarantineTag
+ Get-SafeAttachmentPolicy | Format-List Name,Enable,Action,QuarantineTag
``` -- To turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams, see [Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](turn-on-mdo-for-spo-odb-and-teams.md).- - A new Safe Attachments policy in PowerShell requires a safe attachment policy (settings) using the **New-SafeAttachmentPolicy** cmdlet and an exclusive safe attachment rule (recipient filters) using the **New-SafeAttachmentRule** cmdlet. For instructions, see [Use Exchange Online PowerShell or standalone EOP PowerShell to configure Safe Attachments policies](set-up-safe-attachments-policies.md#use-exchange-online-powershell-or-standalone-eop-powershell-to-configure-safe-attachments-policies).
-This example turns on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams and then creates a safe attachment policy named Research Department that uses the custom quarantine policy named NoAccess that assigns **No access** permissions.
+This example creates a safe attachment policy named Research Department that blocks detected messages and uses the custom quarantine policy named NoAccess that assigns **No access** permissions to the quarantined messages.
```powershell
-Set-AtpPolicyForO365 -EnableATPForSPOTeamsODB $true
-New-SafeAttachmentPolicy -Name "Research Department" -QuarantineTag NoAccess
+New-SafeAttachmentPolicy -Name "Research Department" -Enable $true -Action Block -QuarantineTag NoAccess
``` For detailed syntax and parameter information, see [New-MalwareFilterPolicy](/powershell/module/exchange/new-malwarefilterpolicy).
For detailed syntax and parameter information, see [New-MalwareFilterPolicy](/po
This example modifies the existing safe attachment policy named Human Resources by assigning the custom quarantine policy named NoAccess that assigns **No access** permissions. ```powershell
-New-SafeAttachmentPolicy -Identity "Human Resources" -QuarantineTag NoAccess
+Set-SafeAttachmentPolicy -Identity "Human Resources" -QuarantineTag NoAccess
``` For detailed syntax and parameter information, see [Set-MalwareFilterPolicy](/powershell/module/exchange/set-malwarefilterpolicy). ## Configure global quarantine notification settings in the Microsoft 365 Defender portal
-The global settings for quarantine policies allow you to customize the end-user spam notifications that are sent to recipients of messages that were quarantined. For more information about these notifications, see [End-user spam notifications](use-spam-notifications-to-release-and-report-quarantined-messages.md).
+The global settings for quarantine policies allow you to customize the end-user spam notifications that are sent to recipients of quarantined messages. For more information about these notifications, see [End-user spam notifications](use-spam-notifications-to-release-and-report-quarantined-messages.md).
1. In the Microsoft 365 Defender portal, go to **Email & collaboration** \> **Threat policies** \> **Rules** section \> **Quarantine policies** and then select **Quarantine policies**.
For detailed syntax and parameter information, see [Set-QuarantineTag](/powershe
- Before you remove a custom quarantine policy, verify that it's not being used. For example, run the following command in PowerShell: ```powershell
- Get-HostedContentFilterPolicy | Format-List Name,*QuarantineTag
+ Get-HostedContentFilterPolicy | Format-List Name,*QuarantineTag; Get-AntiPhishPolicy | Format-List Name,*QuarantineTag; Get-MalwareFilterPolicy | Format-List Name,QuarantineTag; Get-SafeAttachmentPolicy | Format-List Name,QuarantineTag
``` If the quarantine policy is being used, [replace the assigned quarantine policy](#step-2-assign-a-quarantine-policy-to-supported-features) before you remove it.
security Safe Links https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/safe-links.md
Title: Safe Links
+ Title: Complete Safe Links overview for Microsoft Defender for Office 365
f1.keywords: - NOCSH
audience: Admin
f1_keywords: - '197503'- Last updated : 09/08/2021 localization_priority: Normal - Strat_O365_IP
search.appverid:
- ZPP160 - ZWD160 ms.assetid: dd6a1fef-ec4a-4cf4-a25a-bb591c5811e3
-description: In this article, admins can learn about Safe Links protection in Defender for Office 365 to protect their organization from phishing and other attacks that use malicious URLs.
+description: Learn about Safe Links protection in Defender for Office 365 to protect an organization from phishing and other attacks that use malicious URLs. Discover Teams Safe Links, and see graphics of Safe Links messages.
ms.technology: mdo ms.prod: m365-security
security View Email Security Reports https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/office-365-security/view-email-security-reports.md
In the **View data by Email \> Malware** and **Chart breakdown by Detection Tech
- **File reputation** - **Anti-malware engine**<sup>\*</sup>: Detection from anti-malware engines. - **Anti-malware policy file type block**: These are email messages filtered out due to the type of malicious file identified in the message.-- **URL malicious reputation**-- **URL detonation**-- **URL detonation reputation**-- **Campaign**
+- **URL malicious reputation**<sup>\*</sup>
+- **URL detonation**<sup>\*</sup>
+- **URL detonation reputation**<sup>\*</sup>
+- **Campaign**<sup>\*</sup>
In the details table below the chart, the following information is available:
solutions Empower People To Work Remotely https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/solutions/empower-people-to-work-remotely.md
To enable the capabilities of Microsoft 365 for your hybrid workers, use these M
|||| |MFA enforced with security defaults|Protect against compromised identities and devices by requiring a second form of authentication for sign-ins. Security defaults requires MFA for all user accounts.|Microsoft 365 E3 or E5| |MFA enforced with Conditional Access|Require MFA based on the properties of the sign-in with Conditional Access policies.|Microsoft 365 E3 or E5|
-|MFA enforced with risk-based Conditional Access|Require MFA based on the risk of the user sign-in with Microsoft Defender for Identity.|Microsoft 365 E5 or E3 with Azure AD Premium P2 licenses|
+|MFA enforced with risk-based Conditional Access|Require MFA based on the risk of the user sign-in with Azure AD Identity Protection.|Microsoft 365 E5 or E3 with Azure AD Premium P2 licenses|
|Self-Service Password Reset (SSPR)|Allow your users to reset or unlock their passwords or accounts.|Microsoft 365 E3 or E5| |Azure AD Application Proxy|Provide secure remote access for web-based applications hosted on intranet servers.|Requires separate paid Azure subscription| |Azure Point-to-Site VPN|Create a secure connection from a remote workerΓÇÖs device to your intranet through an Azure virtual network.|Requires separate paid Azure subscription|