Merge branch 'master' into tiara1

Author: tiaraquan

.openpublishing.redirection.json

@@ -4624,6 +4624,26 @@
       "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-phase-3",
       "redirect_document_id": false
     },    
+    {
+      "source_path": "microsoft-365/security/defender-endpoint/customize-attack-surface-reduction-phase-1.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-plan",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "microsoft-365/security/defender-endpoint/customize-attack-surface-phase-2.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-test",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "microsoft-365/security/defender-endpoint/customize-attack-surface-phase-3.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-implement",
+      "redirect_document_id": true
+    },
+    {
+      "source_path": "microsoft-365/security/defender-endpoint/customize-attack-surface-phase-4.md",
+      "redirect_url": "/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-deployment-operationalize",
+      "redirect_document_id": true
+    },
     {
       "source_path": "microsoft-365/security/office-365-security/report-junk-email-and-phishing-scams-in-outlook-for-iOS-and-Android.md",
       "redirect_url": "/microsoft-365/security/office-365-security/report-false-positives-and-false-negatives",

microsoft-365/admin/setup/domains-faq.yml

@@ -179,7 +179,7 @@ sections:
             
           - **You can't rename the onmicrosoft domain after sign-up.** For example, if the initial domain you chose was fourthcoffee.onmicrosoft.com, you can't change it to be fabrikam.onmicrosoft.com. To use a different onmicrosoft.com domain, you'd have to start a new subscription with Microsoft 365. 
               
-          - **You can't rename your team site URL.** Your team site URL is based on your onmicrosoft.com domain name. Unfortunately, because of the way SharePoint Online architecture works, you can't rename the team site. 
+          - **You might not be able to change your SharePoint domain name.** Your SharePoint domain name is based on your onmicrosoft.com domain name. The ability to [change the SharePoint domain name](/sharepoint/change-your-sharepoint-domain-name) is available in public preview for organizations whose total SharePoint sites and OneDrive accounts number fewer than 1000.
               
           - **You can't remove your onmicrosoft domain.** Microsoft 365 needs to keep it around because it's used behind the scenes for your subscription. But you don't have to use the domain yourself after you've added a custom domain. 
               

microsoft-365/compliance/communication-compliance-reports-audits.md

@@ -24,21 +24,28 @@ search.appverid:
 
 ## Reports
 
-The new **Reports** dashboard is the central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities. Information contained in the report widgets is not exportable. Detailed reports provide in-depth information related to specific communication compliance areas and offer the ability to filter, group, sort, and export information while reviewing. 
+The new **Reports** dashboard is the central location for viewing all communication compliance reports. Report widgets provide a quick view of insights most commonly needed for an overall assessment of the status of communication compliance activities. Information contained in the report widgets isn't exportable. Detailed reports provide in-depth information related to specific communication compliance areas and offer the ability to filter, group, sort, and export information while reviewing. 
 
 For the date range filter, the date and time for events are listed in Coordinated Universal Time (UTC). When filtering messages for reports, the requesting user's local date/time determines the results based on the conversion of the user's local date/time to UTC. For example, if a user in U.S. Pacific Daylight Time (PDT) filters a report from 8/30/2021 to 8/31/2021 at 00:00, the report includes messages from 8/30/2021 07:00 UTC to 8/31/2021 07:00 UTC. If the same user was in U.S. Eastern Daylight Time (EDT) when filtering at 00:00, the report includes messages from 8/30/2021 04:00 UTC to 8/31/2021 04:00 UTC.
 
 ![Communication compliance reports dashboard.](../media/communication-compliance-reports-dashboard.png)
 
 The **Reports dashboard** contains the following report widgets and detailed reports links:
 
-- **Recent policy matches** widget: displays the number of matches by active policy over time.
-- **Resolved items by policy** widget: displays the number of policy match alerts resolved by policy over time.
-- **Users with most policy match** widget: displays the users (or anonymized usernames) and number of policy matches for a given period.
-- **Policy with most matches** widget: displays the policies and the number of matches for a given period, ranked highest to lowest for matches.
-- **Escalations by policy** widget: displays the number of escalations per policy over a given time.
-- **Policy settings and status** detailed report: provides a detailed look at policy configuration and settings, as well as the general status for each of the policy (matches and actions) on messages. Includes policy information and how policies are associated with users and groups, locations, review percentages, reviewers, status, and when the policy was last modified. Use the *Export* option to create a .csv file containing the report details.
-- **Items and actions per policy** detailed report: Review and export matching items and remediation actions per policy. Includes policy information and how policies are associated with:
+### Report widgets
+
+- **Recent policy matches**: displays the number of matches by active policy over time.
+- **Resolved items by policy**: displays the number of policy match alerts resolved by policy over time.
+- **Users with most policy match**: displays the users (or anonymized usernames) and number of policy matches for a given period.
+- **Policy with most matches**: displays the policies and the number of matches for a given period, ranked highest to lowest for matches.
+- **Escalations by policy**: displays the number of escalations per policy over a given time.
+
+### Detailed reports
+
+Use the *Export* option to create a .csv file containing the report details for any detailed report.
+
+- **Policy settings and status**: provides a detailed look at policy configuration and settings, as well as the general status for each of the policy (matches and actions) on messages. Includes policy information and how policies are associated with users and groups, locations, review percentages, reviewers, status, and when the policy was last modified. Use the *Export* option to create a .csv file containing the report details.
+- **Items and actions per policy**: Review and export matching items and remediation actions per policy. Includes policy information and how policies are associated with:
 
     - Items matched
     - Escalated items
@@ -50,8 +57,7 @@ The **Reports dashboard** contains the following report widgets and detailed rep
     - User notified
     - Case created
 
-    Use the *Export* option to create a .csv file containing the report details.
-- **Item and actions per location** detailed report: Review and export matching items and remediation actions per Microsoft 365 location. Includes information about how workload platforms are associated with:
+- **Item and actions per location**: Review and export matching items and remediation actions per Microsoft 365 location. Includes information about how workload platforms are associated with:
 
     - Items matched
     - Escalated items
@@ -63,8 +69,7 @@ The **Reports dashboard** contains the following report widgets and detailed rep
     - User notified
     - Case created
 
-    Use the *Export* option to create a .csv file containing the report details.
-- **Activity by user** detailed report: Review and export matching items and remediation actions per user. Includes information about how users are associated with:
+- **Activity by user**: Review and export matching items and remediation actions per user. Includes information about how users are associated with:
 
     - Items matched
     - Escalated items
@@ -76,18 +81,55 @@ The **Reports dashboard** contains the following report widgets and detailed rep
     - User notified
     - Case created
 
-    Use the *Export* option to create a .csv file containing the report details.
-
-- **Sensitive information type per location** detailed report (preview): Review and export information about the detection of sensitive information types and the associated sources in communication compliance policies. Includes the overall total and the specific breakdown of sensitive information type instances in the sources configured in your organization. Examples are:
+- **Sensitive information type per location** (preview): Review and export information about the detection of sensitive information types and the associated sources in communication compliance policies. Includes the overall total and the specific breakdown of sensitive information type instances in the sources configured in your organization. The values for each third-party source are displayed in separate columns in the .csv file. Examples are:
 
     - **Email**: Sensitive information types detected in Exchange email messages.
     - **Teams**: Sensitive information types detected in Microsoft Teams channels and chat messages.
     - **Skype for Business**: Sensitive information types detected in Skype for business communications.
     - **Yammer**: Sensitive information types detected in Yammer inboxes, posts, chats, and replies.
     - **Third-party sources**: Sensitive information types detected for activities associated with third-party connectors configured in your organization. To view the breakdown of third-party sources for a specific sensitive information type in the report, hover your mouse over the value for the sensitive information type in the Third-party source column.
-    - **Other**: Sensitive information types used for internal system processing. Selecting or deselecting this source for the report will not affect any values.
-
-    Use the *Export* option to create a .csv file containing the report details. The values for each third-party source are displayed in separate columns in the .csv file.
+    - **Other**: Sensitive information types used for internal system processing. Selecting or deselecting this source for the report won't affect any values.
+
+### Message details report (preview)
+
+Create custom reports and review details for messages contained in specific policies on the **Policies** tab. These reports can be used for all-up reviews of messages and for creating a report snapshot for the status of messages for a customizable time period. After creating a report, you can view and download the details report as a .csv file on the **Message details reports** tab.
+
+![Communication compliance message detail report.](../media/communication-compliance-message-detail-report.png)
+
+To create a new message details report, complete the following steps:
+
+1. Sign into the Microsoft 365 compliance center with an account that is a member of the *Communication Compliance Investigators* role group.
+2. Navigate to the **Policies** tab, select a policy, and then select **Create message details report**.
+3. On the **Create message details report** pane, enter a name for the report in the **Report name** field.
+4. In **Choose a date range**, select a *Start date* and *End date* for the report.
+5. Select **Create**.
+6. The report creation confirmation is displayed.
+
+Depending on the number of items in the report, it can take a few minutes to hours before the report is ready to be downloaded. You can check progress on the Message details reports tab. Report status is *In progress* or *Ready to download*. You can have up to 15 separate reports processing simultaneously. To download a report, select a report in the *Ready to download* state and select **Download report**.
+
+> [!NOTE]
+> If your selected time period doesn't return any message results in the report, there were not any messages for the selected time period. The report will be blank.
+
+Message details reports contain the following information for each message item in the policy:
+
+- **Match ID**: unique ID for the message in the policy.
+- **Sender**: the sender of the message.
+- **Recipients**: the recipients included for the message.
+- **Date Sent**: the date the message was sent.
+- **Match Date**: the date the message was a match for the policy conditions.
+- **Subject**: the subject of the message.
+- **Contains Attachments**: the status of any attachments for the message. Values are either Yes or No.
+- **Policy Name**: the name of the policy associated with the message. This value will be the same for all messages in the report.
+- **Item Status**: the status of the message item in the policy. Values are Pending or Resolved.
+- **Tags**: the tags assigned to the message. Values are Questionable, Compliant, or Non-compliant.
+- **Keyword Matches**: keyword matches for the message.
+- **Reviewers**: reviewers assigned to message.
+- **Pending for (days)**: the number of days the message has been in a pending state. For resolved messages, the value is 0.
+- **Comment for resolved**: the comments for the message entered when resolved.
+- **Resolved Date**: the date and time the message was resolved.
+- **Last Updated By**: the user name of the last updater.
+- **Last Updated On**: the date and time the message was last updated.
+- **History of comments**: list of all comments for the message alert, including comment author and date/time of the comment.
 
 ## Audit
 

microsoft-365/compliance/create-retention-policies.md

@@ -83,10 +83,7 @@ When you have more than one retention policy, and when you also use retention la
         - **Teams chats**: Messages from private 1:1 chats, group chats, and meeting chats.
         - **Teams private channel messages**: Messages from private channel chats and private channel meetings.
 
-       By default, [all teams and all users are selected](retention-settings.md#a-policy-that-applies-to-entire-locations), but you can refine this by selecting the [**Choose** and **Exclude** options](retention-settings.md#a-policy-with-specific-inclusions-or-exclusions). However, before you change the default, be aware of the following consequences for a retention policy that deletes messages when it's configured for includes or excludes:
-        
-        - For group chat messages and private channel messages, because a copy of messages are saved in each user's mailbox who are included in the conversation, copies of messages will continue to be returned in eDiscovery results from users who weren't assigned the policy.
-        - For users who weren't assigned the policy, deleted messages as a result of the policy will be returned in their Teams search results but won't display the contents of the message.
+       By default, [all teams and all users are selected](retention-settings.md#a-policy-that-applies-to-entire-locations), but you can refine this by selecting the [**Choose** and **Exclude** options](retention-settings.md#a-policy-with-specific-inclusions-or-exclusions).
 
 5. For **Decide if you want to retain content, delete it, or both** page, specify the configuration options for retaining and deleting content.
 

microsoft-365/compliance/device-onboarding-configure-proxy.md

@@ -132,7 +132,7 @@ However, if the connectivity check results indicate a failure, an HTTP error is
 
 > [!NOTE]
 >
-> The Connectivity Analyzer tool is not compatible with ASR rule [Block process creations originating from PSExec and WMI commands](/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction#attack-surface-reduction-rules). You will need to temporarily disable this rule to run the connectivity tool.
+> The Connectivity Analyzer tool is not compatible with attack surface reduction rule [Block process creations originating from PSExec and WMI commands](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-process-creations-originating-from-psexec-and-wmi-commands). You will need to temporarily disable this rule to run the connectivity tool.
 >
 > When the TelemetryProxyServer is set, in Registry or via Group Policy, Defender for Endpoint will fall back to direct if it can’t access the defined proxy. Related topics:
 >

microsoft-365/compliance/device-onboarding-mdm.md

@@ -57,8 +57,6 @@ For security reasons, the package used to Offboard devices will expire 30 days a
 
 5. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *DeviceCompliance_valid_until_YYYY-MM-DD.offboarding*.
 
-
-
 6. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings.
 
     ```text

microsoft-365/compliance/device-onboarding-offboarding-macos-intune.md

@@ -59,7 +59,7 @@ Onboarding a macOS device into Compliance solutions is a six phase process.
 |accessibility |[accessibility.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/accessibility.mobileconfig)|
 full disk access     |[fulldisk.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/fulldisk.mobileconfig)|
 |Network filer| [netfilter.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/netfilter.mobileconfig)]
-|System extensions |[sysext.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/systext.mobileconfig)
+|System extensions |[sysext.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/mobileconfig/profiles/sysext.mobileconfig)
 |MDE preference     |[com.microsoft.wdav.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/settings/data_loss_prevention/com.microsoft.wdav.mobileconfig)|
 |MAU preference|[com.microsoft.autoupdate2.mobileconfig](https://github.com/microsoft/mdatp-xplat/blob/master/macos/settings/microsoft_auto_update/com.microsoft.autoupdate2.mobileconfig)|
 |Installation package     |downloaded from the compliance portal **Installation package**, file name *\*wdav.pkg*\* |

microsoft-365/compliance/device-onboarding-overview.md

@@ -95,8 +95,8 @@ Make sure that the Windows devices that you need to onboard meet these requireme
 
 5. A supported version of Microsoft Office is installed and up to date. For the most robust protection and user experience, ensure Microsoft 365 Apps version 16.0.14701.0 or newer is installed.
 > [!NOTE]
-   >If you are running Office 265 - KB 4577063 is required
-   >If you are on Monthly Enterprise Channel of Microsoft 365 Apps versions 2004-2008, you need to update to version 2009 or later. See [Update history for Microsoft 365 Apps (listed by date)](/officeupdates/update-history-microsoft365-apps-by-date) for current versions. To learn more about known issue, see the Office Suite section of [Release notes for Current Channel releases in 2020](/officeupdates/current-channel#version-2010-october-27).
+   > - If you are running Office 365 - KB 4577063 is required.
+   > - If you are on Monthly Enterprise Channel of Microsoft 365 Apps versions 2004-2008, you need to update to version 2009 or later. See [Update history for Microsoft 365 Apps (listed by date)](/officeupdates/update-history-microsoft365-apps-by-date) for current versions. To learn more about known issue, see the Office Suite section of [Release notes for Current Channel releases in 2020](/officeupdates/current-channel#version-2010-october-27).
 
 6. If you have endpoints that use a device proxy to connect to the internet, follow the procedures in [Configure device proxy and internet connection settings for Information Protection](device-onboarding-configure-proxy.md#configure-device-proxy-and-internet-connection-settings-for-information-protection).