Merge pull request #12768 from MicrosoftDocs/main

Publish 02/18/2022 3:30 PM PT

Author: Angela Fleischmann

microsoft-365/compliance/classifier-learn-about.md

@@ -70,7 +70,7 @@ Microsoft 365 comes with multiple pre-trained classifiers:
 > We are deprecating the **Offensive Language** pre-trained classifier because it has been producing a high number of false positives. Don't use it and if you are currently using it, you should move your business processes off of it. We recommend using the **Threat**, **Profanity**, and **Harassment** pre-trained classifiers instead.
 
 - **Resumes**: detects docx, .pdf, .rtf, .txt items that are textual accounts of an applicant's personal, educational, professional qualifications, work experience, and other personally identifying information
-- **Source Code**: detects items that contain a set of instructions and statements written in the top 25 used computer programming languages on GitHub: ActionScript, C, C#, C++, Clojure, CoffeeScript, Go, Haskell, Java, JavaScript, Lua, MATLAB, Objective-C, Perl, PHP, Python, R, Ruby, Scala, Shell, Swift, TeX, Vim Script.
+- **Source Code**: detects items that contain a set of instructions and statements written in the top 25 used computer programming languages on GitHub: ActionScript, C, C#, C++, Clojure, CoffeeScript, Go, Haskell, Java, JavaScript, Lua, MATLAB, Objective-C, Perl, PHP, Python, R, Ruby, Scala, Shell, Swift, TeX, Vim Script. Detects content in .msg, .as, .h, .c, .cs, .cc, .cpp, .hpp, .cxx, .hh, .c++, .clj, .edn, .cljc, .cljs, .coffee, .litcoffee, .go, .hs, .lhs, .java, .jar, .js, .mjs, .lua, .m, .mm, .pl, .pm, .t, .xs, .pod, .php, .phar, .php4, .pyc, .R, .r, .rda, .RData, .rds, .rb, .scala, .sc, .sh, .swift files.
 
 > [!NOTE]
 > Source Code is trained to detect when the bulk of the text is source code. It does not detect source code text that is interspersed with plain text.

microsoft-365/compliance/dlp-chrome-get-started.md

@@ -273,8 +273,7 @@ Now that you’ve removed Chrome from the disallowed browsers/apps list, you can
 
 ### Known Issues and Limitations
 
-1. Block Override enforcement for cloud egress is not supported.
-2. Incognito mode is not supported and must be disabled.
+1. Incognito mode is not supported and must be disabled.
 
 ## Next steps
 

microsoft-365/compliance/dlp-chrome-learn-about.md

@@ -33,7 +33,7 @@ The Microsoft Compliance Extension enables you to audit and manage the following
 
 activity |description  | supported policy actions|
 |---------|---------|---------|
-|file copied to cloud  | Detects when a user attempts to upload a sensitive item to a restricted service domain through the Chrome browser |audit, block|
+|file copied to cloud  | Detects when a user attempts to upload a sensitive item to a restricted service domain through the Chrome browser |audit, block with override, block|
 |file printed  |Detects when a user attempts to print a sensitive item that is open in the Chrome browser to a local or network printer |audit, block with override, block|
 |file copied to clipboard |Detects when a user attempts to copy information from a sensitive item that is being viewed in the Chrome browser and then paste it into another app, process, or item. |audit, block with override, block|
 |file copied to removable storage    | Detects when a user attempts to copy a sensitive item or information from a sensitive item that is open in the Chrome browser to removable media or USB device |audit, block with override, block|

microsoft-365/compliance/sit-use-exact-data-refresh-data.md

@@ -21,7 +21,7 @@ ms.custom: seo-marvel-apr2020
 
 # Refresh your exact data match sensitive information source table file 
 
-You can refresh your sensitive information database twice in every 24 hour period. You'll have to rehash and upload your sensitive information source table.
+You can refresh your sensitive information database up to 5 times in every 24 hour period. You'll have to rehash and upload your sensitive information source table.
 
 1. Re-export the sensitive data to an app, such as Microsoft Excel, and save the file in .csv, .tsv format or pipe (|) delimited format. Keep the same file name and location you used when you previously hashed and uploaded the file. See, [Export source data for exact data match based sensitive information type](sit-get-started-exact-data-match-export-data.md#export-source-data-for-exact-data-match-based-sensitive-information-type) for details on exporting your sensitive data and getting it into the correct format.
 

microsoft-365/contentunderstanding/create-an-extractor.md

@@ -37,6 +37,10 @@ You need to create an extractor for each entity in the document that you want to
 
 2. On the **New entity extractor** screen, type the name of your extractor in the **New extractor name** field. For example, name it **Service Start Date** if you want to extract the service start date from each Contract Renewal document. You can also choose to reuse a previously created column (for example, a managed metadata column).
 
+    By default, the column type is **Single line of text**. If you want to change the column type, select **Advanced settings** > **Column type**, and then select the type you want to use.
+
+    ![Screenshot of the Advanced settings portion of the New entity extractor panel showing the Column type option.](../media/content-understanding/advanced-settings-column-type.png) 
+
     > [!NOTE]
     > For extractors with the column type **Single line of text**, the maximum character limit is 255. Any characters that you type exceeding the limit get truncated.
 

microsoft-365/managed-desktop/get-started/register-devices-self.md

@@ -18,7 +18,7 @@ audience: Admin
 Microsoft Managed Desktop can work with brand-new devices, or you can reuse devices you might already have. If you reuse devices, you must reimage them. You're able to register devices with Microsoft Managed Desktop in the Microsoft Endpoint Manager portal.
 
 > [!NOTE]
-> Working with a partner to obtain devices? If so, you don't need to worry about getting the hardware hashes; they'll take care of that for you. Make sure your partner establishes a relationship with you at the [Partner Center](https://partner.microsoft.com/dashboard). Your partner can learn more at [Partner Center help](/partner-center/request-a-relationship-with-a-customer). Once this relationship established, your partner will simply register devices on your behalf – no further action required from you. If you want to see the details, or your partner has questions, see [Steps for Partners to register devices](register-devices-partner.md). Once the devices are registered, you can proceed with [checking the image](#check-the-image) and [delivering the devices](#deliver-the-device) to your users.
+> Working with a partner to obtain devices? If so, you don't need to worry about getting the hardware hashes; they'll take care of that for you. Make sure your partner establishes a relationship with you at the [Partner Center](https://partner.microsoft.com/dashboard). Your partner can learn more at [Partner Center help](/partner-center/request-a-relationship-with-a-customer). <br><br>Once this relationship established, your partner will simply register devices on your behalf – no further action required from you. If you want to see the details, or your partner has questions, see [Steps for Partners to register devices](register-devices-partner.md). Once the devices are registered, you can proceed with [checking the image](#check-the-image) and [delivering the devices](#deliver-the-device) to your users.
 
 ## Prepare to register brand-new devices
 

microsoft-365/managed-desktop/service-description/security.md

@@ -14,57 +14,52 @@ ms.topic: article
 
 <!--Security, also Onboarding doc: data handling/store, privileged account access -->
 
-Microsoft Managed Desktop uses several Microsoft technologies to help secure managed devices and data. In addition, the Microsoft Managed Desktop Security Operations Center uses various [processes](security-operations.md) in conjunction with these technologies.
+Microsoft Managed Desktop uses several Microsoft technologies to help secure managed devices and data. In addition, the Microsoft Managed Desktop Security Operations Center uses various [processes](security-operations.md) with these technologies. Specifically:
 
-Specifically:
-
-- [Device security](#device-security) – security and protection on Microsoft Managed Desktop devices
-- [Identity and Access Management](#identity-and-access-management) – managing secure use of devices through Azure Active Directory identity services
-- [Network security](#network-security) – VPN information and Microsoft Managed Desktop recommended solution and settings
-- [Information security](#information-security) – optional available services to further protect sensitive information
+| Process | Description |
+| ------ | ------ |
+| [Device security](#device-security)| Security and protection on Microsoft Managed Desktop devices. |
+| [Identity and Access Management](#identity-and-access-management) | Managing secure use of devices through Azure Active Directory identity services. |
+| [Network security](#network-security)| VPN information and Microsoft Managed Desktop recommended solution and settings. |
+| [Information security](#information-security)| Optional available services to further protect sensitive information. |
 
 For information about data storage, usage, and security practices used by Microsoft Managed Desktop, see our whitepaper at [https://aka.ms/mmd-data](https://aka.ms/mmd-data).
 
-
 ## Device security
 
 Microsoft Managed Desktop ensures all managed devices are secured and protected, and detects threats as early as possible using the following services:
 
-Service | Description
---- | ---
-Antivirus | Microsoft Defender Antivirus is installed and configured<br>Microsoft Defender Antivirus definitions are up to date
-Full Volume Encryption | Windows BitLocker is the volume encryption solution for Microsoft Managed Desktop devices.<br><br>Once an organization is onboarded into the service, devices will be encrypted using Windows BitLocker with built-in Trust Platform Module (TPM) to prevent unauthorized access to local data when the device is in sleep mode, or off.
-Monitoring | Microsoft Defender for Endpoint is used for security threat monitoring across all Microsoft Managed Desktop devices. Defender for Endpoint allows enterprise customers to detect, investigate, and respond to advanced threats in their corporate network. For more information, see [Microsoft Defender for Endpoint.](/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection)
-Operating system updates | Microsoft Managed Desktop devices are always secured with the latest security updates.
-Secure Device Configuration | Microsoft Managed Desktop implements the Microsoft Security Baseline. For more information, see [Windows security baselines.](/windows/security/threat-protection/windows-security-baselines)
-
-
+| Service | Description |
+| ----- | ----- |
+| Antivirus | Microsoft Defender Antivirus is installed and configured<br>Microsoft Defender Antivirus definitions are up to date. |
+| Full Volume Encryption | Windows BitLocker is the volume encryption solution for Microsoft Managed Desktop devices.<br><br>Once an organization is enrolled into the service, devices will be encrypted using Windows BitLocker with built-in Trust Platform Module (TPM) to prevent unauthorized access to local data when the device is in sleep mode, or off.
+| Monitoring | Microsoft Defender for Endpoint is used for security threat monitoring across all Microsoft Managed Desktop devices. Defender for Endpoint allows enterprise customers to detect, investigate, and respond to advanced threats in their corporate network. For more information, see [Microsoft Defender for Endpoint.](/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection) |
+| Operating system updates | Microsoft Managed Desktop devices are always secured with the latest security updates. |
+| Secure Device Configuration | Microsoft Managed Desktop implements the Microsoft Security Baseline. For more information, see [Windows security baselines.](/windows/security/threat-protection/windows-security-baselines)|
 
 ## Identity and access management
 
-Identity and access management protects corporate assets and business-critical data. Microsoft Managed Desktop configures devices to ensure secure use with Azure Active Directory (Azure AD) managed identities. It is the customer's responsibility to maintain accurate information in their Azure AD tenant.
-
-Service | Description
---- | ---
-Biometric Authentication | Windows Hello allows users to sign in by using their face or a PIN, making passwords harder to forget or steal. Customers are responsible for implementing the necessary pre-requisites for their on-premises Active Directory for use of this service in a hybrid configuration. For more information, see [Windows Hello.](/windows-hardware/design/device-experiences/windows-hello) 
-Standard user permission | To protect the system and make it more secure, the user will be assigned Standard User Permissions. This permission is assigned as part of the Windows Autopilot out-of-box experience.
-
+Identity and access management protects corporate assets and business-critical data. Microsoft Managed Desktop configures devices to ensure secure use with Azure Active Directory (Azure AD) managed identities. It's the customer's responsibility to maintain accurate information in their Azure AD tenant.
 
+| Service | Description |
+| ----- | ----- |
+| Biometric Authentication | Windows Hello allows users to sign in by using their face or a PIN, making passwords harder to forget or steal. Customers are responsible for implementing the necessary pre-requisites for their on-premises Active Directory to use this service in a hybrid configuration. For more information, see [Windows Hello.](/windows-hardware/design/device-experiences/windows-hello) |
+| Standard user permission | To protect the system and make it more secure, the user will be assigned Standard User Permissions. This permission is assigned as part of the Windows Autopilot out-of-box experience.
 
 ## Network security
 
-Customers are responsible for network security. 
+Customers are responsible for network security.
 
-Service | Description
---- | ---
-VPN | Customers own their VPN infrastructure, to ensure limited corporate resources can be exposed outside the intranet.<br><br>Minimum requirement: Microsoft Managed Desktop requires a Windows 10 compatible and supported VPN solution. If your organization needs a VPN solution, it needs to support Windows 10 and be packaged and deployable through Intune. Contact your software publisher for more information.<br><br>Recommendation:<br>- Microsoft recommends a modern VPN solution that could be easily deployed through Intune to push VPN profiles. This approach provides an always-on, seamless, reliable, and secure way to access corporate network. For more information, see [[VPN settings in Intune]](/intune/vpn-settings-configure).<br>- Thick VPN clients, or older VPN clients, are not recommended by Microsoft while using Microsoft Managed Desktop as it can impact the user environment.<br>- Microsoft recommends that the outgoing web traffic goes directly to Internet without going through the VPN to avoid any performance issues.<br>- Ideally, Microsoft recommends the use of Azure Active Directory App Proxy instead of a VPN.
+| Service | Description |
+| ----- | ----- |
+| VPN | Customers own their VPN infrastructure, to ensure limited corporate resources can be exposed outside the intranet.<br><br>Minimum requirement: Microsoft Managed Desktop requires a Windows 10 compatible and supported VPN solution. If your organization needs a VPN solution, it needs to support Windows 10 and be packaged and deployable through Intune. Contact your software publisher for more information.<br><br>Recommendation:<br><ul><li> Microsoft recommends a modern VPN solution that could be easily deployed through Intune to push VPN profiles. This approach provides an always-on, seamless, reliable, and secure way to access corporate network. For more information, see [VPN settings in Intune](/intune/vpn-settings-configure).</li><li>Thick VPN clients, or older VPN clients, aren't recommended by Microsoft while using Microsoft Managed Desktop as it can affect the user environment.</li><li>Microsoft recommends that the outgoing web traffic goes directly to Internet without going through the VPN to avoid any performance issues.</li><li>Ideally, Microsoft recommends the use of Azure Active Directory App Proxy instead of a VPN.</li></ul>
 
 
 ## Information security
 
-You can configure these optional services to help protect corporate high-value assets. 
+You can configure these optional services to help protect corporate high-value assets.
 
-Service | Description
---- | ---
-Data recovery  | Information stored in key folders on the device is backed up to OneDrive for Business. Microsoft Managed Desktop is not responsible for data that isn’t synchronized with OneDrive for Business.
-Windows Information Protection | For companies that require high levels of information security, we recommend [Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip) and [Azure Information Protection.](https://www.microsoft.com/cloud-platform/azure-information-protection)
+| Service | Description |
+| ----- | ----- |
+| Data recovery | Information stored in key folders on the device is backed up to OneDrive for Business. Microsoft Managed Desktop isn't responsible for data that isn't synchronized with OneDrive for Business.
+| Windows Information Protection | For companies that require high levels of information security, we recommend [Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip) and [Azure Information Protection.](https://www.microsoft.com/cloud-platform/azure-information-protection)