diff --git a/.openpublishing.redirection.commerce.json b/.openpublishing.redirection.commerce.json
index 4d8484b6557..be553927ca9 100644
--- a/.openpublishing.redirection.commerce.json
+++ b/.openpublishing.redirection.commerce.json
@@ -949,6 +949,11 @@
"source_path": "microsoft-365/commerce/purchases-from-microsoft-open.md",
"redirect_url": "/microsoft-365/commerce/index",
"redirect_document_id": false
+ },
+ {
+ "source_path": "microsoft-365/commerce/licenses/downloads-faq.yml",
+ "redirect_url": "/microsoft-365/commerce/licenses/download-vl-products",
+ "redirect_document_id": false
}
]
}
diff --git a/copilot/TOC.yml b/copilot/TOC.yml
index 1fcf340f8ce..be6ee43b0d8 100644
--- a/copilot/TOC.yml
+++ b/copilot/TOC.yml
@@ -61,5 +61,5 @@
href: /training/paths/prepare-your-organization-microsoft-365-copilot/
- name: "Copilot lab: End user resources"
href: https://copilot.cloud.microsoft/prompts
- - name: Provide Copilot feedback to Microsoft
+ - name: Submit Copilot feedback to Microsoft
href: provide-feedback.md
diff --git a/copilot/microsoft-365-copilot-overview.md b/copilot/microsoft-365-copilot-overview.md
index bfa4fb25e7b..7ac1c336cd2 100644
--- a/copilot/microsoft-365-copilot-overview.md
+++ b/copilot/microsoft-365-copilot-overview.md
@@ -63,7 +63,7 @@ Let's take a look:
4. Copilot takes this response from the LLM and post-processes it.
-5. This post-processing includes more grounding calls to Microsoft Graph, responsible AI checks, security, compliance and privacy reviews, and command generation.
+5. This post-processing includes more grounding calls to Microsoft Graph, responsible AI checks, security, compliance and Purview tasks, and command generation.
Copilot returns the response to the app, where the user can review and assess the response.
diff --git a/copilot/microsoft-365-copilot-privacy.md b/copilot/microsoft-365-copilot-privacy.md
index 2793d58137f..32b8e4a7141 100644
--- a/copilot/microsoft-365-copilot-privacy.md
+++ b/copilot/microsoft-365-copilot-privacy.md
@@ -13,7 +13,7 @@ ms.collection:
- m365copilot
- magic-ai-copilot
hideEdit: true
-ms.date: 10/18/2024
+ms.date: 11/01/2024
ms.custom: [copilot-learning-hub]
---
@@ -69,7 +69,7 @@ While abuse monitoring, which includes human review of content, is available in
## Data stored about user interactions with Microsoft 365 Copilot
-When a user interacts with Microsoft 365 Copilot (using apps such as Word, PowerPoint, Excel, OneNote, Loop, or Whiteboard), we store data about these interactions. The stored data includes the user's prompt and Copilot's response, including citations to any information used to ground Copilot's response. We refer to the user’s prompt and Copilot’s response to that prompt as the "content of interactions" and the record of those interactions is the user’s Copilot interaction history. For example, this stored data provides users with Copilot interaction history in [Business Chat](https://support.microsoft.com/topic/5b00a52d-7296-48ee-b938-b95b7209f737) and [meetings in Microsoft Teams](https://support.microsoft.com/office/0bf9dd3c-96f7-44e2-8bb8-790bedf066b1). This data is processed and stored in alignment with contractual commitments with your organization’s other content in Microsoft 365. The data is encrypted while it's stored and isn't used to train foundation LLMs, including those used by Microsoft 365 Copilot.
+When a user interacts with Microsoft 365 Copilot (using apps such as Word, PowerPoint, Excel, OneNote, Loop, or Whiteboard), we store data about these interactions. The stored data includes the user's prompt and Copilot's response, including citations to any information used to ground Copilot's response. We refer to the user’s prompt and Copilot’s response to that prompt as the "content of interactions" and the record of those interactions is the user’s Copilot activity history. For example, this stored data provides users with Copilot activity history in [Business Chat](https://support.microsoft.com/topic/5b00a52d-7296-48ee-b938-b95b7209f737) and [meetings in Microsoft Teams](https://support.microsoft.com/office/0bf9dd3c-96f7-44e2-8bb8-790bedf066b1). This data is processed and stored in alignment with contractual commitments with your organization’s other content in Microsoft 365. The data is encrypted while it's stored and isn't used to train foundation LLMs, including those used by Microsoft 365 Copilot.
To view and manage this stored data, admins can use Content search or Microsoft Purview. Admins can also use Microsoft Purview to set retention policies for the data related to chat interactions with Copilot. For more information, see the following articles:
@@ -81,7 +81,7 @@ For Microsoft Teams chats with Copilot, admins can also use [Microsoft Teams Exp
### Deleting the history of user interactions with Microsoft 365 Copilot
-Your users can delete their Copilot interaction history, which includes their prompts and the responses Copilot returns, by going to the [My Account portal](https://myaccount.microsoft.com/). For more information, see [Delete your Microsoft 365 Copilot interaction history](https://support.microsoft.com/office/76de8afa-5eaf-43b0-bda8-0076d6e0390f).
+Your users can delete their Copilot activity history, which includes their prompts and the responses Copilot returns, by going to the [My Account portal](https://myaccount.microsoft.com/). For more information, see [Delete your Microsoft 365 Copilot activity history](https://support.microsoft.com/office/76de8afa-5eaf-43b0-bda8-0076d6e0390f).
## Microsoft 365 Copilot and the EU Data Boundary
@@ -99,7 +99,7 @@ Microsoft [Advanced Data Residency (ADR)](/microsoft-365/enterprise/advanced-dat
While Microsoft 365 Copilot is already able to use the apps and data within the Microsoft 365 ecosystem, many organizations still depend on various external tools and services for work management and collaboration. Microsoft 365 Copilot experiences can reference third-party tools and services when responding to a user’s request by using [Microsoft Graph connectors](/graph/connecting-external-content-connectors-overview) or plugins. Data from Graph connectors can be returned in Microsoft 365 Copilot responses if the user has permission to access that information.
-When plugins are enabled, Microsoft 365 Copilot determines whether it needs to use a specific plugin to help provide a relevant response to the user. If a plugin is needed, Microsoft 365 Copilot generates a search query to send to the plugin on the user’s behalf. The query is based on the user’s prompt, Copilot interaction history, and data the user has access to in Microsoft 365.
+When plugins are enabled, Microsoft 365 Copilot determines whether it needs to use a specific plugin to help provide a relevant response to the user. If a plugin is needed, Microsoft 365 Copilot generates a search query to send to the plugin on the user’s behalf. The query is based on the user’s prompt, Copilot activity history, and data the user has access to in Microsoft 365.
In the **Integrated apps** section of the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview), admins can view the permissions and data access required by a plugin as well as the plugin’s terms of use and privacy statement. Admins have full control to select which plugins are allowed in their organization. A user can only access the plugins that their admin allows and that the user installed or is assigned. Microsoft 365 Copilot only uses plugins that are turned on by the user.
@@ -143,14 +143,17 @@ Some privacy controls for connected experiences in Microsoft 365 Apps can affect
#### Privacy control for connected experiences that analyze your content
-If you turn off connected experiences that analyze your content on Windows or Mac devices in your organization, Microsoft 365 Copilot features won’t be available to your users in the following apps:
+If you turn off connected experiences that analyze your content on devices in your organization, Microsoft 365 Copilot features won’t be available to your users in the following apps:
- Excel
-- PowerPoint
- OneNote
+- Outlook
+- PowerPoint
- Word
-There's also a privacy control that turns off all connected experiences, including connected experiences that analyze your content. If you use that privacy control, Microsoft 365 Copilot features won’t be available for certain apps on certain devices as described above.
+This applies to when you’re running the most current version of these apps on Windows, Mac, iOS, or Android devices.
+
+There's also a privacy control that turns off all connected experiences, including connected experiences that analyze your content. If you use that privacy control, Microsoft 365 Copilot features won’t be available in the apps and on the devices described above.
#### Privacy control for optional connected experiences
diff --git a/copilot/provide-feedback.md b/copilot/provide-feedback.md
index 04dc09d531e..5490d0baf24 100644
--- a/copilot/provide-feedback.md
+++ b/copilot/provide-feedback.md
@@ -1,11 +1,11 @@
---
-title: "Provide user feedback for Microsoft 365 Copilot"
+title: "Submit admin-initiated Copilot feedback from the Microsoft 365 admin center"
f1.keywords:
- NOCSH
ms.author: camillepack
author: camillepack
manager: scotv
-ms.date: 12/12/2023
+ms.date: 11/01/2024
audience: Admin
ms.topic: how-to
ms.service: microsoft-365-copilot
@@ -14,12 +14,12 @@ ms.collection:
- scotvorg
- m365copilot
- magic-ai-copilot
-description: "Learn how to provide Microsoft 365 Copilot feedback to Microsoft on behalf of their users who encounter issues"
+description: "Learn how to provide Microsoft 365 Copilot feedback to Microsoft on behalf of your users who encounter issues"
---
-# Provide user feedback for Microsoft 365 Copilot
+# Submit admin-initiated Copilot feedback from the Microsoft 365 admin center
-Microsoft 365 Copilot is a product that helps users boost their productivity with large-language models (LLM). While Copilot is designed to provide accurate and informative responses based on the knowledge and data available in the Microsoft Graph, it's important to note that answers may not always be completely accurate. This is because Copilot generates responses based on patterns and probabilities in language data. Providing feedback is essential to improve the product and make it more dependable for users.
+Microsoft 365 Copilot is a product that helps users boost their productivity with large-language models (LLM). While Copilot is designed to provide accurate and informative responses based on the knowledge and data available in the Microsoft Graph, it's important to note that answers may not always be accurate. This is because Copilot generates responses based on patterns and probabilities in language data. Providing feedback is essential to improve the product and make it more dependable for users.
Microsoft 365 Copilot currently allows user-initiated feedback. As an admin, you can give feedback to supplement the user-initiated process. This helps Microsoft receive comprehensive diagnostic data to aid in debugging, especially in cases where users may not be able to provide feedback themselves. By providing feedback on behalf of your users, you can help enhance the overall experience of Copilot for your organization by improving the quality and relevance of its responses.
@@ -29,9 +29,9 @@ This article explains how you can initiate feedback on behalf of your users.
Before you begin, you must have the following:
-- A Microsoft 365 subscription with Microsoft 365 Copilot5 license
+- A Microsoft 365 subscription with a Microsoft 365 Copilot license
-- Global Admin role to complete the task in this article. For more information, see [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles).
+- Global admin role to complete the task in this article. For more information, see [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles).
- An email address of the user who experienced an issue with Microsoft 365 Copilot.
@@ -50,7 +50,7 @@ To provide feedback to Microsoft on behalf of a user who encountered a problem w
> [!NOTE]
> The maximum number of conversations you can share is 30.
-4. After a short wait, you’ll receive a JSON file containing the user's conversations with Copilot for the past X interactions (utterance/response pairs) that you select, along with their feedback logs. The file will be redacted to protect Microsoft IP, if any. You can use any JSON viewer tool to inspect the data and include additional comments for the feedback. The file will be available for download once it's generated.
+4. After a short wait, you’ll receive a JSON file containing the user's conversations with Copilot for the past X interactions (utterance/response pairs) that you select, along with their feedback logs. The file is redacted to protect Microsoft IP, if any. You can use any JSON viewer tool to inspect the data and include additional comments for the feedback. The file will be available for download once it's generated.
5. Decide whether or not to move forward with the feedback submission to Microsoft. If you choose to share the data, select **Submit**. If you don’t want to share the data, select **Cancel**.
diff --git a/microsoft-365/admin/activity-reports/activity-reports.md b/microsoft-365/admin/activity-reports/activity-reports.md
index 0c62cb79aa1..520f3a32efb 100644
--- a/microsoft-365/admin/activity-reports/activity-reports.md
+++ b/microsoft-365/admin/activity-reports/activity-reports.md
@@ -151,7 +151,7 @@ Your user list will look like this:
-If you want to unhide user, group, or site information when you're generating your reports, a **global administrator** can quickly make that change in the admin center.
+If you want to unhide user, group, or site information when you're generating your reports, you can quickly make that change in the admin center.
Reports provide information about your organization's usage data. Starting September 1, 2021, we're hiding user, group, or site information by default for all reports as part of our ongoing commitment to help companies support their local privacy laws.
@@ -184,7 +184,7 @@ Properties for Teams team usage report:
There are additional reports that follow this org setting. For example, some reports in Microsoft Teams admin center follow the same.
-Global administrators can revert this change for their tenant and show identifiable user, group, and site information if their organization's privacy practices allow it. It can be achieved in the Microsoft 365 admin center by following these steps:
+You can revert this change for their tenant and show identifiable user, group, and site information if their organization's privacy practices allow it. It can be achieved in the Microsoft 365 admin center by following these steps:
1. In the admin center, go to the **Settings** \> **Org Settings** \> **Services** page.
@@ -192,7 +192,7 @@ Global administrators can revert this change for their tenant and show identifia
3. Uncheck the statement **Display concealed user, group, and site names in all reports**, and then save your changes.
-Beginning on June 23, 2022, an API will gradually become available to all environments for global admins to change this setting without needing to visit the Microsoft 365 admin center.
+Beginning on June 23, 2022, an API will gradually become available to all environments for admins to change this setting without needing to visit the Microsoft 365 admin center.
For more details, see [adminReportSettings API](/graph/api/resources/adminreportsettings?view=graph-rest-beta&preserve-view=true).
@@ -200,7 +200,7 @@ Two methods have been approved for this API:
:::image type="content" source="../../media/api-show-details.png" alt-text="API Methods.":::
-The report will only contain a Privacy Setting property. For more information on Graph API, see [Use the Microsoft Graph API](/graph/use-the-api). Global admins can use the Software Development Kit (SDK) or directly call the API using any program language with network ability. We recommend using [Graph Explorer](/graph/graph-explorer/graph-explorer-overview).
+The report will only contain a Privacy Setting property. For more information on Graph API, see [Use the Microsoft Graph API](/graph/use-the-api). You can use the Software Development Kit (SDK) or directly call the API using any program language with network ability. We recommend using [Graph Explorer](/graph/graph-explorer/graph-explorer-overview).
It will take a few minutes for these changes to take effect on the reports in the reports dashboard. This setting also applies to the Microsoft 365 usage reports in [Microsoft Graph](/graph/api/resources/report) and [Power BI](/microsoft-365/admin/usage-analytics/usage-analytics) and [the usage reports in Microsoft Teams Admin center](/microsoftteams/teams-analytics-and-reports/teams-reporting-reference). Showing identifiable user information is a logged event in the Microsoft Purview compliance portal audit log.
diff --git a/microsoft-365/admin/activity-reports/microsoft-365-copilot-usage.md b/microsoft-365/admin/activity-reports/microsoft-365-copilot-usage.md
index a2158c1392d..055e4ac4836 100644
--- a/microsoft-365/admin/activity-reports/microsoft-365-copilot-usage.md
+++ b/microsoft-365/admin/activity-reports/microsoft-365-copilot-usage.md
@@ -51,6 +51,9 @@ You can view several numbers for Microsoft 365 Copilot usage, which highlight th
**Active Users** shows the total number of enabled users in your organization who tried a user-initiated Microsoft 365 Copilot feature, in one or more apps in Microsoft 365 over the selected time period.
+> [!NOTE]
+> Active users now includes Business Chat (web) usage starting from August 20, 2024. We'll update this documentation once the specific usage of the entry point for Business Chat (web) is available.
+
**Active users rate** shows you the number of active users in your organization divided by the number of enabled users.
In Recommendations, the recommended action card highlights [Microsoft Copilot Dashboard](/viva/insights/org-team-insights/copilot-dashboard), where you can deliver insights to your IT leaders to explore Copilot readiness, adoption, and impact in Viva Insights.
@@ -137,6 +140,9 @@ To ensure data quality, we perform daily data validation checks for the past thr
| Last activity date of Loop Copilot (UTC) | The latest date the user had activity in Loop Copilot, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
| Last activity date of Copilot chat (UTC) | The latest date the user had activity in Copilot chat, including any of the intentional activities, regardless of the selected time period of past 7/30/90/180 days. |
+> [!NOTE]
+> The Last activity date (UTC) now includes the latest date the user had activity in Business Chat (web) starting from August 20, 2024, including any of the intentional activities, regardless of the selected time period of the past 7/30/90/180 days.
+
## Make the user-specific data anonymous
To make the data in the Microsoft 365 Copilot report anonymous, you must be a global administrator. This will hide identifiable information (using MD5 hashes) such as display name, email, and Microsoft Entra Object ID in report and their export.
diff --git a/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md b/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
index d9ad0223614..fbda55bec42 100644
--- a/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
+++ b/microsoft-365/admin/activity-reports/sharepoint-site-usage-ww.md
@@ -44,13 +44,13 @@ Your user list will look like this:
-Global administrators can revert this change for their tenant and show identifiable user information if their organization's privacy practices allow it. It can be achieved in the Microsoft 365 admin center by following these steps:
+Administrators can revert this change for their tenant and show identifiable user information if their organization's privacy practices allow it. It can be achieved in the Microsoft 365 admin center by following these steps:
1. In the admin center, go to the **Settings** \> **Org Settings** \> **Services** page.
-2. Select **Reports**.
+2. Select **Reports**.
-3. Uncheck the statement **In all reports, display de-identified names for users, groups, and sites**, and then save your changes.
+3. Uncheck the statement **In all reports, display de-identified names for users, groups, and sites**, and then save your changes.
## Interpret the SharePoint site usage report
diff --git a/microsoft-365/admin/admin-overview/sign-up-for-office-365.md b/microsoft-365/admin/admin-overview/sign-up-for-office-365.md
index fcecd3b284d..952cf6b2b65 100644
--- a/microsoft-365/admin/admin-overview/sign-up-for-office-365.md
+++ b/microsoft-365/admin/admin-overview/sign-up-for-office-365.md
@@ -34,7 +34,7 @@ search.appverid:
- MET150
ROBOTS: NOINDEX
description: "Learn how to choose a Microsoft 365 for business plan, sign up, and set up your subscription."
-ms.date: 01/11/2024
+ms.date: 11/04/2024
---
# How to sign up for a Microsoft 365 for business plan - Admin Help
diff --git a/microsoft-365/admin/adoption/group-level-aggregates.md b/microsoft-365/admin/adoption/group-level-aggregates.md
index 8ce0a0e519c..b7a2b6a4f29 100644
--- a/microsoft-365/admin/adoption/group-level-aggregates.md
+++ b/microsoft-365/admin/adoption/group-level-aggregates.md
@@ -38,11 +38,11 @@ Group Level Aggregates help admins and adoption strategists understand how diffe
Group Level Aggregates isn't enabled by default.
> [!NOTE]
-> Group Level Aggregates can only be enabled by the Global Administrator role.
+> Group Level Aggregates can only be enabled by the Global administrator role.
To enable Group Level Aggregates:
-1. Sign in to the Microsoft 365 admin center as a Global Administrator.
+1. Sign in to the Microsoft 365 admin center.
2. Go to **Settings** \> **Org settings** \> **Adoption Score**.
diff --git a/microsoft-365/admin/adoption/organizational-messages.md b/microsoft-365/admin/adoption/organizational-messages.md
index 7d2e09fb759..ca7c2b0685b 100644
--- a/microsoft-365/admin/adoption/organizational-messages.md
+++ b/microsoft-365/admin/adoption/organizational-messages.md
@@ -43,7 +43,7 @@ For a successful preview experience, you need to be one of the following admin r
- Organizational message writer
-The organizational message writer role is the new built-in role that allows assigned admins to view and configure messages. The global administrator can assign the organizational message writer role to admin:
+The Organizational message writer role is the new built-in role that allows assigned admins to view and configure messages. The Global administrator can assign the Organizational message writer role to admins:
1. Go to **Roles** \> **Role assignments**.
@@ -76,7 +76,7 @@ The desktop teaching call-out is supported by Microsoft 365 Consumer and Commerc
To enable Adoption Score Organizational Messages, the global administrator needs to enable Adoption Score first:
-1. Sign in to the admin center as a global administrator and go to **Reports** \> **Adoption Score**.
+1. Sign in to the admin center and go to **Reports** \> **Adoption Score**.
2. Select **Enable Adoption Score**. It can take up to 24 hours for insights to become available.
diff --git a/microsoft-365/admin/adoption/privacy.md b/microsoft-365/admin/adoption/privacy.md
index a15a1bf3861..92883fd8988 100644
--- a/microsoft-365/admin/adoption/privacy.md
+++ b/microsoft-365/admin/adoption/privacy.md
@@ -60,7 +60,7 @@ Users with the Reports Reader role can view usage reporting data and the reports
## Capability to choose specific users or certain groups
-You can choose the users and groups whose data will be used to determine your org's people experiences insights. Omitting some groups will affect the insights calculations. You have to be a Global admin to opt your organization out of the people experiences reports. You must be a Global admin to change this setting. It can take up to 24 hours for change to apply.
+You can choose the users and groups whose data will be used to determine your org's people experiences insights. Omitting some groups will affect the insights calculations. You have to be a Global admin to opt your organization out of the people experiences reports and to change this setting. It can take up to 24 hours for change to apply.
To omit certain groups:
diff --git a/microsoft-365/admin/manage/assign-licenses-to-users.md b/microsoft-365/admin/manage/assign-licenses-to-users.md
index 975bf7d2bb2..75030624b99 100644
--- a/microsoft-365/admin/manage/assign-licenses-to-users.md
+++ b/microsoft-365/admin/manage/assign-licenses-to-users.md
@@ -63,9 +63,6 @@ The **Licenses** page lets you assign or unassign licenses for up to 20 users at
The **Licenses** page shows an aggregate total of licenses for all subscriptions for the same product name. For example, you might have one subscription for Microsoft 365 Business Premium that has five licenses, and another subscription that has eight licenses for the same product. The **Licenses** page shows that you have a total of 13 licenses for Microsoft 365 Business Premium across all your subscriptions. This number is different from what you see on the **Your products** page, which displays a row for each subscription you own, even if they are for the same product.
-> [!IMPORTANT]
-> If you want to assign a license to a guest user, follow the steps in [Assign a license to a guest user](#assign-a-license-to-a-guest-user).
-
### Assign licenses by using the Licenses page
1. In the admin center, go to the **Billing** \> Licenses page.
@@ -96,9 +93,6 @@ If there's a conflict, you see a message that tells you what the problem is, and
When you use the **Active users** page to assign or unassign licenses, you assign or unassign users licenses to products.
-> [!IMPORTANT]
-> If you want to assign a license to a guest user, follow the steps in [Assign a license to a guest user](#assign-a-license-to-a-guest-user).
-
### Assign licenses to one user
1. In the admin center, go to the **Users** \> Active users page.
@@ -123,27 +117,6 @@ When you use the **Active users** page to assign or unassign licenses, you assig
> [!NOTE]
> If you want to assign licenses for a large number of users, use [Assign or unassign licenses to a group in the Microsoft 365 admin center](manage-group-licenses.md).
-## Assign a license to a guest user
-
-You can invite guest users to collaborate with your organization in the Microsoft Entra admin center. To learn about guest users, see [B2B collaboration overview](/azure/active-directory/external-identities/what-is-b2b). If you don't have any guest users, see [Quickstart: Add a guest user and send an invitation](/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal).
-
-> [!IMPORTANT]
-> You must be a Global Administrator to do these steps.
-
-[!INCLUDE [ga-roles-limitation](../../includes/ga-roles-limitation.md)]
-
-1. Go to the Microsoft Entra admin center.
-2. In the navigation pane, select **Users** > **All Users**.
-3. On the **Users** page, next to the search box, select **Add filters**.
-4. In the **Add filter** drop-down list, select **User type**.
-5. Select the **Value** drop-down list, select **Guest**, then select **Apply**.
-6. In the list of results, select the name of the user who needs a license.
-7. In the navigation pane, under **Manage**, select **Licenses**.
-8. Select **Assignments**.
-9. Under **Select licenses**, select the products you want to assign licenses for.
-10. Under **Review license options**, clear the check boxes for any services you don't want the guest user to have access to.
-11. At the bottom of the page, select **Save**.
-
## Use the Active users page to unassign licenses
When you use the **Active users** page to unassign licenses, you remove product licenses from users.
diff --git a/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps.md b/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps.md
index 34decb35ccf..c16b573cb8c 100644
--- a/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps.md
+++ b/microsoft-365/admin/manage/test-and-deploy-microsoft-365-apps.md
@@ -5,7 +5,7 @@ f1.keywords:
ms.author: efrene
author: efrene
manager: scotv
-ms.date: 09/18/2024
+ms.date: 11/07/2024
audience: Admin
ms.topic: article
ms.service: microsoft-365-business
@@ -83,6 +83,9 @@ As an admin, the following app/add-in types can be managed from the Integrated a
|Teams app (manifest version less than 1.13)|Teams|[Block & Unblock](/microsoft-365/admin/manage/teams-apps-work-only-on-teams)|Global Admin|Go to Teams admin center for default tenant setting, deployment and managing availability|
|Teams app (manifest version equal to or greater than 1.13)|Outlook
Microsoft 365 App
Teams| [Deploy/Edit deployed users/Remove deployment](/microsoft-365/admin/manage/teams-apps-work-on-outlook-and-m365#deploy-a-teams-app-that-works-on-outlook-and-the-microsoft-365-app-via-the-integrated-apps-portal)
[Block & Unblock](/microsoft-365/admin/manage/teams-apps-work-on-outlook-and-m365#manage-how-users-can-install-teams-apps-on-outlook-and-the-microsoft-365-app)
[Manage availability>Edit users](/microsoft-365/admin/manage/teams-apps-work-on-outlook-and-m365#how-to-manage-the-availability-of-an-app-in-your-organization)
[Default setting for tenant](/microsoft-365/admin/manage/teams-apps-work-on-outlook-and-m365#customize-default-settings-for-teams-apps-that-work-on-outlook-and-the-microsoft-365-app)|Azure Application Admin|Go to Teams admin center to manage how this app shows up in Teams for users in your organization.|
+> [!NOTE]
+> An Exchange admin can deploy an add-in if the Application Administrator role is added or if the App Registration property is set to true in the Microsoft Entra admin center. For more information, see [Admin Requirements](https://learn.microsoft.com/microsoft-365/admin/manage/centralized-deployment-of-add-ins?view=o365-worldwide#admin-requirements)
+
## Other admin centers
You can continue to manage access to Office add-ins and Teams apps via the following settings:
diff --git a/microsoft-365/admin/security-and-compliance/increase-threat-protection.md b/microsoft-365/admin/security-and-compliance/increase-threat-protection.md
index 4b1ee80e11b..e3364623e2d 100644
--- a/microsoft-365/admin/security-and-compliance/increase-threat-protection.md
+++ b/microsoft-365/admin/security-and-compliance/increase-threat-protection.md
@@ -57,7 +57,7 @@ For additional details about securing data and managed devices in Microsoft 365
| 1 | **[Use multifactor authentication](multi-factor-authentication-microsoft-365.md)** | [Multifactor authentication](multi-factor-authentication-microsoft-365.md) (MFA), also known as two-step verification, requires members of your organization to use a code or authentication app on their phone to sign into Microsoft 365. It's a critical first step to protecting your business data. Using MFA can prevent hackers who learn your password from taking over.
See [Turn on multifactor authentication](../../business-premium/m365bp-turn-on-mfa.md). |
| 2 | **[Protect your administrator accounts](../../business-premium/m365bp-protect-admin-accounts.md)** | Administrator accounts (used by people called "admins") have elevated privileges, making these accounts more susceptible to cyberattacks. You'll need to set up and manage the appropriate number of admin and user accounts for your business. We also recommend adhering to the information security principle of least privilege, which means that users and applications should be granted access only to the data and operations they require to perform their jobs.
See [Protect your administrator accounts](../../business-premium/m365bp-protect-admin-accounts.md). |
| 3 | **[Use preset security policies](/defender-office-365/preset-security-policies)** | Your subscription includes [preset security policies](../../security/office-365-security/preset-security-policies.md) that use recommended settings for anti-spam, anti-malware, and anti-phishing protection. Set your policies in the [Microsoft Defender portal](https://security.microsoft.com) to at least **Standard** protection.
See [Protect against malware and other cyberthreats](../../business-premium/m365bp-protect-against-malware-cyberthreats.md). |
-| 4 | **[Protect all devices](../../business-premium/m365bp-set-up-unmanaged-devices.md)** | Every device is a possible attack avenue into your network and must be configured properly, even devices that are owned personally but also used for work.
See these articles:
- [Help users set up MFA](https://support.microsoft.com/office/ace1d096-61e5-449b-a875-58eb3d74de14)
- [Protect unmanaged Windows and Mac devices](../../business-premium/m365bp-protect-pcs-macs.md)
- [Secure managed devices](../../business-premium/m365bp-managed-devices-setup.md) (requires Microsoft 365 Business Premium or Microsoft Defender for Business) |
+| 4 | **[Protect all devices](../../business-premium/m365bp-set-up-unmanaged-devices.md)** | Every device is a possible attack avenue into your network and must be configured properly, even devices that are owned personally but also used for work.
See these articles:
- [Help users set up MFA](https://support.microsoft.com/office/ace1d096-61e5-449b-a875-58eb3d74de14)
- [Protect unmanaged Windows and Mac devices](../../business-premium/m365bp-users-protect-unmanaged-devices.md)
- [Secure managed devices](../../business-premium/m365bp-managed-devices-setup.md) (requires Microsoft 365 Business Premium or Microsoft Defender for Business) |
| 5 | **[Adjust sharing settings for SharePoint and OneDrive files and folders](../../business-premium/m365bp-protect-against-malware-cyberthreats.md#3-adjust-sharing-settings-for-sharepoint-and-onedrive-files-and-folders)** | Default sharing settings for SharePoint and OneDrive are set to the most permissive level, which might be a more permissive level than you should use. We recommend reviewing, and if necessary changing, the settings to better protect your business. Grant members of your organization only the access they need to do their jobs.
See [Adjust sharing settings for SharePoint and OneDrive files and folders](../../business-premium/m365bp-protect-against-malware-cyberthreats.md#3-adjust-sharing-settings-for-sharepoint-and-onedrive-files-and-folders). |
## Related content
diff --git a/microsoft-365/admin/setup/download-software-licenses-csp.md b/microsoft-365/admin/setup/download-software-licenses-csp.md
index bde877805be..eac6649a1c1 100644
--- a/microsoft-365/admin/setup/download-software-licenses-csp.md
+++ b/microsoft-365/admin/setup/download-software-licenses-csp.md
@@ -24,7 +24,7 @@ ms.custom:
- admindeeplinkMAC
- GAUpdates
description: Learn how to download the software and product license keys for perpetual software bought through the Cloud Solution Provider (CSP) program.
-ms.date: 01/09/2024
+ms.date: 11/04/2024
---
# Download perpetual software and product license keys in Microsoft 365
diff --git a/microsoft-365/admin/support-assist-private-preview-agreement.md b/microsoft-365/admin/support-assist-private-preview-agreement.md
new file mode 100644
index 00000000000..73c6f35bde4
--- /dev/null
+++ b/microsoft-365/admin/support-assist-private-preview-agreement.md
@@ -0,0 +1,374 @@
+---
+title: "Support Assist Private Preview Agreement"
+f1.keywords: NOCSH
+ms.author: cmcatee
+author: cmcatee-MSFT
+manager: scotv
+ms.reviewer: rabhange
+audience: Admin
+ms.topic: legal
+ms.service: microsoft-365-business
+ms.localizationpriority: medium
+ms.collection:
+- Tier3
+- Adm_O365
+- scotvorg
+- must-keep
+ms.custom:
+- asset-status-exempt-cela
+feedback_system: None
+hideEdit: true
+ROBOTS: NOINDEX, NOFOLLOW
+description: "Support Assist Private Preview Agreement"
+ms.date: 10/31/2024
+---
+
+# Support Assist Private Preview Agreement
+
+Effective Date: October 31st, 2024
+
+The following Preview Agreement ("Agreement") is an agreement between you ("**Participant**") and Microsoft Corporation (or based on where Participant is located one of its affiliates) ("**Microsoft**"), each of which has authorized a signatory to participate in this Agreement on its behalf. IF YOU COMPLY WITH THESE TERMS, YOU HAVE THE RIGHTS BELOW. BY PARTICIPATING IN THE PREVIEW, YOU ACCEPT THESE TERMS.
+
+This Agreement represents Microsoft's standard terms and conditions for use of its Pre-Release Technologies and is not subject to negotiation. By accepting this Agreement, Participant represents that it is acting as an agent of an organization with which they are affiliated and has the authority to bind that entity and to participate in the Preview on behalf of such entity.
+
+## 1. Definitions
+
+a. "Affiliate" means any legal entity that owns, is owned by, or is commonly owned with a party, where "own" means having more than 50% ownership or the right to direct the management of the entity.
+
+b. "Confidential Information" means non-public information, know-how, or trade secrets in any form that are designated as being confidential or that a reasonable person knows or reasonably should understand to be confidential. Confidential Information does not include any information, however designated, that (i) is or becomes publicly available without a breach of this Agreement; (ii) was lawfully known to the receiver of the information without an obligation to keep it confidential; (iii) is received from another source who can disclose it lawfully and without an obligation to keep it confidential; (iv) is independently developed; or (v) is Feedback.
+
+c. "Participant Data" means all data and content, including without limitation all text, documents, photos, videos, emails, instant messages, sound, or image files, that Participant uploads to or that is processed using the Pre-Release Technologies.
+
+d. "Personal Data" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. "Feedback" means, collectively, suggestions, comments, feedback, ideas, or know-how, in any form, that Participant provides to Microsoft about Microsoft's business, products, or services.
+
+e. "Pre-Release Technologies" means the pre-release versions of Microsoft services or software, including any technology, information, documentation, materials, Internet-based services, supplements, or updates, that Microsoft is making available to Participant through its participation in the Preview duly detailed in Exhibit 1.
+
+f. "Preview" means the invitation-only Microsoft program through which Microsoft makes the Pre-Release Technologies available to Participant duly detailed in Exhibit 1.
+
+g. "Preview Materials" means, collectively, all materials that describe the Preview and that Microsoft makes available to Participant, including any invitations, materials specifying requirements or eligibility criteria, Pre-Release Technologies documentation, and this Agreement.
+
+h. "Residuals" means information in intangible form retained in unaided memory by persons who have had access to Confidential Information.
+
+i. "Sub-processor" means other processors used by Microsoft to process Personal Data.
+
+j. "Term" means the term of this Agreement.
+
+## 2. Agreement Purpose
+
+The terms and conditions of this Agreement apply to Participant's access to and use of Pre-Release Technologies that Microsoft makes available to Participant as part of Participant's participation in the Preview as detailed in Exhibit 1. Unless otherwise expressly noted, the following terms apply to all Pre-Release Technologies provided to Participant under this Agreement.
+
+## 3. Participant Data
+
+The Pre-Release Technologies may allow Participant to store, process, access, and query Participant Data from Participant's devices without having to replicate or move Participant Data. Participant is solely responsible for Participant Data and information used to develop, operate, or maintain any software programs or services it uses to access or use the Pre-Release Technologies. Microsoft has no obligation to hold, export, or return any Participant Data. Microsoft has no liability for the deletion of Participant Data.
+
+## 4. Feedback
+
+Providing Feedback is voluntary. Microsoft is under no obligation to post or use any Feedback. By providing Feedback to Microsoft, Participant (and anyone providing Feedback through Participant) irrevocably and perpetually grant to Microsoft and its Affiliates, under all of its (and their) owned or controlled intellectual property rights, a worldwide, non-exclusive, fully paid-up, royalty-free, transferable, sub-licensable right and license to make, use, reproduce, prepare derivative works based upon, distribute, publicly perform, publicly display, transmit, and otherwise commercialize the Feedback (including by combining or interfacing products, services, or technologies that depend on or incorporate Feedback with other products, services, or technologies of Microsoft or others), without attribution in any way and for any purpose. Participant warrants that:
+
+a. it will not provide Feedback that is subject to a license requiring Microsoft to license anything to third parties because Microsoft exercises any of the above rights in Participant's Feedback; and
+
+b. it owns or otherwise controls all of the rights to such Feedback and that no such Feedback is subject to any third-party rights (including any personality or publicity rights).
+
+## 5. Pre-Release Technologies
+
+### 5.1 Pre-Release Technologies and Updates
+
+The Pre-Release Technologies may not work correctly or in the manner that a commercial version of the Technologies may function. We may change it for the final, commercial version or we may not release a commercial version. Certain features may be missing or disabled. Microsoft may update the Pre-Release Technologies at any time and for any reason, which may result in the deletion of Participant Data. In the event that Microsoft provides bug fixes or updates to the Pre-Release Technologies or provides an updated version of the Pre-Release Technologies to Participant, Participant agrees to install the update or the updated version as directed by Microsoft. The Pre-Release Technologies may experience interruptions and extended downtime for reasons including maintenance, updates, power outages, and system failures. During such periods, Participant may be unable to access or use all or a portion of the Pre-Release Technologies, and some or all of Participant Data may be deleted. Microsoft may suspend the Pre-Release Technologies at any time and at Microsoft's sole discretion, and some or all of Participant Data could be deleted. If Microsoft makes a commercial version of the Pre-Release Technologies available, Participant must enter into a separate agreement if it wishes to access and use the commercial version.
+
+## 6. Permissible Use of the Pre-Release Technologies
+
+### 6.1 Microsoft Services
+
+Microsoft grants Participant a non-exclusive, nontransferable, limited right to access and use the Microsoft services in connection with Participant's participation in the Preview. All such use is subject to Participant's compliance with this Agreement, any policies and procedures governing the use of the Microsoft services, and any limits we may set on the number of users who may access or use the Microsoft services.
+
+### 6.2 Microsoft Software
+
+We grant you a non-exclusive, non-transferable, limited right to install and use one copy of the Microsoft Software included in the Pre-Release Technologies ("Microsoft Software") per device for use by only one person at a time in connection with Participants involvement in the Preview. All such use is subject to Participant's compliance with this Agreement and any policies, applicable license terms, and procedures governing the use of the Microsoft Software. Microsoft reserves all other rights to such software. If you are a person agreeing to this Agreement on behalf of an entity, your agreement to any additional software license terms that may accompany additional software will also constitute agreement to those additional terms on behalf of your entity, notwithstanding the fact that such additional software license terms may also be presented to each of Participant's end users during the course of installation and set-up.
+
+### 6.3 Representations and Warranties
+
+Participant represents and warrants that:
+
+a. it has and will maintain all necessary rights to its Participant Data and any other data, software programs, or services it uses in connection with the Pre-Release Technologies.
+
+b. its use of such data, software programs, or services does not infringe the intellectual property or other proprietary rights of any third party;
+
+c. it will not access or use the Pre-Release Technologies in a manner that violates the rights of any third party or purports to subject Microsoft to any other obligations;
+
+d. it will access and use the Pre-Release Technologies in a manner that complies with all laws and regulations;
+
+e. it will not work around or attempt to work around any technical limitations in the Pre-Release Technologies;
+
+f. it will not reverse engineer, decompile, or disassemble the Pre-Release Technologies, or use the Pre-Release Technologies for benchmarking, except and only to the extent that applicable law expressly permits, despite this limitation;
+
+g. it will not make copies of the Pre-Release Technologies other than as specified in this Agreement or allowed by applicable law, despite this limitation;
+
+h. it will not publish the Pre-Release Technologies for others to copy;
+
+i. it will not rent, lease, or lend the Pre-Release Technologies;
+
+j. it will not transfer the Pre-Release Technologies or this Agreement to any third party; and
+
+k. it will not use the Pre-Release Technologies for commercial software-hosting services.
+
+### 6.4 Production Use
+
+If you are notified by Microsoft in writing that you are permitted to use the Pre-Release Technologies in a production environment, the following provisions apply:
+
+a. Participant, at its sole discretion, may install and use the Pre-Release Technologies in a live production environment, solely for Participant's internal use and as part of Participant's participation in the Preview, provided that it agrees to cease such use immediately upon notice from Microsoft.
+
+b. Participant acknowledges that the Pre-Release Technologies may contain bugs or other errors that could cause the Pre-Release Technologies, any system they run on, and any applications running on them to malfunction or experience impaired performance. Participant agrees to take adequate precautionary measures to back-up and protect all data and otherwise prevent any harm greater than Participant is willing to bear resulting from any failure of the Pre-Release Technologies. Participant hereby acknowledges and agrees that to the greatest extent permitted by law Participant assumes the risk of and is fully responsible for any and all harm that may result from use of the Pre-Release Technologies in a live production environment.
+
+### 6.5 Use Restrictions
+
+Participant may not:
+
+a. Remove, modify, or tamper with any regulatory or legal notice or link that is incorporated into the Pre-Release Technologies.
+
+b. Falsify any protocol or email header information (e.g., "spoofing") within the Pre-Release Technologies; or
+
+c. Access or use the Pre-Release Technologies:
+
+ > i. within or to support Participant's live operating or commercial production environment except as set forth in this Agreement and unless otherwise notified by Microsoft in writing.
+ >
+ > ii. in any way prohibited by any law, regulation or governmental order or decree or that violates others' legal rights.
+ >
+ > iii. in any way that could harm the Pre-Release Technologies or impair anyone else's use of the Pre-Release Technologies (e.g., denial of service attacks, etc.).
+ >
+ > iv. to try to gain unauthorized access to any service, data, account, or network by any means.
+ >
+ > v. to send "spam" (i.e., unsolicited bulk or commercial messages) or otherwise make available any offering designed to violate these terms; or
+ >
+ > vi. access the Pre-Release Technologies through any other Pre-Release Technologies subscription without the express permission of the subscription holder.
+
+## 7. Confidentiality; Proprietary Rights
+
+### 7.1 Confidentiality
+
+a. The information shared under this Agreement (except Feedback) is Confidential Information subject to the NDA. If there is no NDA, or the NDA is terminated or otherwise ceases to be in effect, the following terms shall apply:
+
+ > i. Use of Confidential Information. Starting on the day of disclosure and continuing for five years, neither party will disclose the other's Confidential Information to third parties except as otherwise expressly provided in this Section 5.1(b). Each party will use such information only for purposes of the parties' business relationship under this Agreement. Each party will take reasonable steps to protect the other's Confidential Information. Each party may disclose the other's Confidential Information to Affiliates, employees, and contractors and will remain responsible for their unauthorized use or disclosure. These disclosures may be made only on a need-to-know basis, subject to the obligations of this Section 5.1(b).
+ >
+ > ii. Cooperation in the event of disclosure. Each party will immediately notify the other party upon discovery of any unauthorized use or disclosure of Confidential Information. Each party will help the other party regain possession of the Confidential Information and prevent further unauthorized use or disclosure.
+ >
+ > iii. Residuals. Each party receiving Residuals may freely use them without payment and need not limit personnel assignments based on access to Confidential Information. This section is not a copyright or patent license and does not modify duties to safeguard Confidential Information.
+
+### 7.2 Reservation of Rights; No Other License
+
+The Pre-Release Technologies are licensed, not sold, and Microsoft reserves all rights not expressly granted in this Agreement. No additional rights (including implied licenses, rights, or covenants) are granted by implication, estoppel, or otherwise. Except as expressly set forth herein, this Agreement does not provide Participant with any license or rights to use any data, software programs, or services, or to any related or enabling technologies that may be necessary to use such data, software programs, or services. Any license or other terms associated with any data, software programs, or services that access or use the Pre-Release Technologies do not apply to or bind Microsoft. Participant has no right of ownership or of control over the Pre-Release Technologies.
+
+### 7.3 License to Microsoft
+
+Participant licenses to Microsoft (and its Affiliates and necessary sublicensees), all intellectual property or other rights required to allow Microsoft to use or process Participant Data or other information through the Pre-Release Technologies. Microsoft may only use such rights, Participant Data, and information to provide, operate, and improve the Pre-Release Technologies or support services (if any). Other than as necessary to provide the Pre-Release Technologies, Microsoft has no right of ownership or control over Participant Data or other information provided by Participant in connection with the use of the Pre-Release Technologies. Participant is solely responsible for protecting rights it has, or may have, in its Participant Data or information.
+
+## 8. Your Account
+
+Any credentials, such as ID and password, or tokens that Microsoft may provide as part of the Preview, are confidential. Microsoft will not be liable for any loss resulting from an unauthorized person using the assigned credentials or tokens. Participant is solely responsible for all activity conducted using its credentials or tokens. All individuals using the Pre-Release Technologies through Participant's account must comply with this Agreement.
+
+## 9. Service Levels; Security
+
+### 9.1 Service Levels
+
+Microsoft has no obligation to provide any support services for the Pre-Release Technologies.
+
+### 9.2 Security
+
+Microsoft may apply security technologies and procedures to help protect against unauthorized access to or use of the Pre-Release Technologies. Microsoft does not guarantee the success of such technologies and procedures. Participant is solely responsible for the security, protection, and backup of its Participant Data, and any other data, software, or services it uses in connection with the Pre-Release Technologies.
+
+## 10. Privacy; Consent to Use of Data
+
+Your privacy is important to us. Some features of the Pre-Release Technologies send, receive, or otherwise process Participant Data or information when you use those features. Some of these features can be switched off in the user interface, or you can choose not to use them. We describe how we use and protect Participant Data and any information we collect from you in the Microsoft Privacy Statement available at [https://privacy.microsoft.com/privacystatement](https://privacy.microsoft.com/privacystatement) or a successor location. Please read the Microsoft Privacy Statement carefully. This Agreement incorporates the Microsoft Privacy Statement by reference. By using the Pre-Release Technologies or agreeing to these terms, you consent to Microsoft's collection, use, and disclosure of Participant Data and information as described in the Microsoft Privacy Statement.
+
+## 11. Data Processing
+
+### 11.1 Data Processing and Transfers
+
+To the extent Microsoft is a processor of Personal Data subject to the European Union's General Data Protection Regulation ("GDPR"), the GDPR Terms set forth in Exhibit 2 govern that processing and the parties also agree to the following terms:
+
+a. Processing Details. The parties acknowledge and agree that:
+
+ > i. The subject-matter of the processing is limited to Personal Data within the scope of GDPR;
+ >
+ > ii. The duration of the processing shall be for the duration of the Participant's right to participate in the Preview and until all Personal Data is deleted or returned in accordance with Participant instructions or this Agreement;
+ >
+ > iii. The nature and purpose of the processing shall be to provide the Pre-Release Technologies pursuant to the Agreement;
+ >
+ > iv. The types of Personal Data processed by the Pre-Release Technologies include those expressly identified in Article 4 of the GDPR to the extent included by Participant in Data; and
+ >
+ > vi. The categories of data subjects are Participant's representatives and end users, such as employees, contractors, collaborators, and customers.
+
+b. Data Transfers.
+
+ > i. Data and Personal Data that Microsoft processes on Participant's behalf may be transferred to, and stored and processed in, the United States or any other country in which Microsoft or its Sub-processors operate. Participant appoints Microsoft to perform any such transfer of Participant Data and Personal Data to any such country and to store and process Data and Personal Data to provide the Pre-Release Technologies.
+ >
+ > ii. Microsoft will abide by the requirements of European Economic Area and Swiss data protection law regarding the collection, use, transfer, retention and other processing of Personal Data from the European Economic Area and Switzerland. All transfers of Personal Data to a third country or an international organization will be subject to appropriate safeguards as described in Article 46 of the GDPR and such transfers and safeguards will be documented according to Article 30(2) of the GDPR.
+ >
+ > iii. In addition, Microsoft is certified to meet the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the commitments they entail. Microsoft agrees to notify Participant in the event that it determines that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield principles.
+
+### 11.2 Acknowledgments and Consent by Participant
+
+If Participant collects, stores, or processes Personal Data when using these Pre-Release Technologies, Participant agrees to comply with all privacy and data protection laws, taking into account the nature of the information to be processed, as well as the features and limitations of the Pre-Release Technologies as described in this Agreement or as otherwise provided to Participant.
+
+### 11.3 Pre-Release Service Features and Privacy Choice
+
+Participant affirms that it has obtained or will obtain any required consents from data subjects who may participate in Participant's use of the Pre-Release Technologies. Participant must not allow Personal Data to be collected through use of the Pre-Release Technologies in jurisdictions or industries where the Pre-Release Technologies attributes described herein would make such use contrary to applicable law. Some Pre-Release Technologies attributes may result in users on Participant's account being able to view Personal Data of other users in Participant's account without notice, permission, logging, or reporting. These include, but are not limited to: (a) social collaboration features, such as social tagging or activity feeds that share Personal Data, or (b) customer experience improvement analytics data being collected by and sent from users' web browsers or the Pre-Release Technologies. Some privacy-enhancing features present in Microsoft's commercial versions of Online Services are automatically disabled for the Pre-Release Technologies, including, but not limited to: (x) logging of administrative access to Personal Data, such as entry by Participant's administrators into user's Exchange mailboxes; NS (y) limitations on transfer of Personal Data across international borders. The Pre-Release Technologies may employ lesser or different security measures than those present in Microsoft's existing commercial versions of Microsoft software or Online Services or expected to be present in future commercial versions of the software and Online Services. Without limiting the foregoing, security disclosures or independent security certifications applicable to existing commercial versions of the software and Online Services do not apply to the Pre-Release Technologies.
+
+### 11.4 Updates
+
+The Pre-Release Technologies may periodically check for software updates and download and install them for you. You may obtain updates only from Microsoft or authorized sources, and by accepting this Agreement, you agree to receive these types of automatic updates without any additional notice. You may stop receiving updates on your device by turning off Internet access. If and when you reconnect to the Internet, the Pre-Release Technologies will resume checking for and installing updates.
+
+## 12. Indemnification
+
+You will defend us and our Affiliates against any claims made by an unaffiliated third party:
+
+a. that any Participant Data or non-Microsoft software you provide as part of your use of the Pre-Release Technologies infringes the third party's patent, copyright, or trademark or makes intentional unlawful use of its Trade Secret; or
+
+b. related to your use of the Pre-Release Technologies in violation of this Agreement. You must pay the amount of any resulting adverse final judgment (or settlement to which you consent). This Section 13 provides our exclusive remedy for these claims.
+
+## 13. Disclaimer of Warranty
+
+MICROSOFT PROVIDES THE PRE-RELEASE TECHNOLOGIES AND SUPPORT SERVICES (IF ANY) "AS IS," "WITH ALL FAULTS" AND "AS AVAILABLE." PARTICIPANT BEARS THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AVAILABILITY OF DATA FROM THE SERVICES, AND EFFORT. MICROSOFT MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE PRE-RELEASE TECHNOLOGIES OR SUPPORT SERVICES (IF ANY). TO THE EXTENT PERMITTED UNDER APPLICABLE LAWS, MICROSOFT EXCLUDES THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. MICROSOFT DOES NOT GUARANTEE THAT THE PREVIEW SERVICE WILL BE AVAILABLE, UNINTERRUPTED, OR ERROR-FREE, OR THAT LOSS OF PREVIEW SERVICE PARTICIPANT DATA WILL NOT OCCUR.
+
+## 15. Limitation of Liability
+
+TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, SPECIAL, OR EXEMPLARY DAMAGES ARISING OUT OF OR THAT RELATE IN ANY WAY TO THIS AGREEMENT OR ITS PERFORMANCE. THIS EXCLUSION WILL APPLY REGARDLESS OF THE LEGAL THEORY UPON WHICH ANY CLAIM FOR SUCH DAMAGES IS BASED, WHETHER THE PARTIES HAD BEEN ADVISED OF THE POSSIBLITY OF SUCH DAMAGES, WHETHER SUCH DAMAGES WERE REASONABLY FORESEEABLE, OR WHETHER APPLICATION OF THE EXCLUSION CAUSES ANY REMEDY TO FAIL OF ITS ESSENTIAL PURPOSE. THIS EXCLUSION WILL NOT APPLY TO ANY BREACH OF CONFIDENTIALITY OBLIGATIONS OR VIOLATION OF THE OTHER PARTY'S INTELLECTUAL PROPERTY RIGHTS. MICROSOFT SHALL NOT BE RESPONSIBLE FOR ANY INTERRUPTIONS IN THE PRE-RELEASE TECHNOLOGIES, INCLUDING WITHOUT LIMITATION, POWER OUTAGES, SYSTEM FAILURES OR OTHER INTERRUPTIONS INCLUDING THOSE THAT AFFECT THE RECEIPT, ACCEPTANCE, PROCESSING, COMPLETION OR SETTLEMENT OF YOUR SYSTEMS.
+
+## 16. Links to Third-Party Sites
+
+The Pre-Release Technologies may include links to third-party sites. Microsoft does not control such sites and Microsoft is not responsible for the content of any linked site, any links contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you, if at all, only as a convenience, and the inclusion of any link does not imply endorsement by Microsoft of the site.
+
+## 17. Miscellaneous
+
+### 17.1 Modifying the Terms
+
+Microsoft may modify this Agreement at any time and will provide notice of any modifications. If you do not agree to any modifications, you must immediately stop using the Pre-Release Technologies. Your continued use of the Pre-Release Technologies constitutes acceptance of the modified Agreement.
+
+### 17.2 Notices
+
+Microsoft may provide Participant with notices in any manner Microsoft chooses, including by email or posting any such notices on a portal or community development center website for the Preview. Notices provided to you via e-mail will be deemed given and received on the transmission date of the e-mail. Notices provided via posting on a portal or community development center web site will be deemed given on the date they are posted.
+
+### 17.3 Term and Termination
+
+This Agreement is effective on Participant's acceptance of the Preview terms. This Agreement will remain in effect for the duration of your participation in the Preview unless terminated by Microsoft. Your license to use the Pre-Release Technologies will end on the earlier of a\) the date specified in any notice Microsoft provides to you; or b\) the commercial release of the Pre-Release Technologies. Microsoft may suspend or cancel the Pre-Release Technologies or terminate this Agreement at any time for any reason. Microsoft may also terminate this Agreement or suspend Participant's use of the Preview Service immediately upon prior written notice to Participant if Participant breaches this Agreement and either (i) the breach is one that cannot be cured, or (ii) Participant fails to cure the breach within five days after it receives notice of the breach.
+
+Upon cancellation, suspension, or termination, Participant's right to use the Pre-Release Technologies stops immediately. There is no guarantee that Participant Data and applications will be retrievable. Microsoft may delete any Participant Data that remains in the Pre-Release Technologies after this Agreement terminates. Participant understands and agrees that it will not use the Pre-Release Technologies for anything that is mission critical to its business operations and will only use Participant Data that Participant has backed up. Participant may stop using and accessing the Pre-Release Technologies at any time without further obligation, whether or not it deletes or extracts it Participant Data.
+
+### 17.4 No Third-Party Beneficiaries
+
+This Agreement does not create any third-party beneficiary rights in any individual or entity that is not a party to this Agreement.
+
+### 17.5 No Waiver
+
+A waiver of any breach of this Agreement is not a waiver of any other breach. Any waiver must be in writing and signed by an authorized representative of the waiving party.
+
+### 17.6 Interpreting the Agreement
+
+If any court of competent jurisdiction determines that any provision of this Agreement is illegal, invalid, or unenforceable, the remaining provisions will remain in full force and effect. This Agreement, including any other policies or terms incorporated by reference, is the entire agreement between the parties regarding the Pre-Release Technologies. It supersedes any prior agreements or statements (whether oral or written) regarding the Pre-Release Technologies and is separate and independent from any other agreement(s) that may exist between the parties.
+
+### 17.7 Limitation of Claims
+
+Any claim related to this Agreement or the Pre-Release Technologies is barred unless brought within one year from the date the claim could first be filed. This limitation applies to each party's successors or assigns.
+
+### 17.8 Survival
+
+Sections 9, 12-14, and 16 survive termination or expiration of this Agreement.
+
+### 17.9 Relationship
+
+Each party is an independent contractor. This Agreement does not create an employer-employee relationship, partnership, joint venture, franchise, or agency relationship.
+
+### 17.10 Non-Exclusivity
+
+This Agreement is nonexclusive. It does not restrict either party from entering into the same or similar arrangement with any third party.
+
+### 17.11 Jurisdiction and Governing Law
+
+The laws of the State of Washington, excluding conflicts of law provisions, govern this Agreement. If federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the federal courts in King County, Washington. If no federal jurisdiction exists, then each party consents to exclusive jurisdiction and venue in the Superior Court of King County, Washington.
+
+## Exhibit 1
+
+The Participant's use of the Preview described herein is subject to and incorporates the Preview Agreement (the "**Agreement**") between Microsoft and Participant. Capitalized words used but not defined herein have the meaning given to them in the Agreement.
+
+**Preview Pre-Release Technology**: Support Assistant
+
+**Overview**:
+
+- **Microsoft permits processing of personal data in Preview**: [x] Yes [ ] No
+
+ - ***If yes,***
+
+ [ ] Preview Service complies with GDPR.
+
+ [ ] Preview Pre-Release Technology complies with the Data Protection Addendum in the Product Terms.
+
+ [x] Preview Service is not designed to be used by EU data subjects. Customer **should not** process personal data of EU Data Subjects (as defined by the GDPR).
+
+- **Preview Pre-Release Technology Description:**
+
+ The Microsoft 365 admin center will introduce a new "Support Assistant" feature, starting with a Preview in early November 2024. This AI-driven conversational experience can be toggled on in the Help & Support pane by admins. It will be available to a select group of English locale customers.
+
+ If a tenant is selected to take part in this Preview, admins will start seeing the Support Assistant Preview toggle in Help & Support. If you are not part of the Preview, admins will not see any changes to Help & Support.
+
+ After admins select the Help & Support button in the bottom right corner of Microsoft 365 admin center pages, a pane opens to show the new Support Assistant Preview toggle. This experience is powered by Copilot Studio and aims to improve the help and support experience by providing additional functionalities and a conversational ability to receive help.
+
+- **Additional Terms specific to this Preview Prerequisites:**
+
+ 1. A Microsoft 365 tenancy with either M365 admin access or SharePoint Online admin access
+
+- **Geo Restriction:** US only
+
+- **Data Flow** The following data will be processed via Copilot Studio. This data will be retained for less than 30 days.
+
+ - Support Data: Example customer input query
+
+ - Organizational Identifiable Information: Example Tenant ID
+
+ - End User Identifiable Information: Example User ID, locale.
+
+- **Term of Preview**: This Preview ends June 30, 2025, or 30 days after the feature become commercially generally available, whichever is sooner.
+
+## Exhibit 2 — GDPR Terms
+
+For purposes of these GDPR Terms, Participant and Microsoft agree that Participant is the controller of Personal Data and Microsoft is the processor of such data, except when Participant acts as a processor of Personal Data, in which case Microsoft is a sub-processor. These GDPR Terms apply to the processing of Personal Data, within the scope of the GDPR, by Microsoft on behalf of Participant. These GDPR Terms do not limit or reduce any data protection commitments Microsoft makes to Participant in other agreements between Microsoft and Participant. These GDPR Terms do not apply where Microsoft is a controller of Personal Data.
+
+### Relevant GDPR Obligations: Articles 28, 32, and 33
+
+1. Microsoft shall not engage another processor without prior specific or general written authorization of Participant. In the case of general written authorization, Microsoft shall inform Participant of any intended changes concerning the addition or replacement of other processors, thereby giving Participant the opportunity to object to such changes. (Article 28(2))
+
+2. Processing by Microsoft shall be governed by these GDPR Terms under European Union (hereafter "Union") or Member State law and are binding on Microsoft with regard to Participant. The subject-matter and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects and the obligations and rights of the Participant are set forth in section 11 above, including these GDPR Terms. In particular, Microsoft shall:
+
+ > a. process the Personal Data only on documented instructions from Participant, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by Union or Member State law to which Microsoft is subject; in such a case, Microsoft shall inform Participant of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
+ >
+ > b. ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
+ >
+ > c. take all measures required pursuant to Article 32 of the GDPR;
+ >
+ > d. respect the conditions referred to in paragraphs 1 and 3 for engaging another processor;
+ >
+ > e. taking into account the nature of the processing, assist Participant by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Participant's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
+ >
+ > f. assist Participant in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the nature of processing and the information available to Microsoft;
+ >
+ > g. at the choice of Participant, delete or return all the Personal Data to Participant after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the Personal Data;
+ >
+ > h. make available to Participant all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by Participant or another auditor mandated by Participant.
+
+3. Microsoft shall immediately inform Participant if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions. (Article 28(3))
+
+4. Where Microsoft engages another processor for carrying out specific processing activities on behalf of Participant, the same data protection obligations as set out in these GDPR Terms shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor fails to fulfil its data protection obligations, Microsoft shall remain fully liable to the Participant for the performance of that other processor's obligations. (Article 28(4))
+
+5. Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Participant and Microsoft shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
+
+ > a. the pseudonymization and encryption of Personal Data;
+ >
+ > b. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
+ >
+ > c. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
+ >
+ > d. a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. (Article 32(1))
+
+6. In assessing the appropriate level of security, account shall be taken of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored, or otherwise processed. (Article 32(2))
+
+7. Participant and Microsoft shall take steps to ensure that any natural person acting under the authority of Participant or Microsoft who has access to Personal Data does not process them except on instructions from Participant, unless he or she is required to do so by Union or Member State law. (Article 32(4))
+
+8. Microsoft shall notify Participant without undue delay after becoming aware of a Personal Data breach. (Article 33(2)). Such notification will include that information a processor must provide to a controller under Article 33(3) to the extent such information is reasonably available to Microsoft.
diff --git a/microsoft-365/archive/archive-pricing.md b/microsoft-365/archive/archive-pricing.md
index b41a1108c17..e19b8223a34 100644
--- a/microsoft-365/archive/archive-pricing.md
+++ b/microsoft-365/archive/archive-pricing.md
@@ -28,6 +28,9 @@ Monthly archive usage is calculated as the sum of the usage of all currently arc
To see the pricing for Microsoft 365 Archive, see [Pay-as-you-go services and pricing for Microsoft Syntex](/microsoft-365/syntex/syntex-pay-as-you-go-services).
+> [!NOTE]
+> Unlicensed archived OneDrive sites cannot use additional SharePoint storage to bypass archive costs. For more information, see [Manage unlicensed OneDrive user accounts](/SharePoint/unlicensed-onedrive-accounts#frequently-asked-questions).
+
## Pricing calculator
The Microsoft 365 Archive pricing calculator is a tool that helps you estimate the costs that you incur to archive your Microsoft 365 data.
diff --git a/microsoft-365/backup/backup-restore-data.md b/microsoft-365/backup/backup-restore-data.md
index 26a487caea1..cf31089b247 100644
--- a/microsoft-365/backup/backup-restore-data.md
+++ b/microsoft-365/backup/backup-restore-data.md
@@ -5,7 +5,7 @@ author: chuckedmonson
manager: jtremper
audience: admin
ms.reviewer: sreelakshmi
-ms.date: 07/31/2024
+ms.date: 10/25/2024
ms.topic: conceptual
ms.service: microsoft-365-backup
ms.custom: backup
@@ -235,13 +235,13 @@ Microsoft 365 Backup supports the backup and restoration of any site and user ac
- Site search is case-sensitive and is a prefix-type search.
-- SharePoint sites and OneDrive accounts being restored to a prior point in time aren't locked in a read-only state. Therefore, users might not realize their current edits will be imminently rolled back and lost.
+- OneDrive accounts and SharePoint sites being restored to a prior point in time aren't locked in a read-only state. Therefore, users might not realize their current edits will be imminently rolled back and lost.
- For restores to a new URL, it might take up to 15 minutes for the destination URL to be displayed in the tool once a SharePoint site or OneDrive account restore to a new URL session completes.
- For restores to a new URL, only the admin who executed the restore has ownership permissions for the restored SharePoint sites or OneDrive accounts in the new URLs. Restores to the same URL reverts permissions to their original state.
-- A site or OneDrive account that is under the strict SEC 17a-4(f) hold policy will fail any in-place restores so as to honor that immutability promise. For sites under that type of hold, you have to restore to a new URL or remove the hold. Any other type of preservation hold that doesn't have a strict admin lockout will allow an in-place restore. Restoring these types of sites as the preservation hold library will be reverted to the prior point in time. A new URL restore is recommended for that type of site as the cleanest option.
+- A OneDrive account or SharePoint site that is under the strict SEC 17a-4(f) hold policy will fail any in-place restores so as to honor that immutability promise. For sites under that type of hold, you have to restore to a new URL or remove the hold. Any other type of preservation hold that doesn't have a strict admin lockout will allow an in-place restore. Restoring these types of sites as the preservation hold library will be reverted to the prior point in time. A new URL restore is recommended for that type of site as the cleanest option.
- The restore point frequency dictates the points in time from which you can recover a prior state of your data. Restore points start being generated when you enable the backup policy for a given OneDrive account, SharePoint Site, or Exchange Online mailbox. For Exchange Online, restore points are available for 10 minutes for the entire year. For OneDrive and SharePoint, the available restore points drop to weekly from 10 minutes for the first two weeks. Based on the defined and currently invariable backup frequency setting previously described, the following example highlights what is possible.
@@ -255,7 +255,7 @@ Microsoft 365 Backup supports the backup and restoration of any site and user ac
- Mailbox draft items aren't backed up or restorable.
-- For calendar item item restore, restoring organizer copy doesn't automatically make attendee copies catch up, it only allows future updates by organizer to work for all users added on the calendar item.
+- For calendar item restore, restoring organizer copy doesn't automatically make attendee copies catch up, it only allows future updates by organizer to work for all users added on the calendar item.
- To restore a OneDrive account and Exchange mailbox for a user who is deleted from Microsoft Entra ID, use this instruction:
@@ -275,9 +275,13 @@ Microsoft 365 Backup supports the backup and restoration of any site and user ac
- OneDrive accounts and SharePoint sites that undergo the following types of changes won't be undoable via restore: tenant rename, tenant move, and site URL change.
-- If there are no differences between the current state of a mailbox and the prior point in time from which you're attempting a restore, a restore isn't performed and no new folders are created when a "restore to a new location" request is made.
+- Only mailbox items that were changed, deleted to the Recoverable Items folder, or purged can be restored. Learn more about the Recoverable Items folder in Exchange Online.
-- SharePoint sites and OneDrive accounts being restored to a new URL have a read-only lock on that new URL. The [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) can download documents or remove the read-only lock manually.
+- Items moved to Deleted Items folder won't be restored by Microsoft 365 Backup. You can recover them by moving them back to the Inbox from the Deleted Items folder.
+
+- When choosing to “Replace mailbox items with backups,” items will be restored to the original location in the user's Inbox. The only exception to this is if an item was edited while in the Deleted Items folder, as this creates a new version of an item where its original location is the Deleted Items folder.
+
+- OneDrive accounts and SharePoint sites being restored to a new URL have a read-only lock on that new URL. The [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) can download documents or remove the read-only lock manually.
[!INCLUDE [global-administrator-note](../includes/global-administrator-note.md)]
diff --git a/microsoft-365/business-premium/index.yml b/microsoft-365/business-premium/index.yml
index f3765913cd8..987e0c617e1 100644
--- a/microsoft-365/business-premium/index.yml
+++ b/microsoft-365/business-premium/index.yml
@@ -141,7 +141,7 @@ conceptualContent:
- url: ../business-premium/m365bp-users-install-m365-apps.md
itemType: how-to-guide
text: Install Microsoft 365 apps on all devices
- - url: ../business-premium/m365bp-protect-pcs-macs.md
+ - url: ../business-premium/m365bp-users-protect-unmanaged-devices.md
itemType: how-to-guide
text: Protect unmanaged Windows PCs and Macs
- url: ../business-premium/m365bp-protect-managed-devices.md
diff --git a/microsoft-365/business-premium/m365bp-device-groups-mdb.md b/microsoft-365/business-premium/m365bp-device-groups-mdb.md
index f983a7a34e9..cb06813658d 100644
--- a/microsoft-365/business-premium/m365bp-device-groups-mdb.md
+++ b/microsoft-365/business-premium/m365bp-device-groups-mdb.md
@@ -2,8 +2,8 @@
title: Working with device groups in Microsoft 365 Business Premium
description: "Learn about device groups and how to apply policies with Intune in Microsoft 365 Business Premium, and increase protection from cyberattacks."
search.appverid: MET150
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: how-to
diff --git a/microsoft-365/business-premium/m365bp-device-states.md b/microsoft-365/business-premium/m365bp-device-states.md
index 2888b8a2971..c17661885c5 100644
--- a/microsoft-365/business-premium/m365bp-device-states.md
+++ b/microsoft-365/business-premium/m365bp-device-states.md
@@ -2,8 +2,8 @@
title: "View device status with Microsoft Defender for Business"
f1.keywords:
- NOCSH
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: conceptual
diff --git a/microsoft-365/business-premium/m365bp-managed-unmanaged-devices.md b/microsoft-365/business-premium/m365bp-managed-unmanaged-devices.md
index 4ff38992a9a..87c452d68aa 100644
--- a/microsoft-365/business-premium/m365bp-managed-unmanaged-devices.md
+++ b/microsoft-365/business-premium/m365bp-managed-unmanaged-devices.md
@@ -1,8 +1,8 @@
---
title: Secure managed and unmanaged devices
description: Identify personal, unmanaged devices and company-owned devices, and learn how to secure them.
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
ms.date: 05/31/2024
ms.topic: conceptual
@@ -54,7 +54,7 @@ To protect unmanaged devices, such as BYOD devices, your organization's IT or se
For their part in protecting unmanaged devices, users can:
-- **Turn on encryption and firewall protection**. Disk encryption protects data when devices are lost or stolen. Firewall protection helps protect devices from unwanted contact initiated by other computers when you're connected to the Internet or a network. To learn more, see [Protect unmanaged Windows PCs and Macs in Microsoft 365 Business Premium](m365bp-protect-pcs-macs.md).
+- **Turn on encryption and firewall protection**. Disk encryption protects data when devices are lost or stolen. Firewall protection helps protect devices from unwanted contact initiated by other computers when you're connected to the Internet or a network. To learn more, see [Protect unmanaged Windows PCs and Macs in Microsoft 365 Business Premium](m365bp-users-protect-unmanaged-devices.md).
- **Make sure antivirus/antimalware software is installed and up to date on all devices**. To learn more, see [Stay protected with Windows Security](https://support.microsoft.com/windows/stay-protected-with-windows-security-2ae0363d-0ada-c064-8b56-6a39afb6a963).
- **Keep their devices up to date with operating system and application updates**. To learn more, see [Keep your PC up to date](https://support.microsoft.com/windows/keep-your-pc-up-to-date-de79813c-7919-5fed-080f-0871c7bd9bde).
- **Consider allowing their devices to be managed by your security team**. Microsoft 365 Business Premium includes advanced protection from ransomware, malware, phishing, and other threats. To learn more, select the **Managed devices** tab (in this article).
diff --git a/microsoft-365/business-premium/m365bp-mdb-whats-new.md b/microsoft-365/business-premium/m365bp-mdb-whats-new.md
index 6c8a34177e2..0b24002d5d1 100644
--- a/microsoft-365/business-premium/m365bp-mdb-whats-new.md
+++ b/microsoft-365/business-premium/m365bp-mdb-whats-new.md
@@ -4,8 +4,8 @@ description: Learn about new features and capabilities in Microsoft 365 Business
search.appverid:
- MET150
- BCS160
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: overview
diff --git a/microsoft-365/business-premium/m365bp-onboard-devices-mdb.md b/microsoft-365/business-premium/m365bp-onboard-devices-mdb.md
index 49bf304054e..13a85a32009 100644
--- a/microsoft-365/business-premium/m365bp-onboard-devices-mdb.md
+++ b/microsoft-365/business-premium/m365bp-onboard-devices-mdb.md
@@ -2,8 +2,8 @@
title: Onboard your organization's devices to Microsoft Defender for Business
description: Onboard your organization's devices to Microsoft Defender for Business
search.appverid: MET150
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: how-to
diff --git a/microsoft-365/business-premium/m365bp-protect-managed-devices.md b/microsoft-365/business-premium/m365bp-protect-managed-devices.md
index 1fc070d6168..3da4be67d23 100644
--- a/microsoft-365/business-premium/m365bp-protect-managed-devices.md
+++ b/microsoft-365/business-premium/m365bp-protect-managed-devices.md
@@ -2,8 +2,8 @@
title: "Secure managed devices with Microsoft 365 Business Premium"
f1.keywords:
- NOCSH
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: overview
diff --git a/microsoft-365/business-premium/m365bp-review-remediation-actions-devices.md b/microsoft-365/business-premium/m365bp-review-remediation-actions-devices.md
index 4aad4b5d2b8..1d0ef72dbdb 100644
--- a/microsoft-365/business-premium/m365bp-review-remediation-actions-devices.md
+++ b/microsoft-365/business-premium/m365bp-review-remediation-actions-devices.md
@@ -2,8 +2,8 @@
title: Review remediation actions in Microsoft Defender XDR
description: See how to view remediations that were taken automatically or that are awaiting approval in the Action center.
search.appverid: MET150
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: how-to
diff --git a/microsoft-365/business-premium/m365bp-review-threats-take-action.md b/microsoft-365/business-premium/m365bp-review-threats-take-action.md
index e74433be355..ecde2c693e4 100644
--- a/microsoft-365/business-premium/m365bp-review-threats-take-action.md
+++ b/microsoft-365/business-premium/m365bp-review-threats-take-action.md
@@ -1,8 +1,8 @@
---
title: "Review detected threats on devices and take action"
f1.keywords: NOCSH
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: conceptual
diff --git a/microsoft-365/business-premium/m365bp-security-incident-management.md b/microsoft-365/business-premium/m365bp-security-incident-management.md
index 4e1225603b2..5e8f452d310 100644
--- a/microsoft-365/business-premium/m365bp-security-incident-management.md
+++ b/microsoft-365/business-premium/m365bp-security-incident-management.md
@@ -2,8 +2,8 @@
title: "Security incident management"
f1.keywords:
- NOCSH
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: conceptual
diff --git a/microsoft-365/business-premium/m365bp-set-up-unmanaged-devices.md b/microsoft-365/business-premium/m365bp-set-up-unmanaged-devices.md
index 1ced4b7b888..37491160ae3 100644
--- a/microsoft-365/business-premium/m365bp-set-up-unmanaged-devices.md
+++ b/microsoft-365/business-premium/m365bp-set-up-unmanaged-devices.md
@@ -2,8 +2,8 @@
title: "Set up unmanaged devices with Microsoft 365 Business Premium"
f1.keywords:
- NOCSH
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: overview
@@ -35,6 +35,6 @@ To set up unmanaged (BYOD) devices, follow these steps:
2. [Get Microsoft 365 Apps installed on devices](m365bp-users-install-m365-apps.md).
-3. [Protected unmanaged Windows and Mac devices](m365bp-protect-pcs-macs.md).
+3. [Protected unmanaged Windows and Mac devices](m365bp-users-protect-unmanaged-devices.md).
Once you've completed these steps, proceed to [Use email securely](m365bp-use-email-securely.md).
diff --git a/microsoft-365/business-premium/m365bp-threats-detected-defender-av.md b/microsoft-365/business-premium/m365bp-threats-detected-defender-av.md
index 971864d58bd..c692d444d5c 100644
--- a/microsoft-365/business-premium/m365bp-threats-detected-defender-av.md
+++ b/microsoft-365/business-premium/m365bp-threats-detected-defender-av.md
@@ -1,8 +1,8 @@
---
title: "Threats detected by Microsoft Defender Antivirus"
f1.keywords: CSH
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: conceptual
diff --git a/microsoft-365/business-premium/m365bp-users-install-m365-apps.md b/microsoft-365/business-premium/m365bp-users-install-m365-apps.md
index b451d988a43..c6d6672a873 100644
--- a/microsoft-365/business-premium/m365bp-users-install-m365-apps.md
+++ b/microsoft-365/business-premium/m365bp-users-install-m365-apps.md
@@ -52,4 +52,4 @@ Here's how users can install their apps:
## Next step
-Set up protection for [unmanaged devices](m365bp-protect-pcs-macs.md).
+Set up protection for [unmanaged devices](m365bp-users-protect-unmanaged-devices.md).
diff --git a/microsoft-365/business-premium/m365bp-users-protect-unmanaged-devices.md b/microsoft-365/business-premium/m365bp-users-protect-unmanaged-devices.md
index ade5c0df9dd..0ea5ada20f0 100644
--- a/microsoft-365/business-premium/m365bp-users-protect-unmanaged-devices.md
+++ b/microsoft-365/business-premium/m365bp-users-protect-unmanaged-devices.md
@@ -2,8 +2,8 @@
title: "Protect unmanaged devices with Microsoft 365 Business Premium"
f1.keywords:
- NOCSH
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: how-to
diff --git a/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies.md b/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies.md
index f2bf9bcbe90..1bdf514fa5b 100644
--- a/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies.md
+++ b/microsoft-365/business-premium/m365bp-view-edit-create-mdb-policies.md
@@ -2,8 +2,8 @@
title: View or edit device protection policies
description: View, edit, create, and delete device protection policies in Microsoft 365 Business Premium
search.appverid: MET150
-ms.author: siosulli
-author: siosulli
+ms.author: chrisda
+author: chrisda
manager: deniseb
audience: Admin
ms.topic: overview
diff --git a/microsoft-365/commerce/billing-and-payments/change-your-billing-addresses.md b/microsoft-365/commerce/billing-and-payments/change-your-billing-addresses.md
index a63791799c7..efd0dcacd29 100644
--- a/microsoft-365/commerce/billing-and-payments/change-your-billing-addresses.md
+++ b/microsoft-365/commerce/billing-and-payments/change-your-billing-addresses.md
@@ -82,7 +82,7 @@ You can change your **Bill to** address in the Microsoft 365 admin center. Howev
## Change your service usage address
-If you have an MOSA billing account type, you can change the service usage address for a subscription. What type of billing account do I have?
+If you have an MOSA billing account type, you can change the service usage address for a subscription. [Find out what type of billing account you have](../manage-billing-accounts.md#view-my-billing-accounts).
1. Go to the admin center.
- If you’re using the **Simplified view**, select **Billing**.
diff --git a/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md b/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md
index bc1e9f8c873..91b654fc39f 100644
--- a/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md
+++ b/microsoft-365/commerce/billing-and-payments/view-your-bill-or-invoice.md
@@ -63,9 +63,29 @@ Check out this video and others on our [YouTube channel](https://go.microsoft.co
- If you're using the **Simplified view**, select **Billing**, then select **View invoices**.
- If you're using the **Dashboard view**, go to the **Billing** > Bills & payments page.
2. If you have more than one billing account, select **Change billing account** to view invoices associated with each billing account.
-3. Select an invoice from the list to view the details online. If you don’t see any invoices, change the date range.
+3. Select an invoice from the list to view the details online. If you don’t see any invoices, change the date range or select a different Billing account from the Billing account view selector. The invoice details provide useful information including:
+
+ - Date—date of the charge
+ - Service period—dates the charges apply to. This is the same as the **Purchase charge dates** on the invoice pdf.
+ - Transaction type—gives information about the type of charge. For details, see [Transaction type details](#transaction-type-details).
+
4. To download the .PDF version of your invoice, select **Download PDF**.
+### Transaction type details
+
+|Transaction type | Description |
+| -------- | -------- |
+|Purchase | This is for new purchases. Your first invoice for a new purchase will have this transaction type |
+|Monthly payment |Recurring cycle charges|
+|Renew |Your subscription has renewed to a new term|
+|Re-enable |If your subscription was disabled and re-enabled.|
+|Add quantity |Licenses added to an existing subscription|
+|Remove quantity |Licenses removed from an existing subscription|
+|Usage charges |If you have a consumption based subscription like Azure, charges will show as "usage charges"|
+|Cancel |If you cancel and are eligible for a prorated refund.|
+|Convert |When you convert from one subscription to another|
+|Credit |If a credit has been applied to your account.|
+
> [!NOTE]
> The online version of your invoice looks different from the .PDF version that you download.
@@ -86,19 +106,9 @@ You can submit your Fapiao request to our [Fapiao management system](https://go.
::: moniker-end
-## Run the Unknown Charge Diagnostic
-
-If you're a Microsoft 365 Global Administrator and you have a Microsoft Online Services Agreement (MOSA) billing account type, you can use a diagnostic tool to research unexpected charges in your invoice. The tool runs within the Microsoft 365 admin center, and lets you investigate charges from Microsoft that appear on your credit or debit card statement. [Find out what type of billing account you have](../manage-billing-accounts.md#view-my-billing-accounts).
-
-[!INCLUDE [ga-roles-limitation](../../includes/ga-roles-limitation.md)]
-
-> [!NOTE]
-> The Unknown Charge Diagnostic is only available for customers who bought their products and services from Microsoft.com, including Microsoft 365 Enterprise, Education, and Non-profit.
-
-Select the following **Run Tests: Unknown Charge** link to open the diagnostic tool in the Microsoft 365 admin center.
+## Download your tax receipt
->[!div class="nextstepaction"]
->[Run Tests: Unknown Charge](https://aka.ms/PillarUnknownCharge)
+You can download your tax receipt in certain jurisdictions from the **Billing** > **Billing and payments** page. If a tax receipt is available for an invoice, you see a **Download tax receipt** option on the context menu next to the invoice ID.
## Related content
diff --git a/microsoft-365/commerce/billing-experience-overview.md b/microsoft-365/commerce/billing-experience-overview.md
index 5f166d63367..b0096a2f7bb 100644
--- a/microsoft-365/commerce/billing-experience-overview.md
+++ b/microsoft-365/commerce/billing-experience-overview.md
@@ -57,11 +57,11 @@ For more information, see [Manage your Microsoft business billing profiles](bill
The following list describes other changes we’ve made to the billing experience.
-- **New invoice**—The format of the invoice has changed, and you now receive a separate invoice for each billing profile in your billing account. For more information, see [Understand your bill or invoice](billing-and-payments/understand-your-invoice.md).
+- **New invoice**—The format of the invoice has changed, and you now receive a separate invoice for each billing profile in your billing account. You will continue to get a separate invoice for each purchase you make. Mid-term changes will be invoiced around the beginning of the following month. For more information, see [Understand your bill or invoice](billing-and-payments/understand-your-invoice.md).
- **More billing frequencies**—Depending on the product or service you buy, you can now choose to pay for your subscription monthly, yearly, or every three years.
- **More subscription lengths**—Depending on the product or service you buy, you can choose a subscription length of one month, one year, or three years.
- **New cancellation policy**—You can now only cancel and receive a prorated credit or refund if you cancel within seven days after the start or renewal of your subscription. If you cancel during this limited time window, the prorated amount is either credited towards your next invoice or returned to you in the next billing cycle. For more information, see [Cancel your Microsoft business subscription](subscriptions/cancel-your-subscription.md).
-- **New scheduling for license changes**—You can now choose to increase or decrease the number of licenses you have for a subscription on the next subscription renewal date.
+- **New scheduling for license changes**—You can now choose to increase or decrease the number of licenses you have for a subscription on the next subscription renewal date.
- **New billing account selector**—If you have more than one billing account, you can select **Change billing account** on the **Purchase services** page (for some customers, the page is named **Marketplace**) to use a different billing account to buy new products and services. For some customers, the page is named **Marketplace**. On the **Invoices** page, you can select **Change billing account** to view invoices associated with different billing accounts. On the **Your products** page, you can select **Change billing account** to view subscriptions associated with different billing accounts.
## Related articles
diff --git a/microsoft-365/commerce/licenses/download-vl-products.md b/microsoft-365/commerce/licenses/download-vl-products.md
new file mode 100644
index 00000000000..3d79223b56a
--- /dev/null
+++ b/microsoft-365/commerce/licenses/download-vl-products.md
@@ -0,0 +1,173 @@
+---
+title: "Download volume licensing products"
+author: cmcatee-MSFT
+ms.author: cmcatee
+manager: scotv
+ms.reviewer: racheg, ronarg
+audience: Admin
+ms.topic: concept-article
+ms.service: microsoft-365-business
+ms.subservice: m365-commerce-volume-licensing
+ms.collection:
+- Tier1
+- scotvorg
+ms.custom:
+- commerce_vl
+- AdminTemplateSet
+search.appverid: MET150
+ms.localizationpriority: medium
+description: "Learn about volume licensing downloads in the Microsoft 365 admin center."
+ms.date: 11/07/2024
+---
+
+# Download volume licensing products
+
+If you bought products via volume licensing (VL), you can download the products either as Executable (EXE) files or as ISO (International Standards Organization) image files from the **Downloads** page in the Microsoft 365 admin center.
+
+## Before you begin
+
+- You must have the Administrator or Product download manager VL role for the corresponding licensing ID to access downloads in the Microsoft 365 admin center. For information about VL roles, see [Manage volume licensing user roles Frequently Asked Questions](user-roles-faq.yml).
+- You must have, or buy, a license for the products that you plan to download.
+- To install VL download files, you might need a valid product key.
+- You must have either the Administrator or Product key view role to access VL product keys.
+
+## Find out if a product is available to download
+
+1. In the Microsoft 365 admin center, go to the **Billing** > **Your products** > **Volume Licensing** > **Products and services** page, then select **View downloads and keys**.
+2. Select the product or select the **Downloads** button to view the downloadable ISO files.
+
+ Not all products are available to download. If there's no software download file, you see "This product is not available for download."
+3. Choose the **Language** and **Operating System Type** and select a download action or the download icon.
+
+> [!NOTE]
+> Pop-up blockers can block downloads. Make sure pop-up blockers are disabled when you download software from the admin center.
+
+## About downloading volume licensing products
+
+This section explains the file types for which you can download products, limitations of the VL download catalog, and products that don't require downloads.
+
+### File types available for downloads
+
+When you download products from the Microsoft 365 admin center, you can choose between the following file types:
+
+- **Executable (EXE) files** are downloaded and installed on the same computer, but you can't create separate boot disks for installation on other computers.
+- **ISO (International Standards Organization) image files** are exact representations of the content. You can install these files on the computer that's used to download the package or write the files to disks for distribution and installation on other computers.
+
+> [!NOTE]
+> Not all products are available in all languages and in all formats.
+
+### Products not available to download
+
+In general, the VL catalog contains the most recent versions of software. However, there are some limited exceptions for older editions of products (N-2 and beyond) that might be available.
+
+If you want to exercise your VL "downgrade right" to use prior versions of the software editions that you licensed, but the products are no longer available as Microsoft VL downloads, you might be able to source CD/DVD media from past shipments of "comprehensive kits" or "subscription kits" that you received. Alternatively, your Microsoft Resellers might still have inventory. However, Microsoft doesn't provide physical media for products bought through VL contracts
+
+For more information on downgrade rights, download the following brief: [Downgrade rights for Microsoft Commercial Licensing](https://download.microsoft.com/download/3/D/4/3D42BDC2-6725-4B29-B75A-A5B04179958B/Licensing_brief_PLT_Downgrade_Rights.pdf)
+
+### Client Access Licenses (CALs) don't require downloads
+
+A Client Access License (CAL) is a license that gives a user the right to access the services of the server. You don't need a software download file or product key to activate a CAL. Instead, the product is activated and installed through the activation wizard directly from your computer.
+
+Examples of CALs include:
+
+- Windows Server
+- SQL Server
+- Exchange Server
+- Skype for Business Server
+- SharePoint Server
+- System Center
+- Project Server
+
+## Save ISO files to disk or mount as a virtual drive
+
+This section describes your options to either save ISO image files to a CD-R or DVD-R disk, or to mount the ISO files as a virtual drive.
+
+### Save ISO image files to a disk
+
+If you're using a PC with the Windows operating system, you don't need extra software to burn a CD-R or DVD-R disk. Double-click the ISO file that you downloaded, then follow the steps in the Image Burner Wizard.
+
+If you're using an operating system other than Windows, you might need extra software. If your computer is equipped with a CD/DVD burner, the software is probably loaded on your PC. Most CD-R/DVD-R writing software lets you create a disk from an image file. To access this feature, select a menu item such as **Copy Image to CD** or **Burn Image to access**.
+
+### Mount and access ISO files as a virtual drive
+
+If you don't have a CD/DVD burner installed on your computer or media isn't available, you can mount the ISO file as a virtual drive. When you create a virtual drive, your computer believes that the file is a real disk drive, and can read files from it.
+
+> [!IMPORTANT]
+> We recommend that you only use a virtual drive to install apps like those for Microsoft 365 or for minor system upgrades. You can't install an operating system by using a virtual drive because the virtual drive disappears during the installation.
+
+## Download volume licensing versions for PC and Mac
+
+This section provides information about how to download VL software for PC and Mac.
+
+### Download volume licensing versions of Office for PC
+
+There are no full ISO Download files for the 2019, 2021 or 2024 versions of Office in the Microsoft 365 admin center under **Volume licensing**. Only Office Online Server has an ISO download. Instead, the installation files are available on the Office Content Delivery Network (CDN).
+
+The VL download catalog includes the [Office Deployment Tool (ODT)](https://www.microsoft.com/download/details.aspx?id=49117) which you can download. The ODT provides more information about installation procedures.
+
+For more information for IT Pros, see [Deployment Guide for Office 2024](/office/ltsc/2024/deploy).
+
+For non-IT Pros, the step-by-step instructions in [How to install Office 2019 installation files not found in VLSC](/office/troubleshoot/installation/how-to-download-office-install-not-in-vlsc).
+
+### Download Microsoft 365 for Mac
+
+To run a VL version of Microsoft 365 for Mac, you must download and install the following files:
+
+- The [Volume License (VL) Serializer](/deployoffice/mac/volume-license-serializer) package located in the Microsoft 365 for Mac download file.
+- The [Microsoft 365 for Mac installation package](/officeupdates/update-history-office-for-mac#most-current-packages-for-office-for-mac). Installer package files for individual applications are also available in the Microsoft 365 admin center. Microsoft 365 for Mac doesn't require a product key because the VL Serializer is used to activate a volume licensed version of Microsoft 365 for Mac.
+
+## Convert from evaluation versions to volume licensing download versions
+
+This section contains information about how to convert evaluation editions of Windows Server or Microsoft SQL Server to VL versions.
+
+### Convert Windows Server evaluation edition
+
+Before you deploy Windows Server VL download files, there are important considerations if you're upgrading from an Evaluation Edition of Window Server.
+
+As described in [Windows Server Upgrade and Conversion Options](/windows-server/get-started/upgrade-conversion-options), we recommend that you first [convert your evaluation version to a retail](/windows-server/get-started/supported-upgrade-paths#converting-a-current-evaluation-version-to-a-current-retail-version) and then [convert your retail version to a volume licensing version](/windows-server/get-started/supported-upgrade-paths#converting-a-current-retail-version-to-a-current-volume-licensed-version). While this process requires more effort, Microsoft Technical Support supports both upgrade paths.
+
+Before you proceed, we highly recommend that you review the [Windows Server Installation and Upgrade documentation](/windows-server/get-started/installation-and-upgrade), including the following articles:
+
+- [Feature update, clean install, or migrate to Windows Server](/windows-server/get-started/install-upgrade-migrate)
+- [Perform a Feature Update of Windows Server](/windows-server/get-started/perform-in-place-upgrade)
+- [Upgrade and conversion options for Windows Server](/windows-server/get-started/upgrade-conversion-options)
+
+If you need further assistance during product installation or activation, you can reach the appropriate Microsoft Technical Support by [creating a technical support case](https://support.serviceshub.microsoft.com/supportforbusiness/create).
+
+### Convert a Microsoft SQL Server evaluation version
+
+It's possible to upgrade from an evaluation edition of Microsoft SQL Server to a production version without having to do a full install. To upgrade, you must perform an Edition Upgrade, which requires that you input a SQL license key. The license key is embedded in the software's activation wizard and isn't displayed in the VL product catalog.
+
+To find the key, download the SQL ISO file from the Microsoft 365 admin center > **Your Products** > **Volume Licensing** > **Product and services** > **Downloads**. On your computer, open the *..\x64* folder, then open the *DefaultSetup.ini* file to find the SQL License key.
+
+If you already installed the evaluation version with a valid VLK ISO, run the Installation Center, and select the **Edition Upgrade** option. The VLK product key is automatically detected.
+
+Before you attempt to upgrade, make sure to back up your existing version and review the documentation about the [SQL installation process](/sql/database-engine/install-windows/install-sql-server?view=sql-server-ver16&preserve-view=true) and the [different supported upgrade paths from SQL Server versions](/sql/database-engine/install-windows/supported-version-and-edition-upgrades-2019?view=sql-server-ver16&preserve-view=true).
+
+If you need assistance with troubleshooting technical issues during product installation, you can reach the appropriate Microsoft Technical Support by [creating a technical support case](https://support.serviceshub.microsoft.com/supportforbusiness/create).
+
+## Get support
+
+This section provides information about support options for downloaded products and how to get VL support.
+
+### Technical support for downloaded products
+
+Microsoft doesn't provide technical support as part of VL purchases. For technical support specific to the activation or installation of products bought through VL, customers must use other support options.
+
+Customers can often resolve issues without assistance by using [Microsoft technical documentation](https://learn.microsoft.com) or self-help articles like [How to install Office LTSC installation files not found in VLSC](/office/troubleshoot/installation/how-to-download-office-install-not-in-vlsc).
+
+Alternatively, you can [create a Microsoft technical support case](https://support.microsoft.com/oas). If your organization didn't buy a support plan, a fee might apply.
+
+### Volume licensing support
+
+Volume Licensing Services can help you navigate the VL experience in Microsoft 365 admin center, and confirm the availability of specific download files in the VL catalog.
+
+Submit a case in the admin center by going to Help & Support. If you're unable to access the admin center, see [Contacting volume licensing support](/licensing/contact-us).
+
+> [!TIP]
+> Creating your support case online before your phone support is faster, because your contact information is captured upfront and you immediately receive a case number to give to our support team when you call.
+
+## Related content
+
+[Product keys Frequently Asked Questions](product-keys-faq.yml) (article)\
+[Manage volume licensing user roles Frequently Asked Questions](user-roles-faq.yml) (article)
diff --git a/microsoft-365/commerce/licenses/downloads-faq.yml b/microsoft-365/commerce/licenses/downloads-faq.yml
deleted file mode 100644
index 1f806481f0c..00000000000
--- a/microsoft-365/commerce/licenses/downloads-faq.yml
+++ /dev/null
@@ -1,146 +0,0 @@
-### YamlMime:FAQ
-metadata:
- title: "Downloads FAQ"
- author: cmcatee-MSFT
- ms.author: cmcatee
- manager: scotv
- ms.reviewer: racheg, ronarg
- audience: Admin
- ms.topic: faq
- ms.service: microsoft-365-business
- ms.subservice: m365-commerce-volume-licensing
- ms.collection:
- - Tier1
- - scotvorg
- ms.custom:
- - commerce_vl
- - empty
- search.appverid: MET150
- ms.localizationpriority: medium
- description: "Frequently asked questions about Microsoft 365 admin center downloads."
- ms.date: 08/16/2023
-
-title: Downloads Frequently Asked Questions
-summary: |
-
-sections:
- - name: General
- questions:
- - question: |
- What are the requirements for downloading software from the Microsoft 365 admin center?
- answer: |
- You must purchase a license for the products you plan to download and have access to a valid product key for each license to complete the installation. Verify your license agreement before you download products.
-
- You can find the system requirements for each product by signing into the admin center and going to **Your products** > **Downloads** page > **Product description**.
-
- > [!NOTE]
- > Not all products require a product key.
-
- - question: |
- What products can I download from the admin center?
- answer: |
- If your download rights are associated with the Open License, Open Value, or Open Value Subscription program, you can download only those products you've already purchased. The admin center displays downloads only for licenses you’ve purchased.
-
- Other licensing programs (Select Plus, Enterprise, Campus, or School) allow you to download any product from the catalog before you purchase licenses.
-
- If your profile is linked to both Open and other licensing programs, you can view the entire catalog.
-
- To determine if a product is eligible for download:
-
- 1. Select **Volume Licensing**, and then select the product or **View downloads**.
- 2. Under **Download**, if the product isn't available, you see “This product is not available for download.”
-
- - question: |
- What is a Client Access License (CAL)?
- answer: |
- A Client Access License (CAL) is a license that gives a user the right to access the services of the server.
-
- You don't need a software download file or product key to activate a CAL. Instead, the product is activated and installed through the activation wizard directly from your computer.
-
- Examples of CALs include:
- - Windows Server
- - SQL Server
- - Exchange Server
- - Skype for Business Server
- - SharePoint Server
- - System Center
- - Project Server
-
- - question: |
- How do I download Microsoft 365 for Mac?
- answer: |
- To run a volume licensing version of Microsoft 365 for Mac, you must download and install the following files:
- - The [Volume License (VL) Serializer](/deployoffice/mac/volume-license-serializer) package located in the Microsoft 365 for Mac download file.
- - The [Microsoft 365 for Mac installation package](/officeupdates/update-history-office-for-mac#most-current-packages-for-office-for-mac). Installer package files for individual applications are also available on the Microsoft 365 admin center. Microsoft 365 for Mac doesn’t require a product key because the VL Serializer is used to activate a volume licensed version of Microsoft 365 for Mac.
-
- - question: |
- How do I download products in the admin center?
- answer: |
- To download products in the admin center:
- 1. Select **Volume Licensing**, and then select the product or **View downloads**.
- 2. Under **Download**, select a component and select a download action or the download icon.
-
- To access downloads in the admin center, a VLSC administrator in your organization can provide access by assigning you to one of these roles:
- - Administrator
- - Download
- - Software Assurance Manager
-
- - question: |
- How do I change my download settings?
- answer: |
- To access download settings in the admin center:
- 1. Select **Volume Licensing**, and then select the product or **View downloads**.
- 2. Under **Download**, select the **Language** and **Operating System Type**.
-
- > [!NOTE]
- > Pop-up blockers can block downloads. Make sure pop-up blockers are disabled when you download software from the admin center.
-
- - question: |
- What are EXE and ISO files?
- answer: |
- You can select two file types when you download products from the admin center:
-
- - **Executable (EXE) files** can be downloaded and installed on the same system, but you can’t create separate boot disks for installation on other computers.
- - **ISO (International Standards Organization) image files** are exact representations of the content and the logical format. You can install these on the computer used to download the package or write the files to disks for distribution and installation on other computers.
-
- > [!NOTE]
- > Not all products are available in all languages and in all formats.
-
- - question: |
- How do I use ISO image file software to download and save ISO image file to a CD-R or a DVD-R disk?
- answer: |
- If you're using a PC with the Windows operating system, you don't need additional software to burn a CD-R or DVD-R. Double-click the ISO file you downloaded, and then follow the steps in the Image Burner Wizard.
-
- If you're using any operating system other than Windows, you might need additional software. If your computer is equipped with a CD/DVD burner, the software is probably loaded on your PC. Most CD-R/DVD-R writing software allows you to create a disk from an image file. Select a menu item such **Copy Image to CD** or **Burn Image to access** to access this feature.
-
- - question: |
- How do I mount and access ISO files as a virtual device?
- answer: |
- If you don't have a CD/DVD burner installed on your computer or media isn't available, you can mount the ISO file as a virtual drive. With this method, your computer believes that the file is a real disk drive, and you can read files from this virtual disk.
-
- > [!NOTE]
- > This approach is advisable only for installing applications such as Microsoft 365 or minor system upgrades. You can't install an operating system using this approach because the virtual drive disappears during the installation.
-
- - question: |
- How do I get support for downloaded products?
- answer: |
- For a list of support options, see [Microsoft Support](https://support.microsoft.com/). Some Volume Licensing customers can use Problem Resolution Support, a Software Assurance Benefit. Review your Software Assurance Benefits to verify your eligibility.
-
- - question: |
- Where can I find support for the topics covered in this FAQ?
- answer: |
- For more training resources, including videos, see [Microsoft Volume Licensing Service Center training and resources](https://www.microsoft.com/licensing/existing-customer/vlsc-training-and-resources).
-
- - question: |
- How can I contact Microsoft Support?
- answer: |
- For VLSC customer phone or web form support, see [Contact Us](/licensing/contact-us). Microsoft responds to web form submissions within 24 hours.
-
-additionalContent: |
-
- ## Additional resources
-
- - [Product keys FAQ](product-keys-faq.yml)
-
- - [Online services activation for Open programs FAQ](online-service-activation-faq.yml)
-
diff --git a/microsoft-365/commerce/licenses/e3-extra-features-licenses.md b/microsoft-365/commerce/licenses/e3-extra-features-licenses.md
index 49acfbb6cb8..34cfa0189e8 100644
--- a/microsoft-365/commerce/licenses/e3-extra-features-licenses.md
+++ b/microsoft-365/commerce/licenses/e3-extra-features-licenses.md
@@ -20,7 +20,7 @@ ms.custom:
- empty
search.appverid: MET150
description: "Learn about Microsoft 365 E3 and E5 Extra Features and how to assign licenses for it to your users."
-ms.date: 01/25/2024
+ms.date: 11/04/2024
---
# Understand the Microsoft 365 E3 and E5 Extra Features license
@@ -48,7 +48,6 @@ Microsoft 365 E3 or E5 Extra Features provides additional features for your user
|Microsoft Clipchamp | Yes | Yes |
|Microsoft Loop | Yes | Yes |
|Windows Autopatch | Yes | Yes |
-|Windows Update for Business deployment service | Yes | Yes |
|Customer Lockbox | No | Yes |
|Defender for IoT - Enterprise IoT Security | No | Yes |
|Immersive spaces for Teams | No | Yes |
diff --git a/microsoft-365/commerce/licenses/product-keys-faq.yml b/microsoft-365/commerce/licenses/product-keys-faq.yml
index dd95049e492..7f3581d5e2a 100644
--- a/microsoft-365/commerce/licenses/product-keys-faq.yml
+++ b/microsoft-365/commerce/licenses/product-keys-faq.yml
@@ -59,8 +59,6 @@ sections:
However, some products don't require a product key. This information is listed in the product description in the Downloads and Keys catalog.
- To determine if your product requires a key, go to [Product activation and key information](https://licensingapps.microsoft.com/product-activation). Under Find Products, choose a product or search for your product name.
-
- question: |
What is a setup key?
answer: |
@@ -242,8 +240,8 @@ sections:
- question: |
Can I use my Volume License Keys to exercise my re-imaging rights?
answer: |
- Yes. Re-imaging rights are granted to all Microsoft Volume Licensing customers. Under these rights, customers can re-image Original Equipment Manufacturer (OEM) or Full Packaged Product (FPP) licensed copies by using media provided under their agreement if the copies made from the Volume Licensing media are identical to the original licensed product. As a Volume Licensing customer, you can find the Volume License Keys on the product key page or request your keys through a [Microsoft Activation Center](https://licensingapps.microsoft.com/product-activation).
-
+ Yes. Re-imaging rights are granted to all Microsoft Volume Licensing customers. Under these rights, customers can re-image Original Equipment Manufacturer (OEM) or Full Packaged Product (FPP) licensed copies by using media provided under their agreement if the copies made from the Volume Licensing media are identical to the original licensed product.
+
> [!NOTE]
> If you're an Open License customer, you must purchase at least one unit of the product that you want to re-image to obtain access to the product media and receive a product key.
@@ -275,6 +273,6 @@ additionalContent: |
## Additional resources
- - [Downloads FAQ](downloads-faq.yml)
+ - [Download volume licensing products](download-vl-products.md)
- [Online service activation for Open programs FAQ](online-service-activation-faq.yml)
diff --git a/microsoft-365/commerce/manage-billing-accounts.md b/microsoft-365/commerce/manage-billing-accounts.md
index d8d7d0cf07f..0d645754fef 100644
--- a/microsoft-365/commerce/manage-billing-accounts.md
+++ b/microsoft-365/commerce/manage-billing-accounts.md
@@ -101,6 +101,8 @@ If you have an MCA billing account type, the top of the billing account details
> [!IMPORTANT]
> Billing account roles only apply to billing accounts, and don't apply to other Microsoft 365 admin center scenarios.
+If you’re a Global Administrator, you can assign yourself a Billing account role in the Microsoft 365 admin center through the billing account roles and permissions. Elevating your access to manage billing accounts gives you the ability to view and manage cost and billing for your accounts. You can view invoices, charges, products that are purchased, and the users who have access to the billing accounts.
+
You can provide others with access to the billing account in the Microsoft 365 admin center through the billing account roles and permissions. For instructions about how to grant billing account access to other users, see [Assign billing account roles](#assign-billing-account-roles).
Only a billing account owner can grant access to a billing account. You can assign the following roles to users:
diff --git a/microsoft-365/commerce/subscriptions/upgrade-to-different-plan.md b/microsoft-365/commerce/subscriptions/upgrade-to-different-plan.md
index f640e905376..51c1c6d2a69 100644
--- a/microsoft-365/commerce/subscriptions/upgrade-to-different-plan.md
+++ b/microsoft-365/commerce/subscriptions/upgrade-to-different-plan.md
@@ -45,6 +45,9 @@ When your business needs change, or you want more features, you can change to a
Changing plans is the right choice when you want to move all users assigned to a single plan. When you change plans, all users in the current plan are assigned licenses for the new plan at the same time. If you only want to move some users to a new plan, buy a new plan with the number of licenses you need, and assign those licenses to the users that you want to move. For more information, see [Move users to a different subscription](move-users-different-subscription.md).
+> [!NOTE]
+> If you have an MCA billing account, you can follow the steps to [Automatically change your subscription to a new plan](/microsoft-365/commerce/subscriptions/upgrade-to-different-plan) and move some users to a new plan by entering the number of licenses that you want. You must assign the new licenses to the users you want to move.
+
## Automatically change your subscription to a new plan
### If you have an MCA billing account type
@@ -55,11 +58,8 @@ Changing plans is the right choice when you want to move all users assigned to a
- If you’re using the **Simplified view**, select **Subscriptions**.
- If you’re using the **Dashboard view**, go to the **Billing** > Your products page.
2. Select the subscription that you want to manage.
-3. On the subscription details page, in the **Other subscription options** section, select **Change to a different subscription option**.
-4. On the **Compare products and select another option** page, select a different plan to compare with your current plan. When you find the one that you want to buy, select **Next**.
-5. Choose when to schedule the change, enter the number of licenses that you want, select a subscription length and a billing frequency, then select **Next**.
-6. Review your selections, then select **Save changes**.
-
+1. On the subscription details page, in the **Other subscription options** section, select **Change to a different subscription option**.
+1. Choose when to schedule the change, enter the number of licenses that you want, select a subscription length and a billing frequency, then select **Change plan**.
### If you have an MOSA billing account type
[!INCLUDE [office-365-operated-by-21vianet-admin-center-link](../../includes/office-365-operated-by-21vianet-admin-center-link.md)]
diff --git a/microsoft-365/commerce/toc.yml b/microsoft-365/commerce/toc.yml
index 23dbff49901..8badcdb1f18 100644
--- a/microsoft-365/commerce/toc.yml
+++ b/microsoft-365/commerce/toc.yml
@@ -55,8 +55,8 @@
href: licenses/contracts-faq.yml
- name: User roles FAQs
href: licenses/user-roles-faq.yml
- - name: Downloads FAQs
- href: licenses/downloads-faq.yml
+ - name: Download volume licensing products
+ href: licenses/download-vl-products.md
- name: Product keys FAQ
href: licenses/product-keys-faq.yml
- name: License Reservations FAQ
diff --git a/microsoft-365/enterprise/TOC.yml b/microsoft-365/enterprise/TOC.yml
index c32dd353316..76e72129ad9 100644
--- a/microsoft-365/enterprise/TOC.yml
+++ b/microsoft-365/enterprise/TOC.yml
@@ -51,7 +51,7 @@
href: microsoft-365-vpn-implement-split-tunnel.md
- name: Securing Teams media traffic for VPN split tunneling
href: microsoft-365-vpn-securing-teams.md
- - name: Stream and live events in VPN environments
+ - name: Teams events in VPN environments
href: microsoft-365-vpn-stream-and-live-events.md
- name: Microsoft 365 optimization for China users
href: microsoft-365-networking-china.md
diff --git a/microsoft-365/enterprise/cloud-microsoft-domain.md b/microsoft-365/enterprise/cloud-microsoft-domain.md
index c72c469e669..d87b8ddc504 100644
--- a/microsoft-365/enterprise/cloud-microsoft-domain.md
+++ b/microsoft-365/enterprise/cloud-microsoft-domain.md
@@ -44,6 +44,7 @@ Since 2023, *.cloud.microsoft and other domains related to the domain unificatio
## Microsoft product and service URLs
| Service | URL |
|:-----|:-----|
+|Microsoft 365 |[m365.cloud.microsoft](https://m365.cloud.microsoft)|
|Microsoft 365 Copilot Business Chat |[m365.cloud.microsoft/chat](https://m365.cloud.microsoft/chat)|
|Microsoft Excel | [excel.cloud.microsoft](https://excel.cloud.microsoft)|
|Microsoft PowerPoint | [powerpoint.cloud.microsoft](https://powerpoint.cloud.microsoft)|
diff --git a/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step4.md b/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step4.md
index 54d282f638a..3ded11228bf 100644
--- a/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step4.md
+++ b/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step4.md
@@ -3,7 +3,7 @@ title: SharePoint Cross-tenant SharePoint migration Step 4 (preview)
ms.author: heidip
author: MicrosoftHeidi
manager: jtremper
-ms.date: 10/13/2023
+ms.date: 10/28/2024
recommendations: true
audience: ITPro
ms.topic: article
@@ -79,5 +79,7 @@ New-UnifiedGroup -DisplayName -Alias
>[!Important]
>Microsoft 365 Groups connected to SharePoint sites **MUST be pre-created using this method**. Pre-creating Microsoft 365 groups using any other methods will cause SharePoint site migrations to fail.
+> [!WARNING]
+> If the Microsoft 365 Group name contains a period character (.), the migration fails with an **Invalid character** error.
-## Step 5: [Prepare the identity mapping file](cross-tenant-SharePoint-migration-step5.md)
\ No newline at end of file
+## Step 5: [Prepare the identity mapping file](cross-tenant-SharePoint-migration-step5.md)
diff --git a/microsoft-365/enterprise/engineering-direct-portal.md b/microsoft-365/enterprise/engineering-direct-portal.md
index 167d12347ba..7e54adbaf65 100644
--- a/microsoft-365/enterprise/engineering-direct-portal.md
+++ b/microsoft-365/enterprise/engineering-direct-portal.md
@@ -1,26 +1,26 @@
----
+---
title: "Engineering Direct Portal in the Microsoft 365 Admin Center"
author: kelleyvice-msft
ms.author: kvice
manager: scotv
-ms.date: 10/04/2024
+ms.date: 10/31/2024
ms.topic: article
-ms.service: microsoft-365-business
-ms.subservice: m365-admin-center
+ms.service: microsoft-365-enterprise
+ms.subservice: administration
ms.localizationpriority: medium
ms.collection:
- scotvorg
- must-keep
ms.custom: QuickDraft
-ms.reviewer: kwekua; holliep
+ms.reviewer: holliep
search.appverid: MET150
f1.keywords:
audience:
description: Understand the new Engineering Direct Portal in the Microsoft 365 admin center and learn how to access and use its features
ai-usage: ai-assisted
----
+---
-# Engineering Direct Portal in the Microsoft 365 Admin Center
+ # Engineering Direct Portal in the Microsoft 365 Admin Center
The Engineering Direct Portal is a new feature within the Microsoft 365 admin center designed to provide Office Engineering Direct (OED) customers with an enhanced engineering experience. This article provides an overview of the portal's features, how to access it, and its functionality.
@@ -49,7 +49,7 @@ The Engineering Direct Portal is located under **Support** within the Microsoft
Once in the portal, you'll see the **Overview** page. This page contains several key elements:
- **ACE Contact**: If you have an Advanced Cloud Engineer (ACE) assigned, you'll see an ACE tile with primary contact information. This lists your ACE email address with a clickable option to start an email. The tile won't be visible to customers without an ACE.
-- **Insights: Key Metrics**: This tile lists both your engineering escalations and those that have been resolved for the last six months. An issue is considered an 'engineering escalation' once it has been raised to and assigned to a Microsoft Engineering team member (either through our support organization, or through your usage of the "Escalate to Engineering" feature).
+- **Insights: Key Metrics**: This tile lists both your engineering escalations and those escalations that have been resolved for the last six months. An issue is considered an 'engineering escalation' once it has been raised to and assigned to a Microsoft Engineering team member (either through our support organization, or through your usage of the "Escalate to Engineering" feature).
- Total escalations include open or closed tickets
- Active escalations include only those tickets that are open
- **Customer Advisory Board (CAB)**: The CAB tile will list the last and next CAB events as well as the last and next community calls. This is informational only; registrations and calendar blockers will continue to be provided separately through existing process channels.
@@ -92,6 +92,8 @@ In this section:
- [Visual Mail Flow](#visual-mail-flow)
- [Validate DKIM Signing Configuration](#validate-dkim-signing-configuration)
- [Auto Archive Detection](#auto-archive-detection)
+- [Remediate a Compromised Account](#remediate-a-compromised-account)
+- [Guest Access in Teams](#guest-access-in-teams)
### Visual Mail Flow
@@ -157,7 +159,7 @@ The Validate DKIM Signing Configuration tool is used to:
This diagnostic tool is particularly useful in the following scenarios:
- **Initial Setup:** After configuring DKIM for a new domain, use the tool to verify that the setup is complete and correct.
-- **Troubleshooting:** If emails from your domain are being marked as spam or are not passing DKIM validation, use the tool to diagnose potential configuration issues.
+- **Troubleshooting:** If emails from your domain are being marked as spam or aren't passing DKIM validation, use the tool to diagnose potential configuration issues.
- **Configuration Updates:** When updating DKIM settings or DNS records, use the tool to confirm that changes have been applied correctly.
#### Steps and Outputs
@@ -166,7 +168,7 @@ This diagnostic tool is particularly useful in the following scenarios:
Navigate to Microsoft Admin Center:
- - Log in to the Microsoft Admin Center.
+ - Sign in to the Microsoft Admin Center.
- Go to the Diagnostics section.
Select Validate DKIM Signing Configuration:
@@ -185,11 +187,11 @@ This diagnostic tool is particularly useful in the following scenarios:
- **Step 3: Review Diagnostic Results**
- After running the diagnostic, you will receive one of the following results, depending on the status of your DKIM configuration:
+ After running the diagnostic, you'll receive one of the following results, depending on the status of your DKIM configuration:
**Slide 1: No Configuration Created nor Enabled**
- - Description: DKIM signing configuration for the domain has not been created. Emails may use default domain settings.
+ - Description: DKIM signing configuration for the domain hasn't been created. Emails might use default domain settings.
- Action Required: Create the necessary DKIM signing configuration. Follow the PowerShell link provided in the diagnostic output to create the configuration. Then, configure DKIM using the steps outlined in the [Set up DKIM to sign mail from your Microsoft 365 domain](/defender-office-365/email-authentication-dkim-configure) article.
**Slide 2: Configured but Possibly Published Incorrectly**
@@ -219,9 +221,9 @@ By using the Validate DKIM Signing Configuration tool effectively, you can ensur
### Auto Archive Detection
-Auto Archive Detection helps manage your mailbox by automatically archiving or deleting old items. This feature can be configured differently in Outlook Desktop and Outlook on the Web (OWA). Editing Auto Archive settings in Outlook can help you effectively manage your mailbox, keeping it organized and free of clutter. Whether you are using Outlook Desktop or Outlook on the Web, the steps provided will guide you through the process of configuring Auto Archive to suit your needs.
+Auto Archive Detection helps manage your mailbox by automatically archiving or deleting old items. This feature can be configured differently in Outlook Desktop and Outlook on the Web (OWA). Editing Auto Archive settings in Outlook can help you effectively manage your mailbox, keeping it organized and free of clutter. Whether you're using Outlook Desktop or Outlook on the Web, the steps provided will guide you through the process of configuring Auto Archive to suit your needs.
-Follow the steps below to enable and customize Auto Archive settings based on your version of Outlook.
+Follow the following steps to enable and customize Auto Archive settings based on your version of Outlook.
#### For Outlook Desktop
@@ -260,8 +262,111 @@ Follow the steps below to enable and customize Auto Archive settings based on yo
1. Save your changes to apply the new settings.
+### Remediate a Compromised Account
+
+If you or your user suspects an account has been accessed by someone who shouldn’t have access, it may be compromised. The **Remediate a Compromised Account** diagnostic will help you check different aspects of the affected mailbox and guide you through the steps to recover the account. Please use this diagnostic if you or your user notice any signs that one of your user's accounts may have been compromised.
+
+This diagnostic is split into multiple sections that detail steps to remediate the account. Each step lists the actions required or links to an article that can be explained in more detail. Furthermore, there will be additional account details for each step, such as when the user last reset the password, what MFA is enabled on the account, and which IP addresses have accessed the mailbox.
+
+**Inputs**
+
+- Email Address of Compromised Account
+
+#### Steps and Output
+
+1. Force Sign Out - First, it is important to force a user to sign out of all sessions:
+
+ - Go to the [Microsoft 365 admin center](https://admin.microsoft.com/Adminportal/Home#/homepage).
+
+ - Navigate to _Users > Active users_.
+
+ - Click on the desired user.
+
+ - On the Account Tab, under _Sign-out_, select _Sign out of all sessions_.
+
+2. Reset Password - [Reset the password.](/microsoft-365/admin/add-users/reset-passwords) Don't send the new password to the user through email, because the attacker may still have access to the mailbox. Be sure to use a strong and unique password: upper and lowercase letters, at least one number, and at least one special character.
+
+ - The last time a user reset the password will be displayed.
+
+3. Enable multifactor authentication - [Multi-Factor Authentication (MFA)](/entra/identity/authentication/concept-mfa-howitworks) is crucial for enhancing security and protecting user accounts. [Enable MFA](/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication).
+
+ - A list of types of MFA enabled on the user will be displayed.
+
+4. Block Suspicious IP Addresses - Blocking suspicious or harmful IP addresses is an essential cybersecurity measure. [Review the IP Addresses that have activity on this account and block any that are suspicious](/defender-office-365/tenant-allow-block-list-urls-configure).
+
+ - A list of IP addresses that performed actions on the account will be displayed.
+
+5. Remove Account from Administrative Roles - To ensure that the attacker can't perform administrative actions, [remove compromised account from any administrative roles](/microsoft-365/admin/add-users/assign-admin-roles?WT.mc_id=365AdminCSH_SupportCentral). You can restore the user's membership once the account is secured.
+
+6. Enable Mailbox Logging - Mailbox logging is the capability of capturing and analyzing audit logs related to security, compliance, and other activities within Microsoft 365 or Office 365. [Enable mailbox logging.](/purview/audit-log-enable-disable?tabs=microsoft-purview-portal)
+
+ - The status of logging on the mailbox will be shown (Enabled or Disabled).
+
+7. Remove Unusual Mailbox Delegates - A mailbox delegate is someone you authorize to manage your email and calendar on your behalf. Displayed below are all the delegates that aren't the mailbox owner. [Delete any unknown users.](/exchange/recipients-in-exchange-online/manage-permissions-for-recipients)
+
+ - Users who have delegate permission will be displayed with the fields `user (email)`, `isinherited`, and `access rights`.
+
+8. Remove Unusual Inbox Rules - Inbox rules are often used by attackers to forward emails to themselves. [Check if there are any unusual rules and delete them.](/exchange/security-and-compliance/mail-flow-rules/manage-mail-flow-rules)
+
+ - The inbox rules registered on the mailbox will be displayed with the identity, name, description, `forwardto` address, and enabled status.
+
+9. Remove Unusual SMTP Forwarding - Simple Mail Transfer Protocol (SMTP) is the protocol responsible for sending emails from the sender's email client to the email server. [Check if there is SMTP forwarding.](/exchange/recipients-in-exchange-online/manage-user-mailboxes/manage-user-mailboxes)
+
+ - SMTP forwarding registered on the mailbox will be displayed.
+
+10. Remove Unusual Accepted Domains - An accepted domain in a mailbox allows users in a domain to send and receive mail. [Delete any unusual domains.](/exchange/mail-flow-best-practices/manage-accepted-domains/manage-accepted-domains)
+
+ - Accepted domains registered on the tenant will be displayed.
+
+11. Remove Unusual Inbound and Outbound Connectors - Inbound connectors manage email traffic coming into your organization, while outbound connectors control the flow of emails leaving your organization. [Check if there are any unusual connectors and delete them.](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail)
+
+ - Connectors registered on the tenant will be displayed.
+
+**Further Steps**
+
+If the user still shows signs of being compromised, reach out to Microsoft Support for further help.
+
+### Guest Access in Teams
+
+The **Guest Access Diagnostic for Microsoft Teams** helps troubleshoot various issues that may hinder guests from accessing a team, such as inviting guests, accessing team content, and using specific guest features. Since guest settings are managed at both organizational and team levels, this diagnostic checks for any misconfigurations that could impact guest access. It aggregates these issues and presents them in one place, with each misconfigured setting accompanied by guidance for admins. Additionally, the diagnostic assesses the provisioning of guest user accounts. It also allows for optional inputs at org, team and user levels, giving you the flexibility to customize the output you receive.
+
+#### Org-level settings
+
+These settings at the organization level are evaluated to check for misconfiguration.
+
+|Setting|Where it's located|Setting values considered “misconfigured”|
+| -------- | -------- | -------- |
+|External collaboration setting's guest invite setting|Microsoft Entra Admin Center |No one in this organization can invite guest users including admins (most restrictive)Only users assigned to specific admin roles can invite guests |
+|M365 group guest setting|Microsoft Admin Center |Either one or both of these settings are turned off:Let group owners add people outside your organization to Microsoft 365 Groups as guestsLet guest group members access group content |
+|SharePoint External Sharing settings |SharePoint Admin Center |Only people in your organizationExisting guests only |
+|Guest Access setting |Teams Admin Center |Off |
+
+#### User-level setup
+
+This diagnostic checks the guest user account provisioning in both Entra and Teams when a guest user is provided as input. If a Teams team is also specified, it will verify the guest user's membership in that team.
+
+#### Additional settings
+
+In addition, this diagnostic also displays some settings that could affect your guest access experience. These settings are not evaluated for misconfiguration.
+
+1. Guest user access restriction setting and collaboration restrictions setting in Microsoft Entra Admin Center
+
+ 
+
+2. Guest feature settings in Teams Admin Center
+
+ 
+
+3. Teams guest permissions in Teams app
+
+ 
+
+This diagnostic should assist to resolve your guest access issues and provide a seamless guest experience in Teams.
+
+If problems persist, reach out to Microsoft support for assistance.
+
## More information
As we roll out new features, your experience might change.
-If you would like to get help or have questions, reach out to [edfeedback@microsoft.com](mailto:edfeedback@microsoft.com) or use the feedback mechanism within the Engineering Direct Portal page. If you are encountering any technical issues, open a support ticket via your normal support channel.
+If you would like to get help or have questions, reach out to [edfeedback@microsoft.com](mailto:edfeedback@microsoft.com) or use the feedback mechanism within the Engineering Direct Portal page. If you're encountering any technical issues, open a support ticket via your normal support channel.
diff --git a/microsoft-365/enterprise/m365-dr-commitments.md b/microsoft-365/enterprise/m365-dr-commitments.md
index ff259fa37e1..99251c5c520 100644
--- a/microsoft-365/enterprise/m365-dr-commitments.md
+++ b/microsoft-365/enterprise/m365-dr-commitments.md
@@ -81,19 +81,21 @@ The following customer data is stored at rest in the _Local Region Geography_:
- Topic highlighting is computed dynamically when the SharePoint page is rendered by running a language model against the content of the page and linking it with the knowledge base of Topics. The Topics data is sourced from the Substrate in the _Local Region Geography_.
- The administration configuration data is stored within the _Local Region Geography_.
-## Purview Audit (Standard)
+## Microsoft Purview
+
+### Purview Audit (Standard)
The following customer data is stored at rest in the _Local Region Geography_:
- Service configuration data, audited Activities, audit Records, and audit log query permissions
-## Purview Audit (Premium)
+### Purview Audit (Premium)
The following customer data is stored at rest in the _Local Region Geography_:
- In addition to the customer data stored as part of Purview Audit (Standard), configuration and Customer Data related to high-value crucial events
-## Data lifecycle management - Data Retention
+### Data lifecycle management - Data Retention
The following customer data is stored at rest in the _Local Region Geography_:
@@ -114,13 +116,13 @@ The following customer data is stored at rest in the _Local Region Geography_:
- Disposition data
- Mappings between retention labels and Data Loss Prevention (DLP) policies
-## Data lifecycle management - Records Management
+### Data lifecycle management - Records Management
The following customer data is stored at rest in the _Local Region Geography_:
- Record retention label definitions, file plan definitions, event-based retention policy settings, disposition review records and records of deletion
-## Information Protection - Sensitivity labels
+### Information Protection - Sensitivity labels
The following customer data is stored at rest in the _Local Region Geography_:
@@ -131,19 +133,19 @@ The following customer data is stored at rest in the _Local Region Geography_:
- Activity Explorer and Microsoft 365 unified audit logs
- Label change justification records
-## Information Protection - Data Loss Prevention (DLP)
+### Information Protection - Data Loss Prevention (DLP)
The following customer data is stored at rest in the _Local Region Geography_:
- DLP admin configuration, DLP policies in Compliance Portal, DLP monitored activities, violation history, Activity Explorer and Microsoft 365 unified audit logs, quarantine storage, DLP Alerts and DLP Alert management dashboard
-## Information Protection - Office Message Encryption
+### Information Protection - Office Message Encryption
The following customer data is stored at rest in the _Local Region Geography_:
- Encryption policies, admin settings and encrypted messages
-## Risk and compliance - information barriers
+### Risk and compliance - information barriers
The following customer data is stored at rest in the _Local Region Geography_:
diff --git a/microsoft-365/enterprise/m365-dr-overview.md b/microsoft-365/enterprise/m365-dr-overview.md
index fdd3b3111d4..fc932875274 100644
--- a/microsoft-365/enterprise/m365-dr-overview.md
+++ b/microsoft-365/enterprise/m365-dr-overview.md
@@ -37,7 +37,7 @@ In order to promote clarity in the capability descriptions on data residency fun
|Future Local Region Geography
| Future planned data center regions: Indonesia, Malaysia, Austria, Chile, New Zealand, Denmark, Greece, Taiwan, Saudi Arabia
|
|Geography
|_Local Region Geography, Future Local Region Geography_, or _Macro Region Geography_
|
|Satellite Geography
|If a customer subscribes to the Multi Geo service, then they can set policy at a user level to store customer data in other Geographies outside of the _Tenant_ _Primary Provisioned Geography_
|
-|Microsoft Entra ID
|Microsoft Entra ID
|
+|Microsoft Entra ID
|Microsoft Entra ID is the new name for [Azure Active Directory](/entra/fundamentals/new-name)
|
|Tenant
|A _Tenant_ represents an organization in Microsoft Entra ID. It's a reserved Microsoft Entra service instance that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure or Microsoft 365. Each Microsoft Entra ID _Tenant_ is distinct and separate from other Microsoft Entra ID Tenants
|
|Default Geography
|When a _Microsoft Entra ID Tenant_ is created, a country/region is provided by the customer during the sign-up process. This country/region determines the default Geography for all Microsoft 365 services. In some cases, not all services are able to provision in this single _Default Geography_. See _Microsoft 365 Service provisioning mapping_ below for a description.
|
|Microsoft 365 Service provisioning mapping
|All Microsoft 365 Services use the _Default Geography_ to determine where a given _Tenant's_ specified data will be provisioned and stored.
|
diff --git a/microsoft-365/enterprise/m365-dr-workload-spo.md b/microsoft-365/enterprise/m365-dr-workload-spo.md
index d6ab4e00bcc..ca6a1ef729e 100644
--- a/microsoft-365/enterprise/m365-dr-workload-spo.md
+++ b/microsoft-365/enterprise/m365-dr-workload-spo.md
@@ -100,6 +100,9 @@ Refer to the link above for more information about the retirement plan and the a
## **Multi-Geo Capabilities in SharePoint / OneDrive**
+> [!IMPORTANT]
+> There is currently a known issue caused by the retirement of BCS that is affecting site moves. The fix is currently being worked on. Currently, if you are facing issues, please try using the PowerShell cmdlet while using the -SuppressBcsCheck parameter.
+
Multi-Geo capabilities in OneDrive and SharePoint enable control of shared resources like SharePoint team sites and Microsoft 365 group mailboxes stored at rest in a specified _Macro Region Geography_ or _Local Region Geography_.
Each user, Group mailbox, and SharePoint site have a Preferred Data Location (PDL) which denotes the _Macro Region Geography_ or _Local Region Geography_ (location where related data is to be stored). Users' personal data (Exchange mailbox and OneDrive) along with any Microsoft 365 Groups or SharePoint sites that they create can be stored in the specified _Macro Region Geography_ or _Local Region Geographies_ location to meet data residency requirements. You can specify different administrators for each _Macro Region Geography_ or _Local Region Geographies_ location.
diff --git a/microsoft-365/enterprise/microsoft-365-vpn-stream-and-live-events.md b/microsoft-365/enterprise/microsoft-365-vpn-stream-and-live-events.md
index 95ce06badc9..55ab351f0d1 100644
--- a/microsoft-365/enterprise/microsoft-365-vpn-stream-and-live-events.md
+++ b/microsoft-365/enterprise/microsoft-365-vpn-stream-and-live-events.md
@@ -1,10 +1,10 @@
---
-title: "Special considerations for Stream and Teams events in VPN environments"
+title: "Special considerations for Teams events in VPN environments"
ms.author: kvice
author: kelleyvice-msft
manager: scotv
ms.reviewer: bryanyce
-ms.date: 09/12/2024
+ms.date: 10/31/2024
audience: Admin
ms.topic: conceptual
ms.service: microsoft-365-enterprise
@@ -20,13 +20,13 @@ ms.collection:
- must-keep
f1.keywords:
- NOCSH
-description: "Special considerations for Stream and Teams events in VPN environments"
+description: "Special considerations for Teams events in VPN environments"
---
-# Special considerations for Stream and Teams events in VPN environments
+# Special considerations for Teams events in VPN environments
> [!NOTE]
->This article is part of a set of articles that address Microsoft 365 optimization for remote users. The following endpoints are specific to Worldwide Commercial and Government Community Cloud (GCC) environments; the endpoints listed here are not applicable to U.S. Government GCC High or U.S. Government DoD environments.
+>This article is part of a set of articles that address Microsoft 365 optimization for remote users.
>
>- For an overview of using VPN split tunneling to optimize Microsoft 365 connectivity for remote users, see [Overview: VPN split tunneling for Microsoft 365](microsoft-365-vpn-split-tunnel.md).
>- For detailed guidance on implementing VPN split tunneling, see [Implementing VPN split tunneling for Microsoft 365](microsoft-365-vpn-implement-split-tunnel.md).
@@ -34,71 +34,100 @@ description: "Special considerations for Stream and Teams events in VPN environm
>- For guidance on securing Teams media traffic in VPN split tunneling environments, see [Securing Teams media traffic for VPN split tunneling](microsoft-365-vpn-securing-teams.md).
>- For information about optimizing Microsoft 365 worldwide tenant performance for users in China, see [Microsoft 365 performance optimization for China users](microsoft-365-networking-china.md).
-Microsoft 365 Live Events attendee traffic (this includes attendees to Teams-produced live events and those produced with an external encoder via Teams, Stream, or Viva Engage), Microsoft Teams Town hall attendee traffic and on-demand Stream attendee traffic is currently categorized as **Default** versus **Optimize** in the [URL/IP list for the service](urls-and-ip-address-ranges.md). These endpoints are categorized as **Default** because they're hosted on CDNs that might also be used by other services. Customers generally prefer to proxy this type of traffic and apply any security elements normally done on endpoints such as these.
+Microsoft Teams Live events attendee traffic (this includes attendees to Teams-produced live events and those produced with an external encoder via Teams or Viva Engage) and Microsoft Teams Town hall attendee traffic is currently categorized as **Default** versus **Optimize** in the [URL/IP list for the service](urls-and-ip-address-ranges.md). These endpoints are categorized as **Default** because they're hosted on CDNs that might also be used by other services. Customers generally prefer to proxy this type of traffic and apply any security elements normally done on endpoints such as these.
-Many customers have asked for URL/IP data needed to connect their attendees to Stream or Teams events directly from their local internet connection, rather than route the high-volume and latency-sensitive traffic via the VPN infrastructure. Typically, this isn't possible without both dedicated namespaces and accurate IP information for the endpoints, which isn't provided for Microsoft 365 endpoints categorized as **Default**.
+Many customers have asked for URL/IP data needed to connect their attendees in Teams events directly from their local internet connection, rather than route the high-volume and latency-sensitive traffic via the VPN infrastructure. Typically, this isn't possible without both dedicated namespaces and accurate IP information for the endpoints, which isn't provided for Microsoft 365 endpoints categorized as **Default**.
-Use the following steps to enable direct connectivity for the Stream or Teams events services from clients using a forced tunnel VPN. This solution is intended to provide customers with an option to avoid routing Events attendee traffic over VPN while there's high network traffic due to work-from-home scenarios. If possible, we recommend accessing the service through an inspecting proxy.
+Use the following steps to identify and enable direct connectivity for attendee traffic for Teams Events from clients that are using a forced tunnel VPN. This solution is intended to provide customers with an option to avoid routing attendee traffic over VPN while there's high network traffic due to work-from-home scenarios. If possible, we recommend accessing the service through an inspecting proxy.
> [!NOTE]
> Using this solution, there might be service elements that do not resolve to the IP addresses provided and thus traverse the VPN, but the bulk of high-volume traffic like streaming data should. There might be other elements outside the scope of Live Events/Stream which get caught by this offload, but these should be limited as they must meet both the FQDN _and_ the IP match before going direct.
> [!IMPORTANT]
->We recommend you weigh the risk of sending more traffic that bypasses the VPN over the performance gain for Live Events.
+>We recommend you weigh the risk of sending more traffic that bypasses the VPN over the performance gain for Teams Events.
-To implement the forced tunnel exception for Teams Events and Stream, the following steps should be applied:
+To implement the forced tunnel exception for Teams Events, the following steps should be applied:
## 1. Configure external DNS resolution
Clients need external, recursive DNS resolution to be available so that the following host names can be resolved to IP addresses.
-- \*.azureedge.net
+For the **Commercial** cloud:
- \*.media.azure.net
- \*.bmc.cdn.office.net
- \*.ml.cdn.office.net
-**\*.azureedge.net** is used for Stream events ([Configure encoders for live streaming in Microsoft Stream - Microsoft Stream | Microsoft Docs](/stream/live-encoder-setup)).
-
**\*.media.azure.net** and **\*.bmc.cdn.office.net** are used for Teams-produced Live Events (Quick Start events and RTMP-In supported events) scheduled from the Teams client.
**\*.media.azure.net**, **\*.bmc.cdn.office.net** and **\*.ml.cdn.office.net** are used for Teams Town hall events.
-Some of these endpoints are shared with other elements outside of Stream or Teams events. We don't recommend just using these FQDNs to configure VPN offload even if technically possible in your VPN solution (for example, if it works at the FQDN rather than IP).
+> [!NOTE]
+> Some of these endpoints are shared with other elements outside of Teams events. We don't recommend just using these namespaces to configure VPN offload even if technically possible in your VPN solution (for example, if it works with the namespace rather than IP).
+
+For the **Government** clouds **(GCC, GCC High, DoD)**:
+- \*.cdn.ml.gcc.teams.microsoft.com
+- \*.cdn.ml.gov.teams.microsoft.us
+- \*.cdn.ml.dod.teams.microsoft.us
+
+**\*.cdn.ml.gcc.teams.microsoft.com** is used for Teams Town hall events in the Microsoft 365 U.S. Government Community Cloud (GCC).
+
+**\*.cdn.ml.gov.teams.microsoft.us** is used for Teams Town hall events in the Microsoft 365 U.S. Government GCC High Cloud (GCC High).
+
+**\*.cdn.ml.dod.teams.microsoft.us** is used for Teams Town hall events in the Microsoft 365 U.S. Government DoD Cloud (DoD).
FQDNs aren't required in the VPN configuration, they're purely for use in PAC files in combination with the IPs to send the relevant traffic direct.
## 2. Implement PAC file changes (where required)
-For organizations that utilize a PAC file to route traffic through a proxy while on VPN, this is normally achieved using FQDNs. However, with Stream/Live Events/Town hall, the host names provided contain wildcards such as **\*.azureedge.net**, which also encompasses other elements for which it isn't possible to provide full IP listings. Thus, if the request is sent direct based on DNS wildcard match alone, traffic to these endpoints will be blocked as there's no route via the direct path for it in [Step 3](#3-configure-routing-on-the-vpn-to-enable-direct-egress) later in this article.
+For organizations that utilize a PAC file to route traffic through a proxy while on VPN, this is normally achieved using FQDNs. However, with Teams events, the host names provided contain wildcards that resolve to IP addresses used by Content Delivery Networks (CDNs) which aren't utilized exclusively for Teams events traffic. Thus, if the request is sent direct based on DNS wildcard match alone, traffic to these endpoints will be blocked as there's no route via the direct path for it in [Step 3](#3-configure-routing-on-the-vpn-to-enable-direct-egress) later in this article.
-To solve this, we can provide the following IPs and use them in combination with the host names in an example PAC file as described in [Step 1](#1-configure-external-dns-resolution). The PAC file checks if the URL matches those used for Stream/Live Events/Town hall and then if it does, it then also checks to see if the IP returned from a DNS lookup matches those provided for the service. If _both_ match, then the traffic is routed direct. If either element (FQDN/IP) doesn't match, then the traffic is sent to the proxy. As a result, the configuration ensures that anything that resolves to an IP outside of the scope of both the IP and defined namespaces traverses the proxy via the VPN as normal.
+To solve this, we can provide the following IPs and use them in combination with the host names in an example PAC file as described in [Step 1](#1-configure-external-dns-resolution). The PAC file checks if the URL matches those used for Teams events and if it does, it then also checks to see if the IP returned from a DNS lookup matches those provided for the service. If _both_ match, then the traffic is routed direct. If either element (FQDN/IP) doesn't match, then the traffic is sent to the proxy. As a result, the configuration ensures that anything that resolves to an IP outside of the scope of both the IP and defined namespaces traverses the proxy via the VPN as normal.
### Gathering the current lists of CDN Endpoints
-Teams events use multiple CDN providers to stream to customers, to provide the best coverage, quality, and resiliency. Currently, both Azure CDN from Microsoft and from Verizon are used. Over time this could be changed due to situations such as regional availability. This article is a source to enable you to keep up to date on IP ranges.
+For the Commercial cloud, Teams events use multiple CDN providers to stream to customers, to provide the best coverage, quality, and resiliency. Currently, both Azure CDN from Microsoft and Azure CDN from Verizon are used. Over time this could be changed due to situations such as regional availability. This article is a source to enable you to keep up to date on IP ranges. For the Microsoft 365 U.S. Government clouds (GCC, GCC High and DoD) only Azure CDN from Microsoft is used.
-For Azure CDN from Microsoft, you can download the list from [Download Azure IP Ranges and Service Tags – Public Cloud from Official Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56519) - you'll need to look specifically for the service tag _AzureFrontdoor.Frontend_ in the JSON; _addressPrefixes_ will show the IPv4/IPv6 subnets. Over time the IPs can change, but the service tag list is always updated before they're put in use.
+For the **Commercial** cloud:
-For Azure CDN from Verizon (Edgecast) you can find an exhaustive list using [Edge Nodes - List](/rest/api/cdn/edge-nodes/list) (select **Try It** ) - you'll need to look specifically for the **Premium\_Verizon** section. Note that this API shows all Edgecast IPs (origin and Anycast). Currently there isn't a mechanism for the API to distinguish between origin and Anycast.
+- For Azure CDN from Microsoft, you can download the list from [Download Azure IP Ranges and Service Tags – Public Cloud from Official Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=56519) - you'll need to look specifically for the service tag `AzureFrontdoor.Frontend` in the JSON; _addressPrefixes_ will show the IPv4/IPv6 subnets. Over time the IPs can change, but the service tag list is always updated before they're put in use.
-To implement this in a PAC file, you can use the following example that sends the Microsoft 365 Optimize traffic direct (which is recommended best practice) via FQDN, and the critical Stream/Live Events traffic direct via a combination of the FQDN and the returned IP address. The placeholder name _Contoso_ would need to be edited to your specific tenant's name where _contoso_ is from contoso.onmicrosoft.com
+- For Azure CDN from Verizon (Edgecast) you can find an exhaustive list using [Edge Nodes - List](/rest/api/cdn/edge-nodes/list) (select **Try It** ) - you'll need to look specifically for the **Premium\_Verizon** section. Note that this API shows all Edgecast IPs (origin and Anycast). Currently there isn't a mechanism for the API to distinguish between origin and Anycast.
-#### Example PAC file
+For the **Government** clouds **(GCC, GCC High and DoD)**:
-Here's an example of how to generate the PAC files:
+- For Azure CDN from Microsoft, you can download the list from [Download Azure IP Ranges and Service Tags – US Government Cloud from Official Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=57063) - you'll need to look specifically for the service tag `AzureFrontdoor.Frontend` in the JSON; _addressPrefixes_ will show the IPv4/IPv6 subnets. Over time the IPs can change, but the service tag list is always updated before they're put in use.
-1. Save the script below to your local hard disk as _Get-TLEPacFile.ps1_.
-1. Go to the [Verizon URL](/rest/api/cdn/edge-nodes/list#code-try-0) and download the resulting JSON (copy paste it into a file like cdnedgenodes.json)
+The following script can generate a PAC file that will include the namespaces and IP listings for the Teams Events attendee traffic. The **-Instance** parameter determines the specified environment - the supported values are [Worldwide, USGov, USGovGCCHigh and UsGovDoD]. Optionally, the script can also include the Optimize and Allow domains as well using the **-Type** parameter.
+
+#### Example PAC file generation for the Commercial cloud
+
+Here's an example of how to generate the PAC file for the Commercial cloud:
+
+1. Save the script to your local hard disk as _Get-EventsPacFile.ps1_.
+1. Go to the [Verizon URL](/rest/api/cdn/edge-nodes/list#code-try-0) and download the resulting JSON (copy paste it into a file named cdnedgenodes.json)
1. Put the file into the same folder as the script.
-1. In a PowerShell window, run the following command. Change out the tenant name for something else if you want the SPO URLs. This is Type 2, so **Optimize** and **Allow** (Type 1 is Optimize only).
+1. In a PowerShell window, run the following command. If you only desire the Optimize names (and not Optimize and Allow) change the -Type parameter to Optimize.
```powershell
- .\Get-TLEPacFile.ps1 -Instance Worldwide -Type 2 -TenantName -CdnEdgeNodesFilePath .\cdnedgenodes.json -FilePath TLE.pac
+ .\Get-EventsPacFile.ps1 -Instance Worldwide -CdnEdgeNodesFilePath .\cdnedgenodes.json -Type OptimizeAndAllow -FilePath .\Commercial.pac
```
-1. The TLE.pac file will contain all the namespaces and IPs (IPv4/IPv6).
+1. The Commercial.pac file will contain all the namespaces and IPs (IPv4/IPv6) for Teams Events attendee traffic.
-##### Get-TLEPacFile.ps1
+#### Example PAC file generation for the Microsoft 365 U.S. Government Community Cloud (GCC)
+
+Here's an example of how to generate the PAC file for the GCC environment:
+
+1. Save the script to your local hard disk as _Get-EventsPacFile.ps1_.
+1. In a PowerShell window, run the following command. If you only desire the Optimize names (and not Optimize and Allow) change the -Type parameter to Optimize.
+
+ ```powershell
+ .\Get-EventsPacFile.ps1 -Instance UsGov -Type OptimizeAndAllow -FilePath .\USGov.pac
+ ```
+
+1. The USGov.pac file will contain all the namespaces and IPs (IPv4/IPv6) specific to the GCC cloud for Teams Town hall attendee traffic.
+
+##### Get-EventsPacFile.ps1
```powershell
# Copyright (c) Microsoft Corporation. All rights reserved.
@@ -106,7 +135,7 @@ Here's an example of how to generate the PAC files:
<#PSScriptInfo
-.VERSION 1.0.5
+.VERSION 1.0.6
.AUTHOR Microsoft Corporation
@@ -140,7 +169,7 @@ Licensed under the MIT License.
.SYNOPSIS
-Create a PAC file for Microsoft 365 prioritized connectivity
+Create a PAC file for Microsoft 365 prioritized connectivity for Teams Events (Live Events, Town hall)
.DESCRIPTION
@@ -150,7 +179,7 @@ on how traffic needs to be prioritized.
.PARAMETER Instance
-The service instance inside Microsoft 365.
+The service instance inside Microsoft 365. The default is Worldwide. To specify GCC use the USGov value.
.PARAMETER ClientRequestId
@@ -166,9 +195,8 @@ The default proxy settings for non priority traffic.
.PARAMETER Type
-The type of prioritization to give. Valid values are 1 and 2, which are 2 different modes of operation.
-Type 1 will send Optimize traffic to the direct route. Type 2 will send Optimize and Allow traffic to
-the direct route.
+The type of prioritization to give. Valid values are Optimize and OptimizeAndAllow, which are 2 different modes of operation.
+These values align to the categories defined in our Principles of Network Connectivity at https://aka.ms/pnc
.PARAMETER Lowercase
@@ -188,58 +216,56 @@ The file to print the content to.
.EXAMPLE
-Get-TLEPacFile.ps1 -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7 -DefaultProxySettings "PROXY 4.4.4.4:70" -FilePath type1.pac
+Get-EventsPacFile.ps1 -Instance Worldwide -CdnEdgeNodesFilePath .\cdnedgenodes.json -Type OptimizeAndAllow -FilePath .\Commercial.pac
.EXAMPLE
-Get-TLEPacFile.ps1 -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7 -Instance China -Type 2 -DefaultProxySettings "PROXY 4.4.4.4:70" -FilePath type2.pac
-
-.EXAMPLE
+Get-EventsPacFile.ps1 -Instance USGov -FilePath .\USGov.pac -Type OptimizeAndAllow
-Get-TLEPacFile.ps1 -ClientRequestId b10c5ed1-bad1-445f-b386-b919946339a7 -Instance WorldWide -Lowercase -TenantName tenantName -ServiceAreas Sharepoint
#>
#Requires -Version 2
-[CmdletBinding(SupportsShouldProcess=$True)]
+[CmdletBinding(SupportsShouldProcess = $True)]
Param (
- [Parameter(Mandatory = $false)]
- [ValidateSet('Worldwide', 'Germany', 'China', 'USGovDoD', 'USGovGCCHigh')]
+ [Parameter()]
+ [ValidateSet('Worldwide', 'Germany', 'China', 'USGovDoD', 'USGovGCCHigh', 'USGov')]
[String] $Instance = "Worldwide",
- [Parameter(Mandatory = $false)]
+ [Parameter()]
[ValidateNotNullOrEmpty()]
- [guid] $ClientRequestId = [Guid]::NewGuid().Guid,
+ [guid] $ClientRequestId = [Guid]::NewGuid(),
- [Parameter(Mandatory = $false)]
+ [Parameter()]
[ValidateNotNullOrEmpty()]
[String] $DirectProxySettings = 'DIRECT',
- [Parameter(Mandatory = $false)]
+ [Parameter()]
[ValidateNotNullOrEmpty()]
[String] $DefaultProxySettings = 'PROXY 10.10.10.10:8080',
- [Parameter(Mandatory = $false)]
- [ValidateRange(1, 2)]
- [int] $Type = 1,
+ [Parameter()]
+ [ValidateSet('OptimizeOnly','OptimizeAndAllow')]
+ [string]
+ $Type = 'OptimizeOnly',
- [Parameter(Mandatory = $false)]
- [switch] $Lowercase = $false,
+ [Parameter()]
+ [switch] $Lowercase,
- [Parameter(Mandatory = $false)]
+ [Parameter()]
[ValidateNotNullOrEmpty()]
[string] $TenantName,
- [Parameter(Mandatory = $false)]
+ [Parameter()]
[ValidateSet('Exchange', 'SharePoint', 'Common', 'Skype')]
[string[]] $ServiceAreas,
- [Parameter(Mandatory = $false)]
+ [Parameter()]
[ValidateNotNullOrEmpty()]
[string] $FilePath,
- [Parameter(Mandatory = $false)]
+ [Parameter()]
[ValidateNotNullOrEmpty()]
[string] $CdnEdgeNodesFilePath
)
@@ -248,242 +274,244 @@ Param (
### Global constants
##################################################################################################################
-$baseServiceUrl = "https://endpoints.office.com/endpoints/$Instance/?ClientRequestId={$ClientRequestId}"
+$baseServiceUrl = if ($Instance -eq 'USGov') {
+ "https://endpoints.office.com/endpoints/Worldwide/?ClientRequestId=$ClientRequestId"
+} else {
+ "https://endpoints.office.com/endpoints/$Instance/?ClientRequestId=$ClientRequestId"
+}
$directProxyVarName = "direct"
$defaultProxyVarName = "proxyServer"
-$bl = "`r`n"
##################################################################################################################
### Functions to create PAC files
##################################################################################################################
-function Get-PacClauses
-{
+function Get-PacString {
param(
- [Parameter(Mandatory = $false)]
- [string[]] $Urls,
-
- [Parameter(Mandatory = $true)]
- [ValidateNotNullOrEmpty()]
- [String] $ReturnVarName
- )
-
- if (!$Urls)
- {
- return ""
- }
+ [Parameter(ValueFromPipelineByPropertyName)]
+ [string[]]
+ $NonDirectOverrideFqdns,
- $clauses = (($Urls | ForEach-Object { "shExpMatch(host, `"$_`")" }) -Join "$bl || ")
-
-@"
- if($clauses)
- {
- return $ReturnVarName;
- }
-"@
-}
-
-function Get-PacString
-{
- param(
- [Parameter(Mandatory = $true)]
- [ValidateNotNullOrEmpty()]
- [array[]] $MapVarUrls
+ [Parameter(ValueFromPipelineByPropertyName)]
+ [string[]]
+ $DirectFqdns
)
-@"
-// This PAC file will provide proxy config to Microsoft 365 services
-// using data from the public web service for all endpoints
-function FindProxyForURL(url, host)
-{
- var $directProxyVarName = "$DirectProxySettings";
- var $defaultProxyVarName = "$DefaultProxySettings";
+ $PACSb = New-Object 'System.Text.StringBuilder'
+ $null = & {
+ $PACSb.AppendLine('// This PAC file will provide proxy config to Microsoft 365 services')
+ $PACSb.AppendLine('// using data from the public web service for all endpoints')
+ $PACSb.AppendLine('function FindProxyForURL(url, host)')
+ $PACSb.AppendLine('{')
+ $PACSb.Append(' var ').Append($directProxyVarName).Append(' = "').Append($DirectProxySettings).AppendLine('";')
+ $PACSb.Append(' var ').Append($defaultProxyVarName).Append(' = "').Append($DefaultProxySettings).AppendLine('";')
+ if ($Lowercase) {
+ $PACSb.AppendLine(' host = host.toLowerCase();')
+ }
+ $first = $true
+ foreach ($fqdn in $NonDirectOverrideFqdns) {
+ if ($first) {
+ $PACSb.AppendLine()
+ $PACSb.AppendLine(' // Force proxy for subdomains of bypassed hosts')
+ $PACSb.AppendLine()
+ $PACSb.Append(' if(')
+ }
+ else {
+ $PACSb.AppendLine().Append(' || ')
+ }
+ $first = $false
+ $PACSb.Append('shExpMatch(host, "').Append($fqdn).Append('")')
+ }
+ if (!$first) {
+ $PACSb.AppendLine(')')
+ $PACSb.AppendLine(' {')
+ $PACSb.Append(' return ').Append($directProxyVarName).AppendLine(';')
+ $PACSb.AppendLine(' }')
+ }
-$( if ($Lowercase) { " host = host.toLowerCase();" })
+ $first = $true
+ foreach ($fqdn in $DirectFqdns) {
+ if ($first) {
+ $PACSb.AppendLine()
+ $PACSb.AppendLine(' // Bypassed hosts')
+ $PACSb.AppendLine()
+ $PACSb.Append(' if(')
+ }
+ else {
+ $PACSb.AppendLine().Append(' || ')
+ }
+ $first = $false
+ $PACSb.Append('shExpMatch(host, "').Append($fqdn).Append('")')
+ }
+ if (!$first) {
+ $PACSb.AppendLine(')')
+ $PACSb.AppendLine(' {')
+ $PACSb.Append(' return ').Append($directProxyVarName).AppendLine(';')
+ $PACSb.AppendLine(' }')
+ }
-$( ($MapVarUrls | ForEach-Object { Get-PACClauses -ReturnVarName $_.Item1 -Urls $_.Item2 }) -Join "$bl$bl" )
+ if (!$ServiceAreas -or $ServiceAreas.Contains('Skype')) {
+ $EventsConfig = Get-TeamsEventsConfiguration
+ if ($EventsConfig.EventsAddressRanges.Count -gt 0) {
+ $EventsBlock = $EventsConfig | Get-TLEPacConfiguration
+ $PACSb.AppendLine()
+ $PACSb.AppendLine($EventsBlock)
+ }
+ }
-$( if (!$ServiceAreas -or $ServiceAreas.Contains('Skype')) { Get-TLEPacConfiguration })
+ $PACSb.Append(' return ').Append($defaultProxyVarName).AppendLine(';').Append('}')
+ }
- return $defaultProxyVarName;
-}
-"@ -replace "($bl){3,}","$bl$bl" # Collapse more than one blank line in the PAC file so it looks better.
+ return $PACSb.ToString()
}
##################################################################################################################
### Functions to get and filter endpoints
##################################################################################################################
-
-function Get-TLEPacConfiguration {
- param ()
- $PreBlock = @"
- // Don't Proxy Teams Live Events traffic
-
- if(shExpMatch(host, "*.azureedge.net")
- || shExpMatch(host, "*.bmc.cdn.office.net")
- || shExpMatch(host, "*.ml.cdn.office.net")
- || shExpMatch(host, "*.media.azure.net"))
- {
- var resolved_ip = dnsResolveEx(host);
-
-"@
- $TLESb = New-Object 'System.Text.StringBuilder'
- $TLESb.Append($PreBlock) | Out-Null
-
- if (![string]::IsNullOrEmpty($CdnEdgeNodesFilePath) -and (Test-Path -Path $CdnEdgeNodesFilePath)) {
- $CdnData = Get-Content -Path $CdnEdgeNodesFilePath -Raw -ErrorAction SilentlyContinue | ConvertFrom-Json | Select-Object -ExpandProperty value |
- Where-Object { $_.name -eq 'Premium_Verizon'} | Select-Object -First 1 -ExpandProperty properties |
- Select-Object -ExpandProperty ipAddressGroups
- $CdnData | Select-Object -ExpandProperty ipv4Addresses | ForEach-Object {
- if ($TLESb.Length -eq $PreBlock.Length) {
- $TLESb.Append(" if(") | Out-Null
- }
- else {
- $TLESb.AppendLine() | Out-Null
- $TLESb.Append(" || ") | Out-Null
- }
- $TLESb.Append("isInNetEx(resolved_ip, `"$($_.BaseIpAddress)/$($_.prefixLength)`")") | Out-Null
+function Get-TeamsEventsConfiguration {
+ param()
+ $IncludedHosts = switch ($Instance) {
+ 'USGov' {
+ @('*.cdn.ml.gcc.teams.microsoft.com')
+ break
}
- $CdnData | Select-Object -ExpandProperty ipv6Addresses | ForEach-Object {
- if ($TLESb.Length -eq $PreBlock.Length) {
- $TLESb.Append(" if(") | Out-Null
- }
- else {
- $TLESb.AppendLine() | Out-Null
- $TLESb.Append(" || ") | Out-Null
- }
- $TLESb.Append("isInNetEx(resolved_ip, `"$($_.BaseIpAddress)/$($_.prefixLength)`")") | Out-Null
+ 'USGovDoD' {
+ @('*.cdn.ml.dod.teams.microsoft.us')
+ break
+ }
+ 'USGovGCCHigh' {
+ @('*.cdn.ml.gov.teams.microsoft.us')
+ break
+ }
+ default {
+ @('*.bmc.cdn.office.net', '*.ml.cdn.office.net', '*.media.azure.net')
+ break
}
}
- $AzureIPsUrl = Invoke-WebRequest -Uri "https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519" -UseBasicParsing -ErrorAction SilentlyContinue |
- Select-Object -ExpandProperty Links | Select-Object -ExpandProperty href |
+ $IncludedAddressRanges = & {
+ if (!$Instance.StartsWith('USGov') -and ![string]::IsNullOrEmpty($CdnEdgeNodesFilePath) -and (Test-Path -Path $CdnEdgeNodesFilePath)) {
+ Get-Content -Path $CdnEdgeNodesFilePath -Raw -ErrorAction SilentlyContinue | ConvertFrom-Json | Select-Object -ExpandProperty value |
+ Where-Object { $_.name -eq 'Premium_Verizon' } | Select-Object -First 1 -ExpandProperty properties |
+ Select-Object -ExpandProperty ipAddressGroups |
+ ForEach-Object {
+ $_.ipv4Addresses
+ $_.ipv6Addresses
+ } |
+ Where-Object { $_.BaseIpAddress } |
+ ForEach-Object { $_.BaseIpAddress + '/' + $_.prefixLength }
+ }
+
+ $ServiceTagsDownloadId = '56519'
+ if ($Instance.StartsWith('USGov')) {
+ $ServiceTagsDownloadId = '57063'
+ }
+ $AzureIPsUrl = Invoke-WebRequest -Uri "https://www.microsoft.com/en-us/download/confirmation.aspx?id=$ServiceTagsDownloadId" -UseBasicParsing -ErrorAction SilentlyContinue |
+ Select-Object -ExpandProperty Links | Select-Object -ExpandProperty href |
Where-Object { $_.EndsWith('.json') -and $_ -match 'ServiceTags' } | Select-Object -First 1
- if ($AzureIPsUrl) {
- Invoke-RestMethod -Uri $AzureIPsUrl -ErrorAction SilentlyContinue | Select-Object -ExpandProperty values |
- Where-Object { $_.name -eq 'AzureFrontDoor.Frontend' } | Select-Object -First 1 -ExpandProperty properties |
- Select-Object -ExpandProperty addressPrefixes | ForEach-Object {
- if ($TLESb.Length -eq $PreBlock.Length) {
- $TLESb.Append(" if(") | Out-Null
- }
- else {
- $TLESb.AppendLine() | Out-Null
- $TLESb.Append(" || ") | Out-Null
- }
- $TLESb.Append("isInNetEx(resolved_ip, `"$_`")") | Out-Null
- }
- }
- if ($TLESb.Length -gt $PreBlock.Length) {
- $TLESb.AppendLine(")") | Out-Null
- $TLESb.AppendLine(" {") | Out-Null
- $TLESb.AppendLine(" return $directProxyVarName;") | Out-Null
- $TLESb.AppendLine(" }") | Out-Null
+ if ($AzureIPsUrl) {
+ Invoke-RestMethod -Uri $AzureIPsUrl -ErrorAction SilentlyContinue | Select-Object -ExpandProperty values |
+ Where-Object { $_.name -eq 'AzureFrontDoor.Frontend' } | Select-Object -First 1 -ExpandProperty properties |
+ Select-Object -ExpandProperty addressPrefixes
+ }
}
- else {
- $TLESb.AppendLine(" // no addresses found for service via script") | Out-Null
+ [PSCustomObject]@{
+ EventsHostNames = $IncludedHosts
+ EventsAddressRanges = $IncludedAddressRanges
}
- $TLESb.AppendLine(" }") | Out-Null
- return $TLESb.ToString()
}
-function Get-Regex
-{
- param(
- [Parameter(Mandatory = $true)]
- [ValidateNotNullOrEmpty()]
- [string] $Fqdn
- )
-
- return "^" + $Fqdn.Replace(".", "\.").Replace("*", ".*").Replace("?", ".?") + "$"
-}
-
-function Match-RegexList
-{
- param(
- [Parameter(Mandatory = $true)]
- [ValidateNotNullOrEmpty()]
- [string] $ToMatch,
-
- [Parameter(Mandatory = $false)]
- [string[]] $MatchList
+function Get-TLEPacConfiguration {
+ [CmdletBinding()]
+ param (
+ [Parameter(ValueFromPipelineByPropertyName)]
+ [string[]]
+ $EventsHostNames,
+
+ [Parameter(ValueFromPipelineByPropertyName)]
+ [string[]]
+ $EventsAddressRanges
)
-
- if (!$MatchList)
- {
- return $false
+ if ($EventsAddressRanges.Count -eq 0) {
+ return ''
+ }
+ $TLESb = New-Object 'System.Text.StringBuilder'
+ $Spaces = ' '
+ $null = $TLESb.Append($Spaces).AppendLine('// Bypass Teams Events attendee traffic')
+ $first = $true
+ $null = foreach ($hostName in $EventsHostNames) {
+ if ($first) {
+ $TLESb.AppendLine().Append($Spaces).Append('if(')
+ }
+ else {
+ $TLESb.AppendLine().Append($Spaces).Append(' || ')
+ }
+ $first = $false
+ $TLESb.Append('shExpMatch(host, "').Append($hostName).Append('")')
}
- foreach ($regex in $MatchList)
- {
- if ($regex -ne $ToMatch -and $ToMatch -match (Get-Regex $regex))
- {
- return $true
+ $null = $TLESb.AppendLine(')').Append($Spaces).AppendLine('{')
+ $Spaces = $Spaces + $Spaces
+ $null = $TLESb.Append($Spaces).AppendLine('var resolved_ip = dnsResolveEx(host);')
+
+ $first = $true
+ $null = foreach ($addressRange in $EventsAddressRanges) {
+ if ($first) {
+ $TLESb.AppendLine().Append($Spaces).Append('if(')
+ } else {
+ $TLESb.AppendLine().Append($Spaces).Append(' || ')
}
+ $first = $false
+ $TLESb.Append('isInNetEx(resolved_ip, "').Append($addressRange).Append('")')
+ }
+ if (!$first) {
+ $null = $TLESb.AppendLine(')').
+ Append($Spaces).AppendLine('{').
+ Append($Spaces).Append(' return ').Append($directProxyVarName).AppendLine(';').
+ Append($Spaces).AppendLine('}')
}
- return $false
+ else {
+ $null = $TLESb.Append($Spaces).AppendLine('// no addresses found for service via script')
+ }
+ return $TLESb.AppendLine(' }').ToString()
}
-function Get-Endpoints
-{
+function Get-Endpoints {
$url = $baseServiceUrl
- if ($TenantName)
- {
+ if ($TenantName) {
$url += "&TenantName=$TenantName"
}
- if ($ServiceAreas)
- {
+ if ($ServiceAreas) {
$url += "&ServiceAreas=" + ($ServiceAreas -Join ",")
}
return Invoke-RestMethod -Uri $url
}
-function Get-Urls
-{
- param(
- [Parameter(Mandatory = $false)]
- [psobject[]] $Endpoints
- )
-
- if ($Endpoints)
- {
- return $Endpoints | Where-Object { $_.urls } | ForEach-Object { $_.urls } | Sort-Object -Unique
- }
- return @()
-}
-
-function Get-UrlVarTuple
-{
- param(
- [Parameter(Mandatory = $true)]
- [ValidateNotNullOrEmpty()]
- [string] $VarName,
-
- [Parameter(Mandatory = $false)]
- [string[]] $Urls
- )
- return New-Object 'Tuple[string,string[]]'($VarName, $Urls)
-}
-
-function Get-MapVarUrls
-{
+function Get-MapVarUrls {
Write-Verbose "Retrieving all endpoints for instance $Instance from web service."
$Endpoints = Get-Endpoints
- if ($Type -eq 1)
- {
- $directUrls = Get-Urls ($Endpoints | Where-Object { $_.category -eq "Optimize" })
- $nonDirectPriorityUrls = Get-Urls ($Endpoints | Where-Object { $_.category -ne "Optimize" }) | Where-Object { Match-RegexList $_ $directUrls }
- return @(
- Get-UrlVarTuple -VarName $defaultProxyVarName -Urls $nonDirectPriorityUrls
- Get-UrlVarTuple -VarName $directProxyVarName -Urls $directUrls
- )
- }
- elseif ($Type -eq 2)
- {
- $directUrls = Get-Urls ($Endpoints | Where-Object { $_.category -in @("Optimize", "Allow")})
- $nonDirectPriorityUrls = Get-Urls ($Endpoints | Where-Object { $_.category -notin @("Optimize", "Allow") }) | Where-Object { Match-RegexList $_ $directUrls }
- return @(
- Get-UrlVarTuple -VarName $defaultProxyVarName -Urls $nonDirectPriorityUrls
- Get-UrlVarTuple -VarName $directProxyVarName -Urls $directUrls
- )
+ $Include = if ($Type -eq 'OptimizeOnly') { @('Optimize') } else { @('Optimize', 'Allow') }
+
+ $directUrls = $endpoints |
+ Where-Object { $_.category -in $Include } |
+ Where-Object { $_.urls } |
+ ForEach-Object { $_.urls } |
+ Sort-Object -Unique
+
+ $MatchList = [Collections.Generic.Dictionary[string,Regex]]@{}
+ $directUrls |
+ Where-Object { $_.Contains('*') -or $_.Contains('?') } |
+ ForEach-Object { $MatchList[$_] = [Regex]::new('^{0}$' -f $_.Replace('.','\.').Replace('*','.*').Replace('?','.?'),[Text.RegularExpressions.RegexOptions]::IgnoreCase) }
+
+ $nonDirectPriorityUrls = $endpoints |
+ Where-Object { $_.category -notin $Include } |
+ Where-Object { $_.urls } |
+ ForEach-Object { $_.urls } |
+ Sort-Object -Unique |
+ Where-Object { [Linq.Enumerable]::Any($MatchList,[Func[System.Collections.Generic.KeyValuePair[string,Regex],bool]]{$args[0].Key -ne $_ -and $args[0].Value.IsMatch($_)}) }
+
+ return [PSCustomObject]@{
+ NonDirectOverrideFqdns = $nonDirectPriorityUrls
+ DirectFqdns = $directUrls
}
}
@@ -491,35 +519,33 @@ function Get-MapVarUrls
### Main script
##################################################################################################################
-$content = Get-PacString (Get-MapVarUrls)
+$content = Get-MapVarUrls | Get-PacString
-if ($FilePath)
-{
+if ($FilePath) {
$content | Out-File -FilePath $FilePath -Encoding ascii
}
-else
-{
+else {
$content
}
```
-The script will automatically parse the Azure list based on the [download URL](https://www.microsoft.com/download/details.aspx?id=56519) and keys off of **AzureFrontDoor.Frontend**, so there's no need to get that manually.
+The script will automatically parse the appropriate Azure CDN list based on the **Instance** parameter value and keys off of **AzureFrontDoor.Frontend**, so there's no need to get that manually.
-Again, we don't recommend performing VPN offload using just the FQDNs; utilizing **both** the FQDNs and the IP addresses in the function helps scope the use of this offload to a limited set of endpoints including Live Events/Stream. The way the function is structured will result in a DNS lookup being done for the FQDN that matches those listed by the client directly, i.e. DNS resolution of the remaining namespaces remains unchanged.
+Again, we don't recommend performing VPN offload using just the FQDNs; utilizing **both** the FQDNs and the IP addresses in the function helps scope the use of this offload to a limited set of endpoints including Teams Events. The way the function is structured will result in a DNS lookup being done for the FQDN that matches those listed by the client directly, i.e. DNS resolution of the remaining namespaces remains unchanged.
-If you wish to limit the risk of offloading endpoints not related to Teams events and Stream, you can remove the **\*.azureedge.net** domain from the configuration which is where most of this risk lies as this is a shared domain used for all Azure CDN customers. The downside of this is that any event using an external encoder powered by Stream won't be optimized, but events produced/organized within Teams will be.
## 3. Configure routing on the VPN to enable direct egress
-The final step is to add a direct route for the Teams event IPs described in **Gathering the current lists of CDN Endpoints** into the VPN configuration to ensure the traffic isn't sent via the forced tunnel into the VPN. Detailed information on how to do this for Microsoft 365 Optimize endpoints can be found in the [Implement VPN split tunneling](microsoft-365-vpn-implement-split-tunnel.md#implement-vpn-split-tunneling) section of [Implementing VPN split tunneling for Microsoft 365](microsoft-365-vpn-implement-split-tunnel.md). The process is exactly the same for the Stream or Teams events IPs listed in this document.
+The final step is to add a direct route for the Teams event IPs described in **Gathering the current lists of CDN Endpoints** into the VPN configuration to ensure the traffic isn't sent via the forced tunnel into the VPN. Detailed information on how to do this for Microsoft 365 Optimize endpoints can be found in the [Implement VPN split tunneling](microsoft-365-vpn-implement-split-tunnel.md#implement-vpn-split-tunneling) section of [Implementing VPN split tunneling for Microsoft 365](microsoft-365-vpn-implement-split-tunnel.md). The process is exactly the same for the Teams events IPs listed in this document.
-Note that only the IPs (not FQDNs) from [Gathering the current lists of CDN Endpoints](#gathering-the-current-lists-of-cdn-endpoints) should be used for VPN configuration.
+> [!NOTE]
+> Only the IPs (not FQDNs) from [Gathering the current lists of CDN Endpoints](#gathering-the-current-lists-of-cdn-endpoints) should be used for VPN configuration.
## FAQ
### Will this send all my traffic to the service direct?
-No, this will send the latency-sensitive streaming traffic for a Teams Event or Stream video direct, any other traffic will continue to use the VPN tunnel if they don't resolve to the IPs published.
+No, this will send the latency-sensitive streaming traffic for a Teams Event attendee direct, any other traffic will continue to use the VPN tunnel if they don't resolve to the IPs published.
### Do I need to use the IPv6 Addresses?
@@ -531,28 +557,27 @@ Microsoft has strict controls around the format and type of information that is
The **Default** endpoint category has no IP information provided for numerous reasons (Default endpoints might be outside of the control of Microsoft, might change too frequently, or might be in blocks shared with other elements). For this reason, Default endpoints are designed to be sent via FQDN to an inspecting proxy, like normal web traffic.
-In this case, the above endpoints are CDNs that might be used by non-Microsoft controlled elements other than Live Events or Stream, and thus sending the traffic direct will also mean anything else which resolves to these IPs will also be sent direct from the client. Due to the unique nature of the current global crisis and to meet the short-term needs of our customers, Microsoft has provided the information above for customers to use as they see fit.
+In this case, the above endpoints are CDNs that might be used by non-Microsoft controlled elements other than Teams Events, and thus sending the traffic direct will also mean anything else which resolves to these IPs will also be sent direct from the client. Due to the unique nature of the current global crisis and to meet the short-term needs of our customers, Microsoft has provided the information above for customers to use as they see fit.
Microsoft is working to reconfigure the Teams events endpoints to allow them to be included in the Allow/Optimize endpoint categories in the future.
### Do I only need to allow access to these IPs?
-No, access to all of the **Required** marked endpoints in [the URL/IP service](urls-and-ip-address-ranges.md) is essential for the service to operate. In addition, any Optional endpoint marked for Stream (ID 41-45) is required.
+No, access to all of the **Required** marked endpoints for the appropriate environment is essential for the service to operate.
+- Worldwide including GCC: [Endpoints for Worldwide](urls-and-ip-address-ranges.md)
+- Microsoft 365 U.S. Government GCC High: [Endpoints for GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md)
+- Microsoft 365 U.S. Government DoD: [Endpoints for DoD](microsoft-365-u-s-government-dod-endpoints.md)
### What scenarios will this advice cover?
1. Live events produced within the Teams App
-2. Viewing Stream hosted content
-3. External device (encoder) produced events
-4. Teams Town hall
+2. External device (encoder) produced events
+3. Teams Town hall
### Does this advice cover presenter traffic?
-It doesn't; the advice above is purely for those consuming the service. Presenting from within Teams will see the presenter's traffic flowing to the Optimize marked UDP endpoints listed in URL/IP service row 11 with detailed VPN offload advice outlined in the [Implement VPN split tunneling](microsoft-365-vpn-implement-split-tunnel.md#implement-vpn-split-tunneling) section of [Implementing VPN split tunneling for Microsoft 365](microsoft-365-vpn-implement-split-tunnel.md).
-
-### Does this configuration risk traffic other than Town hall, Live Events & Stream being sent direct?
+It doesn't; the advice above is purely for those attending the event. Presenting from within Teams will see the presenter's traffic flowing to the Optimize marked UDP endpoints listed in URL/IP service row 11 with detailed VPN offload advice outlined in the [Implement VPN split tunneling](microsoft-365-vpn-implement-split-tunnel.md#implement-vpn-split-tunneling) section of [Implementing VPN split tunneling for Microsoft 365](microsoft-365-vpn-implement-split-tunnel.md).
-Yes, due to shared FQDNs used for some elements of the service, this is unavoidable. This traffic is normally sent via a corporate proxy which can apply inspection. In a VPN split tunnel scenario, using both the FQDNs and IPs will scope this risk down to a minimum, but it will still exist. Customers can remove the **\*.azureedge.net** domain from the offload configuration and reduce this risk to a bare minimum but this will remove the offload of Stream-supported Live Events (Teams-scheduled, Stream encoder events, Viva Engage events produced in Teams, Viva Engage-scheduled Stream encoder events, and Stream scheduled events or on-demand viewing from Stream). Events scheduled and produced in Teams (including Town hall) are unaffected.
## Related articles
diff --git a/microsoft-365/enterprise/multi-geo-user-experience.md b/microsoft-365/enterprise/multi-geo-user-experience.md
index aba0dc2b7ee..9f1b71a6876 100644
--- a/microsoft-365/enterprise/multi-geo-user-experience.md
+++ b/microsoft-365/enterprise/multi-geo-user-experience.md
@@ -1,7 +1,7 @@
---
title: "User experience in a multi-geo environment"
ms.reviewer:
-ms.date: 09/25/2024
+ms.date: 10/29/2024
ms.author: kvice
author: kelleyvice-msft
manager: scotv
@@ -107,4 +107,6 @@ There are two constituents of the Microsoft 365 Person data:
- My Microsoft 365 People dataset ([contact resource type](/graph/api/resources/contact?view=graph-rest-1.0&preserve-view=true)), which represents the list of the user's Microsoft 365 contacts along with the user’s version of their contacts' Microsoft 365 profile. This edited or unedited version of another user’s profile will always remain private in the current user’s mailbox and won't be replicated anywhere.
-To enable discovery, rich people search, and full fidelity collaboration experiences, the Microsoft 365 profile of users in the tenant is replicated across geos when a Multi-Geo tenant is first set up (for instance, to provide the Global Address List) and in response to user actions. Examples of user actions include direct and indirect interactions with one or more users in the tenant via activities like joining the Organization, creating and\or joining Teams meetings, sharing and\or co-editing files, profile card lookup, and adding of contacts as described in [Add, find, edit, or delete a contact in Outlook](https://support.microsoft.com/office/add-find-edit-or-delete-a-contact-in-outlook-e1dc4548-3bd6-4644-aecd-47b5728f7b0d#:~:text=information%20any%20time.-,Select%20the%20contact%20from%20the%20list%2C%20then%20select%20Edit%20contact,and%20begin%20adding%20more%20information.&text=someone's%20profile%20card-,In%20Mail%2C%20open%20an%20email%20message%20in%20the%20reading%20pane,card%2C%20select%20Add%20to%20contacts.). The replicated Microsoft 365 profiles of other users from an interaction\collaboration are stored in the Microsoft 365 People dataset of the target user shard.
+To enable discovery, organizational structure exploration, rich people search, and full fidelity collaboration experiences, the Global Address List (GAL) and the Microsoft 365 Profile of users in the tenant is replicated and kept in sync across geos both when a Multi-Geo tenant is first set up and in response to certain user actions. Examples of user actions include direct and indirect interactions with one or more users in the tenant via activities like becoming part of the Organization, creating and/or joining Teams meetings, sharing and/or co-editing files, profile card lookup, and adding of contacts as described in [Add, find, edit, or delete a contact in Outlook](https://support.microsoft.com/office/add-find-edit-or-delete-a-contact-in-outlook-e1dc4548-3bd6-4644-aecd-47b5728f7b0d#:~:text=information%20any%20time.-,Select%20the%20contact%20from%20the%20list%2C%20then%20select%20Edit%20contact,and%20begin%20adding%20more%20information.&text=someone's%20profile%20card-,In%20Mail%2C%20open%20an%20email%20message%20in%20the%20reading%20pane,card%2C%20select%20Add%20to%20contacts.).
+
+In addition to the central GAL, replicated Microsoft 365 Profiles of other users from an interaction or collaboration are stored in the Microsoft 365 People dataset of the target user's mailbox.
diff --git a/microsoft-365/enterprise/urls-and-ip-address-ranges-21vianet.md b/microsoft-365/enterprise/urls-and-ip-address-ranges-21vianet.md
index 11b14e67a35..06397a1712a 100644
--- a/microsoft-365/enterprise/urls-and-ip-address-ranges-21vianet.md
+++ b/microsoft-365/enterprise/urls-and-ip-address-ranges-21vianet.md
@@ -3,7 +3,7 @@ title: "URLs and IP address ranges for Microsoft 365 operated by 21Vianet"
ms.author: kvice
author: kelleyvice-msft
manager: scotv
-ms.date: 09/30/2024
+ms.date: 10/31/2024
audience: ITPro
ms.topic: conceptual
ms.service: microsoft-365-enterprise
@@ -33,7 +33,7 @@ hideEdit: true
**Microsoft 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) | *Microsoft 365 operated by 21 Vianet* | [Microsoft 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) | [Microsoft 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md) |
-**Last updated:** 09/30/2024 -  [Change Log subscription](https://endpoints.office.com/version/China?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)
+**Last updated:** 10/31/2024 -  [Change Log subscription](https://endpoints.office.com/version/China?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)
**Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/China?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list.
diff --git a/microsoft-365/enterprise/urls-and-ip-address-ranges.md b/microsoft-365/enterprise/urls-and-ip-address-ranges.md
index 7757edcfe9f..92976848c83 100644
--- a/microsoft-365/enterprise/urls-and-ip-address-ranges.md
+++ b/microsoft-365/enterprise/urls-and-ip-address-ranges.md
@@ -3,7 +3,7 @@ title: "Microsoft 365 URLs and IP address ranges"
ms.author: kvice
author: kelleyvice-msft
manager: scotv
-ms.date: 09/30/2024
+ms.date: 10/31/2024
audience: Admin
ms.topic: conceptual
ms.service: microsoft-365-enterprise
@@ -37,7 +37,7 @@ Microsoft 365 requires connectivity to the Internet. The endpoints below should
|Notes|Download|Use|
|---|---|---|
-|**Last updated:** 09/30/2024 -  [Change Log subscription](https://endpoints.office.com/version/worldwide?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list.|**Use:** our proxy [PAC files](managing-office-365-endpoints.md#pacfiles)|
+|**Last updated:** 10/31/2024 -  [Change Log subscription](https://endpoints.office.com/version/worldwide?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list.|**Use:** our proxy [PAC files](managing-office-365-endpoints.md#pacfiles)|
|
Start with [Managing Microsoft 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This cadence allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
diff --git a/microsoft-365/frontline/index.yml b/microsoft-365/frontline/index.yml
index 647446ee11a..9478129ec80 100644
--- a/microsoft-365/frontline/index.yml
+++ b/microsoft-365/frontline/index.yml
@@ -15,7 +15,7 @@ metadata:
manager: jtremper
audience: Admin
- ms.date: 01/12/2024 #Required; mm/dd/yyyy format.
+ ms.date: 10/30/2024 #Required; mm/dd/yyyy format.
ms.collection:
- m365-frontline
- highpri
@@ -35,14 +35,44 @@ highlightedContent:
itemType: get-started
url: flw-choose-scenarios.md
# Card
- - title: How to find the best frontline team solution for your organization
- itemType: whats-new
- url: frontline-team-options.md
+ - title: Schedule management with Shifts
+ itemType: overview
+ url: shifts-for-teams-landing-page.md
# productDirectory section (optional)
productDirectory:
items:
# Card
+ - title: Set up and manage frontline devices
+ imageSrc: /office/media/icons/devices-2-blue.svg
+ links:
+ - url: flw-devices.md
+ text: Device management overview for frontline workers
+ - url: flw-shared-devices.md
+ text: Manage shared devices for frontline workers
+ - url: flw-working-time.md
+ text: Limit access to Teams when frontline staff are off shift
+ # Card
+ - title: Deploy frontline teams
+ imageSrc: /office/media/icons/deploy-blue.svg
+ links:
+ - url: frontline-team-options.md
+ text: Determine the best frontline team solution for your organization
+ - url: deploy-dynamic-teams-at-scale.md
+ text: Deploy frontline dynamic teams at scale
+ - url: deploy-teams-at-scale.md
+ text: Deploy frontline static teams at scale
+ # Card
+ - title: Set up experiences for your frontline
+ imageSrc: /office/media/icons/administrator.svg
+ links:
+ - url: deploy-frontline-operational-hierarchy.md
+ text: Deploy your frontline operational hierarchy
+ - url: set-up-targeted-communications.md
+ text: Set up targeted communications
+ - url: deploy-shifts-at-scale.md
+ text: Deploy Shifts at scale
+ # Card
- title: Solutions to transform your business
imageSrc: /office/media/icons/lightbulb-idea-capture-blue.svg
links:
@@ -76,14 +106,14 @@ productDirectory:
links:
- url: /microsoftteams/approval-admin?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json
text: Approvals
- - url: /microsoftteams/expand-teams-across-your-org/shifts/manage-the-shifts-app-for-your-organization-in-teams?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json
- text: Shifts
- url: /microsoftteams/manage-planner-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json
text: Planner
+ - url: /microsoftteams/expand-teams-across-your-org/shifts/manage-the-shifts-app-for-your-organization-in-teams?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json
+ text: Shifts
- url: /microsoftteams/manage-updates-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json
text: Updates
- - url: /microsoftteams/manage-virtual-appointments-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json
- text: Virtual Appointments
+ - url: /microsoftteams/walkie-talkie?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json
+ text: Walkie Talkie
- url: /microsoftteams/apps-in-teams?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json
text: More >
# Card
diff --git a/microsoft-365/frontline/set-up-open-shifts-across-locations.md b/microsoft-365/frontline/set-up-open-shifts-across-locations.md
index b4153bf3ea1..55c3ec20f23 100644
--- a/microsoft-365/frontline/set-up-open-shifts-across-locations.md
+++ b/microsoft-365/frontline/set-up-open-shifts-across-locations.md
@@ -66,6 +66,11 @@ After a manager turns on the capability in Shifts settings, they can choose to e
Frontline workers who are part of the same schedule group in other locations can see and request the open shifts. The manager at the location where the open shift is available can approve (or decline) the request.
+To learn more about the user experience, see:
+
+- [Use open shifts across locations in Shifts](https://support.microsoft.com/office/use-open-shifts-across-locations-in-shifts-14d6fd2e-1956-45a4-ba68-ccc71aedfa3b) (frontline managers)
+- [Request an open shift at another location in Shifts](https://support.microsoft.com/office/request-an-open-shift-at-another-location-in-shifts-7738dc1a-9f4f-46ee-8bcb-6dd1aaf8ab1f) (frontline workers)
+
**What you need to know about schedule group names**
- The schedule group name for an open shift must match across locations. This ensures that open shifts shared by a manager are available to all workers in the same schedule group at other locations within the hierarchy.
diff --git a/microsoft-365/includes/office-365-operated-by-21vianet-endpoints.md b/microsoft-365/includes/office-365-operated-by-21vianet-endpoints.md
index b905259a446..24cb92694c8 100644
--- a/microsoft-365/includes/office-365-operated-by-21vianet-endpoints.md
+++ b/microsoft-365/includes/office-365-operated-by-21vianet-endpoints.md
@@ -1,7 +1,7 @@
-
-
+
+
## Exchange Online
@@ -12,7 +12,7 @@ ID | Category | ER | Addresses | Ports
12 | Default
Required | No | `*.partner.outlook.cn, attachments.office365-net.cn` | **TCP:** 443, 80
20 | Allow
Required | No | `*.partner.outlook.cn`
`40.73.132.0/24, 40.73.164.128/25, 40.73.165.0/26, 42.159.40.0/24, 42.159.44.0/22, 42.159.163.128/25, 42.159.165.0/24, 42.159.172.0/22, 2406:e500:4010::/48, 2406:e500:4030::/53, 2406:e500:4030:800::/54, 2406:e500:4040::/53, 2406:e500:4040:800::/54, 2406:e500:4040:1000::/54, 2406:e500:4040:1400::/54, 2406:e500:4110::/48, 2406:e500:4210::/48, 2406:e500:4310::/48` | **TCP:** 587, 993, 995
-## SharePoint Online and OneDrive for Business
+## SharePoint and OneDrive
ID | Category | ER | Addresses | Ports
-- | ------------------- | -- | ------------------------------------------------------------------------------------------ | ----------------
@@ -42,4 +42,3 @@ ID | Category | ER | Addresses | Ports
18 | Default
Optional
**Notes:** If using Exchange Online, follow Allow category guidance for *.protection.partner.outlook.cn | No | `*.aadrm.cn, *.protection.partner.outlook.cn` | **TCP:** 443
22 | Default
Required | No | `*.partner.office365.cn` | **TCP:** 443, 80
23 | Default
Required | No | `*.microsoftonline.cn` | **TCP:** 443, 80
-25 | Default
Required | No | `purview.microsoftonline.cn` | **TCP:** 443
diff --git a/microsoft-365/includes/office-365-worldwide-endpoints.md b/microsoft-365/includes/office-365-worldwide-endpoints.md
index d8fa60e0f9f..7e9fae0551e 100644
--- a/microsoft-365/includes/office-365-worldwide-endpoints.md
+++ b/microsoft-365/includes/office-365-worldwide-endpoints.md
@@ -1,7 +1,7 @@
-
-
+
+
## Exchange Online
@@ -13,11 +13,11 @@ ID | Category | ER | Addresses | Ports
9 | Allow
Required | Yes | `*.protection.outlook.com`
`40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48` | **TCP:** 443
10 | Allow
Required | Yes | `*.mail.protection.outlook.com, *.mx.microsoft`
`40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48` | **TCP:** 25
-## SharePoint Online and OneDrive for Business
+## SharePoint and OneDrive
ID | Category | ER | Addresses | Ports
--- | -------------------------------------------------------------------------------------------------------------------------------------- | --- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------
-31 | Optimize
Required | Yes | `*.sharepoint.com`
`13.107.136.0/22, 40.108.128.0/17, 52.104.0.0/14, 104.146.128.0/17, 150.171.40.0/22, 2603:1061:1300::/40, 2620:1ec:8f8::/46, 2620:1ec:908::/46, 2a01:111:f402::/48` | **TCP:** 443, 80
+-- | -------------------------------------------------------------------------------------------------------------------------------------- | --- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------
+31 | Optimize
Required | Yes | `*.sharepoint.com`
`13.107.136.0/22, 40.108.128.0/17, 52.104.0.0/14, 104.146.128.0/17, 150.171.40.0/22, 2603:1061:1300::/40, 2603:1063:6000::/35, 2620:1ec:8f8::/46, 2620:1ec:908::/46, 2a01:111:f402::/48` | **TCP:** 443, 80
32 | Default
Optional
**Notes:** OneDrive for Business: supportability, telemetry, APIs, and embedded email links | No | `ssw.live.com, storage.live.com` | **TCP:** 443
33 | Default
Optional
**Notes:** SharePoint Hybrid Search - Endpoint to SearchContentService where the hybrid crawler feeds documents | No | `*.search.production.apac.trafficmanager.net, *.search.production.emea.trafficmanager.net, *.search.production.us.trafficmanager.net` | **TCP:** 443
35 | Default
Required | No | `*.wns.windows.com, admin.onedrive.com, officeclient.microsoft.com` | **TCP:** 443, 80
@@ -42,9 +42,9 @@ ID | Category | ER | Addresses | Ports
## Microsoft 365 Common and Office Online
ID | Category | ER | Addresses | Ports
---- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------
+--- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------
46 | Allow
Required | Yes | `*.officeapps.live.com, *.online.office.com, office.live.com`
`13.107.6.171/32, 13.107.18.15/32, 13.107.140.6/32, 52.108.0.0/14, 52.244.37.168/32, 2603:1006:1400::/40, 2603:1016:2400::/40, 2603:1026:2400::/40, 2603:1036:2400::/40, 2603:1046:1400::/40, 2603:1056:1400::/40, 2603:1063:2000::/38, 2620:1ec:c::15/128, 2620:1ec:8fc::6/128, 2620:1ec:a92::171/128, 2a01:111:f100:2000::a83e:3019/128, 2a01:111:f100:2002::8975:2d79/128, 2a01:111:f100:2002::8975:2da8/128, 2a01:111:f100:7000::6fdd:6cd5/128, 2a01:111:f100:a004::bfeb:88cf/128` | **TCP:** 443, 80
-47 | Default
Required | No | `*.office.net` | **TCP:** 443, 80
+47 | Default
Required | No | `*.office.net` | **TCP:** 443, 80
**UDP:** 443
49 | Default
Required | No | `*.onenote.com` | **TCP:** 443
50 | Default
Optional
**Notes:** OneNote notebooks (wildcards) | No | `*.microsoft.com` | **TCP:** 443
51 | Default
Required | No | `*cdn.onenote.net` | **TCP:** 443
@@ -88,4 +88,4 @@ ID | Category | ER | Addresses | Ports
158 | Default
Required | No | `*.cortana.ai` | **TCP:** 443
159 | Default
Required | No | `admin.microsoft.com` | **TCP:** 443, 80
160 | Default
Required | No | `cdn.odc.officeapps.live.com, cdn.uci.officeapps.live.com` | **TCP:** 443, 80
-184 | Default
Required | No | `*.cloud.microsoft, *.static.microsoft, *.usercontent.microsoft` | **TCP:** 443, 80
+184 | Default
Required | No | `*.cloud.microsoft, *.static.microsoft, *.usercontent.microsoft` | **TCP:** 443, 80
**UDP:** 443
diff --git a/microsoft-365/lighthouse/TOC.yml b/microsoft-365/lighthouse/TOC.yml
index 5d1ddcfd831..0de265347e6 100644
--- a/microsoft-365/lighthouse/TOC.yml
+++ b/microsoft-365/lighthouse/TOC.yml
@@ -60,6 +60,10 @@
href: m365-lighthouse-alerts-overview.md
- name: Create and manage alert rules
href: m365-lighthouse-create-manage-alert-rules.md
+- name: Get Copilot insights
+ items:
+ - name: Overview of Copilot insights
+ href: m365-lighthouse-copilot-insights-overview.md
- name: Manage tenants
items:
- name: Overview of the Tenants page
diff --git a/microsoft-365/lighthouse/m365-lighthouse-copilot-insights-overview.md b/microsoft-365/lighthouse/m365-lighthouse-copilot-insights-overview.md
new file mode 100644
index 00000000000..63cbced92e5
--- /dev/null
+++ b/microsoft-365/lighthouse/m365-lighthouse-copilot-insights-overview.md
@@ -0,0 +1,87 @@
+---
+title: "Overview of Copilot insights in Microsoft 365 Lighthouse"
+f1.keywords: NOCSH
+ms.author: sharik
+author: SKjerland
+manager: scotv
+ms.reviewer: shcallaw
+ms.date: 11/08/2024
+audience: Admin
+ms.topic: conceptual
+ms.service: microsoft-365-lighthouse
+ms.localizationpriority: medium
+ms.collection:
+- Tier1
+- scotvorg
+- M365-subscription-management
+- Adm_O365
+ms.custom:
+- AdminSurgePortfolib
+- M365-Lighthouse
+search.appverid: MET150
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to use Copilot insights in Lighthouse to help you manage and monitor Microsoft 365 Copilot success across your customer tenants."
+---
+
+# Overview of Copilot insights in Microsoft 365 Lighthouse
+
+> [!NOTE]
+> We're continuously enhancing Copilot insights. Let us know what improvements you'd like us to make to this feature to help you drive and manage Microsoft 365 Copilot usage by providing feedback. In Lighthouse, select the **Give feedback** widget in the lower-right corner of any page, or go to the [Microsoft 365 Lighthouse feedback page](https://aka.ms/m365lighthouseuservoice).
+
+Copilot insights help you easily manage and monitor Microsoft 365 Copilot success across your customer tenants—from a single **Copilot insights** page in Lighthouse. In addition to recommending customers who are likely to benefit from Copilot, the page shows Copilot usage and license assignments, Copilot adoption insights, and links to key resources to help you become a Copilot expert, including Copilot Lab, learning paths, training videos, the latest Copilot product updates, and more. The page also provides links to resources that you can share with your customers to help them succeed with Copilot.
+
+## Access Copilot insights
+
+To access the customer data on the **Copilot insights** page, you must set up granular delegated administrative privileges (GDAP) for each customer whose data you want to view. To learn more, see [Set up GDAP in Microsoft 365 Lighthouse](m365-lighthouse-setup-gdap.md).
+
+To see customer insights on the **Opportunities** tab, you must hold one of the following Microsoft Entra roles in the customer tenant:
+
+- License Administrator
+- Global Reader
+- Global Administrator
+
+To see customer insights on the **Adoption** tab, you must hold one of the following Microsoft Entra roles in the customer tenant:
+
+- User Experience Success Manger
+- Usage Summary Reports Reader
+- Reports Reader
+- Teams Administrator
+- Teams Communications Administrator
+- Skype for Business Administrator
+- SharePoint Administrator
+- Exchange Administrator
+- Global Reader
+- Global Administrator
+
+> [!CAUTION]
+> To help keep your organization secure, Microsoft recommends that you use roles with the minimum level of permissions needed to perform a job. Global Administrator is a highly privileged role that should be limited to scenarios where you can't use a less-privileged role.
+
+## Copilot opportunities
+
+In the left navigation pane in Lighthouse, select **Copilot insights**, and then select the **Opportunities** tab. At the top of this tab is an overview of how many of your customers are likely to find value in Copilot. The tab also includes a list of customer tenants identified as likely to find value in Copilot, along with additional Copilot insights related to those tenants. These insights are based on Microsoft 365 usage and licensing signals.
+
+The list of tenants includes the following information about each tenant:
+
+- **Probability**: Likelihood that the customer will find value in Microsoft 365 Copilot.
+- **Copilot prerequisite licenses:** Number of Copilot-eligible licenses available in the customer tenant.
+- **Identified on:** Date the customer opportunity was first identified. Recommendations are refreshed regularly to capture the latest customer signals.
+
+## Copilot adoption
+
+In the left navigation pane in Lighthouse, select **Copilot insights**, and then select the **Adoption** tab. This tab provides the following information:
+
+- **Adoption trends:** Information on how Copilot license enablement and active usage changed across all of your customer tenants over the past six months.
+- **Resources for you:** List of resources—including learning paths, adoption guides, video tutorials, and more—that you can share with your customers to help drive engagement and boost their productivity using Copilot.
+
+At the bottom of the **Adoption** tab is a list of customer tenants that have at least one Microsoft 365 Copilot license. The list of tenants includes the following information about each tenant:
+
+- **Active user rate:** Percentage of enabled users in the customer tenant who were active users within the last month. For more information on how Copilot usage is determined and reported, see [Interpret the Microsoft 365 Copilot usage report](../admin/activity-reports/microsoft-365-copilot-usage.md#interpret-the-microsoft-365-copilot-usage-report).
+- **Copilot licenses:** Total number of Microsoft 365 Copilot licenses in the customer tenant.
+- **Unassigned licenses:** Total number of unassigned Microsoft 365 Copilot licenses in the customer tenant.
+
+## Related content
+
+[Get started with Microsoft 365 Copilot](/copilot/microsoft-365/microsoft-365-copilot-setup) (article)\
+[Microsoft 365 Copilot requirements](/copilot/microsoft-365/microsoft-365-copilot-requirements) (article)\
+[Enable users for Microsoft 365 Copilot](/copilot/microsoft-365/microsoft-365-copilot-enable-users) (article)\
+[Overview of the Delegated access page in Microsoft 365 Lighthouse](m365-lighthouse-delegated-access-overview.md) (article)\
+[Set up GDAP in Microsoft 365 Lighthouse](m365-lighthouse-setup-gdap.md) (article)
\ No newline at end of file
diff --git a/microsoft-365/lighthouse/m365-lighthouse-manage-lighthouse-rbac-permissions.md b/microsoft-365/lighthouse/m365-lighthouse-manage-lighthouse-rbac-permissions.md
index 7410cad41bb..712aa164d3a 100644
--- a/microsoft-365/lighthouse/m365-lighthouse-manage-lighthouse-rbac-permissions.md
+++ b/microsoft-365/lighthouse/m365-lighthouse-manage-lighthouse-rbac-permissions.md
@@ -1,11 +1,11 @@
---
-title: "Manage Lighthouse RBAC permissions in Microsoft 365 Lighthouse"
+title: "Manage Lighthouse role-based access control (RBAC) permissions in Microsoft 365 Lighthouse"
f1.keywords: NOCSH
ms.author: sharik
author: SKjerland
manager: scotv
ms.reviewer: taylorau
-ms.date: 04/24/2024
+ms.date: 10/31/2024
audience: Admin
ms.topic: how-to
ms.service: microsoft-365-lighthouse
@@ -22,15 +22,18 @@ search.appverid: MET150
description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn how to manage Lighthouse role-based access control (RBAC) permissions in Microsoft 365 Lighthouse."
---
-# Manage Lighthouse RBAC permissions in Microsoft 365 Lighthouse
+# Manage Lighthouse role-based access control (RBAC) permissions in Microsoft 365 Lighthouse
-The Lighthouse permissions page allows administrators in Microsoft 365 Lighthouse to manage user role-based access control (RBAC) permissions in the partner tenant. Administrators can view and manage membership for each Lighthouse RBAC role to ensure that users in the partner tenant have right-sized permissions. Each Lighthouse RBAC role is associated with a security group instead of an Entra ID role, so when users are assigned a Lighthouse RBAC role, they're automatically associated with a specific Lighthouse RBAC security group.
+The **Lighthouse permissions** page allows Administrators in Microsoft 365 Lighthouse to manage user role-based access control (RBAC) permissions in the partner tenant. Lighthouse Administrators can view and manage membership for each Lighthouse RBAC role to ensure that users in the partner tenant have right-sized permissions. Each Lighthouse RBAC role is associated with a security group instead of a Microsoft Entra role, so when users are assigned a Lighthouse RBAC role, they're automatically associated with a specific Lighthouse RBAC security group.
-When administrators assign a Lighthouse RBAC role to a user in the partner tenant for the first time, a security group is automatically created. Administrators can view the associated security group for each Lighthouse RBAC role on the Lighthouse permissions page and in the Microsoft Entra admin center. All security group membership changes are reflected in both Lighthouse and the Microsoft Entra admin center.
+> [!NOTE]
+> Lighthouse RBAC roles don't provide access to customer data. Access to customer data is governed by a Lighthouse user's GDAP permissions. To learn more, see [Manage GDAP in the customer tenant](m365-lighthouse-overview-of-permissions.md#manage-gdap-in-the-customer-tenant).
+
+When administrators assign a Lighthouse RBAC role to a user in the partner tenant for the first time, a security group is automatically created. Lighthouse Administrators can view the associated security group for each Lighthouse RBAC role on the **Lighthouse permissions** page and in the Microsoft Entra admin center. All security group membership changes are reflected in both Lighthouse and the Microsoft Entra admin center.
## Before you begin
-To access the Lighthouse permissions page and manage permissions, you must be a Global Administrator in Microsoft Entra ID.
+To access the **Lighthouse permissions** page and manage permissions, you must be an Administrator in Lighthouse or a Privileged Role Administrator in Microsoft Entra ID.
## View Lighthouse RBAC role membership and associated security group
@@ -40,6 +43,9 @@ To access the Lighthouse permissions page and manage permissions, you must be a
3. View users in the partner tenant who are assigned the Lighthouse RBAC role and the associated security group.
+> [!NOTE]
+> To view security group membership for Lighthouse users with the Lighthouse Operator role, go to the **Delegated access** page in Lighthouse. The **Delegated access** page provides security group membership details for all delegated access relationships.
+
## Assign Lighthouse RBAC roles to users in the partner tenant
1. In the left navigation pane in Lighthouse, select **Permissions** > **Lighthouse permissions**.
@@ -53,7 +59,7 @@ To access the Lighthouse permissions page and manage permissions, you must be a
5. Select **Assign users**.
> [!NOTE]
-> The Lighthouse Operator role is viewable but not assignable from the Lighthouse permissions page. The Lighthouse Operator role is automatically assigned to users with GDAP permissions.
+> The Lighthouse Operator role is viewable but not assignable from the **Lighthouse permissions** page. The Lighthouse Operator role is automatically assigned to Lighthouse users who hold at least one Microsoft Entra role.
## Remove users in the partner tenant from a Lighthouse RBAC role
@@ -80,7 +86,7 @@ To access the Lighthouse permissions page and manage permissions, you must be a
- Select **Create a new security group**, enter a name for the new group, optionally enter a description and add users, and then select **Save**.
> [!NOTE]
-> You must assign the Lighthouse RBAC Administrator role to a role-assignable security group. In addition, to be able to assign roles to a role-assignable security group and/or create role-assignable security groups, you must have a Microsoft Entra ID P1 license. To enable Just-in-Time (JIT) roles, Microsoft Entra IDE Governance or a Microsoft Entra ID P2 license is required.
+> You must assign the Lighthouse Administrator role to a role-assignable security group. In addition, to be able to assign roles to a role-assignable security group and/or create role-assignable security groups, you must have a Microsoft Entra ID P1 license. To enable Just-in-Time (JIT) roles, Microsoft Entra IDE Governance or a Microsoft Entra ID P2 license is required.
>
> You can assign all other Lighthouse RBAC roles to any security group, whether it's role-assignable or not, but keep the P1 license requirement in mind for role-assignable security groups.
>
@@ -88,16 +94,17 @@ To access the Lighthouse permissions page and manage permissions, you must be a
## Next steps
-After you've added users to, or removed users from, the available Lighthouse RBAC roles, go to the Lighthouse permissions page to view the latest group membership for each role.
+After you add users to, or remove users from, the available Lighthouse RBAC roles, go to the **Lighthouse permissions** page to view the latest group membership for each role.
> [!NOTE]
-> Once you've added a user to, or removed a user from, a Lighthouse RBAC role, it may take up to an hour for group membership changes to appear in Lighthouse.
+> Once you add a user to, or remove a user from, a Lighthouse RBAC role, it could take up to an hour for group membership changes to appear in Lighthouse.
To learn more about each Lighthouse RBAC role to determine which roles users in your partner tenant should have, see [Overview of permissions in Microsoft 365 Lighthouse](m365-lighthouse-overview-of-permissions.md).
## Related content
[Overview of permissions in Microsoft 365 Lighthouse](m365-lighthouse-overview-of-permissions.md) (article)\
-[Set up GDAP for your customers](m365-lighthouse-setup-gdap.md) (article)\
-[Overview of Delegated Access in Microsoft 365 Lighthouse](m365-lighthouse-delegated-access-overview.md) (article)\
-[Use Microsoft Entra groups to manage role assignments](/entra/identity/role-based-access-control/groups-concept)
+[Manage Lighthouse RBAC permissions in Microsoft 365 Lighthouse](m365-lighthouse-manage-lighthouse-rbac-permissions.md) (article)\
+[View your Microsoft Entra roles in Microsoft 365 Lighthouse](m365-lighthouse-view-your-roles.md) (article)\
+[Use Microsoft Entra groups to manage role assignments](/entra/identity/role-based-access-control/groups-concept) (article)\
+[Microsoft 365 Lighthouse frequently asked questions (FAQs)](m365-lighthouse-faq.yml) (article)
diff --git a/microsoft-365/lighthouse/m365-lighthouse-overview-of-permissions.md b/microsoft-365/lighthouse/m365-lighthouse-overview-of-permissions.md
index 85ed97c843b..2e484443398 100644
--- a/microsoft-365/lighthouse/m365-lighthouse-overview-of-permissions.md
+++ b/microsoft-365/lighthouse/m365-lighthouse-overview-of-permissions.md
@@ -5,7 +5,7 @@ ms.author: sharik
author: SKjerland
manager: scotv
ms.reviewer: taylorau
-ms.date: 06/10/2024
+ms.date: 10/31/2024
audience: Admin
ms.topic: concept-article
ms.service: microsoft-365-lighthouse
@@ -20,7 +20,7 @@ ms.custom:
- AdminSurgePortfolib
- M365-Lighthouse
search.appverid: MET150
-description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn more about Lighthouse permission requirements."
+description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthouse, learn more about how permissions work in Lighthouse."
---
# Overview of permissions in Microsoft 365 Lighthouse
@@ -32,78 +32,106 @@ Microsoft 365 Lighthouse permissions are primarily managed by the following:
To use Lighthouse, you need a combination of roles assigned via RBAC and GDAP.
-## Global Administrator permissions in the partner tenant
+## Manage Lighthouse RBAC permissions in the partner tenant
-Partner tenant users assigned the Global Administrator role in Microsoft Entra ID can do the following:
+Lighthouse permissions in the partner tenant are managed by assigning RBAC roles in Lighthouse. Each role has a set of permissions that determines which data users can access and change within the partner tenant. Lighthouse RBAC roles don't provide access to customer data. Access to customer data is governed by a Lighthouse user's GDAP permissions (see [Manage GDAP in the customer tenant](#manage-gdap-in-the-customer-tenant)).
-- Sign up for Lighthouse in the Microsoft 365 admin center.
-- Activate and inactive a tenant.
-- Create, update, and delete tags.
-- Assign tags to and remove tags from a customer tenant.
-- Review audit logs.
-- Create, edit, and view alert rules.
+RBAC roles are managed from the **Lighthouse permissions** page in Lighthouse. To access the **Lighthouse permissions** page and manage permissions, you must hold one of the following roles:
-## Managing Lighthouse RBAC permissions in the partner tenant
+- Privileged Role Administrator in Microsoft Entra ID
+- Administrator in Lighthouse
-Lighthouse permissions in the partner tenant are managed by assigning RBAC roles. Each role has a set of permissions that determines which data users can access and change within the partner tenant.
+To learn more, see [Manage Lighthouse RBAC permissions in Microsoft 365 Lighthouse](m365-lighthouse-manage-lighthouse-rbac-permissions.md).
-RBAC roles are managed from the Lighthouse permissions page in Lighthouse. To access the Lighthouse permissions page and manage permissions, you must be a Global Administrator in Microsoft Entra ID. To learn more, see [Manage Lighthouse RBAC permissions in Microsoft 365 Lighthouse](m365-lighthouse-manage-lighthouse-rbac-permissions.md).
+The following table provides an overview of each Lighthouse RBAC role. For a list of actions each role can perform in the partner tenant, see [Lighthouse RBAC roles and capabilities](#lighthouse-rbac-roles-and-capabilities).
-There's currently only one Lighthouse RBAC role: Lighthouse Account Manager. The following table describes the Lighthouse Account Manager role.
-
-| Lighthouse RBAC role | Description |
+| Lighthouse RBAC role | Overview |
|---|---|
-| Lighthouse Account Manager | Provides full access to Sales Advisor pages and data across the entire partner tenant. Lighthouse Account Managers can export Sales Advisor data. |
+| Account Manager | Account Managers have full access to Sales Advisor pages and data across the entire partner tenant.
Account Managers can export Sales Advisor data. |
+| Administrator | Administrators have full administrative permissions in Lighthouse.
Administrators can manage RBAC and GDAP permissions and can create baselines, tags, and alerts.
Administrators are automatically assigned the Privileged Role Administrator, User Administrator, and Group Administrator roles in Microsoft Entra ID and the Admin Agent role in Partner Center. |
+| Operator | Operators manage customer tenants in Lighthouse based on the GDAP permissions assigned to them for each customer tenant that they manage.
Operators can view high-level customer tenant status and manage alerts.
Lighthouse users who hold at least one Microsoft Entra role are automatically assigned the Operator role.
**Note:** Lighthouse Administrators can use templates on the **Delegated access** page to assign GDAP permissions to Lighthouse users. |
+| Reader | Readers have read-only access to data in Lighthouse.
Lighthouse Readers can view high-level customer tenant status and alerts. |
## Lighthouse RBAC roles and capabilities
-The following table describes the actions that Lighthouse Account Managers can perform in Lighthouse.
-
-| Area | Actions | Lighthouse Account Manager |
-|---|---|:---:|
-| **Tenants** | View the Tenants page | ✓ |
-| | Manage tags | |
-| | Activate and inactivate a tenant | |
-| | View delegated status | ✓ |
-| | View baseline assignment | |
-| | View deployment status | ✓ |
-| | View and edit customer contact information and website | ✓ |
-| **Baselines** | View baselines (default, custom) | |
-| | Create, edit, and assign baselines | |
-| **Alerts** | View alerts | ✓ |
-| | Manage alerts (change severity, status, or assignment) | |
-| | Create, edit, and delete alert rules | |
-| **Permissions** | Set up and manage Lighthouse permissions | |
-| | Set up and manage GDAP | |
-| | View GDAP status detail | |
-| **Audit logs** | View audit logs | |
-| **Sales Advisor** | View Sales Advisor reports and manage data | ✓ |
-| **Support** | Open and manage service requests | |
-| **Service health** | Monitor service health | |
-
-## Managing GDAP in the customer tenant
-
-GDAP gives you a high level of control and flexibility by providing access to customer tenants through [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference). Assigning the least-privileged roles by task through GDAP to MSP technicians reduces security risk for both MSPs and customers.
-
-For more information about setting up a GDAP relationship with a customer tenant in Lighthouse, see [Obtain granular admin permissions to manage a customer's service - Partner Center](/partner-center/gdap-obtain-admin-permissions-to-manage-customer).
-
-For more information about least-privileged roles by task, see [Least-privileged roles - Partner Center](/partner-center/gdap-least-privileged-roles-by-task) and [Least privileged roles by task in Microsoft Entra ID](/azure/active-directory/roles/delegate-by-task).
-
-For more information about GDAP or delegated administrative privileges (DAP) deprecation, see [GDAP frequently asked questions - Partner Center](/partner-center/gdap-faq), or search the [Partner Center announcements](/partner-center/announcements/) for dates and timelines.
-
-The following tasks in Lighthouse have specific Microsoft Entra role requirements:
-
-- To create and manage service requests, Lighthouse users must have at least one Microsoft Entra role assigned to them with the following property set: **microsoft.office365.supportTickets/allEntities/allTasks**.
-
-- To monitor service health, Lighthouse users must have at least one Microsoft Entra role assigned to them with the following property set: **microsoft.office365.serviceHealth/allEntities/allTasks**.
-
-For a complete list of Microsoft Entra roles, see [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference). For information on how to assign roles, see [Assign Microsoft Entra roles to users](/azure/active-directory/roles/manage-roles-portal).
+The following table describes the actions that each Lighthouse RBAC role can perform in Lighthouse. For some actions, you need to hold a Microsoft Entra role in addition to a Lighthouse RBAC role. For other actions, only a Microsoft Entra role is required. Microsoft Entra role requirements are indicated in the last column of the table. For a complete list of Microsoft Entra roles and the actions they can perform, see [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference).
+
+| Area | Actions | Account Manager | Administrator | Operator | Reader | Need Microsoft Entra role? |
+|---|---|:---:|:---:|:---:|:---:|:---:|
+| **Home page** | View data on cards | | | | | Yes |
+| | Add users | | | | | Yes |
+| | Reset password | | | | | Yes |
+| | Offboard users | | | | | Yes |
+| **Alerts** | View alerts and alert rules | ✓ | ✓ | | ✓ | No |
+| | Manage alerts (change severity, status, or assignment) | | ✓ | | | No |
+| | Create, edit, and delete alert rules | | ✓ | | | No |
+| **Copilot insights** | View opportunities and adoption data | | | | | Yes|
+| **Tenants** | View the **Tenants** page | ✓ | ✓ | ✓ | ✓ | No |
+| | View tenant details | | | | | Yes |
+| | Export data | ✓ | ✓ | ✓ | ✓ | No |
+| | View tags | ✓ | ✓ | ✓ | ✓ | No |
+| | Create, update, and delete tags in Lighthouse | | ✓ | | | No |
+| | Assign and remove tags from tenants | | ✓ | | | No |
+| | Activate and inactivate a tenant | | ✓ | | | No |
+| | View delegated access status | ✓ | ✓ | ✓ | ✓ | No |
+| | View Microsoft Secure Score | | | | | Yes |
+| | View baseline assignments | ✓ | ✓ | ✓ | ✓ | No |
+| | View deployment status | | | ✓ | | Yes |
+| | View apps and services usage | | | ✓ | | Yes |
+| | View and edit customer contact and website info | ✓ | ✓ | ✓ | ✓ | No |
+| **Users** | Search for users | | | | | Yes |
+| | View user metrics | | | | | Yes |
+| | Onboard new users | | | | | Yes |
+| | Offboard users | | | | | Yes |
+| | View inactive users | | | | | Yes |
+| | View shared mailboxes | | | | | Yes |
+| | View and manage risky users | | | | | Yes |
+| | View and manage multifactor authentication | | | | | Yes |
+| | View and manage self-service password reset | | | | | Yes |
+| **Devices** | View device security data | | | | | Yes |
+| | View vulnerability management data | | | | | Yes |
+| | View device compliance data | | | | | Yes |
+| | View threat management data | | | | | Yes |
+| | View device health data | | | | | Yes |
+| | View Windows 365 data | | | | | Yes |
+| | View Windows event logs | | | | | Yes |
+| **Apps** | View app performance and app management data | | | | | Yes |
+| **Quarantined messages** | View and manage quarantined messages | | | | | Yes |
+| **Baselines** | View baselines (default, custom) and task details | | ✓ | ✓ | ✓ | No|
+| | Create, clone, edit, and assign baselines | | ✓ | | | No |
+| | View deployment insights | | | | | Yes |
+| **Service health** | Monitor service health1 | | | | | No |
+| **Support** | Create and manage service requests2 | | | | | No |
+| **Audit logs** | View audit logs | | ✓ | | | Yes
+| **Permissions** | View the **Lighthouse Permissions** page | | ✓ | | | No|
+| | Set up and manage Lighthouse permissions | | ✓ | | | No |
+| | View, set up, and manage GDAP on the **Delegated access** page | | ✓ | | | No |
+| **Sales Advisor** | View opportunities | ✓ | ✓ | | | No |
+| | View subscription renewals | ✓ | ✓ | | | No |
+| | View license requests | ✓ | ✓ | | | No |
+
+1 To monitor service health, Lighthouse users must hold at least one Microsoft Entra role in the partner tenant with the following property set: **microsoft.office365.serviceHealth/allEntities/allTasks**. The users must also have at least the Admin Agent role or Helpdesk Agent role assigned to them in Partner Center.
+
+2 To create and manage service requests, Lighthouse users must hold at least one Microsoft Entra role in the partner tenant with the following property set: **microsoft.office365.supportTickets/allEntities/allTasks**.
+
+## Manage GDAP in the customer tenant
+
+Just as Lighthouse RBAC roles manage permissions in the partner tenant, GDAP manages permissions in the customer tenants. GDAP gives you a high level of control and flexibility by providing access to customer tenants through [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference). Assigning the least-privileged roles by task to MSP technicians through GDAP reduces security risk for both MSPs and customers. We recommend that you use GDAP reader roles across customer tenants to give Lighthouse users an aggregate view across all customer tenants.
+
+For more information about setting up a GDAP relationship with a customer tenant in Lighthouse, see [Obtain granular admin permissions to manage a customer's service - Partner Center](/partner-center/gdap-obtain-admin-permissions-to-manage-customer).
+
+For more information about least-privileged roles by task, see [Least-privileged roles - Partner Center](/partner-center/gdap-least-privileged-roles-by-task) and [Least privileged roles by task in Microsoft Entra ID](/azure/active-directory/roles/delegate-by-task).
+
+For more information about GDAP or delegated administrative privileges (DAP) deprecation, see [GDAP frequently asked questions - Partner Center](/partner-center/gdap-faq), or search the [Partner Center announcements](/partner-center/announcements/) for dates and timelines.
+
+For a complete list of Microsoft Entra roles and the actions they can perform, see [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference). For information on how to assign roles, see [Assign Microsoft Entra roles to users](/azure/active-directory/roles/manage-roles-portal).
## Related content
-[Requirements for Microsoft 365 Lighthouse](m365-lighthouse-requirements.md) (article)
[View your Microsoft Entra roles in Microsoft 365 Lighthouse](m365-lighthouse-view-your-roles.md) (article)
+[Manage Lighthouse RBAC permissions in Microsoft 365 Lighthouse](m365-lighthouse-manage-lighthouse-rbac-permissions.md) (article)
+[Set up GDAP in Microsoft 365 Lighthouse](m365-lighthouse-setup-gdap.md) (article)
+[Overview of the Delegated access page in Microsoft 365 Lighthouse](m365-lighthouse-delegated-access-overview.md) (article)
[Assign roles and permissions to users - Partner Center](/partner-center/permissions-overview) (article)
-[Overview of Microsoft 365 Lighthouse](m365-lighthouse-overview.md) (article)
-[Sign up for Microsoft 365 Lighthouse](m365-lighthouse-sign-up.md) (article)
-[Microsoft 365 Lighthouse FAQ](m365-lighthouse-faq.yml) (article)
+[GDAP frequently asked questions - Partner Center](/partner-center/gdap-faq) (article)
+[Microsoft 365 Lighthouse frequently asked questions (FAQs)](m365-lighthouse-faq.yml) (article)
diff --git a/microsoft-365/lighthouse/m365-lighthouse-quarantine-messages-overview.md b/microsoft-365/lighthouse/m365-lighthouse-quarantine-messages-overview.md
index a5213ad672f..0055b19e9ba 100644
--- a/microsoft-365/lighthouse/m365-lighthouse-quarantine-messages-overview.md
+++ b/microsoft-365/lighthouse/m365-lighthouse-quarantine-messages-overview.md
@@ -25,7 +25,7 @@ description: "For Managed Service Providers (MSPs) using Microsoft 365 Lighthous
Microsoft 365 Lighthouse lets you see insights and information about quarantined email messages across all your customer tenants. From a single view, you can triage quarantined email messages and take the appropriate actions. The data is available if the tenant has implemented Exchange Online Protection (EOP) and Microsoft Defender for Office365 Plan 1 (MDO).
-You can access the information in Lighthouse by selecting **Home** in the left navigation pane, or by selecting **Data protection** in the left navigation pane to open the Quarantined messages page.
+You can access the information in Lighthouse by selecting **Home** in the left navigation pane, or by selecting **Quarantined messages** in the left navigation pane to open the **Quarantined messages** page.
> [!NOTE]
> This page provides the number of tenants for which data is unavailable because they do not have the required licenses.
diff --git a/microsoft-365/lighthouse/m365-lighthouse-view-service-health.md b/microsoft-365/lighthouse/m365-lighthouse-view-service-health.md
index 113044521af..0a3f691eab8 100644
--- a/microsoft-365/lighthouse/m365-lighthouse-view-service-health.md
+++ b/microsoft-365/lighthouse/m365-lighthouse-view-service-health.md
@@ -30,7 +30,7 @@ If you can't sign in to Lighthouse, you can use the [Microsoft Service Health St
## Before you begin
-To view service health, you need a Microsoft Entra role in the partner tenant with the following property set: **microsoft.office365.serviceHealth/allEntities/allTasks**. For a list of Microsoft Entra roles, see [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference).
+To view service health, you must have at least one Microsoft Entra role in the partner tenant with the following property set: **microsoft.office365.serviceHealth/allEntities/allTasks**. For a list of Microsoft Entra roles, see [Microsoft Entra built-in roles](/azure/active-directory/roles/permissions-reference).
## View service health status and issue details
diff --git a/microsoft-365/loop/loop-compliance-summary.md b/microsoft-365/loop/loop-compliance-summary.md
index b02e5b1d6ac..4eb82c6d460 100644
--- a/microsoft-365/loop/loop-compliance-summary.md
+++ b/microsoft-365/loop/loop-compliance-summary.md
@@ -60,7 +60,7 @@ Where the Loop content was originally created determines its storage location:
|Customer Key |**[Customer Lockbox](/purview/customer-lockbox-requests)** is supported.|**[Customer Lockbox](/purview/customer-lockbox-requests)** is supported.|
|Programmatic APIs for Loop content |Yes, they're files in OneDrive or SharePoint and all current functionality applies.| **Not Yet Available**:
API access to Loop workspace containers isn't yet available. This impacts third party export and eDiscovery tools, migration tools, tools used to communicate in bulk to end-users about their content such as compliance requirements, and developer APIs.|
|***Data Lifecycle***|---|---|
-|Multi-Geo |**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities are supported, including creation of .loop files in a user's OneDrive in the geo that matches the user's [preferred data location](/microsoft-365/enterprise/plan-for-multi-geo#best-practices) and ability to move the user's OneDrive when their preferred data location changes.|**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities for Loop workspaces are supported using the [same mechanism as SharePoint sites](/microsoft-365/enterprise/m365-dr-workload-spo#move-a-sharepoint-site-or-sharepoint-embedded-container-site), including rehome and creation in the tenant's default geo. Manage the location of shared Loop workspaces like you would other collaboration artifacts, like SharePoint sites.
**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities for Copilot Pages are supported. Copilot Pages is a user-owned workspace, and is created in the geo that matches the user's preferred data location.
**Not Yet Available**:
Shared workspaces are not yet created in the user's preferred data location, they are instead created in the tenant's default geo, like SharePoint sites are.|
+|Multi-Geo |**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities are supported, including creation of .loop files in a user's OneDrive in the geo that matches the user's [preferred data location](/microsoft-365/enterprise/plan-for-multi-geo#best-practices) and ability to move the user's OneDrive when their preferred data location changes.|**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities for Loop workspaces are supported using the [same mechanism as SharePoint sites](/microsoft-365/enterprise/m365-dr-workload-spo#move-a-sharepoint-site-or-sharepoint-embedded-container-site), including rehome and creation in the tenant's default geo. Manage the location of shared Loop workspaces like you would other collaboration artifacts, like SharePoint Communication sites.
**[Multi-Geo](/microsoft-365/enterprise/microsoft-365-multi-geo)** capabilities for Copilot Pages are supported. Copilot Pages is a user-owned workspace, and is created in the geo that matches the user's preferred data location.
**Not Yet Available**:
Shared workspaces are not yet created in the user's preferred data location, they are instead created in the tenant's default geo, like SharePoint Communication sites are.|
|User leaves organization |When a user leaves an organization, [OneDrive retention policies](/sharepoint/retention-and-deletion) apply to the .loop files in their OneDrive just as they do to other content created by the user. See [Loop storage](#loop-storage) for more information.|Manage the lifetime of shared Loop workspaces like you would other collaboration artifacts, like SharePoint sites.
**Not Yet Available**:
Loop doesn't create user-owned workspaces. All workspaces are created as tenant-owned.|
|Loop workspaces |n/a|See [Available](#available-admin-capabilities) and [Admin Management not yet available](#admin-management-not-yet-available).|
|Recycle bin |End user Recycle bin for deleted content is available.|End user Recycle bin for deleted content is available in each Loop workspace.
**Not Yet Available**:
End user Recycle bin for deleted Loop workspaces.|
@@ -99,7 +99,7 @@ The following sections detail capabilities that are **not yet available** for Mi
- When users delete an entire Loop workspace, that Loop workspace isn't available in an **end-user visible Recycle bin**. Furthermore, restoring the Loop workspace using admin tooling doesn't update in the Loop app user experience. The user would need to visit a saved page link for a restored workspace in order to see it again.
- When an **admin deletes** a Loop workspace, it **will not be removed from the user's view** of Loop workspaces. When users click on the deleted Loop workspace, it displays an error.
- When an **admin modifies the list of owners or members** of a Loop workspace through the SharePoint Admin Center or via PowerShell, the **changes won't be visible to the users within that Loop workspace**. Changes to the workspace membership are only updated in the user's view of the Loop app if they're made directly within the Loop app itself.
-- All Loop workspaces are created as tenant-owned, in the tenant default geo. Loop doesn't create **user-owned workspace types**, so when an employee leaves the organization, their non-shared Loop workspaces such as Ideas become ownerless, remain in the tenant, and aren't automatically deleted.
+- All shared Loop workspaces, including Ideas, are created as tenant-owned, in the tenant default geo like SharePoint Communication sites, not in the creator's preferred data location. Copilot Pages is created as user-owned, in the geo that matches the user's preferred data location. See [storage management after user departure](/microsoft-365/loop/loop-workspaces-storage-permission#storage-management-after-user-departure) for more information on managing workspaces.
- **Individual controls for guest or external sharing** of a specific Loop workspace isn't available.
### eDiscovery capabilities not yet available
diff --git a/microsoft-365/loop/loop-workspaces-storage-permission.md b/microsoft-365/loop/loop-workspaces-storage-permission.md
index 89a52b0972f..a228bef0e2b 100644
--- a/microsoft-365/loop/loop-workspaces-storage-permission.md
+++ b/microsoft-365/loop/loop-workspaces-storage-permission.md
@@ -29,7 +29,7 @@ Where the loop content was originally created determines its storage location. S
## Loop app's usage of organization's storage quota
-Loop app workspaces are stored inside your tenant. Loop workspaces and pages count against your tenant's storage quota, starting November 2023.
+Loop app workspaces are stored inside your tenant, within SharePoint Embedded. All Loop workspaces and pages, including Shared workspaces, Personal workspaces, Ideas, and Copilot Pages, count against your tenant's storage quota, starting November 2023.
## Content permissions mechanism
diff --git a/microsoft-365/media/content-understanding/prebuilt-add-file-to-analyze-simple.png b/microsoft-365/media/content-understanding/prebuilt-add-file-to-analyze-simple.png
new file mode 100644
index 00000000000..b4b2263c7b8
Binary files /dev/null and b/microsoft-365/media/content-understanding/prebuilt-add-file-to-analyze-simple.png differ
diff --git a/microsoft-365/media/content-understanding/prebuilt-extractor-details-page-simple.png b/microsoft-365/media/content-understanding/prebuilt-extractor-details-page-simple.png
new file mode 100644
index 00000000000..f9d2c8bbaa3
Binary files /dev/null and b/microsoft-365/media/content-understanding/prebuilt-extractor-details-page-simple.png differ
diff --git a/microsoft-365/media/content-understanding/prebuilt-select-distractor-box-simple.png b/microsoft-365/media/content-understanding/prebuilt-select-distractor-box-simple.png
new file mode 100644
index 00000000000..6c1b576e89a
Binary files /dev/null and b/microsoft-365/media/content-understanding/prebuilt-select-distractor-box-simple.png differ
diff --git a/microsoft-365/media/content-understanding/prebuilt-simple-language-detection.png b/microsoft-365/media/content-understanding/prebuilt-simple-language-detection.png
new file mode 100644
index 00000000000..ebf192f0d10
Binary files /dev/null and b/microsoft-365/media/content-understanding/prebuilt-simple-language-detection.png differ
diff --git a/microsoft-365/media/eng-direct-portal/eng-direct-portal-additional-settings-1.png b/microsoft-365/media/eng-direct-portal/eng-direct-portal-additional-settings-1.png
new file mode 100644
index 00000000000..1ff58123426
Binary files /dev/null and b/microsoft-365/media/eng-direct-portal/eng-direct-portal-additional-settings-1.png differ
diff --git a/microsoft-365/media/eng-direct-portal/eng-direct-portal-additional-settings-2.png b/microsoft-365/media/eng-direct-portal/eng-direct-portal-additional-settings-2.png
new file mode 100644
index 00000000000..f5804ec95a5
Binary files /dev/null and b/microsoft-365/media/eng-direct-portal/eng-direct-portal-additional-settings-2.png differ
diff --git a/microsoft-365/media/eng-direct-portal/eng-direct-portal-additional-settings-3.png b/microsoft-365/media/eng-direct-portal/eng-direct-portal-additional-settings-3.png
new file mode 100644
index 00000000000..36f392824c3
Binary files /dev/null and b/microsoft-365/media/eng-direct-portal/eng-direct-portal-additional-settings-3.png differ
diff --git a/microsoft-365/ms-feed/m365-feed.md b/microsoft-365/ms-feed/m365-feed.md
index 1d5ea63ab7a..006275635a2 100644
--- a/microsoft-365/ms-feed/m365-feed.md
+++ b/microsoft-365/ms-feed/m365-feed.md
@@ -22,10 +22,6 @@ Read more about how the feed works here: [Discover and learn with Microsoft Fee
## Where can users see Microsoft Feed?
-In **Microsoft 365** (previously Office.com), while signed in with a work or school account select **Feed** from the left navigation bar.
-
-:::image type="content" source="../media/msfeed/MS-select-feed.png" alt-text="Screenshot of Microsoft Feed in Microsoft 365." lightbox="../media/msfeed/MS-select-feed.png":::
-
In **Microsoft Edge**, while signed in with a work or school account, select the **Work Feed** page when opening a new tab.
:::image type="content" source="../media/msfeed/MS-contoso-feed.png" alt-text="Screenshot of Microsoft Feed in Microsoft Edge." lightbox="../media/msfeed/MS-contoso-feed.png":::
@@ -60,20 +56,10 @@ In addition, Microsoft Feed respects the settings in the "Visibility section" in
As a tenant admin, if you want to disable the Feed, you can do so by following the steps in this section that disable the Feed in the respective endpoints.
-- Disabling the Feed in Microsoft 365 (previously Office.com)
- Disabling the Feed in Microsoft Edge
- Disabling the Feed in Outlook Mobile
- Disabling the Feed in Microsoft 365 Mobile
-### Disabling the Feed in Microsoft 365 (previously Office.com)
-
-In Microsoft 365 (previously Office.com), as a tenant admin, if you want to disable the experience there, you can contact Microsoft via a service request to turn off Microsoft Feed. Turning off Microsoft Feed removes the Feed icon from the left navigation of Microsoft 365.
-
-1. [Sign in to Microsoft 365](https://admin.microsoft.com) with your Microsoft 365 admin account.
-2. Select **Support** > **New service request.**
-
-To re-enable the feature, you can create **New service request**.
-
### Disabling the Feed in Microsoft Edge
In Microsoft Edge, while signed in with a work or school account, as a tenant admin, if you want to disable the new experience, you can choose to not show Work feed content on the Microsoft Edge new tab page:
diff --git a/microsoft-365/solutions/allow-members-to-send-as-or-send-on-behalf-of-group.md b/microsoft-365/solutions/allow-members-to-send-as-or-send-on-behalf-of-group.md
index 8a7574d21db..712d087820d 100644
--- a/microsoft-365/solutions/allow-members-to-send-as-or-send-on-behalf-of-group.md
+++ b/microsoft-365/solutions/allow-members-to-send-as-or-send-on-behalf-of-group.md
@@ -1,11 +1,11 @@
---
title: "Allow members to send as or send on behalf of a group"
ms.reviewer: rahulnayak
-ms.date: 07/18/2023
+ms.date: 10/28/2024
f1.keywords: NOCSH
ms.author: jtremper
author: jacktremper
-manager: pamgreen
+manager: jtremper
audience: Admin
ms.topic: article
ms.service: o365-solutions
diff --git a/microsoft-365/solutions/collaborate-with-people-outside-your-organization.md b/microsoft-365/solutions/collaborate-with-people-outside-your-organization.md
index f53ca9aca78..6ef6f6713dc 100644
--- a/microsoft-365/solutions/collaborate-with-people-outside-your-organization.md
+++ b/microsoft-365/solutions/collaborate-with-people-outside-your-organization.md
@@ -2,8 +2,8 @@
title: "Collaborating with people outside your organization"
ms.author: jtremper
author: jacktremper
-manager: pamgreen
-ms.date: 11/06/2023
+manager: jtremper
+ms.date: 10/28/2024
audience: ITPro
ms.topic: article
ms.service: o365-solutions
diff --git a/microsoft-365/syntex/autofill.md b/microsoft-365/syntex/autofill.md
index 670c1d4e470..1d51e4f7d6f 100644
--- a/microsoft-365/syntex/autofill.md
+++ b/microsoft-365/syntex/autofill.md
@@ -4,7 +4,7 @@ ms.author: chucked
author: chuckedmonson
manager: jtremper
ms.reviewer: ssquires
-ms.date: 05/09/2024
+ms.date: 08/09/2024
audience: admin
ms.topic: conceptual
ms.service: microsoft-syntex
@@ -101,7 +101,3 @@ To turn off autofill on a specific column, follow these steps:
> [!NOTE]
> To see the column types that are currently available for autofill, see [Supported column data types](autofill-overview.md#supported-column-data-types).
-
-
\ No newline at end of file
diff --git a/microsoft-365/syntex/esignature-overview.md b/microsoft-365/syntex/esignature-overview.md
index 2853c357b32..e70daf67c8e 100644
--- a/microsoft-365/syntex/esignature-overview.md
+++ b/microsoft-365/syntex/esignature-overview.md
@@ -4,7 +4,7 @@ ms.author: chucked
author: chuckedmonson
manager: jtremper
ms.reviewer: amcdonnell
-ms.date: 09/10/2024
+ms.date: 10/31/2024
audience: enabler
ms.topic: conceptual
ms.service: microsoft-syntex
@@ -30,7 +30,7 @@ With SharePoint eSignature, you can quickly and securely send documents for sign
## Regional availability
-SharePoint eSignature is currently available in the US, UK, and Canada. By November 2024, it will be available to the EU and APAC, and it will be available globally in 2025.
+SharePoint eSignature is currently available in the US, UK, and Canada. By November 2024, it will be available to the EU and Australia Pacific, and it will be available globally in 2025.
+## Step 2: Upload an example file to analyze
+
+1. On the **Models** page, in the **Add a file to analyze** section, select **Add a file**.
+
+ 
+
+2. On the **Files to analyze the model** page, select **Add** to find the file you want to use.
+
+ 
+
+3. On the **Add a file from the training files library** page, select the file, and then select **Add**.
+
+ 
+
+4. On the **Files to analyze the model** page, select **Next**.
+
+## Step 3: Select extractors for your model
+
+On the extractor details page, you see the document area on the right of the page and the **Extractors** panel on the left. The **Extractors** panel shows the list of extractors that have been identified in the document.
+
+ 
+
+The entity fields that are highlighted in green in the document area are the items that were detected by the model when it analyzed the file. When you select an entity to extract, the highlighted field changes to blue. If you later decide not to include the entity, the highlighted field changes to gray. The highlights make it easier to see the current state of the extractors you select.
+
+> [!TIP]
+> To zoom in or out to read the entity fields, use your mouse’s scroll wheel or the zoom controls at the bottom of the document area.
+
+### Select an extractor entity
+
+You can select an extractor either from the document area or from the **Extractors** panel, depending on your preference.
+
+- To select an extractor from the document area, select the entity field.
+
+- To select an extractor from the **Extractors** panel, in the **Extract** column, select the corresponding checkbox to the right of the entity name.
+
+When you select an extractor, the **Select extractor?** box is displayed in the document area. The box shows the key name (the name generated for the extractor), the detected value (the value of that field in the document), the column type, and the option to select the entity as an extractor.
+
+ 
+
+The key name is used as the column name when the model is applied to a SharePoint library. You can change the key name to be more descriptive if you like. The column type shows how the information is displayed in a library. You can change the column type to show how you want the information displayed. When the model is applied to a library, you can use column formatting to specify how you want it to look in the document.
+
+Continue to select other extractors you want to you use. You can also add other files to analyze for this model configuration.
+
+### Rename an extractor
+
+There are three ways you can rename an extractor:
+
+- In the document area of the extractor details page, select the entity field. On the **Select extractor?** box, in the **Key name** field, enter a new name for the extractor.
+
+- On the **Extractors** panel of the extractor details page, select the extractor you want to rename, and then select **Rename**.
+
+- From the model home page, in the **Extractors** section, select the extractor you want to rename, and then select **Rename**.
+
+
+### Set a page range for processing
+
+For this model, you can specify to process a range of pages for a file rather than the entire file. On the **Extractors** panel, in the **Page range** section, select the page you want processed. By default, the **Page range** setting is empty. If no page range is provided, the entire document is processed. For more information, see [Set a page range to extract information from specific pages](page-range.md).
+
+### Detect the language of a document
+
+For this model, you can detect the language of a document and extract it to a column. On the **Extractors** panel, in the **Language detection** section, toggle to turn on language detection. It shows you the ISO code the detected language.
+
+ 
+
+You also can turn on or off language detection from the **Model settings** panel for the model.
+
+## Step 4: Apply the model
+
+- To save changes and return to the model home page, on the **Extractors** panel, select **Save and exit**.
+
+- If you're ready to apply the model to a library, in the document area, select **Next**. On the **Add to library** panel, choose the library to which you want to add the model, and then select **Add**.
+
diff --git a/microsoft-365/syntex/solutions/agreements-analyze-sections.md b/microsoft-365/syntex/solutions/agreements-analyze-sections.md
index ae9adcf2b9e..08d19fa5ca0 100644
--- a/microsoft-365/syntex/solutions/agreements-analyze-sections.md
+++ b/microsoft-365/syntex/solutions/agreements-analyze-sections.md
@@ -1,5 +1,5 @@
---
-title: Analyze section revisions in SharePoint Agreements AI
+title: Analyze section revisions in SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,10 +15,10 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn how to analyze section revisions with the SharePoint Agreements AI solution.
+description: Learn how to analyze section revisions with the SharePoint Agreements solution.
---
-# Analyze section revisions in SharePoint Agreements AI
+# Analyze section revisions in SharePoint Agreements
Section revision analysis is an AI-powered feature that helps maintain consistency with company-approved language. It detects changes in embedded sections, summarizes these changes, and offers suggestions.
diff --git a/microsoft-365/syntex/solutions/agreements-create-agreement.md b/microsoft-365/syntex/solutions/agreements-create-agreement.md
index 2664bd663f7..b670ce43b86 100644
--- a/microsoft-365/syntex/solutions/agreements-create-agreement.md
+++ b/microsoft-365/syntex/solutions/agreements-create-agreement.md
@@ -1,5 +1,5 @@
---
-title: Create an agreement in SharePoint Agreements AI
+title: Create an agreement in SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,10 +15,10 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn how to create an agreement with the SharePoint Agreements AI solution.
+description: Learn how to create an agreement with the SharePoint Agreements solution.
---
-# Create an agreement in SharePoint Agreements AI
+# Create an agreement in SharePoint Agreements
## Create an agreement from a published template
diff --git a/microsoft-365/syntex/solutions/agreements-create-template.md b/microsoft-365/syntex/solutions/agreements-create-template.md
index 14953c07a00..8fec9a93f11 100644
--- a/microsoft-365/syntex/solutions/agreements-create-template.md
+++ b/microsoft-365/syntex/solutions/agreements-create-template.md
@@ -1,5 +1,5 @@
---
-title: Create a template in SharePoint Agreements AI
+title: Create a template in SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,10 +15,10 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn how to create a template with the SharePoint Agreements AI solution.
+description: Learn how to create a template with the SharePoint Agreements solution.
---
-# Create a template in SharePoint Agreements AI
+# Create a template in SharePoint Agreements
Templates serve as a predefined structure that standardizes the creation of documents and agreements. They ensure consistency and uniformity across various documents within the workspace, streamlining the creation process and reducing the likelihood of errors. Templates can include specific sections, formatting, and content guidelines that align with the organization's requirements and branding.
diff --git a/microsoft-365/syntex/solutions/agreements-faq.md b/microsoft-365/syntex/solutions/agreements-faq.md
index ef7980933ee..2d2be218c8d 100644
--- a/microsoft-365/syntex/solutions/agreements-faq.md
+++ b/microsoft-365/syntex/solutions/agreements-faq.md
@@ -1,10 +1,10 @@
---
-title: Frequently asked questions about SharePoint Agreements AI
+title: Frequently asked questions about SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
ms.reviewer: ssathyamoort, neilh, shrganguly, rammenon
-ms.date: 10/22/2024
+ms.date: 10/30/2024
audience: admin
ms.topic: conceptual
ms.service: microsoft-syntex
@@ -15,28 +15,28 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Get answers to frequently asked questions about the SharePoint Agreements AI solution.
+description: Get answers to frequently asked questions about the SharePoint Agreements solution.
---
-# Frequently asked questions about SharePoint Agreements AI
+# Frequently asked questions about SharePoint Agreements
-#### What is SharePoint Agreements AI?
+#### What is SharePoint Agreements?
-SharePoint Agreements AI is an end-to-end solution, powered by AI, to help streamline and simplify your agreements, such as nondisclosure agreements (NDAs) and statements of work (SOWs). From drafting to execution, the solution is ready to integrate seamlessly into your flow of work.
+SharePoint Agreements is an end-to-end solution, powered by AI, to help streamline and simplify your agreements, such as nondisclosure agreements (NDAs) and statements of work (SOWs). From drafting to execution, the solution is ready to integrate seamlessly into your flow of work.
-#### What are the use cases for SharePoint Agreements AI?
+#### What are the use cases for SharePoint Agreements?
-SharePoint Agreements AI can be used across your organization. For example, the procurement department can generate purchase agreements with suppliers, the sales department can handle NDAs with clients, and the human resources department can create offer letters for new employees. Use Agreements AI wherever you need templates to create agreements in your organization.
+SharePoint Agreements can be used across your organization. For example, the procurement department can generate purchase agreements with suppliers, the sales department can handle NDAs with clients, and the human resources department can create offer letters for new employees. Use Agreements wherever you need templates to create agreements in your organization.
-#### What is the licensing model for SharePoint Agreements AI?
+#### What is the licensing model for SharePoint Agreements?
-The licensing model for SharePoint Agreements AI is still being finalized, but early access customers can get trial licenses for **SharePoint Content Solution - Agreements Trial** to use SharePoint Agreements AI. These trial licenses are valid for six months from the date of activation. Contact your Microsoft representative or submit your nomination here to obtain trial licenses: [Sign up for limited GA](https://aka.ms/AgreementsSelectiveGA). If your nomination is selected, a Microsoft representative will reach out to you within 14 business days.
+The licensing model for SharePoint Agreements is still being finalized, but early access customers can get trial licenses for **SharePoint Content Solution - Agreements Trial** to use SharePoint Agreements. These trial licenses are valid for six months from the date of activation. Contact your Microsoft representative or submit your nomination here to obtain trial licenses: [Sign up for limited GA](https://aka.ms/AgreementsSelectiveGA). If your nomination is selected, a Microsoft representative will reach out to you within 14 business days.
-#### How do I get started with SharePoint Agreements AI?
+#### How do I get started with SharePoint Agreements?
-To get started with SharePoint Agreements AI, your administrators need to follow these steps:
+To get started with SharePoint Agreements, your administrators need to follow these steps:
-1. The Global Administrator [assigns the **SharePoint Content Solution - Agreements Trial**](agreements-license-requirements.md) license to all users who will be using the Agreements AI solution. This license is necessary for using Agreements AI. For trial licenses, contact your Microsoft representative or submit your nomination here: [Sign up for limited GA](https://aka.ms/AgreementsSelectiveGA).
+1. The Global Administrator [assigns the **SharePoint Content Solution - Agreements Trial**](agreements-license-requirements.md) license to all users who will be using SharePoint Agreements. This license is necessary for using SharePoint Agreements. For trial licenses, contact your Microsoft representative or submit your nomination here: [Sign up for limited GA](https://aka.ms/AgreementsSelectiveGA).
2. The SharePoint Administrator [creates a workspace](agreements-setup.md) to organize and manage templates and agreements. For example, a "Procurement" workspace could be established to store all procurement templates and agreements, whereas a "Human Resources" workspace could be set up for employment agreements.
diff --git a/microsoft-365/syntex/solutions/agreements-import-agreement.md b/microsoft-365/syntex/solutions/agreements-import-agreement.md
index 5336b81afca..f7d4e5f9964 100644
--- a/microsoft-365/syntex/solutions/agreements-import-agreement.md
+++ b/microsoft-365/syntex/solutions/agreements-import-agreement.md
@@ -1,5 +1,5 @@
---
-title: Import an agreement in SharePoint Agreements AI
+title: Import an agreement in SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,10 +15,10 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn how to import an agreement in the SharePoint Agreements AI solution.
+description: Learn how to import an agreement in the SharePoint Agreements solution.
---
-# Import an agreement in SharePoint Agreements AI
+# Import an agreement in SharePoint Agreements
You can add existing agreements by uploading signed documents. Select a file to be imported as a signed agreement. Details about the agreement will be automatically detected after you save.
diff --git a/microsoft-365/syntex/solutions/agreements-key-concepts.md b/microsoft-365/syntex/solutions/agreements-key-concepts.md
index bdfbcbee0fe..e82ef9c65b1 100644
--- a/microsoft-365/syntex/solutions/agreements-key-concepts.md
+++ b/microsoft-365/syntex/solutions/agreements-key-concepts.md
@@ -1,5 +1,5 @@
---
-title: Key concepts in SharePoint Agreements AI
+title: Key concepts in SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,12 +15,12 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn about the concepts of workspaces, categories, templates, and sections in the SharePoint Agreements AI solution.
+description: Learn about the concepts of workspaces, categories, templates, and sections in the SharePoint Agreements solution.
---
-# Key concepts in SharePoint Agreements AI
+# Key concepts in SharePoint Agreements
-SharePoint Agreements AI is an end-to-end solution that gives you the flexibility to easily manage agreements across your organization. *Workspaces*, *categories*, *templates*, and *sections* are four essential concepts that can help you organize and manage your agreements.
+SharePoint Agreements is an end-to-end solution that gives you the flexibility to easily manage agreements across your organization. *Workspaces*, *categories*, *templates*, and *sections* are four essential concepts that can help you organize and manage your agreements.
**Workspaces** allow you to organize and manage agreements across your organization. When you create a workspace, a SharePoint site is created and is assigned to the workspace. You can create a workspace for business processes or departments in your organization that manages agreements. For example, you can have one workspace for your procurement team, and another one for your human resources team. Agreements, templates, and other files exist within the workspace and are stored in the corresponding SharePoint site. Roles are assigned to users at a workspace level, and permissions can be managed at a workspace level.
@@ -32,7 +32,7 @@ SharePoint Agreements AI is an end-to-end solution that gives you the flexibilit
## Roles
-Roles are assigned at a workspace level. Currently, SharePoint Agreements AI supports the following roles:
+Roles are assigned at a workspace level. Currently, SharePoint Agreements supports the following roles:
| Role | Description | Permissions | Recommendation |
| --- | --- | --- | --- |
diff --git a/microsoft-365/syntex/solutions/agreements-license-requirements.md b/microsoft-365/syntex/solutions/agreements-license-requirements.md
index ea6d636ec78..9ddaca13fb5 100644
--- a/microsoft-365/syntex/solutions/agreements-license-requirements.md
+++ b/microsoft-365/syntex/solutions/agreements-license-requirements.md
@@ -1,5 +1,5 @@
---
-title: Licensing requirements for SharePoint Agreements AI
+title: Licensing requirements for SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,23 +15,23 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn about the licensing requirements for the SharePoint Agreements AI solution.
+description: Learn about the licensing requirements for the SharePoint Agreements solution.
---
-# Licensing requirements for SharePoint Agreements AI
+# Licensing requirements for SharePoint Agreements
> [!NOTE]
-> SharePoint Agreements AI is now generally available for early access customers. The licensing model is still being finalized, but early access customers can get trial licenses for **SharePoint Content Solution - Agreements Trial** to use SharePoint Agreements AI. These trial licenses are valid for six months from date of activation. Contact your Microsoft representative or submit your nomination here to obtain trial licenses: [Sign up for limited GA](https://aka.ms/AgreementsSelectiveGA). If your nomination is selected, a Microsoft representative will reach out to you within 14 business days.
+> SharePoint Agreements is now generally available for early access customers. The licensing model is still being finalized, but early access customers can get trial licenses for **SharePoint Content Solution - Agreements Trial** to use SharePoint Agreements. These trial licenses are valid for six months from date of activation. Contact your Microsoft representative or submit your nomination here to obtain trial licenses: [Sign up for limited GA](https://aka.ms/AgreementsSelectiveGA). If your nomination is selected, a Microsoft representative will reach out to you within 14 business days.
-To activate the SharePoint Agreements AI solution in your tenant, the tenant administrator must first get the **SharePoint Content Solution - Agreements Trial** license. After you obtain the license, you need to assign the license to users who will use the solution within your organization.
+To activate the SharePoint Agreements in your tenant, the tenant administrator must first get the **SharePoint Content Solution - Agreements Trial** license. After you obtain the license, you need to assign the license to users who will use the solution within your organization.
## Get the license
-SharePoint Agreements AI is now generally available for early adoption customers. Contact your Microsoft representative or submit your nomination here to obtain licenses: [Sign up for selective GA](https://aka.ms/AgreementsSelectiveGA).
+SharePoint Agreements is now generally available for early adoption customers. Contact your Microsoft representative or submit your nomination here to obtain licenses: [Sign up for selective GA](https://aka.ms/AgreementsSelectiveGA).
## Assign the license to users
-Once the **SharePoint Content Solution - Agreements Trial** licenses are available in the **Your products** page in the Microsoft 365 admin center, you can assign licenses to existing users by following the guidance in [Assign or unassign licenses for users in the Microsoft 365 admin center](/microsoft-365/admin/manage/assign-licenses-to-users). Users who need to use SharePoint Agreements AI need to have the **SharePoint Content Solution - Agreements Trial** license assigned to them.
+Once the **SharePoint Content Solution - Agreements Trial** licenses are available in the **Your products** page in the Microsoft 365 admin center, you can assign licenses to existing users by following the guidance in [Assign or unassign licenses for users in the Microsoft 365 admin center](/microsoft-365/admin/manage/assign-licenses-to-users). Users who need to use SharePoint Agreements need to have the **SharePoint Content Solution - Agreements Trial** license assigned to them.
diff --git a/microsoft-365/syntex/solutions/agreements-manage-sections.md b/microsoft-365/syntex/solutions/agreements-manage-sections.md
index cf5a07cc0ab..645036430c6 100644
--- a/microsoft-365/syntex/solutions/agreements-manage-sections.md
+++ b/microsoft-365/syntex/solutions/agreements-manage-sections.md
@@ -1,5 +1,5 @@
---
-title: Manage template sections in SharePoint Agreements AI
+title: Manage template sections in SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,10 +15,10 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn how to create, publish, and manage template sections in the SharePoint Agreements AI solution.
+description: Learn how to create, publish, and manage template sections in the SharePoint Agreements solution.
---
-# Manage template sections in SharePoint Agreements AI
+# Manage template sections in SharePoint Agreements
Sections are reusable blocks of content that ensure the use of consistent language across your agreements. You can define a section and use it across multiple templates. For example, you might have a section for privacy clause or payment terms for your purchase agreements, while you can have a section for relocation package for your full-time employee templates. Sections are saved as Microsoft Word documents in the section library on your Agreements site.
@@ -106,7 +106,7 @@ Once you're done setting up the section, you must publish it. Only published sec
Once you have made the relevant changes to section and configured section settings, you can choose to send a draft section for approval before publishing the section.
-SharePoint Agreements AI uses the Approvals app in Microsoft Teams to send approval requests. For more information, see [Approvals in Microsoft Teams](/power-automate/teams/native-approvals-in-teams).
+SharePoint Agreements uses the Approvals app in Microsoft Teams to send approval requests. For more information, see [Approvals in Microsoft Teams](/power-automate/teams/native-approvals-in-teams).
To request approval before publishing the section, follow these steps:
diff --git a/microsoft-365/syntex/solutions/agreements-notifications.md b/microsoft-365/syntex/solutions/agreements-notifications.md
index b4a2636b03e..3073f49be0a 100644
--- a/microsoft-365/syntex/solutions/agreements-notifications.md
+++ b/microsoft-365/syntex/solutions/agreements-notifications.md
@@ -1,5 +1,5 @@
---
-title: Approval notifications in SharePoint Agreements AI
+title: Approval notifications in SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,10 +15,10 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn about the approval notifications in the SharePoint Agreements AI solution.
+description: Learn about the approval notifications in the SharePoint Agreements solution.
---
-# Approval notifications in SharePoint Agreements AI
+# Approval notifications in SharePoint Agreements
Agreement approval notifications are sent through the Approvals app in Microsoft Teams. Agreement creators can also choose to notify approvers via email.
diff --git a/microsoft-365/syntex/solutions/agreements-overview.md b/microsoft-365/syntex/solutions/agreements-overview.md
index 8fd53fe1932..72fe79ca888 100644
--- a/microsoft-365/syntex/solutions/agreements-overview.md
+++ b/microsoft-365/syntex/solutions/agreements-overview.md
@@ -1,10 +1,10 @@
---
-title: Introduction to SharePoint Agreements AI
+title: Introduction to SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
ms.reviewer: ssathyamoort
-ms.date: 10/22/2024
+ms.date: 10/30/2024
audience: admin
ms.topic: conceptual
ms.service: microsoft-syntex
@@ -15,17 +15,17 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn how to get started with the SharePoint Agreements AI solution.
+description: Learn how to get started with the SharePoint Agreements solution.
---
-# Introduction to SharePoint Agreements AI
+# Introduction to SharePoint Agreements
> [!NOTE]
-> SharePoint Agreements AI is now generally available for early access customers. Contact your Microsoft representative or submit your nomination for the limited GA here: [Sign up for limited GA](https://aka.ms/AgreementsSelectiveGA). For a list of articles to help you set up and use this feature, see [Help documentation](#help-documentation).
+> SharePoint Agreements is now generally available for early access customers. Contact your Microsoft representative or submit your nomination for the limited GA here: [Sign up for limited GA](https://aka.ms/AgreementsSelectiveGA). For a list of articles to help you set up and use this feature, see [Help documentation](#help-documentation).
## Overview
-SharePoint Agreements AI is an end-to-end solution, powered by AI, to help streamline and simplify your agreements, such as nondisclosure agreements (NDAs) and statements of work (SOWs). From drafting to execution, the solution is ready to integrate seamlessly into your flow of work.
+SharePoint Agreements is an end-to-end solution, powered by AI, to help streamline and simplify your agreements, such as nondisclosure agreements (NDAs) and statements of work (SOWs). From drafting to execution, the solution is ready to integrate seamlessly into your flow of work.
Centralize your agreements in the new Agreements app in Microsoft Teams, draft agreements with native Microsoft Word capabilities, and gain valuable AI-driven insights, making management of your agreements easier and more efficient.
@@ -33,9 +33,9 @@ Centralize your agreements in the new Agreements app in Microsoft Teams, draft a
## What you can do
-With SharePoint Agreements AI, you can:
+With SharePoint Agreements, you can:
-- **Centrally manage** your agreements in one place using familiar tools. SharePoint Agreements AI provides the [Agreements app in Microsoft Teams](https://teams.microsoft.com/l/app/fc0c5127-1a8c-4d12-9500-c142ca453b83?source=app-details-dialog) to manage all your agreements. You can view agreement lists, track their status, and receive expiring agreement reports.
+- **Centrally manage** your agreements in one place using familiar tools. SharePoint Agreements provides the [Agreements app in Microsoft Teams](https://teams.microsoft.com/l/app/fc0c5127-1a8c-4d12-9500-c142ca453b83?source=app-details-dialog) to manage all your agreements. You can view agreement lists, track their status, and receive expiring agreement reports.
- **Simplify your agreements process** from template to eSignature. Native capabilities in Microsoft Word allow drafting templates by adding fields. Reusable sections from the sections library can be included to ensure consistent language across all agreements. Agreements can then be generated from these templates by filling in field values and routing them for eSignature.
@@ -47,9 +47,9 @@ With SharePoint Agreements AI, you can:
|Article |Description |
|---------|---------|
-|[Key concepts](agreements-key-concepts.md) |Learn the key concepts in SharePoint Agreements AI. |
-|[Frequently asked questions](agreements-faq.md) |Get answers to frequently asked questions about SharePoint Agreements AI. |
-|[Licensing requirements](agreements-license-requirements.md) |Learn how to get and assign licenses for SharePoint Agreements AI. |
+|[Key concepts](agreements-key-concepts.md) |Learn the key concepts in SharePoint Agreements. |
+|[Frequently asked questions](agreements-faq.md) |Get answers to frequently asked questions about SharePoint Agreements. |
+|[Licensing requirements](agreements-license-requirements.md) |Learn how to get and assign licenses for SharePoint Agreements. |
|[Set up the solution](agreements-setup.md) |Learn how to set up and manage workspaces, add the Agreements app in Microsoft Teams, and more. |
|[Get users ready](agreements-user-prereqs.md) |Learn how to get users ready to use all of the solution features. |
|[Create a template](agreements-create-template.md) |Learn how to create and publish templates, set up fields and sections, configure workflows, and more. |
diff --git a/microsoft-365/syntex/solutions/agreements-reports.md b/microsoft-365/syntex/solutions/agreements-reports.md
index 5455ba5c107..997260ac8d5 100644
--- a/microsoft-365/syntex/solutions/agreements-reports.md
+++ b/microsoft-365/syntex/solutions/agreements-reports.md
@@ -1,5 +1,5 @@
---
-title: View reports in SharePoint Agreements AI
+title: View reports in SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,10 +15,10 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn about the reports available for the SharePoint Agreements AI solution.
+description: Learn about the reports available for the SharePoint Agreements solution.
---
-# View reports in SharePoint Agreements AI
+# View reports in SharePoint Agreements
The **Reports** tab in the Agreements app provides a comprehensive overview of all agreements, their statuses, and other essential metrics.
diff --git a/microsoft-365/syntex/solutions/agreements-setup.md b/microsoft-365/syntex/solutions/agreements-setup.md
index 13745293e73..d9f91f0c7f2 100644
--- a/microsoft-365/syntex/solutions/agreements-setup.md
+++ b/microsoft-365/syntex/solutions/agreements-setup.md
@@ -1,5 +1,5 @@
---
-title: Set up SharePoint Agreements AI
+title: Set up SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,10 +15,10 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn how to set up licensing tools for the SharePoint Agreements AI solution.
+description: Learn how to set up licensing tools for the SharePoint Agreements solution.
---
-# Set up SharePoint Agreements AI
+# Set up SharePoint Agreements
## Overview
@@ -38,7 +38,7 @@ Workspaces allow you to organize and manage agreements across your organization.
### Prerequisites
-Before creating a workspace for SharePoint Agreements AI, you need to ensure:
+Before creating a workspace for SharePoint Agreements, you need to ensure:
- The user implementing the steps in the article needs to be either a Global Administrator or SharePoint Administrator.
diff --git a/microsoft-365/syntex/solutions/agreements-update-template.md b/microsoft-365/syntex/solutions/agreements-update-template.md
index d9e7db628b6..f624353c49c 100644
--- a/microsoft-365/syntex/solutions/agreements-update-template.md
+++ b/microsoft-365/syntex/solutions/agreements-update-template.md
@@ -1,5 +1,5 @@
---
-title: Update a template in SharePoint Agreements AI
+title: Update a template in SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,10 +15,10 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn how to update a template with the SharePoint Agreements AI solution.
+description: Learn how to update a template with the SharePoint Agreements solution.
---
-# Update a template in SharePoint Agreements AI
+# Update a template in SharePoint Agreements
Templates have their own lifecycle management requirements and will change over time as a business updates its requirements for the content of structure of agreements.
diff --git a/microsoft-365/syntex/solutions/agreements-user-prereqs.md b/microsoft-365/syntex/solutions/agreements-user-prereqs.md
index 9132fbd7406..b0326c9669e 100644
--- a/microsoft-365/syntex/solutions/agreements-user-prereqs.md
+++ b/microsoft-365/syntex/solutions/agreements-user-prereqs.md
@@ -1,5 +1,5 @@
---
-title: User prerequisites for using SharePoint Agreements AI
+title: User prerequisites for using SharePoint Agreements
ms.author: chucked
author: chuckedmonson
manager: jtremper
@@ -15,12 +15,12 @@ ms.collection:
- m365initiative-syntex
ms.localizationpriority: medium
ROBOTS: NOINDEX, NOFOLLOW
-description: Learn about the user prerequisites for the SharePoint Agreements AI solution.
+description: Learn about the user prerequisites for the SharePoint Agreements solution.
---
-# User prerequisites for using SharePoint Agreements AI
+# User prerequisites for using SharePoint Agreements
-The SharePoint Agreements AI solution has several prerequisites to ensure users can take full advantage of its features.
+The SharePoint Agreements solution has several prerequisites to ensure users can take full advantage of its features.
## Software licenses
diff --git a/microsoft-365/syntex/syntex-pay-as-you-go-services.md b/microsoft-365/syntex/syntex-pay-as-you-go-services.md
index fb4019fe148..84ae4f2b15d 100644
--- a/microsoft-365/syntex/syntex-pay-as-you-go-services.md
+++ b/microsoft-365/syntex/syntex-pay-as-you-go-services.md
@@ -37,7 +37,7 @@ To help your organization in planning for pay-as-you-go services, you can use th
|Content assembly |The number of documents (Word or PDF) created using Syntex templates. Each processed document counts as one transaction.
If you have an existing Syntex per-user license, you won't be charged for generating documents manually but will be charged for automated document generation using Power Automate. |$0.15/transaction |
|Image tagging |The number of images processed. Each processed image counts as one transaction. You won’t be charged if you only enable pay-as-you-go billing for image tagging. You are charged only when you [enable image tagging on a document library](image-tagging.md). |$0.001/transaction |
|Taxonomy tagging |The number of documents processed. Each processed document counts as one transaction. You won’t be charged if you only enable pay-as-you-go billing for taxonomy tagging. You're charged only when you [enable taxonomy tagging on a document library](taxonomy-tagging.md). |$0.05/transaction |
-|SharePoint eSignature |The number of electronic signature requests created. Each signature request for up to 10 recipients counts as one transaction. |$2.00/transaction |
+|SharePoint eSignature |The number of electronic signature requests created. Up to 10 recipients can be included in each request. Each request counts as one transaction. |$2.00/transaction |
|Document translation |For document translation, the number of characters processed. Character count includes letters, Unicode code points, punctuation, and white spaces.
For video transcript translation, the number of characters from the source transcript. (This meter is charged only when the translation has successfully resulted in a new transcript.) |$15.00/1M characters |
|Optical character recognition |The number of pages processed for images (JPEG, JPG, PNG, or BMP); the number of pages processed for PDF, TIF, or TIFF; or the number of embedded images in Teams chats and email messages. Each of these counts as one transaction. Processing occurs every time the file is edited. |$0.001/transaction|
|Microsoft 365 Archive |The number of gigabytes (GB) of data archived. (This meter is only charged when archived storage plus active storage in SharePoint exceeds a tenant’s included or licensed allocated SharePoint storage quota limit.)
Reactivation of archived data after seven days. |$0.05/GB/month (shows on invoice as $0.00167/GB/day)
$0.60/GB|