From 6304d031fdbb6d878d9d82f1d8c91f9076f4f130 Mon Sep 17 00:00:00 2001 From: Chris Davis Date: Wed, 2 Dec 2020 16:02:04 -0800 Subject: [PATCH] ATP/Advanced Threat Protection to MDfO365 --- .../exchange/Disable-SafeAttachmentRule.md | 2 +- .../exchange/Disable-SafeLinksRule.md | 2 +- .../exchange/Enable-SafeAttachmentRule.md | 2 +- .../exchange/Enable-SafeLinksRule.md | 2 +- .../exchange/Export-QuarantineMessage.md | 2 +- .../exchange/Get-ATPTotalTrafficReport.md | 2 +- ...-AdvancedThreatProtectionDocumentDetail.md | 8 ++-- ...-AdvancedThreatProtectionDocumentReport.md | 6 +-- ...t-AdvancedThreatProtectionTrafficReport.md | 4 +- .../exchange/Get-AntiPhishPolicy.md | 4 +- .../exchange/Get-AtpPolicyForO365.md | 18 ++++---- .../exchange/Get-MailDetailATPReport.md | 24 +++++----- .../exchange/Get-MailTrafficATPReport.md | 18 ++++---- .../exchange/Get-MailTrafficReport.md | 4 +- .../exchange/Get-QuarantineMessage.md | 14 +++--- .../exchange/Get-SafeAttachmentPolicy.md | 2 +- .../exchange/Get-SafeAttachmentRule.md | 2 +- .../exchange/Get-SafeLinksAggregateReport.md | 2 +- .../exchange/Get-SafeLinksDetailReport.md | 4 +- .../exchange/Get-SafeLinksPolicy.md | 2 +- .../exchange-ps/exchange/Get-SafeLinksRule.md | 2 +- .../exchange/Get-SpoofMailReport.md | 4 +- exchange/exchange-ps/exchange/Get-UrlTrace.md | 2 +- .../exchange/New-AntiPhishPolicy.md | 42 +++++++++--------- .../exchange/New-SafeAttachmentPolicy.md | 2 +- .../exchange/New-SafeAttachmentRule.md | 2 +- .../exchange/New-SafeLinksPolicy.md | 2 +- .../exchange-ps/exchange/New-SafeLinksRule.md | 2 +- .../exchange/Preview-QuarantineMessage.md | 4 +- .../exchange/Release-QuarantineMessage.md | 7 +-- .../exchange/Remove-SafeAttachmentPolicy.md | 2 +- .../exchange/Remove-SafeAttachmentRule.md | 2 +- .../exchange/Remove-SafeLinksPolicy.md | 2 +- .../exchange/Remove-SafeLinksRule.md | 2 +- .../exchange/Set-AntiPhishPolicy.md | 42 +++++++++--------- .../exchange/Set-AtpPolicyForO365.md | 44 ++++++++++--------- .../exchange/Set-SafeAttachmentPolicy.md | 2 +- .../exchange/Set-SafeAttachmentRule.md | 2 +- .../exchange/Set-SafeLinksPolicy.md | 2 +- .../exchange-ps/exchange/Set-SafeLinksRule.md | 2 +- .../exchange/Start-HistoricalSearch.md | 10 ++--- 41 files changed, 154 insertions(+), 151 deletions(-) diff --git a/exchange/exchange-ps/exchange/Disable-SafeAttachmentRule.md b/exchange/exchange-ps/exchange/Disable-SafeAttachmentRule.md index c46a6b70cb..186caa567a 100644 --- a/exchange/exchange-ps/exchange/Disable-SafeAttachmentRule.md +++ b/exchange/exchange-ps/exchange/Disable-SafeAttachmentRule.md @@ -30,7 +30,7 @@ Disable-SafeAttachmentRule [-Identity] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Disable-SafeLinksRule.md b/exchange/exchange-ps/exchange/Disable-SafeLinksRule.md index 545e07c2df..de660c5c06 100644 --- a/exchange/exchange-ps/exchange/Disable-SafeLinksRule.md +++ b/exchange/exchange-ps/exchange/Disable-SafeLinksRule.md @@ -30,7 +30,7 @@ Disable-SafeLinksRule [-Identity] ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Enable-SafeAttachmentRule.md b/exchange/exchange-ps/exchange/Enable-SafeAttachmentRule.md index 0d5fd5bf53..e0e484e13f 100644 --- a/exchange/exchange-ps/exchange/Enable-SafeAttachmentRule.md +++ b/exchange/exchange-ps/exchange/Enable-SafeAttachmentRule.md @@ -30,7 +30,7 @@ Enable-SafeAttachmentRule [-Identity] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Enable-SafeLinksRule.md b/exchange/exchange-ps/exchange/Enable-SafeLinksRule.md index c35093137b..b08646d678 100644 --- a/exchange/exchange-ps/exchange/Enable-SafeLinksRule.md +++ b/exchange/exchange-ps/exchange/Enable-SafeLinksRule.md @@ -30,7 +30,7 @@ Enable-SafeLinksRule [-Identity] ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Export-QuarantineMessage.md b/exchange/exchange-ps/exchange/Export-QuarantineMessage.md index 75c34c13cc..04408e614d 100644 --- a/exchange/exchange-ps/exchange/Export-QuarantineMessage.md +++ b/exchange/exchange-ps/exchange/Export-QuarantineMessage.md @@ -16,7 +16,7 @@ This cmdlet is available only in the cloud-based service. Use the Export-QuarantineMessage cmdlet to export quarantined messages and files from your cloud-based organization. Messages are exported to .eml message files so you can open them in Outlook. -For files that are protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business and Microsoft Teams, the files are exported in Base64 format. +For files that were quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams, the files are exported in Base64 format. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). diff --git a/exchange/exchange-ps/exchange/Get-ATPTotalTrafficReport.md b/exchange/exchange-ps/exchange/Get-ATPTotalTrafficReport.md index e2fc5d4a1d..3e0216bc60 100644 --- a/exchange/exchange-ps/exchange/Get-ATPTotalTrafficReport.md +++ b/exchange/exchange-ps/exchange/Get-ATPTotalTrafficReport.md @@ -14,7 +14,7 @@ ms.reviewer: ## SYNOPSIS This cmdlet is available only in the cloud-based service. -Use the Get-ATPTotalTrafficReport to view details about message traffic in your organization. +Use the Get-ATPTotalTrafficReport to view details about message traffic in your Microsoft Defender for Office 365 organization. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). diff --git a/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentDetail.md b/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentDetail.md index ce8ceffc6c..41cbf27a66 100644 --- a/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentDetail.md +++ b/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentDetail.md @@ -12,7 +12,9 @@ ms.reviewer: # Get-AdvancedThreatProtectionDocumentDetail ## SYNOPSIS -This cmdlet is available only in the cloud-based service. Use the Get-AdvancedThreatProtectionDocumentDetailReport cmdlet to view the results of Office 365 Advanced Threat Protection (ATP) actions for files in SharePoint Online, OneDrive for Business and Microsoft Teams in your cloud-based organization. +This cmdlet is available only in the cloud-based service. + +Use the Get-AdvancedThreatProtectionDocumentDetailReport cmdlet to view the detailed results of Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in your Microsoft Defender for Office 365 organization. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). @@ -47,7 +49,7 @@ For the reporting period and organization you specify, the cmdlet returns the fo - Timestamp - Workload -For more information about this feature, see [ATP for SharePoint, OneDrive, and Microsoft Teams](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). +For more information about this feature, see [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). @@ -58,7 +60,7 @@ You need to be assigned permissions before you can run this cmdlet. Although thi Get-AdvancedThreatProtectionDocumentDetail -Organization contoso.com -StartDate "4/26/2016" -EndDate "4/28/2016" | Format-Table ``` -This example returns the detailed report of ATP detections during the specified date range. +This example returns the detailed report of detections during the specified date range. ## PARAMETERS diff --git a/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentReport.md b/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentReport.md index bee95f5fb4..ccf075490a 100644 --- a/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentReport.md +++ b/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionDocumentReport.md @@ -14,7 +14,7 @@ ms.reviewer: ## SYNOPSIS This cmdlet is available only in the cloud-based service. -Use the Get-AdvancedThreatProtectionDocumentReport cmdlet to view the results of Office 365 Advanced Threat Protection (ATP) actions for files in SharePoint Online, OneDrive for Business and Microsoft Teams in your cloud-based organization. +Use the Get-AdvancedThreatProtectionDocumentReport cmdlet to view the results of Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in your Microsoft Defender for Office 365 organization. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). @@ -38,7 +38,7 @@ Get-AdvancedThreatProtectionDocumentReport ``` ## DESCRIPTION -For more information about this feature, see [ATP for SharePoint, OneDrive, and Microsoft Teams](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). +For more information about this feature, see [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). For the reporting period and organization you specify, the cmdlet returns the following information: @@ -58,7 +58,7 @@ You need to be assigned permissions before you can run this cmdlet. Although thi Get-AdvancedThreatProtectionTrafficReport -Organization contoso.com -StartDate "4/26/2018" -EndDate "4/28/2018" | Format-Table ``` -This example returns the aggregated report of ATP detections for the specified organization during the specified date range. +This example returns the aggregated report of detections for the specified organization during the specified date range. ## PARAMETERS diff --git a/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionTrafficReport.md b/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionTrafficReport.md index a33665bf16..4163f5dd62 100644 --- a/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionTrafficReport.md +++ b/exchange/exchange-ps/exchange/Get-AdvancedThreatProtectionTrafficReport.md @@ -40,9 +40,9 @@ Get-AdvancedThreatProtectionTrafficReport [-Action ] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: diff --git a/exchange/exchange-ps/exchange/Get-AntiPhishPolicy.md b/exchange/exchange-ps/exchange/Get-AntiPhishPolicy.md index a1a90b5847..f1cc767ece 100644 --- a/exchange/exchange-ps/exchange/Get-AntiPhishPolicy.md +++ b/exchange/exchange-ps/exchange/Get-AntiPhishPolicy.md @@ -79,7 +79,7 @@ The Advanced switch filters the properties that are returned to the advanced set You don't need to specify a value with this switch. -Advanced settings are only available in ATP anti-phishing policies. +Advanced settings are only available in anti-phishing policies in Microsoft Defender for Office 365. ```yaml Type: SwitchParameter @@ -119,7 +119,7 @@ The Impersonation switch filters the properties that are returned to the imperso You don't need to specify a value with this switch. -Impersonation settings are only available in ATP anti-phishing policies. +Impersonation settings are only available in anti-phishing policies in Microsoft Defender for Office 365. ```yaml Type: SwitchParameter diff --git a/exchange/exchange-ps/exchange/Get-AtpPolicyForO365.md b/exchange/exchange-ps/exchange/Get-AtpPolicyForO365.md index 7fecde3779..daa0136fe7 100644 --- a/exchange/exchange-ps/exchange/Get-AtpPolicyForO365.md +++ b/exchange/exchange-ps/exchange/Get-AtpPolicyForO365.md @@ -14,11 +14,11 @@ ms.reviewer: ## SYNOPSIS This cmdlet is available only in the cloud-based service. -Use the Get-AtpPolicyForO365 cmdlet to view the Advanced Threat Protection (ATP) policy in Office 365. The ATP policy enables the following protections: +Use the Get-AtpPolicyForO365 cmdlet to view the settings for the following features in Microsoft Defender for Office 365: -- Safe Links for Office 365 ProPlus desktop clients and Office Mobile apps. -- Safe Documents: Before a user is allowed to trust a file open in Office 365 ProPlus, the file will be verified by Microsoft Defender ATP. -- ATP to protect files in SharePoint Online, OneDrive for Business and Microsoft Teams. +- Safe Links protection for supported Office 365 apps. +- Safe Documents: Uses Microsoft Defender for Endpoint to scan documents and files that are opened in Protected View in Microsoft 365 apps for enterprise. +- Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). @@ -32,9 +32,11 @@ Get-AtpPolicyForO365 [[-Identity] ] ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. For more information, see [Office 365 ATP Safe Links](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-links). +Safe Links protection for Office 365 apps checks links in Office documents, not links in email messages. For more information, see [Safe Links settings for Office 365 apps](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-links#safe-links-settings-for-office-365-apps). -ATP can also protect files in SharePoint Online, OneDrive for Business and Microsoft Teams by preventing users from opening and downloading files that are identified as malicious. For more information, see [ATP for SharePoint, OneDrive, and Microsoft Teams](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). +Safe Documents scans documents and files that are opened in Protected View. For more information, see [Safe Documents in Microsoft 365 E5](https://docs.microsoft.com/microsoft-365/security/office-365-security/safe-docs). + +Safe Attachments for SharePoint, OneDrive, and Microsoft Teams prevents users from opening and downloading files that are identified as malicious. For more information, see [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). @@ -45,12 +47,12 @@ You need to be assigned permissions before you can run this cmdlet. Although thi Get-AtpPolicyForO365 ``` -This example returns detailed information about the ATP policy named Default +This example returns detailed information about the default policy. ## PARAMETERS ### -Identity -The Identity parameter specifies the ATP policy that you want to modify. There's only one policy named Default. +The Identity parameter specifies the policy that you want to modify. There's only one policy named Default. ```yaml Type: AtpPolicyForO365IdParameter diff --git a/exchange/exchange-ps/exchange/Get-MailDetailATPReport.md b/exchange/exchange-ps/exchange/Get-MailDetailATPReport.md index 2e8602fcb5..a0c9cbdbc7 100644 --- a/exchange/exchange-ps/exchange/Get-MailDetailATPReport.md +++ b/exchange/exchange-ps/exchange/Get-MailDetailATPReport.md @@ -14,7 +14,7 @@ ms.reviewer: ## SYNOPSIS This cmdlet is available only in the cloud-based service. -Use the Get-MailDetailATPReport cmdlet to list details about Exchange Online Protection and Advanced Threat protection (ATP) detections in your cloud-based organization for the last 10 days. +Use the Get-MailDetailATPReport cmdlet to list details about Exchange Online Protection and Microsoft Defender for Office 365 detections in your cloud-based organization for the last 10 days. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). @@ -41,9 +41,9 @@ Get-MailDetailATPReport [-Direction ] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: @@ -72,7 +72,7 @@ You need to be assigned permissions before you can run this cmdlet. Although thi Get-MailDetailATPReport -StartDate 7/22/2018 -EndDate 7/31/2018 ``` -This example returns the Advanced Threat Protection actions for the last 10 days in July, 2018. (Note: Customers with Advanced Threat Protection subscription will be able to get up to 30 days of data.) +This example returns the actions for the last 10 days in July, 2018. (Note: Customers with Defender for Office 365 subscriptions will be able to get up to 30 days of data.) ## PARAMETERS @@ -129,12 +129,12 @@ Accept wildcard characters: False ### -EventType The EventType parameter filters the report by the event type. Valid values are: -Email phish EventTypes: +Email phishing EventTypes: - Advanced phish filter (Indicates a message caught by the machine learning model.) - Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.) - Anti-spoof: external domain (Indicates an external message caught by anti-phish spoof protection.) -- ATP-generated URL reputation\* (Indicates a message with a known malicious URL caught by ATP.) +- ATP-generated URL reputation\* (Indicates a message with a known malicious URL caught Defender for Office 365.) - Domain impersonation\* (Indicates a message impersonating a domain protected by an anti-phish policy.) - Brand impersonation (Indicates a message caught by phish filters as impersonating a known brand.) - EOP URL Reputation (Indicates a message with a known malicious URL caught by EOP.) @@ -147,19 +147,19 @@ Email malware EventTypes: - Anti-malware engine\* (Indicates a message caught by the anti-malware engine.) - Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.) -- ATP-generated file reputation\* (Indicates a message with a known malicious file blocked by ATP.) -- ATP safe attachments\* (Indicates a message with a malicious attachment blocked by ATP.) -- ATP safe links\* (Indicates when a malicious link is blocked by ATP.) +- ATP-generated file reputation\* (Indicates a message with a known malicious file blocked Defender for Office 365.) +- ATP Safe Attachments\* (Indicates a message with a malicious attachment blocked Defender for Office 365.) +- ATP Safe Links\* (Indicates when a malicious link is blocked Defender for Office 365.) - File Detonation\* (Indicates a message with a malicious attachment blocked by the detonation service.) - Malware ZAP (Indicates a message with malware detected and auto-purged after delivery.) - Office 365 file reputation (Indicates a message with a known malicious file blocked.) Content malware EventTypes: -- AtpDocumentMalware\* (Indicates malicious content detected by ATP Safe Attachments in the cloud.) -- AvDocumentMalware (Indicates malware found by the anti-malware engine. Reporting requires ATP or E5.) +- AtpDocumentMalware\* (Indicates malicious content detected by Safe Attachments.) +- AvDocumentMalware (Indicates malware found by the anti-malware engine. Reporting requires Defender for Office 365 or E5.) -\* These features require a standalone Office 365 ATP or E5 subscription. +\* Requires Defender for Office 365 (included in Microsoft 365 E5 or in an add-in subscription). To enter multiple values, use the following syntax: \,\,...\. If the values contain spaces or otherwise require quotation marks, use the following syntax: "\","\",..."\". diff --git a/exchange/exchange-ps/exchange/Get-MailTrafficATPReport.md b/exchange/exchange-ps/exchange/Get-MailTrafficATPReport.md index 5e7872ea2d..28e3366754 100644 --- a/exchange/exchange-ps/exchange/Get-MailTrafficATPReport.md +++ b/exchange/exchange-ps/exchange/Get-MailTrafficATPReport.md @@ -14,7 +14,7 @@ ms.reviewer: ## SYNOPSIS This cmdlet is available only in the cloud-based service. -Use the Get-MailTrafficATPReport cmdlet to view the results of Exchange Online Protection and Advanced Threat Protection (ATP) detections in your cloud-based organization for the last 90 days. +Use the Get-MailTrafficATPReport cmdlet to view the results of Exchange Online Protection and Microsoft Defender for Office 365 detections in your cloud-based organization for the last 90 days. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). @@ -40,9 +40,9 @@ Get-MailTrafficATPReport ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For the reporting period you specify, the cmdlet returns the following information: @@ -175,7 +175,7 @@ The EventType parameter filters the report by the event type. Valid values are: - Message passed (Indicates a good message.) -Email phish EventTypes: +Email phishing EventTypes: - Advanced phish filter (Indicates a message caught by the machine learning model.) - Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.) @@ -191,18 +191,18 @@ Email phish EventTypes: Email malware EventTypes: - Anti-malware engine (Indicates a message caught by the anti-malware engine.) -- ATP safe attachments\* (Indicates a message with a malicious attachment blocked by ATP.) -- ATP safe links\* (Indicates when a malicious link is blocked by ATP.) +- ATP Safe Attachments\* (Indicates a message with a malicious attachment blocked by Defender for Office 365.) +- ATP Safe Links\* (Indicates when a malicious link is blocked by Defender for Office 365.) - ZAP (Indicates a message with malware detected and auto-purged after delivery.) - Office 365 file reputation (Indicates a message with a known malicious file blocked.) - Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.) Content malware EventTypes: -- AtpDocumentMalware\* (Indicates malicious content detected by ATP Safe Attachments in the cloud.) -- AvDocumentMalware (Indicates malware found by the anti-malware engine. Reporting requires ATP/E5.) +- AtpDocumentMalware\* (Indicates malicious content detected by Safe Attachments.) +- AvDocumentMalware (Indicates malware found by the anti-malware engine. Reporting requires Defender for Office 365 or E5.) -\* These features require an E5 subscription or an Office 365 ATP add-on. +\* Requires Defender for Office 365 (included in Microsoft 365 E5 or in an add-in subscription). To enter multiple values, use the following syntax: \,\,...\. If the values contain spaces or otherwise require quotation marks, use the following syntax: "\","\",..."\". diff --git a/exchange/exchange-ps/exchange/Get-MailTrafficReport.md b/exchange/exchange-ps/exchange/Get-MailTrafficReport.md index 2c9518d58f..e1184bb61e 100644 --- a/exchange/exchange-ps/exchange/Get-MailTrafficReport.md +++ b/exchange/exchange-ps/exchange/Get-MailTrafficReport.md @@ -54,8 +54,8 @@ You can use the EventType values from the Get-MailTrafficReport cmdlet to analyz Mail traffic summary -- AdvancedProtectionMalware: Messages that were marked as malware by the Office 365 Advanced Threat Protection service. For details about the Advanced Threat Protection service, see [Office 365 Advanced Threat Protection service description](https://docs.microsoft.com/office365/servicedescriptions/office-365-advanced-threat-protection-service-description). -- AtpGoodMail: Messages that were delivered after passing through the Office 365 Advanced Threat Protection service. This count shows the number of unique messages. If a message was delivered to multiple recipients, it would still count as a single message. +- AdvancedProtectionMalware: Messages that were marked as malware by Microsoft Defender for Office 365. For details about Defender for Office 365, see [Microsoft Defender for Office 365 service description](https://docs.microsoft.com/office365/servicedescriptions/office-365-advanced-threat-protection-service-description). +- AtpGoodMail: Messages that were delivered after passing through Defender for Office 365. This count shows the number of unique messages. If a message was delivered to multiple recipients, it would still count as a single message. - DLPMessages: Messages that matched a data loss prevention (DLP) policy. For details about data loss prevention, see [Overview of data loss prevention](https://docs.microsoft.com/microsoft-365/compliance/data-loss-prevention-policies). - Expire: Messages that cannot be delivered, stuck in a queue, and after some time expired. - GoodMail: Messages that were delivered after passing through the malware and spam filters. This count shows the number of unique messages. If a message was delivered to multiple recipients, it would still count as a single message. diff --git a/exchange/exchange-ps/exchange/Get-QuarantineMessage.md b/exchange/exchange-ps/exchange/Get-QuarantineMessage.md index 06dd1ff8e8..70a9ddf2fe 100644 --- a/exchange/exchange-ps/exchange/Get-QuarantineMessage.md +++ b/exchange/exchange-ps/exchange/Get-QuarantineMessage.md @@ -14,9 +14,7 @@ ms.reviewer: ## SYNOPSIS This cmdlet is available only in the cloud-based service. -Use the Get-QuarantineMessage cmdlet to view quarantined messages and files in your cloud-based organization. - -**Note**: Quarantined files are files protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business and Microsoft Teams. +Use the Get-QuarantineMessage cmdlet to view quarantined messages and files in your cloud-based organization. Files are quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). @@ -90,7 +88,7 @@ This example returns detailed information for the quarantined message with the s Get-QuarantineMessage -QuarantineTypes SPOMalware | Format-List ``` -This example returns detailed information for the files protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business and Microsoft Teams. +This example returns detailed information for the files protected by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. ## PARAMETERS @@ -254,14 +252,14 @@ The QuarantineTypes parameter filters the results by what caused the message to - Malware - Phish - Spam -- SPOMalware (ATP only) +- SPOMalware (Microsoft Defender for Office 365 only) - TransportRule You can specify multiple values separated by commas. You don't need to use this parameter with the Type parameter. -For files protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business and Microsoft Teams, the detection information can be found in CustomData field in the output. +For files protected by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams, the detection information can be found in CustomData field in the output. ```yaml Type: QuarantineMessageTypeEnum[] @@ -388,12 +386,12 @@ The Type parameter filters the results by what caused the message to be quaranti - HighConfPhish - Phish - Spam -- SPOMalware (ATP only) +- SPOMalware (Microsoft Defender for Office 365 only) - TransportRule You don't need to use this parameter with the QuarantineTypes parameter. -For files protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business and Microsoft Teams, the detection information can be found in CustomData field in the output. +For files protected by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams, the detection information can be found in CustomData field in the output. ```yaml Type: QuarantineMessageTypeEnum diff --git a/exchange/exchange-ps/exchange/Get-SafeAttachmentPolicy.md b/exchange/exchange-ps/exchange/Get-SafeAttachmentPolicy.md index a3ea03ca1c..acc7d16dbf 100644 --- a/exchange/exchange-ps/exchange/Get-SafeAttachmentPolicy.md +++ b/exchange/exchange-ps/exchange/Get-SafeAttachmentPolicy.md @@ -28,7 +28,7 @@ Get-SafeAttachmentPolicy [[-Identity] ] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Get-SafeAttachmentRule.md b/exchange/exchange-ps/exchange/Get-SafeAttachmentRule.md index a459896cff..04047425b2 100644 --- a/exchange/exchange-ps/exchange/Get-SafeAttachmentRule.md +++ b/exchange/exchange-ps/exchange/Get-SafeAttachmentRule.md @@ -29,7 +29,7 @@ Get-SafeAttachmentRule [[-Identity] ] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Get-SafeLinksAggregateReport.md b/exchange/exchange-ps/exchange/Get-SafeLinksAggregateReport.md index 5dbb0fe9f8..2a7d8e73d2 100644 --- a/exchange/exchange-ps/exchange/Get-SafeLinksAggregateReport.md +++ b/exchange/exchange-ps/exchange/Get-SafeLinksAggregateReport.md @@ -33,7 +33,7 @@ Get-SafeLinksAggregateReport ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. For the reporting period you specify, the cmdlet returns the following information: diff --git a/exchange/exchange-ps/exchange/Get-SafeLinksDetailReport.md b/exchange/exchange-ps/exchange/Get-SafeLinksDetailReport.md index 30579979f3..9064e7a7ce 100644 --- a/exchange/exchange-ps/exchange/Get-SafeLinksDetailReport.md +++ b/exchange/exchange-ps/exchange/Get-SafeLinksDetailReport.md @@ -37,7 +37,7 @@ Get-SafeLinksDetailReport [-Action ] ## DESCRIPTION The Get-SafeLinksDetailReport cmdlet returns information about URL clicks for the last 7 days. -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. This cmdlet returns the following information: @@ -52,7 +52,7 @@ This cmdlet returns the following information: - AppName - SourceId - Organization -- DetectedBy (ATP Safe Links) +- DetectedBy (Safe Links in Microsoft Defender for Office 365) - UrlType (currently empty) - Flags (0: Allowed 1: Blocked 2: ClickedEvenBlocked 3: ClickedDuringScan) diff --git a/exchange/exchange-ps/exchange/Get-SafeLinksPolicy.md b/exchange/exchange-ps/exchange/Get-SafeLinksPolicy.md index ac56d7a2c3..1a2cff1f7b 100644 --- a/exchange/exchange-ps/exchange/Get-SafeLinksPolicy.md +++ b/exchange/exchange-ps/exchange/Get-SafeLinksPolicy.md @@ -28,7 +28,7 @@ Get-SafeLinksPolicy [[-Identity] ] ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Get-SafeLinksRule.md b/exchange/exchange-ps/exchange/Get-SafeLinksRule.md index 0fb1da86c5..b19b3bb653 100644 --- a/exchange/exchange-ps/exchange/Get-SafeLinksRule.md +++ b/exchange/exchange-ps/exchange/Get-SafeLinksRule.md @@ -29,7 +29,7 @@ Get-SafeLinksRule [[-Identity] ] ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Get-SpoofMailReport.md b/exchange/exchange-ps/exchange/Get-SpoofMailReport.md index b3683fbe71..d25b962101 100644 --- a/exchange/exchange-ps/exchange/Get-SpoofMailReport.md +++ b/exchange/exchange-ps/exchange/Get-SpoofMailReport.md @@ -16,7 +16,7 @@ This cmdlet is available only in the cloud-based service. Use the Get-SpoofMailReport cmdlet to view information about insider spoofing in your cloud-based organization for the past 10 days. Insider spoofing is where the sender's email address in an inbound message appears to represent your organization, but the actual identity of the sender is different. Insider spoofing is a common tactic that's used in phishing messages to obtain user credentials or steal money. -This cmdlet is only available in Microsoft 365 Enterprise E5, or with Advanced Threat Protection licenses. +This cmdlet is only available in Microsoft 365 Enterprise E5 or Microsoft Defender for Office 365 licenses. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). @@ -38,7 +38,7 @@ Get-SpoofMailReport [-Action ] ``` ## DESCRIPTION -The spoof mail report is a feature in Advanced Threat Protection that you can use to query information about insider spoofing detections in the last 30 days. For the reporting period you specify, the Get-SpoofMailReport cmdlet returns the following information: +The spoof mail report is a feature in Defender for Office 36 that you can use to query information about insider spoofing detections in the last 30 days. For the reporting period you specify, the Get-SpoofMailReport cmdlet returns the following information: - Date: Date the message was sent. - Event Type: Typically, this value is SpoofMail. diff --git a/exchange/exchange-ps/exchange/Get-UrlTrace.md b/exchange/exchange-ps/exchange/Get-UrlTrace.md index 93363a0684..fbcf7b2a24 100644 --- a/exchange/exchange-ps/exchange/Get-UrlTrace.md +++ b/exchange/exchange-ps/exchange/Get-UrlTrace.md @@ -37,7 +37,7 @@ Get-UrlTrace ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For more information about Advanced Threat Protection Safe Links, see [Office 365 ATP Safe Links](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-links). +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. For more information about Safe Links protection, see [Safe Links in Microsoft Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-links). For the reporting period you specify, the cmdlet returns the following information: diff --git a/exchange/exchange-ps/exchange/New-AntiPhishPolicy.md b/exchange/exchange-ps/exchange/New-AntiPhishPolicy.md index 2bdb49eca5..f5069c490e 100644 --- a/exchange/exchange-ps/exchange/New-AntiPhishPolicy.md +++ b/exchange/exchange-ps/exchange/New-AntiPhishPolicy.md @@ -71,7 +71,7 @@ You need to be assigned permissions before you can run this cmdlet. Although thi New-AntiPhishPolicy -Name "Research Quarantine" -AdminDisplayName "Research department policy" -EnableOrganizationDomainsProtection $true -EnableTargetedDomainsProtection $true -TargetedDomainsToProtect fabrikam.com -TargetedDomainProtectionAction Quarantine -EnableTargetedUserProtection $true -TargetedUsersToProtect "Mai Fujito;mfujito@fabrikam.com" -TargetedUserProtectionAction Quarantine -EnableMailboxIntelligenceProtection $true -MailboxIntelligenceProtectionAction Quarantine -EnableSimilarUsersSafetyTips $true -EnableSimilarDomainsSafetyTips $true -EnableUnusualCharactersSafetyTips $true ``` -In Advanced Threat Protection, this example creates and enables an antiphish policy named Research Quarantine with the following settings: +In Microsoft Defender for Office 365, this example creates and enables an antiphish policy named Research Quarantine with the following settings: - The description is: Research department policy. - Enables organization domains protection for all accepted domains, and targeted domains protection for fabrikam.com. @@ -194,7 +194,7 @@ Accept wildcard characters: False ``` ### -EnableMailboxIntelligence -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (artificial intelligence that determines user email patterns with their frequent contacts). Valid values are: @@ -215,7 +215,7 @@ Accept wildcard characters: False ``` ### -EnableMailboxIntelligenceProtection -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives. Valid values are: @@ -236,7 +236,7 @@ Accept wildcard characters: False ``` ### -EnableOrganizationDomainsProtection -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Microsoft 365 organization. Valid values are: @@ -257,7 +257,7 @@ Accept wildcard characters: False ``` ### -EnableSimilarDomainsSafetyTips -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableSimilarDomainsSafetyTips parameter specifies whether to enable the safety tip that's shown to recipients for domain impersonation detections. Valid values are: @@ -278,7 +278,7 @@ Accept wildcard characters: False ``` ### -EnableSimilarUsersSafetyTips -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableSimilarUsersSafetyTips parameter specifies whether to enable the safety tip that's shown to recipients for user impersonation detections. Valid values are: @@ -299,7 +299,7 @@ Accept wildcard characters: False ``` ### -EnableTargetedDomainsProtection -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for a list of specified domains. Valid values are: @@ -320,7 +320,7 @@ Accept wildcard characters: False ``` ### -EnableTargetedUserProtection -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for a list of specified users. Valid values are: @@ -367,7 +367,7 @@ Accept wildcard characters: False ``` ### -EnableUnusualCharactersSafetyTips -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableUnusualCharactersSafetyTips parameter specifies whether to enable the safety tip that's shown to recipients for unusual characters in domain and user impersonation detections. Valid values are: @@ -388,7 +388,7 @@ Accept wildcard characters: False ``` ### -ExcludedDomains -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The ExcludedDomains parameter specifies an exception for impersonation protection that looks for the specified domains in the message sender. You can specify multiple domains separated by commas. @@ -406,7 +406,7 @@ Accept wildcard characters: False ``` ### -ExcludedSenders -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The ExcludedSenders parameter specifies an exception for impersonation protection that looks for the specified message sender. You can specify multiple email addresses separated by commas. @@ -424,7 +424,7 @@ Accept wildcard characters: False ``` ### -ImpersonationProtectionState -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The ImpersonationProtectionState parameter specifies the configuration of impersonation protection. Valid values are: @@ -446,7 +446,7 @@ Accept wildcard characters: False ``` ### -MailboxIntelligenceProtectionAction -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection. Valid values are: @@ -471,7 +471,7 @@ Accept wildcard characters: False ``` ### -MailboxIntelligenceProtectionActionRecipients -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage. @@ -491,7 +491,7 @@ Accept wildcard characters: False ``` ### -PhishThresholdLevel -This setting is part of advanced settings and is only available in Advanced Threat Protection. +This setting is part of advanced settings and is only available in Microsoft Defender for Office 365. The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages. Valid values are: @@ -546,7 +546,7 @@ Accept wildcard characters: False ``` ### -TargetedDomainActionRecipients -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. @@ -566,7 +566,7 @@ Accept wildcard characters: False ``` ### -TargetedDomainProtectionAction -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages. You specify the protected domains in the TargetedDomainsToProtect parameter. Valid values are: @@ -591,7 +591,7 @@ Accept wildcard characters: False ``` ### -TargetedDomainsToProtect -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true. @@ -611,7 +611,7 @@ Accept wildcard characters: False ``` ### -TargetedUserActionRecipients -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. @@ -632,7 +632,7 @@ Accept wildcard characters: False ``` ### -TargetedUserProtectionAction -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages. You specify the protected users in the TargetedUsersToProtect parameter. Valid values are: @@ -657,7 +657,7 @@ Accept wildcard characters: False ``` ### -TargetedUsersToProtect -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true. diff --git a/exchange/exchange-ps/exchange/New-SafeAttachmentPolicy.md b/exchange/exchange-ps/exchange/New-SafeAttachmentPolicy.md index ab42a8b40e..8df4ac6586 100644 --- a/exchange/exchange-ps/exchange/New-SafeAttachmentPolicy.md +++ b/exchange/exchange-ps/exchange/New-SafeAttachmentPolicy.md @@ -36,7 +36,7 @@ New-SafeAttachmentPolicy [-Name] ``` ## DESCRIPTION -Safe Attachments is a feature in Office 365 Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). New policies that you create using this cmdlet aren't applied to users and aren't visible in admin centers. You need to use the SafeAttachmentPolicy parameter on the New-SafeAttachmentRule or Set-SafeAttachmentRule cmdlets to associate the policy with a rule. diff --git a/exchange/exchange-ps/exchange/New-SafeAttachmentRule.md b/exchange/exchange-ps/exchange/New-SafeAttachmentRule.md index c68eb779e0..2d5bf21c46 100644 --- a/exchange/exchange-ps/exchange/New-SafeAttachmentRule.md +++ b/exchange/exchange-ps/exchange/New-SafeAttachmentRule.md @@ -43,7 +43,7 @@ You need to specify at least one condition for the rule. You need to add the safe attachment rule to an existing policy by using the SafeAttachmentPolicy parameter. You create safe attachment policies by using the New-SafeAttachmentPolicy cmdlet. -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/New-SafeLinksPolicy.md b/exchange/exchange-ps/exchange/New-SafeLinksPolicy.md index acb3ca4d50..3f5b96bbe6 100644 --- a/exchange/exchange-ps/exchange/New-SafeLinksPolicy.md +++ b/exchange/exchange-ps/exchange/New-SafeLinksPolicy.md @@ -43,7 +43,7 @@ New-SafeLinksPolicy [-Name] ``` ## DESCRIPTION -Safe Links is a feature in Office 365 Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. New policies that you create using this cmdlet aren't applied to users and aren't visible in admin centers. You need to use the SafeLinksPolicy parameter on the New-SafeLinksRule or Set-SafeLinksRule cmdlets to associate the policy with a rule. diff --git a/exchange/exchange-ps/exchange/New-SafeLinksRule.md b/exchange/exchange-ps/exchange/New-SafeLinksRule.md index 5f1515f6bc..9d47bb2e07 100644 --- a/exchange/exchange-ps/exchange/New-SafeLinksRule.md +++ b/exchange/exchange-ps/exchange/New-SafeLinksRule.md @@ -41,7 +41,7 @@ New-SafeLinksRule [-Name] -SafeLinksPolicy ## DESCRIPTION You need to specify at least one condition for the rule. -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Preview-QuarantineMessage.md b/exchange/exchange-ps/exchange/Preview-QuarantineMessage.md index 47abb882ab..b9da42598f 100644 --- a/exchange/exchange-ps/exchange/Preview-QuarantineMessage.md +++ b/exchange/exchange-ps/exchange/Preview-QuarantineMessage.md @@ -14,9 +14,7 @@ ms.reviewer: ## SYNOPSIS This cmdlet is available only in the cloud-based service. -Use the Preview-QuarantineMessage cmdlet to preview the contents of quarantined messages in your cloud-based organization. - -**Note**: This cmdlet isn't available for files that are protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business, and Microsoft Teams. +Use the Preview-QuarantineMessage cmdlet to preview the contents of quarantined messages in your cloud-based organization. This cmdlet doesn't work on files that were quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). diff --git a/exchange/exchange-ps/exchange/Release-QuarantineMessage.md b/exchange/exchange-ps/exchange/Release-QuarantineMessage.md index 909602cdef..414f3bd590 100644 --- a/exchange/exchange-ps/exchange/Release-QuarantineMessage.md +++ b/exchange/exchange-ps/exchange/Release-QuarantineMessage.md @@ -16,7 +16,7 @@ This cmdlet is available only in the cloud-based service. Use the Release-QuarantineMessage cmdlet to release messages from quarantine in your cloud-based organization. You can release messages to all original recipients, or to specific recipients. -For files that are protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business and Microsoft Teams, you can unblock the files in the respective team sites and document libraries by using the Release-QuarantineMessage cmdlet so users can access, share, and download the files. +For files that were quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams, you can unblock the files in the respective team sites and document libraries by using the Release-QuarantineMessage cmdlet so users can access, share, and download the files. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). @@ -102,10 +102,11 @@ This example releases all messages to all original recipients. ### Example 4 ```powershell -$q = Get-QuarantineMessage -QuarantineTypes SPOMalware; $q[-1] | Release-QuarantineMessage -ReleaseToAll +$q = Get-QuarantineMessage -QuarantineTypes SPOMalware +$q[-1] | Release-QuarantineMessage -ReleaseToAll ``` -This example releases a file that was quarantined as part of Office 365 Advanced Threat Protection. The first command stores all SharePoint Online, OneDrive for Business and Microsoft Teams quarantined files in the variable $q. The second command releases the last file in the list. For more information about elements in arrays and index numbers, see [Accessing and Using Array Elements](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_arrays#accessing-and-using-array-elements). +This example releases a file that was quarantined as part of Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. The first command stores all quarantined files in the variable $q. The second command releases the last file in the list. For more information about elements in arrays and index numbers, see [Accessing and Using Array Elements](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_arrays#accessing-and-using-array-elements). ## PARAMETERS diff --git a/exchange/exchange-ps/exchange/Remove-SafeAttachmentPolicy.md b/exchange/exchange-ps/exchange/Remove-SafeAttachmentPolicy.md index c6ac5385f6..2797c7974d 100644 --- a/exchange/exchange-ps/exchange/Remove-SafeAttachmentPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-SafeAttachmentPolicy.md @@ -31,7 +31,7 @@ Remove-SafeAttachmentPolicy [-Identity] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Remove-SafeAttachmentRule.md b/exchange/exchange-ps/exchange/Remove-SafeAttachmentRule.md index 757d090d4f..910272d44a 100644 --- a/exchange/exchange-ps/exchange/Remove-SafeAttachmentRule.md +++ b/exchange/exchange-ps/exchange/Remove-SafeAttachmentRule.md @@ -30,7 +30,7 @@ Remove-SafeAttachmentRule [-Identity] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Remove-SafeLinksPolicy.md b/exchange/exchange-ps/exchange/Remove-SafeLinksPolicy.md index e2ba998cab..acfdf5f4c4 100644 --- a/exchange/exchange-ps/exchange/Remove-SafeLinksPolicy.md +++ b/exchange/exchange-ps/exchange/Remove-SafeLinksPolicy.md @@ -33,7 +33,7 @@ Remove-SafeLinksPolicy [-Identity] ## DESCRIPTION You can't remove the default Safe Links policy (the policy where the IsDefault property is True). -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Remove-SafeLinksRule.md b/exchange/exchange-ps/exchange/Remove-SafeLinksRule.md index 1f7efabb42..f0279ccb88 100644 --- a/exchange/exchange-ps/exchange/Remove-SafeLinksRule.md +++ b/exchange/exchange-ps/exchange/Remove-SafeLinksRule.md @@ -30,7 +30,7 @@ Remove-SafeLinksRule [-Identity] ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Set-AntiPhishPolicy.md b/exchange/exchange-ps/exchange/Set-AntiPhishPolicy.md index 090c02fa2b..160d9dfdd4 100644 --- a/exchange/exchange-ps/exchange/Set-AntiPhishPolicy.md +++ b/exchange/exchange-ps/exchange/Set-AntiPhishPolicy.md @@ -73,7 +73,7 @@ This example modifies the default antiphish policy named Office365 AntiPhish Def Set-AntiPhishPolicy -Identity "Office365 AntiPhish Default" -EnableOrganizationDomainsProtection $true -EnableTargetedDomainsProtection $true -TargetedDomainsToProtect fabrikam.com -TargetedDomainProtectionAction Quarantine -EnableTargetedUserProtection $true -TargetedUsersToProtect "Mai Fujito;mfujito@fabrikam.com" -TargetedUserProtectionAction Quarantine -EnableMailboxIntelligenceProtection $true -MailboxIntelligenceProtectionAction Quarantine -EnableSimilarUsersSafetyTips $true -EnableSimilarDomainsSafetyTips $true -EnableUnusualCharactersSafetyTips $true ``` -In Advanced Threat Protection, this example modifies the default antiphish policy named Office365 AntiPhish Default with the following settings: +In Microsoft Defender for Office 365, this example modifies the default antiphish policy named Office365 AntiPhish Default with the following settings: - Enables organization domains protection for all accepted domains, and targeted domains protection for fabrikam.com. - Specifies Mai Fujito (mfujito@fabrikam.com) as a user to protect from impersonation. @@ -200,7 +200,7 @@ Accept wildcard characters: False ``` ### -EnableMailboxIntelligence -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (artificial intelligence that determines user email patterns with their frequent contacts). Valid values are:: @@ -221,7 +221,7 @@ Accept wildcard characters: False ``` ### -EnableMailboxIntelligenceProtection -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableMailboxIntelligenceProtection specifies whether to enable or disable enhanced impersonation results based on each user's individual sender map. This intelligence allows Microsoft 365 to customize user impersonation detection and better handle false positives. Valid values are: @@ -242,7 +242,7 @@ Accept wildcard characters: False ``` ### -EnableOrganizationDomainsProtection -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation protection for all registered domains in the Microsoft 365 organization. Valid values are: @@ -263,7 +263,7 @@ Accept wildcard characters: False ``` ### -EnableSimilarDomainsSafetyTips -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableSimilarDomainsSafetyTips parameter specifies whether to enable the safety tip that's shown to recipients for domain impersonation detections. Valid values are: @@ -284,7 +284,7 @@ Accept wildcard characters: False ``` ### -EnableSimilarUsersSafetyTips -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableSimilarUsersSafetyTips parameter specifies whether to enable the safety tip that's shown to recipients for user impersonation detections. Valid values are: @@ -305,7 +305,7 @@ Accept wildcard characters: False ``` ### -EnableTargetedDomainsProtection -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for a list of specified domains. Valid values are: @@ -326,7 +326,7 @@ Accept wildcard characters: False ``` ### -EnableTargetedUserProtection -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for a list of specified users. Valid values are: @@ -373,7 +373,7 @@ Accept wildcard characters: False ``` ### -EnableUnusualCharactersSafetyTips -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The EnableUnusualCharactersSafetyTips parameter specifies whether to enable the safety tip that's shown to recipients for unusual characters in domain and user impersonation detections. Valid values are: @@ -394,7 +394,7 @@ Accept wildcard characters: False ``` ### -ExcludedDomains -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The ExcludedDomains parameter specifies an exception for impersonation protection that looks for the specified domains in the message sender. You can specify multiple domains separated by commas. @@ -412,7 +412,7 @@ Accept wildcard characters: False ``` ### -ExcludedSenders -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The ExcludedSenders parameter specifies an exception for impersonation protection that looks for the specified message sender. You can specify multiple email addresses separated by commas. @@ -430,7 +430,7 @@ Accept wildcard characters: False ``` ### -ImpersonationProtectionState -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The ImpersonationProtectionState parameter specifies the configuration of impersonation protection. Valid values are: @@ -452,7 +452,7 @@ Accept wildcard characters: False ``` ### -MailboxIntelligenceProtectionAction -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox intelligence protection. Valid values are: @@ -477,7 +477,7 @@ Accept wildcard characters: False ``` ### -MailboxIntelligenceProtectionActionRecipients -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The MailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages when the MailboxIntelligenceProtectionAction parameter is set to the value Redirect or BccMessage. @@ -515,7 +515,7 @@ Accept wildcard characters: False ``` ### -PhishThresholdLevel -This setting is part of advanced settings and is only available in Advanced Threat Protection. +This setting is part of advanced settings and is only available in Microsoft Defender for Office 365. The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of phishing messages. Valid values are: @@ -554,7 +554,7 @@ Accept wildcard characters: False ``` ### -TargetedDomainActionRecipients -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation messages when the TargetedDomainProtectionAction parameter is set to the value Redirect or BccMessage. @@ -574,7 +574,7 @@ Accept wildcard characters: False ``` ### -TargetedDomainProtectionAction -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedDomainProtectionAction parameter specifies the action to take on detected domain impersonation messages. You specify the protected domains in the TargetedDomainsToProtect parameter. Valid values are: @@ -599,7 +599,7 @@ Accept wildcard characters: False ``` ### -TargetedDomainsToProtect -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation protection when the EnableTargetedDomainsProtection parameter is set to $true. @@ -619,7 +619,7 @@ Accept wildcard characters: False ``` ### -TargetedUserActionRecipients -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user impersonation messages when the TargetedUserProtectionAction parameter is set to the value Redirect or BccMessage. @@ -639,7 +639,7 @@ Accept wildcard characters: False ``` ### -TargetedUserProtectionAction -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedUserProtectionAction parameter specifies the action to take on detected user impersonation messages. You specify the protected users in the TargetedUsersToProtect parameter. Valid values are: @@ -664,7 +664,7 @@ Accept wildcard characters: False ``` ### -TargetedUsersToProtect -This setting is part of impersonation protection and is only available in Advanced Threat Protection. +This setting is part of impersonation protection and is only available in Microsoft Defender for Office 365. The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when the EnableTargetedUserProtection parameter is set to $true. diff --git a/exchange/exchange-ps/exchange/Set-AtpPolicyForO365.md b/exchange/exchange-ps/exchange/Set-AtpPolicyForO365.md index 701f50e800..5c01bed822 100644 --- a/exchange/exchange-ps/exchange/Set-AtpPolicyForO365.md +++ b/exchange/exchange-ps/exchange/Set-AtpPolicyForO365.md @@ -14,11 +14,11 @@ ms.reviewer: ## SYNOPSIS This cmdlet is available only in the cloud-based service. -Use the Set-AtpPolicyForO365 cmdlet to modify the Advanced Threat Protection (ATP) policy in Office 365. The ATP policy configures the following protections: +Use the Set-AtpPolicyForO365 cmdlet to modify the settings for the following features in Microsoft Defender for Office 365: -- Safe Links in supported Office 365 apps in Office 365 ATP. -- Safe Documents in Microsoft Defender Advanced Threat Protection (MDATP). -- ATP for SharePoint Online, OneDrive for Business and Microsoft Teams in Office 365 ATP. +- Safe Links protection for supported Office 365 apps. +- Safe Documents: Uses Microsoft Defender for Endpoint to scan documents and files that are opened in Protected View in Microsoft 365 apps for enterprise. +- Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. **Note**: We recommend that you use the Exchange Online PowerShell V2 module to connect to Exchange Online PowerShell. For instructions, see [Connect to Exchange Online PowerShell](https://docs.microsoft.com/powershell/exchange/connect-to-exchange-online-powershell). @@ -41,11 +41,11 @@ Set-AtpPolicyForO365 [[-Identity] ] ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages and other supported locations to see if they lead to malicious web sites. For more information, see [Safe Links in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-links). +Safe Links protection for Office 365 apps checks links in Office documents, not links in email messages. For more information, see [Safe Links settings for Office 365 apps](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-links#safe-links-settings-for-office-365-apps). -ATP for SharePoint Online, OneDrive for Business and Microsoft Teams prevents users from opening and downloading files that are identified as malicious. For more information, see [ATP for SharePoint, OneDrive, and Microsoft Teams](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). +Safe Documents scans documents and files that are opened in Protected View. For more information, see [Safe Documents in Microsoft 365 E5](https://docs.microsoft.com/microsoft-365/security/office-365-security/safe-docs). -Safe Documents in MDATP scans documents and files that are opened in Protected View. For more information, see [Safe Documents in Microsoft 365 E5](https://docs.microsoft.com/microsoft-365/security/office-365-security/safe-docs). +Safe Attachments for SharePoint, OneDrive, and Microsoft Teams prevents users from opening and downloading files that are identified as malicious. For more information, see [Safe Attachments for SharePoint, OneDrive, and Microsoft Teams](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-for-spo-odb-and-teams). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). @@ -56,12 +56,12 @@ You need to be assigned permissions before you can run this cmdlet. Although thi Set-AtpPolicyForO365 -EnableSafeLinksForClients $true -EnableATPForSPOTeamsODB $true ``` -This example enables Safe Links for Office 365 ProPlus clients and ATP for SharePoint Online, OneDrive for Business and Microsoft Teams. +This example enables Safe Documents and Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. ## PARAMETERS ### -Identity -The Identity parameter specifies the ATP policy that you want to modify. There's only one policy named Default. +The Identity parameter specifies the policy that you want to modify. There's only one policy named Default. ```yaml Type: AtpPolicyForO365IdParameter @@ -77,10 +77,10 @@ Accept wildcard characters: False ``` ### -AllowClickThrough -The AllowClickThrough parameter specifies whether to allow users to click through to the original blocked URL in supported Office 365 desktop, mobile, and web apps. Valid values are: +The AllowClickThrough parameter specifies whether to allow users to click through to the original blocked URL in Safe Links protection for Office apps. Valid values are: -- $true: Users are allowed to click through to the original URL in supported Office 365 apps. -- $false: Users aren't allowed to click through to the original URL in supported Office 365 apps. This is the default value. +- $true: Users are allowed to click through to the original URL in supported Office apps. +- $false: Users aren't allowed to click through to the original URL in supported Office apps. This is the default value. ```yaml Type: Boolean @@ -96,11 +96,13 @@ Accept wildcard characters: False ``` ### -AllowSafeDocsOpen -The AllowSafeDocsOpen parameter specifies whether users can click through and bypass the Protected View container even when Safe Documents in Microsoft Defender Advanced Threat Protection (MDATP) identifies a file as malicious. Valid values are: +The AllowSafeDocsOpen parameter specifies whether users can click through and bypass the Protected View container even when Safe Documents identifies a file as malicious. Valid values are: - $true: Users are allowed to exit the Protected View container even if the document has been identified as malicious. - $false: Users aren't allowed to exit Protected View in case of a malicious detection. +This parameter is meaningful only when the EnableSafeDocs parameter value is $true. + ```yaml Type: Boolean Parameter Sets: (All) @@ -115,7 +117,7 @@ Accept wildcard characters: False ``` ### -BlockUrls -The BlockUrls parameter specifies the URLs that are always blocked by Safe Links scanning in email messages, and supported Office 365 desktop and mobile apps. +The BlockUrls parameter specifies the URLs that are always blocked by Safe Links in email messages and Safe Links for Office 365 apps. To enter multiple values and overwrite any existing entries, use the following syntax: \,\,...\. If the values contain spaces or otherwise require quotation marks, you need to use the following syntax: "\","\",..."\". @@ -156,10 +158,10 @@ Accept wildcard characters: False ``` ### -EnableATPForSPOTeamsODB -The EnableATPForSPOTeamsODB parameter specifies whether ATP protection is enabled for files in SharePoint Online, OneDrive for Business and Microsoft Teams. Valid values are: +The EnableATPForSPOTeamsODB parameter enables or disables Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. Valid values are: -- $true: ATP protection is enabled for files in SharePoint Online, OneDrive for Business and Microsoft Teams. SharePoint Online admins can use the DisallowInfectedFileDownload parameter on the [Set-SPOTenant](https://docs.microsoft.com/powershell/module/sharepoint-online/Set-SPOTenant) cmdlet to control whether users are allowed to download files that are found to be malicious. -- $false: ATP protection is disabled for file in SharePoint Online, OneDrive for Business and Microsoft Teams. This is the default value. +- $true: Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is enabled. SharePoint Online admins can use the DisallowInfectedFileDownload parameter on the [Set-SPOTenant](https://docs.microsoft.com/powershell/module/sharepoint-online/Set-SPOTenant) cmdlet to control whether users are allowed to download files that are found to be malicious. +- $false: Safe Attachments for SharePoint, OneDrive, and Microsoft Teams is disabled. This is the default value. ```yaml Type: Boolean @@ -175,9 +177,9 @@ Accept wildcard characters: False ``` ### -EnableSafeDocs -The EnableSafeDocs parameter specifies whether to enable the Safe Documents feature in the organization. Valid values are: +The EnableSafeDocs parameter enables or disables Safe Documents in Microsoft 365 E5 or Microsoft 365 E5 Security organizations. Valid values are: -- $true: Safe Documents is enabled and will upload user files to Microsoft Defender Advanced Threat Protection (MDATP) for scanning and verification. +- $true: Safe Documents is enabled and will upload user files to Microsoft Defender for Endpoint for scanning and verification. - $false: Safe Documents is disabled. This is the default value. ```yaml @@ -194,7 +196,7 @@ Accept wildcard characters: False ``` ### -EnableSafeLinksForO365Clients -The EnableSafeLinksForO365Clients parameter specifies whether Safe Links scanning is enabled for supported Office 365 desktop, mobile, and web apps. Valid values are: +The EnableSafeLinksForO365Clients parameter enables or disables Safe Links for Office 365 apps. Valid values are: - $true: Safe Links scanning is enabled in supported Office 365 apps. This is the default value. - $false: Safe Links scanning is disabled in supported Office 365 apps. @@ -215,7 +217,7 @@ Accept wildcard characters: False ``` ### -TrackClicks -The TrackClicks parameter specifies whether to track user clicks related to blocked URLs in supported Office 365 apps. Valid values are: +The TrackClicks parameter specifies whether to track user clicks related to blocked URLs in Safe Links for Office 365 apps. Valid values are: - $true: User clicks in supported Office 365 apps are tracked. - $false: User clicks in supported Office 365 apps aren't tracked. This is the default value. diff --git a/exchange/exchange-ps/exchange/Set-SafeAttachmentPolicy.md b/exchange/exchange-ps/exchange/Set-SafeAttachmentPolicy.md index f4c88801c4..59637e2853 100644 --- a/exchange/exchange-ps/exchange/Set-SafeAttachmentPolicy.md +++ b/exchange/exchange-ps/exchange/Set-SafeAttachmentPolicy.md @@ -36,7 +36,7 @@ Set-SafeAttachmentPolicy [-Identity] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Set-SafeAttachmentRule.md b/exchange/exchange-ps/exchange/Set-SafeAttachmentRule.md index 00f3138408..74d6d9c651 100644 --- a/exchange/exchange-ps/exchange/Set-SafeAttachmentRule.md +++ b/exchange/exchange-ps/exchange/Set-SafeAttachmentRule.md @@ -40,7 +40,7 @@ Set-SafeAttachmentRule [-Identity] ``` ## DESCRIPTION -Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Office 365 ATP](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). +Safe Attachments is a feature in Microsoft Defender for Office 365 that opens email attachments in a special hypervisor environment to detect malicious activity. For more information, see [Safe Attachments in Defender for Office 365](https://docs.microsoft.com/microsoft-365/security/office-365-security/atp-safe-attachments). You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Set-SafeLinksPolicy.md b/exchange/exchange-ps/exchange/Set-SafeLinksPolicy.md index 19bcd93f4e..3bb7d14cdd 100644 --- a/exchange/exchange-ps/exchange/Set-SafeLinksPolicy.md +++ b/exchange/exchange-ps/exchange/Set-SafeLinksPolicy.md @@ -43,7 +43,7 @@ Set-SafeLinksPolicy [-Identity] ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Set-SafeLinksRule.md b/exchange/exchange-ps/exchange/Set-SafeLinksRule.md index 2cfdb65e9f..4b7855bf92 100644 --- a/exchange/exchange-ps/exchange/Set-SafeLinksRule.md +++ b/exchange/exchange-ps/exchange/Set-SafeLinksRule.md @@ -40,7 +40,7 @@ Set-SafeLinksRule [-Identity] ``` ## DESCRIPTION -Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. +Safe Links is a feature in Microsoft Defender for Office 365 that checks links in email messages to see if they lead to malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has clicked through to a malicious web site. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see [Find the permissions required to run any Exchange cmdlet](https://docs.microsoft.com/powershell/exchange/find-exchange-cmdlet-permissions). diff --git a/exchange/exchange-ps/exchange/Start-HistoricalSearch.md b/exchange/exchange-ps/exchange/Start-HistoricalSearch.md index 57675cd76e..74018a43b4 100644 --- a/exchange/exchange-ps/exchange/Start-HistoricalSearch.md +++ b/exchange/exchange-ps/exchange/Start-HistoricalSearch.md @@ -101,17 +101,17 @@ Accept wildcard characters: False ### -ReportType The ReportType parameter specifies the type of historical search that you want to perform. You can use one of the following values: -- ATPReport: Advanced Threat Protection File Types Report and Advanced Threat Protection Message Disposition Report -- ATPV2: Exchange Online Protection and Advanced Threat Protection E-mail Malware Report. -- ATPDocument: Advanced Threat Protection Content Malware Report for files in SharePoint, OneDrive and Microsoft Teams. +- ATPReport: Defender for Office 365 File types report and Defender for Office 365 Message disposition report +- ATPV2: Exchange Online Protection and Defender for Office 365 Malware detection in email report. +- ATPDocument: Defender for Office 365 Content Malware Report for Safe Attachments for SharePoint, OneDrive, and Microsoft Teams. - DLP: Data Loss Prevention Report. - Malware: Malware Detections Report. - MessageTrace: Message Trace Report. - MessageTraceDetail: Message Trace Details Report. -- Phish: Exchange Online Protection and Advanced Threat Protection E-mail Phish Report. +- Phish: Exchange Online Protection and Defender for Office 365 E-mail Phish Report. - SPAM: SPAM Detections Report. - Spoof: Spoof Mail Report. -- TransportRule: Transport or Mail FLow Rules Report. +- TransportRule: Transport or Mail Flow Rules Report. - UnifiedDLP: Unified Data Loss Prevention Report. You also need to specify at least one of the following values in the command: MessageID, RecipientAddress, or SenderAddress.