Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

prevention

31 Topics

Build custom email security reporting with Microsoft Defender for Office 365 and PowerBI
Sharing how to leverage PowerBI to visualize email security reporting details with Microsoft Defender for Office 365
FaithEbenezerOquong
Mar 06, 2025 Place Microsoft Defender for Office 365 Blog
38KViews
8likes
11Comments
No URL Detection in Emails with Extensive %2580 Encoding
Hi Community, I encountered a concerning issue where emails containing URLs with extensive encoding (%2580) completely bypassed all detection and security mechanisms. These encoded URLs weren’t identified as links, which allowed them to evade security scanning. Issue Details: The email contained malicious URLs encoded with %2580. The URLs were not flagged or identified as links, allowing the payload to bypass filters entirely. Questions: Has anyone else encountered similar issues with encoded URLs bypassing detection? What’s the best process to submit this email to Microsoft for analysis and improvements to detection mechanisms, since no URL's were identified? Looking forward to your input and recommendations. Thanks in advance!
Marnik
Feb 03, 2025 Place Microsoft Defender for Office 365
231Views
0likes
4Comments
Build custom email security reports and dashboards with workbooks in Microsoft Sentinel
Security teams in both small and large organizations track key metrics to make critical security decisions and identify meaningful trends in their organizations. Defender for Office 365 has rich, built-in reporting capabilities that provide insights into your security posture to support these needs. However, sometimes security teams require custom reporting solutions to create dedicated views, combine multiple data sources, and get additional insights to meet their needs. We previously shared an example of how you can leverage Power BI and the Microsoft Defender XDR Advanced Hunting APIs to build a custom dashboard and shared a template that you can customize and extend. In this blog, we will showcase how you can use workbooks in Microsoft Sentinel to build a custom dashboard for Defender for Office 365. We will also share an example workbook that is now available and can be customized based on your organization’s needs. Why use workbooks in Microsoft Sentinel? There are many potential benefits to using workbooks if you already use Microsoft Sentinel and already stream the hunting data tables for Defender for Office 365: You can choose to store data for a longer period of time via configuring longer retention for tables you use for your workbooks. For example you can store Defender for Office 365 EmailEvents table data for 1 year and build visuals over longer period of time. You can customize your visuals easily based on your organization’s needs. You can configure auto-refresh for the workbook to keep the data shown up to date. You can access ready to use workbook templates and customize them if it's needed. Getting started After you connect your data sources to Microsoft Sentinel, you can visualize and monitor the data using workbooks in Microsoft Sentinel. Ensure that Microsoft Defender XDR is installed in your Microsoft Sentinel instance, so you can use Defender for Office 365 data with a few simple steps. Detection and other Defender for Office 365 insights are already available as raw data in the Microsoft Defender XDR advanced hunting tables: EmailEvents - contains information about all emails EmailAttachmentInfo - contains information about attachments in emails EmailUrlInfo - contains information about URLs in emails EmailPostDeliveryEvents – contains information about Zero-hour auto purge (ZAP) or Manual remediation events UrlClickEvents - contains information about Safe Links clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps. CloudAppEvents – CloudAppEvents can be used to visualize user reported Phish emails and Admin submissions with Defender for Office 365. The Microsoft Defender XDR solution in Microsoft Sentinel provides a connector to stream the above data continuously into Microsoft Sentinel. Microsoft Sentinel then allows you to create custom workbooks across your data or use existing workbook templates available with packaged solutions or as standalone content from the content hub. How to access the workbook template We are excited to share a new workbook template for Defender for Office 365 detection and data visualization, which is available in the Microsoft Sentinel Content hub. The workbook is part of the Microsoft Defender XDR solution. If you are already using our solution, this update is now available for you. If you are installing the Microsoft Defender XDR solution for the first time, this workbook will be available automatically after installation. After the Microsoft Defender XDR solution is installed (or updated to the latest available version), simply navigate to the Workbooks area in Microsoft Sentinel and on the Templates tab select Microsoft Defender for Office 365 Detection and Insights. Using the “View Template” action loads the workbook. What insights are available in the template? The template has the following sections with each section deep diving into various areas of email security, providing details and insights to security team members: Detection overview Email - Malware Detections Email - Phish Detections Email - Spam Detections Email - Business Compromise Detections (BEC) Email - Sender Authentication based Detections URL Detections and Clicks Email - Top Users/Senders Email - Detection Overrides False Negative/Positive Submissions File - Malware Detections (SharePoint, Teams and OneDrive) Post Delivery Detections and Admin Actions Email - Malware Detections Email - Business Compromise Detections (BEC) Email - Sender Authentication based Detections URL Detections and Clicks False Negative/Positive Submissions File - Malware Detections (SharePoint, Teams and OneDrive) Post Delivery Detections and Admin Actions Can I customize the workbook? Yes, absolutely. Based on the email attributes in the Advanced Hunting schema, you can define more functions and visuals as needed. For example, you can use the DetectionMethods field to analyse detections caught by capabilities like Spoof detections, Safe Attachment, and detection for emails containing URLs extracted from QR codes. You can also bring other data sources into Microsoft Sentinel as tables and use them when creating visuals in the workbook. This sample workbook is a powerful showcase for how you can use the Defender for Office 365 raw detection data to visualize email security detection insights directly in Microsoft Sentinel. It enables organizations to easily create customized dashboards that can help them analyse, track their threat landscape, and respond quickly—based on unique requirements. Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. More information Integrate Microsoft Defender XDR with Microsoft Sentinel. Learn more about Microsoft Sentinel workbooks. Microsoft Defender for Office 365 Detection Details Report – Updated Power BI template for Microsoft Sentinel and Log Analytics Learn more about Microsoft Defender XDR.
dmozes
Jan 08, 2025 Place Microsoft Defender for Office 365 Blog
3.7KViews
6likes
0Comments
Email Protection Basics in Microsoft 365: Spam & Phish
This blog is part two in a series aimed at demystifying how email protection works in Microsoft 365.
alexhudish
Aug 12, 2024 Place Microsoft Defender for Office 365 Blog
38KViews
10likes
11Comments
Protect your organizations against QR code phishing with Defender for Office 365
QR code phishing campaigns have most recently become the fastest growing type of email-based attack. These types of attacks are growing and embed QR code images linked to malicious content directly into the email body, to evade detection. They often entice unwitting users with seemingly genuine prompts, like a password reset or a two-factor authentication request. Microsoft Defender for Office 365 is continuously adapting as threat actors evolve their methodologies. In this blog post we’ll share more details on how we’re helping defenders address this threat and keeping end-users safe.
UrjaGandhi
May 21, 2024 Place Microsoft Defender for Office 365 Blog
74KViews
13likes
24Comments
capability to detect password protected files to during the email delivery and ZAP process of the e
Does M365 Defender & EOP has capability to detect password protected files to during the email delivery and ZAP process of the email in user mailbox? If yes how we can configure to stop such emails and put them into quarantine and stop the email delivery to end users? I have another follow-up question on this is that if we deploy this Transport rule to quarantine false or parked domains emails like phishing or spam and unwanted emails then how we would filter and allow the legit email domains to send out such files like .PDF, Docs, excel and other password protected files to users mailbox without putting them into Quarantine?
VinodS2020
Dec 19, 2023 Place Microsoft Defender for Office 365
2.3KViews
0likes
3Comments
Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)
How can I enable quarantine notifications for the preset strict protection policies. There is no way to assign a quarantine policy to strict protection policies.
Solved
Kiril
Dec 11, 2023 Place Microsoft Defender for Office 365
11KViews
0likes
19Comments
Email Protection Basics in Microsoft 365: Spoof and Impersonation
This blog is part three in a series aimed at demystifying how email protection works in Microsoft 365.
AndrewStobart
Nov 09, 2023 Place Microsoft Defender for Office 365 Blog
59KViews
9likes
0Comments
Simplifying the Quarantine Experience - Part Two
Announcing additional updates to the quarantine experience in Microsoft Defender for Office 365
FaithEbenezerOquong
Aug 02, 2023 Place Microsoft Defender for Office 365 Blog
29KViews
10likes
68Comments
How to classify E-Mails with *.html or *.htm attachments as spam?
A tenant is receiving currently an enormous amount of phishing emails with *.html or *.htm attachments. 99% of the e-mail which contain such an attachment are phishing e-mails. What's the best approach to filter out those e-mails? They are using the standard protection threat policies.
Kiril
Jul 21, 2023 Place Microsoft Defender for Office 365
6.1KViews
1like
9Comments

"}},"componentScriptGroups({\"componentId\":\"custom.widget.MicrosoftFooter\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSolvedBadge\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSolvedBadge-1745505309992"}],"cachedText({\"lastModified\":\"1745505309992\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745505309992"}]},"CachedAsset:pages-1745160780925":{"__typename":"CachedAsset","id":"pages-1745160780925","value":[{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"UserBlogPermissions.Page","type":"COMMUNITY","urlPath":"/c/user-blog-permissions/page","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"AllEvents","type":"CUSTOM","urlPath":"/Events","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"CommunityHub.Page","type":"CUSTOM","urlPath":"/Directory","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"AllBlogs.Page","type":"CUSTOM","urlPath":"/blogs","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745160780925,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Deleted","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"MMM dd yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":"en","possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"CachedAsset:theme:customTheme1-1745160780424":{"__typename":"CachedAsset","id":"theme:customTheme1-1745160780424","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["default"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"favicon-1730836283320.png","imageLastModified":"1730836286415","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"favicon-1730836271365.png","imageLastModified":"1730836274203","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1300px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_BROWSER","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"3px","borderRadius":"3px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"16px","paddingXHero":"60px","fontStyle":"NORMAL","fontWeight":"700","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-200)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-200)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"LIGHT","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-link-color)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#4099E2","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#148563","blogColor":"#1CBAA0","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#4C6B90","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#FF8000","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#D13A1F","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#333333","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#717171","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0069D4","secondary":"#333333","bodyText":"#1E1E1E","bodyBg":"#FFFFFF","info":"#409AE2","success":"#41C5AE","warning":"#FCC844","danger":"#BC341B","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#D3F5A4","#243A5E"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Segoe UI","fontStyle":"NORMAL","fontWeight":"400","h1FontSize":"34px","h2FontSize":"32px","h3FontSize":"28px","h4FontSize":"24px","h5FontSize":"20px","h6FontSize":"16px","lineHeight":"1.3","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":"","imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"40px","defaultMessageHeaderMarginBottom":"20px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"40px","specialMessageHeaderMarginBottom":"20px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Segoe UI","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.5","fontSizeBase":"16px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"14px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"SERVER","name":"Segoe UI","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"},{"style":"NORMAL","weight":"300","__typename":"FontStyleData"},{"style":"NORMAL","weight":"600","__typename":"FontStyleData"},{"style":"NORMAL","weight":"700","__typename":"FontStyleData"},{"style":"ITALIC","weight":"400","__typename":"FontStyleData"}],"assetNames":["SegoeUI-normal-400.woff2","SegoeUI-normal-300.woff2","SegoeUI-normal-600.woff2","SegoeUI-normal-700.woff2","SegoeUI-italic-400.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"MWF Fluent Icons","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"}],"assetNames":["MWFFluentIcons-normal-400.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1745505309992","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1745505309992","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1745505309992","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"CachedAsset:quilt:o365.prod:pages/tags/TagPage:community:gxcuf89792-1745502712767":{"__typename":"CachedAsset","id":"quilt:o365.prod:pages/tags/TagPage:community:gxcuf89792-1745502712767","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:quiltWrapper:o365.prod:Common:1745505311086":{"__typename":"CachedAsset","id":"quiltWrapper:o365.prod:Common:1745505311086","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"community.widget.navbarWidget","props":{"showUserName":true,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"className":"QuiltComponent_lia-component-edit-mode__0nCcm","links":{"sideLinks":[],"mainLinks":[{"children":[],"linkType":"INTERNAL","id":"gxcuf89792","params":{},"routeName":"CommunityPage"},{"children":[],"linkType":"EXTERNAL","id":"external-link","url":"/Directory","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft365","params":{"categoryId":"microsoft365"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows","params":{"categoryId":"Windows"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-microsoft365-copilot-link","params":{"categoryId":"Microsoft365Copilot"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-teams","params":{"categoryId":"MicrosoftTeams"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-securityand-compliance","params":{"categoryId":"microsoft-security"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"azure","params":{"categoryId":"Azure"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-content_management-link","params":{"categoryId":"Content_Management"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"exchange","params":{"categoryId":"Exchange"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows-server","params":{"categoryId":"Windows-Server"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"outlook","params":{"categoryId":"Outlook"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-endpoint-manager","params":{"categoryId":"microsoftintune"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-2","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities","url":"/","target":"BLANK"},{"children":[{"linkType":"INTERNAL","id":"a-i","params":{"categoryId":"AI"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"education-sector","params":{"categoryId":"EducationSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"partner-community","params":{"categoryId":"PartnerCommunity"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"i-t-ops-talk","params":{"categoryId":"ITOpsTalk"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"healthcare-and-life-sciences","params":{"categoryId":"HealthcareAndLifeSciences"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-mechanics","params":{"categoryId":"MicrosoftMechanics"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"public-sector","params":{"categoryId":"PublicSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"s-m-b","params":{"categoryId":"MicrosoftforNonprofits"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"io-t","params":{"categoryId":"IoT"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"startupsat-microsoft","params":{"categoryId":"StartupsatMicrosoft"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"driving-adoption","params":{"categoryId":"DrivingAdoption"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-1","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities-1","url":"/","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external","url":"/Blogs","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external-1","url":"/Events","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft-learn-1","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-learn-blog","params":{"boardId":"MicrosoftLearnBlog","categoryId":"MicrosoftLearn"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"external-10","url":"https://learningroomdirectory.microsoft.com/","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-3","url":"https://docs.microsoft.com/learn/dynamics365/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-4","url":"https://docs.microsoft.com/learn/m365/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-5","url":"https://docs.microsoft.com/learn/topics/sci/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-6","url":"https://docs.microsoft.com/learn/powerplatform/?wt.mc_id=techcom_header-webpage-powerplatform","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-7","url":"https://docs.microsoft.com/learn/github/?wt.mc_id=techcom_header-webpage-github","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-8","url":"https://docs.microsoft.com/learn/teams/?wt.mc_id=techcom_header-webpage-teams","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-9","url":"https://docs.microsoft.com/learn/dotnet/?wt.mc_id=techcom_header-webpage-dotnet","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-2","url":"https://docs.microsoft.com/learn/azure/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"}],"linkType":"INTERNAL","id":"microsoft-learn","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"community-info-center","params":{"categoryId":"Community-Info-Center"},"routeName":"CategoryPage"}]},"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","controllerHighlightColor":"hsla(30, 100%, 50%)","linkFontWeight":"400","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkBoxShadowHover":"none","linkFontSize":"14px","backgroundOpacity":0.8,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","hamburgerColor":"var(--lia-nav-controller-icon-color)","linkTextBorderBottom":"none","brandLogoHeight":"30px","linkBgHoverColor":"transparent","linkLetterSpacing":"normal","collapseMenuDividerOpacity":0.16,"dropdownPaddingBottom":"15px","paddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"1px solid var(--lia-bs-border-color)","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","collapseMenuDividerBg":"var(--lia-nav-link-color)","linkColor":"var(--lia-bs-body-color)","linkJustifyContent":"flex-start","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-body-color)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid var(--lia-bs-body-color)","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","linkPaddingX":"10px","linkPaddingY":"5px","paddingTop":"15px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkBgColor":"transparent","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-body-color)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-body-color)"},"showSearchIcon":false,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"transparent","linkHighlightColor":"var(--lia-bs-primary)","visualEffects":{"showBottomBorder":true},"linkTextColor":"var(--lia-bs-gray-700)"},"__typename":"QuiltComponent"},{"id":"custom.widget.community_banner","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"usePageWidth":false,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.HeroBanner","props":{"widgetVisibility":"signedInOrAnonymous","usePageWidth":false,"useTitle":true,"cMax_items":3,"useBackground":false,"title":"","lazyLoad":false,"widgetChooser":"custom.widget.HeroBanner"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.MicrosoftFooter","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1745505309992","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.community_banner-en-1745160816752":{"__typename":"CachedAsset","id":"component:custom.widget.community_banner-en-1745160816752","value":{"component":{"id":"custom.widget.community_banner","template":{"id":"community_banner","markupLanguage":"HANDLEBARS","style":".community-banner {\n a.top-bar.btn {\n top: 0px;\n width: 100%;\n z-index: 999;\n text-align: center;\n left: 0px;\n background: #0068b8;\n color: white;\n padding: 10px 0px;\n display: block;\n box-shadow: none !important;\n border: none !important;\n border-radius: none !important;\n margin: 0px !important;\n font-size: 14px;\n }\n}\n","texts":null,"defaults":{"config":{"applicablePages":[],"description":"community announcement text","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.community_banner","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"community announcement text","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_community_banner_community-banner_1x9u2_1 {\n a.custom_widget_community_banner_top-bar_1x9u2_2.custom_widget_community_banner_btn_1x9u2_2 {\n top: 0;\n width: 100%;\n z-index: 999;\n text-align: center;\n left: 0;\n background: #0068b8;\n color: white;\n padding: 0.625rem 0;\n display: block;\n box-shadow: none !important;\n border: none !important;\n border-radius: none !important;\n margin: 0 !important;\n font-size: 0.875rem;\n }\n}\n","tokens":{"community-banner":"custom_widget_community_banner_community-banner_1x9u2_1","top-bar":"custom_widget_community_banner_top-bar_1x9u2_2","btn":"custom_widget_community_banner_btn_1x9u2_2"}},"form":null},"localOverride":false},"CachedAsset:component:custom.widget.HeroBanner-en-1745160816752":{"__typename":"CachedAsset","id":"component:custom.widget.HeroBanner-en-1745160816752","value":{"component":{"id":"custom.widget.HeroBanner","template":{"id":"HeroBanner","markupLanguage":"REACT","style":null,"texts":{"searchPlaceholderText":"Search this community","followActionText":"Follow","unfollowActionText":"Following","searchOnHoverText":"Please enter your search term(s) and then press return key to complete a search.","blogs.sidebar.pagetitle":"Latest Blogs | Microsoft Tech Community","followThisNode":"Follow this node","unfollowThisNode":"Unfollow this node"},"defaults":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.HeroBanner","form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"__typename":"Component","localOverride":false},"globalCss":null,"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"}},"localOverride":false},"CachedAsset:component:custom.widget.MicrosoftFooter-en-1745160816752":{"__typename":"CachedAsset","id":"component:custom.widget.MicrosoftFooter-en-1745160816752","value":{"component":{"id":"custom.widget.MicrosoftFooter","template":{"id":"MicrosoftFooter","markupLanguage":"HANDLEBARS","style":".context-uhf {\n min-width: 280px;\n font-size: 15px;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.c-uhff-link {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.c-uhff {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.c-uhff-nav {\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n .c-heading-4 {\n color: #616161;\n word-break: break-word;\n font-size: 15px;\n line-height: 20px;\n padding: 36px 0 4px;\n font-weight: 600;\n }\n .c-uhff-nav-row {\n .c-uhff-nav-group {\n display: block;\n float: left;\n min-height: 1px;\n vertical-align: text-top;\n padding: 0 12px;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.c-list.f-bare {\n font-size: 11px;\n line-height: 16px;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 8px 0;\n margin: 0;\n }\n }\n }\n }\n}\n.c-uhff-base {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 30px 5% 16px;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.c-uhff-ccpa {\n font-size: 11px;\n line-height: 16px;\n float: left;\n margin: 3px 0;\n }\n a.c-uhff-ccpa:hover {\n text-decoration: underline;\n }\n ul.c-list {\n font-size: 11px;\n line-height: 16px;\n float: right;\n margin: 3px 0;\n color: #616161;\n li {\n padding: 0 24px 4px 0;\n display: inline-block;\n }\n }\n .c-list.f-bare {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 30px 24px 16px;\n }\n}\n\n.social-share {\n position: fixed;\n top: 60%;\n transform: translateY(-50%);\n left: 0;\n z-index: 1000;\n}\n\n.sharing-options {\n list-style: none;\n padding: 0;\n margin: 0;\n display: block;\n flex-direction: column;\n background-color: white;\n width: 43px;\n border-radius: 0px 7px 7px 0px;\n}\n.linkedin-icon {\n border-top-right-radius: 7px;\n}\n.linkedin-icon:hover {\n border-radius: 0;\n}\n.social-share-rss-image {\n border-bottom-right-radius: 7px;\n}\n.social-share-rss-image:hover {\n border-radius: 0;\n}\n\n.social-link-footer {\n position: relative;\n display: block;\n margin: -2px 0;\n transition: all 0.2s ease;\n}\n.social-link-footer:hover .linkedin-icon {\n border-radius: 0;\n}\n.social-link-footer:hover .social-share-rss-image {\n border-radius: 0;\n}\n\n.social-link-footer img {\n width: 40px;\n height: auto;\n transition: filter 0.3s ease;\n}\n\n.social-share-list {\n width: 40px;\n}\n.social-share-rss-image {\n width: 40px;\n}\n\n.share-icon {\n border: 2px solid transparent;\n display: inline-block;\n position: relative;\n}\n\n.share-icon:hover {\n opacity: 1;\n border: 2px solid white;\n box-sizing: border-box;\n}\n\n.share-icon:hover .label {\n opacity: 1;\n visibility: visible;\n border: 2px solid white;\n box-sizing: border-box;\n border-left: none;\n}\n\n.label {\n position: absolute;\n left: 100%;\n white-space: nowrap;\n opacity: 0;\n visibility: hidden;\n transition: all 0.2s ease;\n color: white;\n border-radius: 0 10 0 10px;\n top: 50%;\n transform: translateY(-50%);\n height: 40px;\n border-radius: 0 6px 6px 0;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 20px 5px 20px 8px;\n margin-left: -1px;\n}\n.linkedin {\n background-color: #0474b4;\n}\n.facebook {\n background-color: #3c5c9c;\n}\n.twitter {\n background-color: white;\n color: black;\n}\n.reddit {\n background-color: #fc4404;\n}\n.mail {\n background-color: #848484;\n}\n.bluesky {\n background-color: white;\n color: black;\n}\n.rss {\n background-color: #ec7b1c;\n}\n#RSS {\n width: 40px;\n height: 40px;\n}\n\n@media (max-width: 991px) {\n .social-share {\n display: none;\n }\n}\n","texts":{"New tab":"What's New","New 1":"Surface Laptop Studio 2","New 2":"Surface Laptop Go 3","New 3":"Surface Pro 9","New 4":"Surface Laptop 5","New 5":"Surface Studio 2+","New 6":"Copilot in Windows","New 7":"Microsoft 365","New 8":"Windows 11 apps","Store tab":"Microsoft Store","Store 1":"Account Profile","Store 2":"Download Center","Store 3":"Microsoft Store Support","Store 4":"Returns","Store 5":"Order tracking","Store 6":"Certified Refurbished","Store 7":"Microsoft Store Promise","Store 8":"Flexible Payments","Education tab":"Education","Edu 1":"Microsoft in education","Edu 2":"Devices for education","Edu 3":"Microsoft Teams for Education","Edu 4":"Microsoft 365 Education","Edu 5":"How to buy for your school","Edu 6":"Educator Training and development","Edu 7":"Deals for students and parents","Edu 8":"Azure for students","Business tab":"Business","Bus 1":"Microsoft Cloud","Bus 2":"Microsoft Security","Bus 3":"Dynamics 365","Bus 4":"Microsoft 365","Bus 5":"Microsoft Power Platform","Bus 6":"Microsoft Teams","Bus 7":"Microsoft Industry","Bus 8":"Small Business","Developer tab":"Developer & IT","Dev 1":"Azure","Dev 2":"Developer Center","Dev 3":"Documentation","Dev 4":"Microsoft Learn","Dev 5":"Microsoft Tech Community","Dev 6":"Azure Marketplace","Dev 7":"AppSource","Dev 8":"Visual Studio","Company tab":"Company","Com 1":"Careers","Com 2":"About Microsoft","Com 3":"Company News","Com 4":"Privacy at Microsoft","Com 5":"Investors","Com 6":"Diversity and inclusion","Com 7":"Accessiblity","Com 8":"Sustainibility"},"defaults":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.MicrosoftFooter","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_MicrosoftFooter_context-uhf_105bp_1 {\n min-width: 17.5rem;\n font-size: 0.9375rem;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-link_105bp_12 {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff_105bp_12 {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.custom_widget_MicrosoftFooter_c-uhff-nav_105bp_35 {\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n .custom_widget_MicrosoftFooter_c-heading-4_105bp_49 {\n color: #616161;\n word-break: break-word;\n font-size: 0.9375rem;\n line-height: 1.25rem;\n padding: 2.25rem 0 0.25rem;\n font-weight: 600;\n }\n .custom_widget_MicrosoftFooter_c-uhff-nav-row_105bp_57 {\n .custom_widget_MicrosoftFooter_c-uhff-nav-group_105bp_58 {\n display: block;\n float: left;\n min-height: 0.0625rem;\n vertical-align: text-top;\n padding: 0 0.75rem;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.custom_widget_MicrosoftFooter_c-list_105bp_78.custom_widget_MicrosoftFooter_f-bare_105bp_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 0.5rem 0;\n margin: 0;\n }\n }\n }\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff-base_105bp_94 {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 1.875rem 5% 1rem;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_105bp_107 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: left;\n margin: 0.1875rem 0;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_105bp_107:hover {\n text-decoration: underline;\n }\n ul.custom_widget_MicrosoftFooter_c-list_105bp_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: right;\n margin: 0.1875rem 0;\n color: #616161;\n li {\n padding: 0 1.5rem 0.25rem 0;\n display: inline-block;\n }\n }\n .custom_widget_MicrosoftFooter_c-list_105bp_78.custom_widget_MicrosoftFooter_f-bare_105bp_78 {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 1.875rem 1.5rem 1rem;\n }\n}\n.custom_widget_MicrosoftFooter_social-share_105bp_138 {\n position: fixed;\n top: 60%;\n transform: translateY(-50%);\n left: 0;\n z-index: 1000;\n}\n.custom_widget_MicrosoftFooter_sharing-options_105bp_146 {\n list-style: none;\n padding: 0;\n margin: 0;\n display: block;\n flex-direction: column;\n background-color: white;\n width: 2.6875rem;\n border-radius: 0 0.4375rem 0.4375rem 0;\n}\n.custom_widget_MicrosoftFooter_linkedin-icon_105bp_156 {\n border-top-right-radius: 7px;\n}\n.custom_widget_MicrosoftFooter_linkedin-icon_105bp_156:hover {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162 {\n border-bottom-right-radius: 7px;\n}\n.custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162:hover {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169 {\n position: relative;\n display: block;\n margin: -0.125rem 0;\n transition: all 0.2s ease;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169:hover .custom_widget_MicrosoftFooter_linkedin-icon_105bp_156 {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169:hover .custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162 {\n border-radius: 0;\n}\n.custom_widget_MicrosoftFooter_social-link-footer_105bp_169 img {\n width: 2.5rem;\n height: auto;\n transition: filter 0.3s ease;\n}\n.custom_widget_MicrosoftFooter_social-share-list_105bp_188 {\n width: 2.5rem;\n}\n.custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162 {\n width: 2.5rem;\n}\n.custom_widget_MicrosoftFooter_share-icon_105bp_195 {\n border: 2px solid transparent;\n display: inline-block;\n position: relative;\n}\n.custom_widget_MicrosoftFooter_share-icon_105bp_195:hover {\n opacity: 1;\n border: 2px solid white;\n box-sizing: border-box;\n}\n.custom_widget_MicrosoftFooter_share-icon_105bp_195:hover .custom_widget_MicrosoftFooter_label_105bp_207 {\n opacity: 1;\n visibility: visible;\n border: 2px solid white;\n box-sizing: border-box;\n border-left: none;\n}\n.custom_widget_MicrosoftFooter_label_105bp_207 {\n position: absolute;\n left: 100%;\n white-space: nowrap;\n opacity: 0;\n visibility: hidden;\n transition: all 0.2s ease;\n color: white;\n border-radius: 0 10 0 0.625rem;\n top: 50%;\n transform: translateY(-50%);\n height: 2.5rem;\n border-radius: 0 0.375rem 0.375rem 0;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 1.25rem 0.3125rem 1.25rem 0.5rem;\n margin-left: -0.0625rem;\n}\n.custom_widget_MicrosoftFooter_linkedin_105bp_156 {\n background-color: #0474b4;\n}\n.custom_widget_MicrosoftFooter_facebook_105bp_237 {\n background-color: #3c5c9c;\n}\n.custom_widget_MicrosoftFooter_twitter_105bp_240 {\n background-color: white;\n color: black;\n}\n.custom_widget_MicrosoftFooter_reddit_105bp_244 {\n background-color: #fc4404;\n}\n.custom_widget_MicrosoftFooter_mail_105bp_247 {\n background-color: #848484;\n}\n.custom_widget_MicrosoftFooter_bluesky_105bp_250 {\n background-color: white;\n color: black;\n}\n.custom_widget_MicrosoftFooter_rss_105bp_254 {\n background-color: #ec7b1c;\n}\n#custom_widget_MicrosoftFooter_RSS_105bp_1 {\n width: 2.5rem;\n height: 2.5rem;\n}\n@media (max-width: 991px) {\n .custom_widget_MicrosoftFooter_social-share_105bp_138 {\n display: none;\n }\n}\n","tokens":{"context-uhf":"custom_widget_MicrosoftFooter_context-uhf_105bp_1","c-uhff-link":"custom_widget_MicrosoftFooter_c-uhff-link_105bp_12","c-uhff":"custom_widget_MicrosoftFooter_c-uhff_105bp_12","c-uhff-nav":"custom_widget_MicrosoftFooter_c-uhff-nav_105bp_35","c-heading-4":"custom_widget_MicrosoftFooter_c-heading-4_105bp_49","c-uhff-nav-row":"custom_widget_MicrosoftFooter_c-uhff-nav-row_105bp_57","c-uhff-nav-group":"custom_widget_MicrosoftFooter_c-uhff-nav-group_105bp_58","c-list":"custom_widget_MicrosoftFooter_c-list_105bp_78","f-bare":"custom_widget_MicrosoftFooter_f-bare_105bp_78","c-uhff-base":"custom_widget_MicrosoftFooter_c-uhff-base_105bp_94","c-uhff-ccpa":"custom_widget_MicrosoftFooter_c-uhff-ccpa_105bp_107","social-share":"custom_widget_MicrosoftFooter_social-share_105bp_138","sharing-options":"custom_widget_MicrosoftFooter_sharing-options_105bp_146","linkedin-icon":"custom_widget_MicrosoftFooter_linkedin-icon_105bp_156","social-share-rss-image":"custom_widget_MicrosoftFooter_social-share-rss-image_105bp_162","social-link-footer":"custom_widget_MicrosoftFooter_social-link-footer_105bp_169","social-share-list":"custom_widget_MicrosoftFooter_social-share-list_105bp_188","share-icon":"custom_widget_MicrosoftFooter_share-icon_105bp_195","label":"custom_widget_MicrosoftFooter_label_105bp_207","linkedin":"custom_widget_MicrosoftFooter_linkedin_105bp_156","facebook":"custom_widget_MicrosoftFooter_facebook_105bp_237","twitter":"custom_widget_MicrosoftFooter_twitter_105bp_240","reddit":"custom_widget_MicrosoftFooter_reddit_105bp_244","mail":"custom_widget_MicrosoftFooter_mail_105bp_247","bluesky":"custom_widget_MicrosoftFooter_bluesky_105bp_250","rss":"custom_widget_MicrosoftFooter_rss_105bp_254","RSS":"custom_widget_MicrosoftFooter_RSS_105bp_1"}},"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1745505309992","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1745505309992","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745505309992","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1722894000155":"Recent Discussions","title@instance:1727367112619":"Recent Blog Articles","title@instance:1727367069748":"Recent Discussions","title@instance:1727366213114":"Latest Discussions","title@instance:1727899609720":"","title@instance:1727363308925":"Latest Discussions","title@instance:1737115580352":"Latest Articles","title@instance:1720453418992":"Recent Discssions","title@instance:1727365950181":"Latest Blog Articles","title@instance:bmDPnI":"Latest Blog Articles","title@instance:IiDDJZ":"Latest Blog Articles","title@instance:1721244347979":"Latest blog posts","title@instance:1728383752171":"Related Content","title@instance:1722893956545":"Latest Skilling Resources","title@instance:dhcgCU":"Latest Discussions"},"localOverride":false},"Category:category:Exchange":{"__typename":"Category","id":"category:Exchange","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Outlook":{"__typename":"Category","id":"category:Outlook","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Community-Info-Center":{"__typename":"Category","id":"category:Community-Info-Center","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:EducationSector":{"__typename":"Category","id":"category:EducationSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:DrivingAdoption":{"__typename":"Category","id":"category:DrivingAdoption","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Azure":{"__typename":"Category","id":"category:Azure","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows-Server":{"__typename":"Category","id":"category:Windows-Server","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftTeams":{"__typename":"Category","id":"category:MicrosoftTeams","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PublicSector":{"__typename":"Category","id":"category:PublicSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft365":{"__typename":"Category","id":"category:microsoft365","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:IoT":{"__typename":"Category","id":"category:IoT","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:HealthcareAndLifeSciences":{"__typename":"Category","id":"category:HealthcareAndLifeSciences","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:ITOpsTalk":{"__typename":"Category","id":"category:ITOpsTalk","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftLearn":{"__typename":"Category","id":"category:MicrosoftLearn","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:MicrosoftLearnBlog":{"__typename":"Blog","id":"board:MicrosoftLearnBlog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:AI":{"__typename":"Category","id":"category:AI","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftMechanics":{"__typename":"Category","id":"category:MicrosoftMechanics","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftforNonprofits":{"__typename":"Category","id":"category:MicrosoftforNonprofits","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:StartupsatMicrosoft":{"__typename":"Category","id":"category:StartupsatMicrosoft","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PartnerCommunity":{"__typename":"Category","id":"category:PartnerCommunity","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Microsoft365Copilot":{"__typename":"Category","id":"category:Microsoft365Copilot","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows":{"__typename":"Category","id":"category:Windows","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Content_Management":{"__typename":"Category","id":"category:Content_Management","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft-security":{"__typename":"Category","id":"category:microsoft-security","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoftintune":{"__typename":"Category","id":"category:microsoftintune","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:3666805":{"__typename":"Conversation","id":"conversation:3666805","topic":{"__typename":"BlogTopicMessage","uid":3666805},"lastPostingActivityTime":"2025-03-06T14:45:18.856-08:00","solved":false},"Category:category:microsoft-defender-for-office-365":{"__typename":"Category","id":"category:microsoft-defender-for-office-365","displayId":"microsoft-defender-for-office-365"},"Blog:board:MicrosoftDefenderforOffice365Blog":{"__typename":"Blog","id":"board:MicrosoftDefenderforOffice365Blog","displayId":"MicrosoftDefenderforOffice365Blog","nodeType":"board","conversationStyle":"BLOG","title":"Microsoft Defender for Office 365 Blog","shortTitle":"Microsoft Defender for Office 365 Blog","parent":{"__ref":"Category:category:microsoft-defender-for-office-365"}},"User:user:677430":{"__typename":"User","uid":677430,"login":"FaithEbenezerOquong","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS02Nzc0MzAtMzA1Mjk5aTA0Mzg0NjZFNjQzNkNBNEU"},"id":"user:677430"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQwNmk1RUIzMzExNDIyNzREREI4?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQwNmk1RUIzMzExNDIyNzREREI4?revision=7","title":"FaithEbenezer_Oquong_0-1667252872692.png","associationType":"TEASER","width":939,"height":510,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxNmlGRDAzNjNBRDVGRDFFN0U4?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxNmlGRDAzNjNBRDVGRDFFN0U4?revision=7","title":"FaithEbenezer_Oquong_0-1667254770350.png","associationType":"BODY","width":939,"height":510,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxN2lDMzBBREY1MUUxOEQyRTYy?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxN2lDMzBBREY1MUUxOEQyRTYy?revision=7","title":"FaithEbenezer_Oquong_1-1667254796840.png","associationType":"BODY","width":939,"height":510,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxOGk1OEQ5MDhGMDA1QzIzMDQ0?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxOGk1OEQ5MDhGMDA1QzIzMDQ0?revision=7","title":"FaithEbenezer_Oquong_2-1667254830993.png","associationType":"BODY","width":939,"height":507,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxOWk5OUJGNkYwMDQ3NDczOTk2?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxOWk5OUJGNkYwMDQ3NDczOTk2?revision=7","title":"FaithEbenezer_Oquong_3-1667254854102.png","associationType":"BODY","width":940,"height":506,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQyMGk3NjEzODcxMUNCQ0IyMjlF?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQyMGk3NjEzODcxMUNCQ0IyMjlF?revision=7","title":"FaithEbenezer_Oquong_4-1667254873082.png","associationType":"BODY","width":940,"height":505,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQyMWk1RTJGRkI0NzlCRTMxNThE?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQyMWk1RTJGRkI0NzlCRTMxNThE?revision=7","title":"FaithEbenezer_Oquong_5-1667254908558.png","associationType":"BODY","width":939,"height":502,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQyMmk3MUIxNjBDRjcwNTk4NTVE?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQyMmk3MUIxNjBDRjcwNTk4NTVE?revision=7","title":"FaithEbenezer_Oquong_6-1667254935815.png","associationType":"BODY","width":940,"height":505,"altText":null},"BlogTopicMessage:message:3666805":{"__typename":"BlogTopicMessage","subject":"Build custom email security reporting with Microsoft Defender for Office 365 and PowerBI","conversation":{"__ref":"Conversation:conversation:3666805"},"id":"message:3666805","revisionNum":7,"uid":3666805,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderforOffice365Blog"},"author":{"__ref":"User:user:677430"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Sharing how to leverage PowerBI to visualize email security reporting details with Microsoft Defender for Office 365 \n \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":38377},"postTime":"2022-10-31T15:45:22.394-07:00","lastPublishTime":"2022-11-02T16:01:35.058-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Security teams in both small and large organizations track key metrics to make critical security decisions, as well as identify meaningful trends in their organization over time. Microsoft Defender for Office 365 has rich, built-in reporting capabilities that provide insights into your security posture. However, sometimes security teams require custom reporting solutions to create dedicated views, combine multiple data sources, and get additional insights to meet their needs. \n \n In this blog, we will showcase an example on how you can leverage Power BI and the Microsoft 365 Defender Advanced Hunting APIs to build a custom dashboard and share a template that you can customize and extend. \n \n Power BI allows you to connect multiple data sources, prepare the data, and transform the data easily with the ability to analyze it using built-in and custom visualizations. You can also use Power BI to extend security datasets and correlate it with more information like Identity details, allowing you to create custom views such as targeted roles and departments in your organization. \n \n In this case we largely rely on the information streamed from Advanced hunting - a threat-hunting tool that uses specially constructed queries to examine the past 30 days of event data across all products in Microsoft 365 Defender and can be used to run queries allowing the API to automate workflows. In the example below, we will show how to connect Power BI to the Microsoft 365 Defender Advanced hunting API and how to automatically pull Microsoft Defender for Office 365 detection details from the related hunting tables. \n \n The queries based on the Email tables exposed through Advanced Hunting include: \n \n \n EmailEvents - contains information about all emails \n EmailAttachmentInfo - contains information about attachments in an email \n EmailUrlInfo - contains information about URLs in an email \n EmailPostDeliveryEvents – contains information about ZAP or Manual remediation events \n UrlClickEvents - contains information about Safe Links clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps. \n CloudAppEvents - CloudAppEventsis used to visualize user reported Phish emails and Admin submissions. \n \n \n You can find a Power BI template file (.pbit) in the unified Microsoft Sentinel and Microsoft 365 Defender repository which uses the method outlined above to visualize Microsoft Defender for Office 365 detection details here. \n \n The template uses a delegated access model, and you should be able to use it with an account that has permission to run Advanced Hunting queries (e.g., Security Reader or Security Administrator). No app registration is needed. \n \n The template has a high-level overview with details regarding Spam, Phish, and Malware detections and can aid as a great starting point to create your own, custom reporting dashboards. \n \n \n Figure 1: Top level view of key security metrics consolidated in one view. \n With a quick view the security team can take actionable steps to improve the organization’s security posture. \n \n \n \n Figure 2: Drill down view of Malware detections \n Given the High impact of security breach Malware items can cause to an organization’s security posture, this view offers security teams a detailed view of attributes they can focus on to prevent, respond, and eliminate - such breaches in their organization. \n \n \n \n Figure 3: Details of Business Email Compromise (BEC) and Sender Authentication (SPF, DKIM, DMARC) \n \n \n \n Figure 4: Top level metrics of Authentication results \n \n \n \n Figure 5: Insights about URL clicks in email messages, Microsoft Teams, and Office 365 Apps (Word, Excel, PowerPoint) \n \n \n \n Figure 6: Drilled down metrics in user reports and Admin submission in the organization \n \n \n \n Figure 7: Information about configurations which override Microsoft Defender for Office 365 detection actions \n Frequent review of Override insights is key in maintaining a healthy security posture to ensure only required overrides are in place. \n \n Based on the email attributes in the Advanced Hunting schema, you can define more functions and visuals. For example, using the DetectionMethods field to analyze detections caught by capabilities like Spoof detections, Safe Attachment, and Detonations. Using the PowerBI external functions, you can use details such as SenderIPv4 and IPv6 details to map them by geographical location and construct a sender heatmap. \n \n Additional things to keep in mind: \n \n Make sure that you are using the correct credentials and the correct base API URL (https://api.security.microsoft.com/) as part of the configuration. \n Make sure you are also aware of the API limitation in regard to the number of results and calls that can retrieved. \n Make sure you are fine tuning your queries and customizing your query to get the desired output. \n \n This sample Power BI is a powerful showcase for how you can use the Microsoft 365 Defender APIs and Power BI to visualize email security detection insights. It enables organizations to easily create customized dashboards that can help them analyze their threat landscape and respond quickly, based on the unique requirements. \n \n Note: This is not intended to be a permanent or complete solution rather show an example how to create custom Microsoft Defender for Office 365 (MDO) reports using the hunting API and Power BI. As such, this report is not supported by Microsoft Customer Services and Support(CSS) \n \n Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. \n \n More information \n \n Learn more about Power BI here. \n Microsoft 365 Defender advanced hunting API | Microsoft Learn \n Microsoft Defender for Endpoint APIs connection to Power BI | Microsoft Learn \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"6201","kudosSumWeight":8,"repliesCount":11,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQwNmk1RUIzMzExNDIyNzREREI4?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxNmlGRDAzNjNBRDVGRDFFN0U4?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxN2lDMzBBREY1MUUxOEQyRTYy?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxOGk1OEQ5MDhGMDA1QzIzMDQ0?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQxOWk5OUJGNkYwMDQ3NDczOTk2?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQyMGk3NjEzODcxMUNCQ0IyMjlF?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQyMWk1RTJGRkI0NzlCRTMxNThE?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNjY2ODA1LTQxNjQyMmk3MUIxNjBDRjcwNTk4NTVE?revision=7\"}"}}],"totalCount":8,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:4366463":{"__typename":"Conversation","id":"conversation:4366463","topic":{"__typename":"ForumTopicMessage","uid":4366463},"lastPostingActivityTime":"2025-02-03T01:20:15.575-08:00","solved":false},"Forum:board:MicrosoftDefenderforOffice365":{"__typename":"Forum","id":"board:MicrosoftDefenderforOffice365","displayId":"MicrosoftDefenderforOffice365","nodeType":"board","conversationStyle":"FORUM","title":"Microsoft Defender for Office 365","shortTitle":"Microsoft Defender for Office 365","parent":{"__ref":"Category:category:microsoft-defender-for-office-365"}},"User:user:2570561":{"__typename":"User","uid":2570561,"login":"Marnik","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-6.svg?time=0"},"id":"user:2570561"},"ForumTopicMessage:message:4366463":{"__typename":"ForumTopicMessage","subject":"No URL Detection in Emails with Extensive %2580 Encoding","conversation":{"__ref":"Conversation:conversation:4366463"},"id":"message:4366463","revisionNum":1,"uid":4366463,"depth":0,"board":{"__ref":"Forum:board:MicrosoftDefenderforOffice365"},"author":{"__ref":"User:user:2570561"},"metrics":{"__typename":"MessageMetrics","views":231},"postTime":"2025-01-15T01:32:01.531-08:00","lastPublishTime":"2025-01-15T01:32:01.531-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Hi Community, I encountered a concerning issue where emails containing URLs with extensive encoding (%2580) completely bypassed all detection and security mechanisms. These encoded URLs weren’t identified as links, which allowed them to evade security scanning. Issue Details: The email contained malicious URLs encoded with %2580. The URLs were not flagged or identified as links, allowing the payload to bypass filters entirely. Questions: Has anyone else encountered similar issues with encoded URLs bypassing detection? What’s the best process to submit this email to Microsoft for analysis and improvements to detection mechanisms, since no URL's were identified? Looking forward to your input and recommendations. Thanks in advance! ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"769","kudosSumWeight":0,"repliesCount":4,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:4352242":{"__typename":"Conversation","id":"conversation:4352242","topic":{"__typename":"BlogTopicMessage","uid":4352242},"lastPostingActivityTime":"2025-01-08T14:05:09.328-08:00","solved":false},"User:user:82189":{"__typename":"User","uid":82189,"login":"dmozes","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-10.svg?time=0"},"id":"user:82189"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWVaYzhxRA?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWVaYzhxRA?revision=12","title":"Workbook_Defender XDR solution_OneSOC.jpg","associationType":"BODY","width":2580,"height":1309,"altText":"Installing or updating the Microsoft Defender XDR solution in content hub"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLUV0anFpYg?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLUV0anFpYg?revision=12","title":"Workbook_template_OneSOC.jpg","associationType":"BODY","width":2578,"height":1270,"altText":"Microsoft Defender for Office 365 Detection and Insights workbook template"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWdkdGxVcQ?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWdkdGxVcQ?revision=12","title":"Workbook_DetectionOverview_OneSOC.jpg","associationType":"BODY","width":2785,"height":1273,"altText":"Detection overview"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLTZEeUJXeQ?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLTZEeUJXeQ?revision=12","title":"Workbook_MalwareDetections_OneSOC.jpg","associationType":"BODY","width":2773,"height":1267,"altText":"Email - Malware Detections"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLXVoZGsydg?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLXVoZGsydg?revision=12","title":"Workbook_ImpersonationDetections_OneSOC.jpg","associationType":"BODY","width":2776,"height":1270,"altText":"Email - Business Compromise Detections (BEC)"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWVMaDd4TQ?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWVMaDd4TQ?revision=12","title":"image.png","associationType":"BODY","width":2773,"height":1267,"altText":"Email - Sender Authentication based Detections"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLXkyb1hYUA?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLXkyb1hYUA?revision=12","title":"Workbook_URLQRDetections_OneSOC.jpg","associationType":"BODY","width":2772,"height":1267,"altText":"URL Detections and Clicks"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLUFFdXNIdg?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLUFFdXNIdg?revision=12","title":"Workbook_FPFNSubmissions_OneSOC.jpg","associationType":"BODY","width":2776,"height":1270,"altText":"False Negative/Positive Submissions"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWdrRXYyTw?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWdrRXYyTw?revision=12","title":"Workbook_FileMalwareDetections_OneSOC.jpg","associationType":"BODY","width":2776,"height":1272,"altText":"File - Malware Detections (SharePoint, Teams and OneDrive)"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLTA5TFNkVA?revision=12\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLTA5TFNkVA?revision=12","title":"Workbook_PostDeliverDetectionsandAdminActions_OneSOC.jpg","associationType":"BODY","width":2773,"height":1269,"altText":"Post Delivery Detections and Admin Actions"},"BlogTopicMessage:message:4352242":{"__typename":"BlogTopicMessage","subject":"Build custom email security reports and dashboards with workbooks in Microsoft Sentinel","conversation":{"__ref":"Conversation:conversation:4352242"},"id":"message:4352242","revisionNum":12,"uid":4352242,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderforOffice365Blog"},"author":{"__ref":"User:user:82189"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":3743},"postTime":"2025-01-08T14:05:09.328-08:00","lastPublishTime":"2025-01-08T14:05:09.328-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Security teams in both small and large organizations track key metrics to make critical security decisions and identify meaningful trends in their organizations. Defender for Office 365 has rich, built-in reporting capabilities that provide insights into your security posture to support these needs. However, sometimes security teams require custom reporting solutions to create dedicated views, combine multiple data sources, and get additional insights to meet their needs. \n We previously shared an example of how you can leverage Power BI and the Microsoft Defender XDR Advanced Hunting APIs to build a custom dashboard and shared a template that you can customize and extend. In this blog, we will showcase how you can use workbooks in Microsoft Sentinel to build a custom dashboard for Defender for Office 365. We will also share an example workbook that is now available and can be customized based on your organization’s needs. \n Why use workbooks in Microsoft Sentinel? \n There are many potential benefits to using workbooks if you already use Microsoft Sentinel and already stream the hunting data tables for Defender for Office 365: \n \n You can choose to store data for a longer period of time via configuring longer retention for tables you use for your workbooks. For example you can store Defender for Office 365 EmailEvents table data for 1 year and build visuals over longer period of time. \n You can customize your visuals easily based on your organization’s needs. \n You can configure auto-refresh for the workbook to keep the data shown up to date. \n You can access ready to use workbook templates and customize them if it's needed. \n \n Getting started \n After you connect your data sources to Microsoft Sentinel, you can visualize and monitor the data using workbooks in Microsoft Sentinel. Ensure that Microsoft Defender XDR is installed in your Microsoft Sentinel instance, so you can use Defender for Office 365 data with a few simple steps. \n Detection and other Defender for Office 365 insights are already available as raw data in the Microsoft Defender XDR advanced hunting tables: \n \n EmailEvents - contains information about all emails \n EmailAttachmentInfo - contains information about attachments in emails \n EmailUrlInfo - contains information about URLs in emails \n EmailPostDeliveryEvents – contains information about Zero-hour auto purge (ZAP) or Manual remediation events \n UrlClickEvents - contains information about Safe Links clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps. \n CloudAppEvents – CloudAppEvents can be used to visualize user reported Phish emails and Admin submissions with Defender for Office 365. \n \n The Microsoft Defender XDR solution in Microsoft Sentinel provides a connector to stream the above data continuously into Microsoft Sentinel. Microsoft Sentinel then allows you to create custom workbooks across your data or use existing workbook templates available with packaged solutions or as standalone content from the content hub. \n How to access the workbook template \n We are excited to share a new workbook template for Defender for Office 365 detection and data visualization, which is available in the Microsoft Sentinel Content hub. \n The workbook is part of the Microsoft Defender XDR solution. If you are already using our solution, this update is now available for you. If you are installing the Microsoft Defender XDR solution for the first time, this workbook will be available automatically after installation. \n \n After the Microsoft Defender XDR solution is installed (or updated to the latest available version), simply navigate to the Workbooks area in Microsoft Sentinel and on the Templates tab select Microsoft Defender for Office 365 Detection and Insights. Using the “View Template” action loads the workbook. \n \n What insights are available in the template? \n The template has the following sections with each section deep diving into various areas of email security, providing details and insights to security team members: \n \n Detection overview \n Email - Malware Detections \n Email - Phish Detections \n Email - Spam Detections \n Email - Business Compromise Detections (BEC) \n Email - Sender Authentication based Detections \n URL Detections and Clicks \n Email - Top Users/Senders \n Email - Detection Overrides \n False Negative/Positive Submissions \n File - Malware Detections (SharePoint, Teams and OneDrive) \n Post Delivery Detections and Admin Actions \n \n Email - Malware Detections \n Email - Business Compromise Detections (BEC) \n Email - Sender Authentication based Detections \n\n \n URL Detections and Clicks \n False Negative/Positive Submissions \n File - Malware Detections (SharePoint, Teams and OneDrive) \n Post Delivery Detections and Admin Actions \n\n Can I customize the workbook? \n Yes, absolutely. Based on the email attributes in the Advanced Hunting schema, you can define more functions and visuals as needed. For example, you can use the DetectionMethods field to analyse detections caught by capabilities like Spoof detections, Safe Attachment, and detection for emails containing URLs extracted from QR codes. \n You can also bring other data sources into Microsoft Sentinel as tables and use them when creating visuals in the workbook. \n This sample workbook is a powerful showcase for how you can use the Defender for Office 365 raw detection data to visualize email security detection insights directly in Microsoft Sentinel. It enables organizations to easily create customized dashboards that can help them analyse, track their threat landscape, and respond quickly—based on unique requirements. \n Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. \n More information \n \n Integrate Microsoft Defender XDR with Microsoft Sentinel. \n Learn more about Microsoft Sentinel workbooks. \n Microsoft Defender for Office 365 Detection Details Report – Updated Power BI template for Microsoft Sentinel and Log Analytics \n Learn more about Microsoft Defender XDR. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"6211","kudosSumWeight":6,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWVaYzhxRA?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLUV0anFpYg?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWdkdGxVcQ?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLTZEeUJXeQ?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLXVoZGsydg?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWVMaDd4TQ?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLXkyb1hYUA?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLUFFdXNIdg?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLWdrRXYyTw?revision=12\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MzUyMjQyLTA5TFNkVA?revision=12\"}"}}],"totalCount":10,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3555712":{"__typename":"Conversation","id":"conversation:3555712","topic":{"__typename":"BlogTopicMessage","uid":3555712},"lastPostingActivityTime":"2024-08-12T14:12:30.811-07:00","solved":false},"User:user:1575":{"__typename":"User","uid":1575,"login":"alexhudish","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0xNTc1LTM2MjZpNEYwQUIxNTJGMzA3RDcxOQ"},"id":"user:1575"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4NmlFODZCRjgyMDJBQjFDNzgz?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4NmlFODZCRjgyMDJBQjFDNzgz?revision=7","title":"Email Protection Basics in Microsoft 365 spam-phish.jpg","associationType":"TEASER","width":1280,"height":720,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4MGkwNDQzRjYxNEYwRjY2Mzkw?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4MGkwNDQzRjYxNEYwRjY2Mzkw?revision=7","title":"GiulianGarruba_0-1656539864740.png","associationType":"BODY","width":1105,"height":678,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4MWlERjQ2REVERjUzQTNFRjAz?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4MWlERjQ2REVERjUzQTNFRjAz?revision=7","title":"GiulianGarruba_1-1656539864742.png","associationType":"BODY","width":477,"height":412,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4MmlFNEYyOUIyNEEzMkQzMTdD?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4MmlFNEYyOUIyNEEzMkQzMTdD?revision=7","title":"GiulianGarruba_2-1656539864743.png","associationType":"BODY","width":1015,"height":1464,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4NGkwM0QyRTU0QUQyMzZDRjFE?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4NGkwM0QyRTU0QUQyMzZDRjFE?revision=7","title":"GiulianGarruba_3-1656539864744.png","associationType":"BODY","width":1110,"height":1371,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4M2k5QUYyMTlDRjM1QUM5NjA2?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4M2k5QUYyMTlDRjM1QUM5NjA2?revision=7","title":"GiulianGarruba_4-1656539864746.png","associationType":"BODY","width":1587,"height":388,"altText":null},"BlogTopicMessage:message:3555712":{"__typename":"BlogTopicMessage","subject":"Email Protection Basics in Microsoft 365: Spam & Phish","conversation":{"__ref":"Conversation:conversation:3555712"},"id":"message:3555712","revisionNum":7,"uid":3555712,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderforOffice365Blog"},"author":{"__ref":"User:user:1575"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" This blog is part two in a series aimed at demystifying how email protection works in Microsoft 365. \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":37904},"postTime":"2022-06-30T09:00:00.087-07:00","lastPublishTime":"2022-06-30T11:43:22.206-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" \n Microsoft Support is excited to continue a blog series that will demystify how Microsoft 365 email protection works. This is the second part of the series, in which we will cover two common types of email threats—spam and phish. In part one of this series, we discussed the basic protection concepts, anti-spam message headers, and bulk email filtering. \n \n Click here to view additional posts in this series. Would you like us to cover more topics? Let us know in the comments. \n \n In contrast to bulk, which is often associated with grey mailings that some recipients may want in their inbox, spam and phish messages are unsolicited and malicious, and trick your users into sharing personal or company information. Interacting with phish can lead to financial impact, identity theft, or user compromise. \n \n Determine if a message is legitimate \n To be on the safe side, always avoid opening attachments or URLs (links) in unsolicited emails, even if the emails came from a recognized source. If the email is unexpected, exercise caution before interacting with its content. Learn how to protect against phishing attacks for common telltale signs of a phishing email. \n \n To learn more about phishing trends and techniques, see this article. \n \n Safe Links in Defender for Office 365 is another layer of protection against malicious links, which scans and rewrites links during mail flow. It also verifies links at time-of-click, which is particularly important, since some links that may seem benign at first, might be weaponized and redirect to malicious websites with a delay. \n \n Identify and train vulnerable users \n With threat investigation and response capabilities in Microsoft Defender for Office 365, you can use attack simulation training to run realistic attack scenarios in your organization. These simulated attacks can help you find vulnerable users before a real phishing or ransomware attack impacts your organization. \n \n Simplify security configurations \n Security settings and policies may seem overwhelming to some users. This is especially true for smaller companies, which do not have expert Security Operations (SecOps) teams. That’s why it is highly recommended that you opt-in to our preset threat protection policies—Standard or Strict. These out-of-the-box policies are optimized for a simple and secure configuration experience. You can always add and use custom policies later. \n \n To learn more, visit the step-by-step guide on preset policies. \n \n Find what happened to a message and its verdict \n During anti-spam checks, we inspect message content, senders’ reputation and sending patterns, correlate them to trillions of signals using heuristic clustering, apply artificial and human intelligence with machine learning, evaluate your policies and custom overrides, validate email authentication (SPF, DKIM, DMARC, ARC), and more. The resulting spam filtering verdict (SFV) is a combination of all these checks. Company administrators review the SFV and other details to identify what happened to messages during or after delivery and act if needed. Try the following methods to find messages and verify why they ended up in an unexpected location: \n \n Submissions in Microsoft 365 Defender is the most recommended way to scan your message sample (or file, or URL) and know whether a policy you control allowed or blocked the message, or Microsoft verdicts. For example, you may discover that a restrictive policy routed an email to quarantine. \n Anti-Spam Message Headers contain Microsoft Spam Filtering Verdicts (SFV) and authentication results. Look out for the usual suspects—SFV:SFE (the recipient allowed the sender address in Outlook) and SFV:BLK and SCL:6 (the recipient blocked the sender address in Outlook), CAT:SPOOF (the sender failed anti-spoofing checks), or CAT:UIMP/DIMP (the sender failed anti-impersonation checks). \n Message Trace in the updated Exchange Admin Center displays the message events that include where it ended up (delivered to inbox, or quarantined, or in another folder in the recipient’s mailbox, or in the deleted items folder) and why it ended up there (mail flow transport rules, or Outlook rules, or administrator policies, etc.). Review the rules or policies, and if the block was unintentional, change them accordingly. \n Quarantine in Microsoft 365 Defender shows messages blocked due to Microsoft verdicts or your organization’s configuration. After you locate the message in quarantine and review why it was blocked, choose whether you’d like to release, temporarily allow similar messages, or report it to Microsoft for analysis. \n \n \n \n Figure 1: Use the review feature in Quarantine \n \n Spam confidence levels \n When we find a message clean, the X-Forefront-Antispam-Report headers will include a Spam Confidence Level (SCL) value of “1”. You are most likely to find such messages in your inbox. SCL:5 usually means the message was filtered as spam or phish, and you will find the category CAT:SPM / CAT:PHISH in the message headers. You would commonly locate these types of messages either in the junk folders or in the quarantine, depending on your default or custom anti-spam inbound policy settings. \n \n If we identify a message is spam or phish with a high degree of confidence, we’ll mark it accordingly as CAT:HSPM (High Confidence Spam) or CAT:HPHSH (High Confidence Phish) and assign SCL:9, the highest possible spam confidence level. By default, and in preset policies, these are always quarantined. \n \n Important: Exchange Online Protection and Microsoft Defender for Office 365 are now secure by default and keep high confidence phish messages out of your inbox. Such messages are always quarantined, just like malware. \n \n Customize policies \n Microsoft 365 Defender portal offers a great deal of customization. This is particularly helpful when you need to apply differentiated sets of actions to certain groups or users, such as your c-suite. In part 1 of the blog series, we have covered how anti-spam inbound policies control the actions applied to bulk email from the Microsoft 365 Defender portal, and spam and phish actions follow the same principle. Select an action from the list, and for Quarantine, decide whether to notify your users about their quarantined messages, and how long to retain them. Follow this step-by-step guide for help with quarantine policies and notifications. \n \n \n \n \n \n Figure 2: Select an action from a dropdown for spam, phishing, and bulk in anti-spam inbound policies \n \n \n \n Figure 3: Overview of selected actions and quarantine settings for spam, phishing, and bulk \n \n \n \n \n \n \n Tip: Select AdminOnlyAccessPolicy to keep high confidence phish out of end-users’ quarantine notifications. With this quarantine policy, this type of phish will only be visible to administrators. \n \n Minimize overrides \n Data shows that overly permissive configurations often allow spam and phishing messages that Exchange Online Protection and Microsoft Defender for Office 365 would otherwise filter. Using legacy overrides, such as Exchange transport rules (mail flow rules), allowed senders, allowed domains, and allowed IP settings could be tricky and unsafe. The risk is even bigger when you add overrides for accepted domains in Microsoft 365 which you own. \n \n You are most likely to find messages in your inbox that were overridden by a user or administrator setting with SCL: -1. In addition, check the X-Forefront-Antispam-Report message headers for the most common override reasons—SFV:SKN when the admin had used a mail flow rule spam bypass, SFV:SKA when the admin had added the sender in the Anti-spam policy allow list, or IPV:CAL when an IP was allowed in the connection filter policy. \n \n Administrators set up these legacy overrides to address emails that were blocked in error. However, this often leads to bad emails inadvertently delivered to the inbox. This is especially true for domain allows. \n \n To learn more about how to create safe overrides, see cautions against bypassing Office 365 spam filters. We will cover more best practices for safe allow/block list management in a later part of this series. \n \n Another common reason for overrides is phishing tests. If you’re running a non-Microsoft simulation, or require high-confidence phishing messages to be received unfiltered to a SecOps mailbox, configure Advanced Delivery. \n \n Tip: If you have previously configured transport rules to bypass spam scanning for phishing simulations, check your vendor documentation for new guidance, which should now include Advanced Delivery for a more secure delivery of simulations. \n \n Finally, if your organization uses another spam filtering solution in addition to Exchange Online Protection, turn on Enhanced Filtering for Connectors. This will significantly improve the filtering accuracy. As with anti-spam policies, you can limit Enhanced Filtering to certain users or groups for testing. \n Advanced spam filter \n Advanced spam filter (ASF) controls are more aggressive and allow you to assign higher Spam Confidence Levels if messages contain certain elements, such as HTML tags. Similar to other user and admin overrides, we highly recommend that you do not use them, because our protection stack filters such messages without any additional customizations required on your part. If configured incorrectly, they may lead to more email marked as spam than you intended. \n \n If you do choose to enable an ASF setting, remember you can scope a custom anti-spam inbound policy and test these settings on a limited set of users or groups before you enable them company-wide. Also, they’re easy to track: if an ASF rule marks the message as spam, X-CustomSpam will be included in the message headers. \n \n For example, you will see X-CustomSpam: Empty Message when you enable filtering for messages with no subject, no content in the message body, and no attachments. This is a great way to identify and prevent ASF false positives, and it is fully within your control to remediate, in case of unexpected blocks. \n \n Report a false positive or false negative to Microsoft \n Although Microsoft 365 comes with a variety of anti-spam and anti-phishing features that are enabled by default, it's possible that some spam or phishing messages could still get through to your mailboxes. \n \n When good emails are marked as bad and end up in quarantine or in your junk folder by mistake, they’re referred to as false positives. When a new and malicious email variant targets your mailbox, your anti-spam and anti-phish filters start working, but some messages may end up in the inbox. These emails are referred to as false negatives. For more information, see Report false positives and false negatives in Outlook. \n \n Use Submissions in Microsoft 365 Defender to report email messages, files, and URLs to Microsoft for analysis. The submissions page shows if a message is blocked or delivered due to Microsoft filtering verdicts or for other reasons, such as end-user rules or your organization policies. If this isn’t a policy you control, and you disagree with a restrictive verdict, report it as a false positive and temporarily allow emails with similar attributes. This will create a safe and temporary override within the Tenant Allow/Block List only for the respective attribute that was detected as malicious—the sender or sending domain, the attachment, or the URL. \n \n \n \n Figure 4: Submit messages to Microsoft for analysis \n \n Tip: Enable the report message or report phishing add-ins for your end-users to easily report false positives and false negatives directly from Outlook. Messages that users report are then made available for administrators across submissions, automated investigation and response (AIR), messages reports, and Explorer. \n \n Benefits of reporting messages to Microsoft \n It’s simple! The more issues you report, the more accurate the filters become over time. Your report can help improve the detection quality of similar messages or campaigns in future updates. \n \n If you find the verdict is a result of configurations within your control, you’ll be able to identify the exact policy to review or change common overrides for domains or sender addresses, links, or files. This includes user (Outlook) junk filter overrides, Exchange transport rules, anti-spam, anti-phishing, or other policies. \n \n \n Example 1: A user reports that a spam message was received in the inbox. You report it on Submissions and review the Result column (additional columns are available under the “Customize columns” option). You find that the user had allowed the sender address in Outlook. With this information, you can educate the user about the risks of overrides, they can remove the entry in Outlook, or you can remove the entry for them using PowerShell. \n \n \n Figure 5: Review Submissions results for reported messages. \n \n Example 2: You’re expecting to receive an email from joe@fabrikam.com—an address that belongs to the company Fabrikam. You find that emails from fabrikam.com are blocked because a security administrator added the domain to the anti-spam policy block list. With this knowledge, you may want to either remove the domain from the block list or create a limited or temporary override. Example 3: You received a phishing email and reported it on Submissions. The result shows the phishing URL is now blocked and Zero-hour auto-purge (ZAP) removed all relevant threats from the organization retroactively. Later, you can review the URL protection report in the Microsoft 365 Defender portal and find if anyone had clicked the malicious link. You may also want to consider blocking the sender, or running a phishing simulation to promote awareness among your end-users about the risks of phishing. \n \n We hope that this information helped you understand better how Microsoft 365 email protection stack works, how-to reduce false positives and false negatives, misconfigurations and overrides, report verdict disagreements to Microsoft, and consider a user training strategy to prevent phishing attacks. \n \n Important Resources \n Anti-spam inbound policy settings \n Attack simulation training \n Cautions against bypassing Office 365 spam filters \n Manage the Tenant Allow/Block List \n Quarantine policies step-by-step guide \n Zero-hour auto-purge \n \n Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"15385","kudosSumWeight":10,"repliesCount":11,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4NmlFODZCRjgyMDJBQjFDNzgz?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4MGkwNDQzRjYxNEYwRjY2Mzkw?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4MWlERjQ2REVERjUzQTNFRjAz?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4MmlFNEYyOUIyNEEzMkQzMTdD?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4NGkwM0QyRTU0QUQyMzZDRjFE?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTU1NzEyLTM4NDU4M2k5QUYyMTlDRjM1QUM5NjA2?revision=7\"}"}}],"totalCount":6,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:4007041":{"__typename":"Conversation","id":"conversation:4007041","topic":{"__typename":"BlogTopicMessage","uid":4007041},"lastPostingActivityTime":"2024-05-21T16:31:18.703-07:00","solved":false},"User:user:976922":{"__typename":"User","uid":976922,"login":"UrjaGandhi","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS05NzY5MjItMjk2OTg4aUZEMTBDNTdBRDVBNzBBQkM"},"id":"user:976922"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4NGlFMEJCNENEQjFEQkYyNjQy?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4NGlFMEJCNENEQjFEQkYyNjQy?revision=11","title":"Trevor_Rusher_0-1702411945678.png","associationType":"TEASER","width":350,"height":322,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDEwNGk4N0JGQTEyODFBQjJDOUZF?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDEwNGk4N0JGQTEyODFBQjJDOUZF?revision=11","title":"UrjaGandhi_0-1702420222844.png","associationType":"BODY","width":472,"height":439,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4MGk1MzI4Mjk2OUNBNUI4NUE0?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4MGk1MzI4Mjk2OUNBNUI4NUE0?revision=11","title":"UrjaGandhi_1-1702410703345.png","associationType":"BODY","width":728,"height":561,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA3OWk3QjE5NDVFMkQ0RjMyRDhC?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA3OWk3QjE5NDVFMkQ0RjMyRDhC?revision=11","title":"UrjaGandhi_2-1702410703353.png","associationType":"BODY","width":683,"height":704,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4MmkxNjUwNThERTZENjI5NUEw?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4MmkxNjUwNThERTZENjI5NUEw?revision=11","title":"UrjaGandhi_3-1702410703359.png","associationType":"BODY","width":805,"height":670,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4MWlCQkNDRjFFNEJCRERBNkU3?revision=11\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4MWlCQkNDRjFFNEJCRERBNkU3?revision=11","title":"UrjaGandhi_4-1702410703365.png","associationType":"BODY","width":1147,"height":837,"altText":null},"BlogTopicMessage:message:4007041":{"__typename":"BlogTopicMessage","subject":"Protect your organizations against QR code phishing with Defender for Office 365","conversation":{"__ref":"Conversation:conversation:4007041"},"id":"message:4007041","revisionNum":11,"uid":4007041,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderforOffice365Blog"},"author":{"__ref":"User:user:976922"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" QR code phishing campaigns have most recently become the fastest growing type of email-based attack. These types of attacks are growing and embed QR code images linked to malicious content directly into the email body, to evade detection. They often entice unwitting users with seemingly genuine prompts, like a password reset or a two-factor authentication request. Microsoft Defender for Office 365 is continuously adapting as threat actors evolve their methodologies. In this blog post we’ll share more details on how we’re helping defenders address this threat and keeping end-users safe. \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":73780},"postTime":"2023-12-12T12:12:34.072-08:00","lastPublishTime":"2024-01-19T14:33:33.183-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" QR code phishing campaigns have most recently become the fastest growing type of email-based attack. These types of attacks are growing and embed QR code images linked to malicious content directly into the email body, to evade detection. They often entice unwitting users with seemingly genuine prompts, like a password reset or a two-factor authentication request. Microsoft Defender for Office 365 is continuously adapting as threat actors evolve their methodologies. In this blog post we’ll share more details on how we’re helping defenders address this threat and keeping end-users safe. What is a QR Code? \n A QR code (short for \"Quick Response code\") is a two-dimensional barcode that can be scanned using a smartphone or other mobile device equipped with a camera. QR codes can contain various types of information, such as website URLs, contact information, product details, and more. They are most commonly used for taking users to websites, files, or applications. The easiest way to think about a QR code is to treat it just as you would a URL. \n \n \n For example, when this QR code is scanned it will redirect you to the Defender for Office 365 product page. \n \n QR Code Phishing on the Rise \n Over the last few years QR Codes have seen a rise in popularity in legitimate use scenarios, in part due to COVID. You have probably seen them in restaurants, parking lots, and marketing. In 2022, The Federal Bureau of Investigation raised awareness about cybercriminals tampering with QR codes to steal financial funds from victims. And while until very recently QR Code phishing attacks were relatively rare, around mid-September 2023, Microsoft Security Research & Threat Intelligence observed a significant increase in phishing attempts related to QR-codes. Our telemetry showed a 23% increase in attacks using this exploit within one week alone. So why use QR codes for phishing? QR Codes present a unique challenge for security providers as they appear as an image during mail flow and are unreadable until rendered. Once the QR Code is rendered (what the human eye sees) it can then be scanned/processed for further analysis. \n QR codes are used in phishing attacks for mainly two reasons: \n \n They move the attack away from well-protected corporate environments and onto the victim’s personally owned mobile device, which may be less secure. \n They leverage the most common credential theft vector which is the uniform resource locator (URL). \n \n \n A QR code can be easily manipulated to redirect unsuspecting victims to malicious websites or to download malware in exactly the same way as URLs, only by putting the URL in a more difficult-to-detect location. Adversaries craft QR codes to look legitimate, for example a message coming from an IT Administrator, and when scanned will ask the user to verify their account via their credentials or download a malicious file onto the user's device. This is becoming more common as the constrained screen size of mobile devices can make warning signs of phishing attacks difficult for users to recognize. \n The multiple layers of tactics, techniques and procedures (TTPs) reveal various patterns of QR Code Phishing messages seen by Defender for Office 365. This includes but is not limited to: \n \n URL redirection \n Minimal to no text (reducing signals for ML detection) \n Abuse of known brands \n Abuse of sending infrastructure known for sending legitimate emails \n A variety of social lures including 2 factor auth, document signing, and more \n Embedding QR codes in attachments \n \n \n A few examples below: \n \n QR Codes are embedded as inline images within email body In the example below, the QR code is embedded inline within the body of the email, which when scanned redirects the user to a phishing website attempting to gather their credentials. \n \n \n QR Code within an image in the email body In the example below, the QR code is placed inside an image embedded inline within the body of the email. \n \n \n QR Code as an image in an attachment In the example below, the QR code is embedded inside an attachment that is a PDF, which when scanned redirects the user to a phishing website attempting to gather their credentials. \n \n \n *The QR codes displayed in the examples above originally redirected to malicious websites. Note: they have been replaced to redirect to a legitimate website to prevent users who scan them from being a victim of phishing. \n \n How Defender for Office 365 detects QR Code phishing \n Given these attack techniques, it is clear that QR code phishing is functionally identical to credential harvesting. Let’s take a closer look at how Defender for Office 365 protects against them. The below detection capabilities are available in Exchange Online Protection & Microsoft Defender for Office 365 licenses. Based on the specific license, the checks will vary as mentioned below. \n \n Image Detection \n With advanced image extraction technologies, Defender for Office 365 and Exchange Online Protection detects a QR Code in a message inline during mail flow. The system extracts URL metadata from a QR Code and feeds that signal into our existing threat protection and filtering capabilities for URLs. By using these signals, the underlying URL can also be sent to a sandbox environment for detonation and the malicious threats are proactively identified and blocked before they reach a user’s mailbox. \n \n Threat Signals \n Defender for Office 365 and Exchange Online Protection uses a variety of mail flow signals to determine and act on a message. Essentially, no single input determines the final classification of an email. It is always a composite of several signals to construct a robust context. The QR Code signal is used in combination with sender intelligence, message headers, recipient details, content filtering, and the relationships shared between them are fed into machine learning algorithms to produce the highest quality verdict as the context permits. \n \n URL Analysis \n The URLs extracted from QR Codes are analyzed by machine learning models, checked against both internal and external sources of reputation and for Microsoft Defender for Office 365 Plan 1 / Plan 2 licenses are sandboxed for further investigation as needed to assess the risk for detonation. \n \n Heuristics-based Rules \n Microsoft also deploys heuristic rules within Defender for Office 365 and Exchange Online Protection to reason over and block malicious messages. This capability constitutes one of our most flexible and fastest moving mitigations, and it is used extensively to mitigate attack patterns as they morph day to day during major campaigns such as the QR Code phishing. \n \n Microsoft Defender for Office 365 blocks QR Code Phishing at Scale \n Here are a few datapoints that help put this strategy into perspective: \n \n With the power of existing capabilities and robust tools we have built, many heuristics-based rules were released within minutes leading to ~1.5 million QR code phishing blocked in email body per day in the last several months! As the attack patterns evolve, new rules continue to get released and refined as needed. \n The advanced detection technologies built to extract QR code related metadata (URL and text), have scanned more than 200 million unique URLs on average weekly, out of which more than 100 million came from QR codes. \n Our advanced detection technologies have blocked more than 18 million unique phishing emails containing a QR code image in the email body on average weekly and around 3 million unique QR code phishing emails per day. \n QR code phishing protection includes Commercial as well as Consumer emails. More than 96% of these are QR code phishing blocked by our technologies in Enterprise alone. \n \n \n We continually track threat actor activity and evolve our detections to combat new and evolving techniques and patterns. \n \n What can you do to stay protected? \n Extended Detection and Response (XDR): Microsoft Defender XDR provides comprehensive defense against advanced threats like QR code phishing, offering end-to-end protection with unified detection, investigation, and response experience. With native integration across endpoints, hybrid identities, email, collaboration tools, and cloud applications, XDR enables centralized visibility, powerful analytics, and automatic attack disruption against even the most sophisticated malicious actors. QR code phishing often targets account identities through adversary-in-the-middle (AiTM) attacks, intercepting credentials and session cookies. Attacks like these can be effectively disrupted by Microsoft Defender XDR, thanks to its holistic approach to detection. By correlating signals across products into high-fidelity detections, Defender XDR disrupts attacks early, limiting their impact and progression, and safeguarding organizations before they can cause widespread damage. \n \n Endpoint Protection: Users scan QR codes using their mobile devices, opening the embedded URL in the device web browser. Microsoft Defender for Endpoint on Android and iOS includes anti-phishing capabilities that also apply to QR code phishing attacks, blocking phishing sites from being accessed. Microsoft Defender for Endpoint also provides protection against malware that may be downloaded or installed through the URL link. \n \n End-User Training: Defender for Office 365 customers can use Attack Simulation Training to educate their end users by simulating real-world phishing attacks and other types of cyber threats. This training can help users recognize the signs of a phishing attack, such as suspicious emails or links, and can teach them how to respond appropriately to these threats. Attack Simulation Training can also provide users with feedback and guidance on how to improve their security practices, such as by enabling multi-factor authentication. By using Attack Simulation Training, organizations can help their end users become more aware of potential threats and better equipped to protect themselves and their organization against cyberattacks. Use training modules to train your users to be more resilient against QR code based phishing attacks. In order to participate in a Private Preview for QR code-based simulations using Attack Simulation Training, please join our Customer Connection Program and sign up for the preview slated for CY24Q1. \n \n Protection beyond QR code phishing with Defender for Office 365 \n The rise of QR code phishing is part of a larger technique shift carried out by threat actors to leverage images as part of social engineering tactics in order to bypass Enterprise Security defenses. Our recent QR code phishing detection capabilities are only a part of a larger robust solution to defend against varied forms of image-based attacks. This includes QR codes, bar codes, brand logos etc. It's important to be cautious when scanning QR codes from unknown sources and to always verify the legitimacy of the email and its contents before taking any action. To learn more, check out an episode on QR code protection from November 27 th PST on our virtual ninja show. \n On a periodic basis, be sure to review the configuration settings within your organization’s policies, manage and monitor the priority accounts within the organizations as such, review any mail flow rules you might have added to maintain a secure posture. Further, use step-by-step guides to help you quickly configure anti-malware policies, anti-phishing policies, safe attachments and much more. Remember that it is possible for attackers to weaponize content or URL even after the delivery of a message. Therefore, it is highly recommended to use the submissions workflow to submit the false positive or false negative samples to Microsoft for further analysis and help the system automatically learn the patterns from the submissions. \n \n Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"12214","kudosSumWeight":13,"repliesCount":24,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4NGlFMEJCNENEQjFEQkYyNjQy?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDEwNGk4N0JGQTEyODFBQjJDOUZF?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4MGk1MzI4Mjk2OUNBNUI4NUE0?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA3OWk3QjE5NDVFMkQ0RjMyRDhC?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4MmkxNjUwNThERTZENjI5NUEw?revision=11\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MDA3MDQxLTUzNDA4MWlCQkNDRjFFNEJCRERBNkU3?revision=11\"}"}}],"totalCount":6,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:4005813":{"__typename":"Conversation","id":"conversation:4005813","topic":{"__typename":"ForumTopicMessage","uid":4005813},"lastPostingActivityTime":"2023-12-19T04:31:58.263-08:00","solved":false},"User:user:1108697":{"__typename":"User","uid":1108697,"login":"VinodS2020","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/m_assets/avatars/default/avatar-5.svg?time=0"},"id":"user:1108697"},"ForumTopicMessage:message:4005813":{"__typename":"ForumTopicMessage","subject":"capability to detect password protected files to during the email delivery and ZAP process of the e","conversation":{"__ref":"Conversation:conversation:4005813"},"id":"message:4005813","revisionNum":1,"uid":4005813,"depth":0,"board":{"__ref":"Forum:board:MicrosoftDefenderforOffice365"},"author":{"__ref":"User:user:1108697"},"metrics":{"__typename":"MessageMetrics","views":2313},"postTime":"2023-12-11T06:51:22.393-08:00","lastPublishTime":"2023-12-11T06:51:22.393-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Does M365 Defender & EOP has capability to detect password protected files to during the email delivery and ZAP process of the email in user mailbox? If yes how we can configure to stop such emails and put them into quarantine and stop the email delivery to end users? I have another follow-up question on this is that if we deploy this Transport rule to quarantine false or parked domains emails like phishing or spam and unwanted emails then how we would filter and allow the legit email domains to send out such files like .PDF, Docs, excel and other password protected files to users mailbox without putting them into Quarantine? ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"686","kudosSumWeight":0,"repliesCount":3,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:3691834":{"__typename":"Conversation","id":"conversation:3691834","topic":{"__typename":"ForumTopicMessage","uid":3691834},"lastPostingActivityTime":"2023-12-10T19:23:42.285-08:00","solved":true},"User:user:134787":{"__typename":"User","uid":134787,"login":"Kiril","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0xMzQ3ODctMTcyNDQwaUFGMDQ3QjE5QjE0RTFFNTA"},"id":"user:134787"},"ForumTopicMessage:message:3691834":{"__typename":"ForumTopicMessage","subject":"Enable Quarantine Notifications for Strict protection (Strict Preset Security Policy)","conversation":{"__ref":"Conversation:conversation:3691834"},"id":"message:3691834","revisionNum":1,"uid":3691834,"depth":0,"board":{"__ref":"Forum:board:MicrosoftDefenderforOffice365"},"author":{"__ref":"User:user:134787"},"metrics":{"__typename":"MessageMetrics","views":11106},"postTime":"2022-12-07T09:18:13.688-08:00","lastPublishTime":"2022-12-07T09:18:13.688-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" How can I enable quarantine notifications for the preset strict protection policies. There is no way to assign a quarantine policy to strict protection policies. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"163","kudosSumWeight":0,"repliesCount":19,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:3562938":{"__typename":"Conversation","id":"conversation:3562938","topic":{"__typename":"BlogTopicMessage","uid":3562938},"lastPostingActivityTime":"2023-11-09T11:09:53.542-08:00","solved":false},"User:user:451986":{"__typename":"User","uid":451986,"login":"AndrewStobart","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS00NTE5ODYtMTU3Mzc2aTIyN0JENUI3NEE2QTZBRjc"},"id":"user:451986"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQxMDMwNWkzMTlDMDg0RDIwMzNENTNG?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQxMDMwNWkzMTlDMDg0RDIwMzNENTNG?revision=19","title":"thumbnail_resized.jpg","associationType":"TEASER","width":999,"height":562,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2N2kyQzZDMUNEQzMyQzVDRkNG?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2N2kyQzZDMUNEQzMyQzVDRkNG?revision=19","title":"Trevor_Rusher_0-1663700762921.png","associationType":"BODY","width":523,"height":164,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2Nmk5RkNBMjc2RDEyM0QwREEz?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2Nmk5RkNBMjc2RDEyM0QwREEz?revision=19","title":"Trevor_Rusher_1-1663700762931.png","associationType":"BODY","width":446,"height":145,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2OGk2QTFGNUE1M0U3QzExMEFE?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2OGk2QTFGNUE1M0U3QzExMEFE?revision=19","title":"Trevor_Rusher_2-1663700762933.png","associationType":"BODY","width":628,"height":380,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2OWk5MjBBNEY0QjMyMzg0Nzkz?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2OWk5MjBBNEY0QjMyMzg0Nzkz?revision=19","title":"Trevor_Rusher_3-1663700762935.png","associationType":"BODY","width":645,"height":912,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3MGlCMjFCQjc1Q0REQ0I0Rjcy?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3MGlCMjFCQjc1Q0REQ0I0Rjcy?revision=19","title":"Trevor_Rusher_4-1663700762937.png","associationType":"BODY","width":588,"height":155,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3MWkzOUVFRjlEMUY3M0NBNjcy?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3MWkzOUVFRjlEMUY3M0NBNjcy?revision=19","title":"Trevor_Rusher_5-1663700762938.png","associationType":"BODY","width":394,"height":254,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3MmkxMkFFNjk0N0U2REY5MUVC?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3MmkxMkFFNjk0N0U2REY5MUVC?revision=19","title":"Trevor_Rusher_6-1663700762939.png","associationType":"BODY","width":486,"height":96,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3M2k0MDZBNjFFRTNBMDg3QUEz?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3M2k0MDZBNjFFRTNBMDg3QUEz?revision=19","title":"Trevor_Rusher_7-1663700762940.png","associationType":"BODY","width":391,"height":325,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3NGk1MjVDMjJEQTUzQTcxNkVC?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3NGk1MjVDMjJEQTUzQTcxNkVC?revision=19","title":"Trevor_Rusher_8-1663700762941.png","associationType":"BODY","width":500,"height":178,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3NWlFRUZCOTFGMzExN0VEREEy?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3NWlFRUZCOTFGMzExN0VEREEy?revision=19","title":"Trevor_Rusher_9-1663700762942.png","associationType":"BODY","width":1600,"height":284,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3OGk0RjJFQUI2ODFFQTdGODJB?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3OGk0RjJFQUI2ODFFQTdGODJB?revision=19","title":"Trevor_Rusher_10-1663700762944.png","associationType":"BODY","width":1570,"height":464,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3NmlEQTQ5QUFCNjE2MkM1NEE5?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3NmlEQTQ5QUFCNjE2MkM1NEE5?revision=19","title":"Trevor_Rusher_11-1663700762947.png","associationType":"BODY","width":557,"height":312,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3OWk0MUVEREIzRDZGNEFDNDM0?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3OWk0MUVEREIzRDZGNEFDNDM0?revision=19","title":"Trevor_Rusher_12-1663700762949.png","associationType":"BODY","width":1600,"height":350,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY4MWk3NkE5RkRBOEJDMDlFM0VB?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY4MWk3NkE5RkRBOEJDMDlFM0VB?revision=19","title":"Trevor_Rusher_13-1663700762952.png","associationType":"BODY","width":1429,"height":494,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY4MGlBMEMzMzRCMzlFRTAxNDEx?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY4MGlBMEMzMzRCMzlFRTAxNDEx?revision=19","title":"Trevor_Rusher_14-1663700762958.png","associationType":"BODY","width":393,"height":508,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY4MmlERTRDRDdEQzA2QzA4OEJC?revision=19\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY4MmlERTRDRDdEQzA2QzA4OEJC?revision=19","title":"Trevor_Rusher_15-1663700762959.png","associationType":"BODY","width":364,"height":148,"altText":null},"BlogTopicMessage:message:3562938":{"__typename":"BlogTopicMessage","subject":"Email Protection Basics in Microsoft 365: Spoof and Impersonation","conversation":{"__ref":"Conversation:conversation:3562938"},"id":"message:3562938","revisionNum":19,"uid":3562938,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderforOffice365Blog"},"author":{"__ref":"User:user:451986"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n \n \n \n \n \n This blog is part three in a series aimed at demystifying how email protection works in Microsoft 365. \n \n \n \n \n \n \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":58528},"postTime":"2022-09-20T12:33:57.606-07:00","lastPublishTime":"2023-11-09T11:09:53.542-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Click here to view additional posts in this series. Would you like us to cover more topics? Let us know in the comments. \n \n Microsoft Support is excited to continue this blog series to demystify how Microsoft 365 email protection works. Earlier, we covered how phishing has the potential to cause damage to an organization. Now, we’ll go over the two threat vectors most commonly seen in phishing attacks—spoofing and impersonation, and how Microsoft 365 protects your users against them. We will look at what spoofing and impersonation techniques are, the difference between them, and how your Microsoft 365 Defender policies apply protection against spoofing and impersonation in your organization to keep you secure from business email compromise. \n \n You can customize all spoofing and impersonation controls in the anti-phishing policies in the Microsoft 365 Defender portal. To learn more, see Anti-phishing policies in Microsoft 365. \n \n To jump right into all threat policies mentioned in this article, bookmark this direct link - https://security.microsoft.com/threatpolicy. \n \n Spoofing protection \n Knowing who the message is from is key to verifying if it is authentic. To simply explain sender verification, let’s start by knowing that there are two different types of “From” addresses – header From and envelope (SMTP). Our overview of email message standards explains this in detail, but one key takeaway is that email clients such as Outlook display only the header From address, not the envelope (smtp.mailfrom) one. \n \n Exact domain spoofing \n Exact domain spoofing refers to messages sent from a header From domain that does not belong to the sender. This domain can either be one of your Microsoft 365 domains, or a domain of another legitimate organization. Such messages where the attacker forges the domain to look exactly like the domain of the victim’s organization or like their business partner’s may trick the recipient into actions that lead to credential theft or variations of Business Email Compromise (BEC)* attacks, because they appear legitimate, but in fact originate from a malicious source. \n \n Email authentication checks \n Spoofing detection is part of email authentication checks on inbound messages within Exchange Online Protection and Microsoft Defender for Office 365. Email authentication protocols, such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) work together to determine the legitimacy of the sender and their infrastructure and signatures. \n \n When authentication fails, and the system detects the message as spoof, you will find CAT:SPOOF in the X-Forefront-Antispam-Report header, and the message will be marked as spam (SFV:SPM). The results of email authentication checks can be found in the Authentication-Results header of a received email. \n \n To learn more about email authentication, see email authentication in EOP. \n \n Example: \n Authentication-Results: spf=none (sender IP is 192.168.0.0) smtp.mailfrom=contoso.com; contoso.com; dkim=none (message not signed) header.d=none;contoso.com; dmarc=fail action=quarantine header.from=fabrikam.com;compauth=fail reason=000 \n X-Forefront-Antispam-Report CIP:x.x.x.x;CTRY:DE;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:contoso.com;PTR:InfoDomainNonexistent;CAT:SPOOF \n \n The sender’s smtp.mailfrom domain (envelope) is contoso.com. \n The sender’s header.from domain (header, or the domain displayed to the recipient in Outlook) is fabrikam.com. \n A DMARC check compares the header.from and the smtp.mailfrom domain for a match. Here, it fails (dmarc=fail) since these two domains are different and there were no other signals to confirm that this message is from a legitimate sender domain – since neither the SPF nor DKIM records are published in DNS (spf=none, dkim=none). \n Authentication failed, hence composite authentication result is marked as (compauth=fail). As such, this message is detected as spoofing. \n \n \n Spoof intelligence \n Spoof intelligence is our industry-first technology that uses advanced algorithms to learn a domain’s email sending patterns. This helps tremendously for senders that do not implement or enforce DMARC. \n \n Spoof intelligence is enabled by default and is available for Exchange Online Protection and Microsoft Defender for Office 365. We highly recommend that you keep it enabled to filter email from senders who are spoofing domains. \n \n \n \n Whenever spoofing is detected, action is taken based on the configuration in the anti-phishing policy and the message is either moved to Junk folder or is sent to Quarantine. \n \n \n \n To learn more about anti-spoofing protection in Microsoft 365, see anti-spoofing protection in EOP. \n \n Safe spoofing overrides \n There are some situations where spoofing is legitimate. For example, an application you trust sends mail from (or as) one of your validated domains to your users, but the sending IP is never added to your domain’s SPF record in DNS, and the sending application does not sign messages with a DKIM signature. You can allow this type of spoofing, while regular spam checks continue to take place. \n \n Note: This type of override is beneficial when the recipients are entirely in your organization. For better deliverability of messages outside of your organization, make sure to add the sending application information into the SPF record for your domain and/or sign these messages with DKIM. In general, it is highly recommended to publish SPF, DKIM and DMARC records for any domains you own and send email from. \n \n To learn more, see set up SPF to help prevent spoofing, use DKIM for email in your custom domain, and use DMARC to validate email. \n \n Tenant Allow/Block List spoofing controls \n To control domains that you always want to allow to spoof (or block from spoofing), use the Spoofing tab in the Tenant Allow/Block List. Here, you can add a new domain pair. Domain pairs consist of a sender and where they are sending from. For more details, see domain pair syntax. This spoofing list never expires automatically unless you (as the tenant administrator) delete an entry explicitly. \n \n \n \n Use Admin Submissions to report false positives and choose to allow similar spoofing activity \n In part two of this blog series, we covered the importance of minimizing overrides and using Submissions in Microsoft 365 Defender in case of disagreements with Microsoft verdicts. It is now possible to add spoofing and impersonation overrides directly from Submissions. Note that spoofing and impersonation allows that you add this way do not expire, unless explicitly deleted by you (as the security administrator). \n \n To enhance your ability to allow domains that are allowed to spoof (for false positive management), go to the Admin Submissions page and while reporting a false positive, select the toggle to allow emails with similar attributes. This step will directly add the domain pair to Spoofing tab in the Tenant Allow/Block List if the email was originally marked as spoof. Submissions also help the system learn better over time. \n \n To learn more, see Admin Submissions. \n \n \n \n User impersonation protection \n Note: Impersonation settings are available to organizations with Microsoft Defender for Office 365 Plan 1 or Plan 2, or Microsoft 365 Enterprise E5 licenses. For more information, see anti-phishing policies. \n User impersonation refers to inbound messages which are sent from an external address, where the sender address or display name resembles a contact already in your organization. The main difference between impersonation and spoofing is that threat actors often register their own sending domain, instead of spoofing the target domain. This way, they pass e-mail authentication checks. Often, the impersonator attempts to trick the recipient into actions, such as wiring money, or opening malicious links and attachments. And like with spoofing, they count on the recipient’s previous relationship with the sender to gain their trust for a more authentic attack. \n \n As phishing becomes more sophisticated, it is harder for your users to detect some impersonation variants just by inspecting the From address. For example, when an attacker uses international variants instead of English letters, you may recognize trαcy@contoso.com as an impersonated email address, but you are unlikely to spot the Cyrillic Small A (Unicode 0430) in trаcy@contoso.com with the naked eye. Impersonation protection detects all these and many other variations. \n \n Examples: \n User impersonation (email address): Instead of the legitimate michelle@contoso.com, the impersonator uses email address is rnichell@contoso.com. \n User impersonation (display name): Instead of the legitimate Joe CEO <joe.ceo@contoso.com>, the impersonator sends as Joe CEO <fake@fabrikam.com>. \n \n Mailbox intelligence-based impersonation protection \n Mailbox intelligence-based impersonation protection uses artificial intelligence (AI) that determines a user’s email patterns with their frequent contacts. It detects impersonation based on each user’s individual sender map or graph. Also referred to as Graph impersonation, it flags anomalies of senders for which recipients have a previously established communications relationship. This means that if a message is received from a sender that appears similar to a frequent contact of the recipient (in either display name or email address) but is not the same sender, the message will be flagged for impersonation, and you will find CAT:GIMP in the message headers. \n \n \n \n Example: \n Mary, mary@fabrikam.com regularly exchanges emails with “John Contoso” <john@contoso.com>. John’s address and domain contoso.com are not set as targeted users or domains to protect in fabrikam.com’s anti-phishing policy. One day, Mary receives an email from “John Contoso” <john@cont0so.com> with a suspicious invoice attachment. The message is flagged with CAT:GIMP because the system detects this message came from someone similar to a sender that Mary frequently communicates with, but it is not the same person. Based on the setting configured in the anti-phishing policy, the respective action such as deleting the message before delivery or sending to quarantine or otherwise chosen, will be applied. \n \n \n \n To learn more about mailbox intelligence, see Impersonation settings in anti-phishing policies in Microsoft Defender for Office 365. \n \n Specify users to protect from targeted impersonation attacks \n User impersonation protection can protect up to 350 internal users in your organizations, as well as external users such as board members. This detection tremendously helps to protect users that are often targeted by impersonation attacks. When editing the setting in the anti-phishing policy, the users you would like to protect can be added under the Enable users to protect section: \n \n \n \n All policy recipients of the messages will benefit from this protection, but only inbound messages that impersonate one of the users on this list will be marked as “User Impersonation”. We recommend adding high priority executives (such as CEO, CFO) to this list and other priority accounts such as key human resources or finance stakeholders, as well as external board members, more frequently targeted in such attacks. \n \n Example: \n Jane is the CEO of Fabrikam.com and is well known in the organization. To ensure that she is always protected from impersonation, “Jane Jones <jane@fabrikam.com” is added to the “Users to protect” list in fabrikam.com’s anti-phishing policy. After this, an attacker attempts to send an email to the head of IT department of Fabrikam to asking to reset Jane’s password. The email comes from “Jane Jone CEO <jane@fake.com>\". Since the usernames are similar, the message is detected as user impersonation of Jane Jones. \n \n In such cases, when Microsoft detects an email with a sender that is impersonating a user, you will find CAT:UIMP in the X-Forefront-Antispam-Report header. When that happens, Microsoft Defender for Office 365 will take action as configured in the appropriate anti-phishing policy. Note: in this case, the good news is that the system will flag user impersonation regardless of Mailbox intelligence learning the patterns, because the targeted user (Jane Contoso in this case) is specified as a user to protect within the anti-phishing policy. The action chosen in the policy will be applied. \n \n \n \n Domain impersonation protection \n Domain Impersonation will be flagged when the sending domain looks like a legitimate domain. The domain can either be one that you own and is validated (accepted) in your organization or belongs to a partner organization. For example, you have added and validated the domain contoso.com in your tenant, and you receive an inbound message from ćóntoso.com, or çontoso.com. \n \n Domain Impersonation is also configured in the protection settings of an anti-phishing policy. \n \n \n \n When an inbound message is tagged as Domain Impersonation, you will see CAT:DIMP in the X-Forefront-Antispam-Report header. When this happens, Defender for Office 365 will take the action that is configured under domain impersonation settings in the anti-phishing policy. \n \n Safe impersonation overrides \n What happens if someone sends mail from their personal account to their work account, which is covered by impersonation policies? As an example, Joe is the CEO of Contoso and sends a message from his personal account joe@fabrikam.com, to his work account, joe@contoso.com. Both accounts use the same display name of “Joe CEO”. In this situation, the messages that Joe sends to himself from his personal account are likely to be marked as impersonation (CAT:UIMP) if the CEO is on the list of users to protect, or CAT:GIMP if they aren’t and if the system has determined no prior established communication patterns with that sender. \n \n Since this sender address is only likely to send to the CEO’s own work account, and not to other company employees, add it as a trusted sender in the anti-phishing policy. This will override only the user impersonation check, while other components of the protection stack will scan the message. \n \n If you often get CAT:DIMP verdicts for domains you trust, add them as trusted domains in the anti-phishing policy. Again, this will ensure that only the domain impersonation check is bypassed for these listed domains, and every other check in the protection stack proceeds as usual. \n \n To learn more, see trusted users and domains in the anti-phishing policy. \n \n Preset Security policies in Microsoft Defender for Office 365 \n In part two of this blog series, we went over Standard and Strict security policies – two simplified security configurations in Microsoft Defender for Office 365 and Exchange Online Protection. Impersonation and spoofing protections are included and enabled by default within these policies, which is beneficial for smaller organizations with simpler security requirements. Additionally, you will still want to specify selected custom domains and sender email addresses to protect against impersonation attacks often targeted towards them. \n Learn more about preset security policies and their order of precedence. \n \n Important: Part one of this blog series covers how Microsoft 365 Defender policies can be customized and scoped (limited) to include or exclude message recipients (users, groups and domains). If you use multiple anti-phishing policies, only a single policy can apply to a recipient with all its chosen actions and overrides. Ideally, you would not configure any overlapping policies, but if you do, only the top priority policy will apply for a recipient if they’re added to two or more policies. Priority “0” is the highest. \n \n \n \n Monitor spoofing and impersonation in your organization \n Spoof intelligence insight \n For senders who had previously sent spoofed email into your organization, start your triage with this insight in the Tenant/Allow Block List, or using direct link https://security.microsoft.com/spoofintelligence. You can view the list of spoofed users and decide whether to allow a sender to spoof or block them from spoofing. \n \n \n \n \n \n Note: When you configure an allow or block entry for a domain pair in the Tenant Allow/Block list, messages from that domain pair no longer appear in the spoof intelligence insight. \n \n Impersonation intelligence insight \n Similarly, you can use this insight to monitor potentially impacted email by user and domain impersonation and fine-tune your anti-phishing policies and overrides based on your review. \n \n Open the impersonation intelligence insight directly: https://security.microsoft.com/impersonationinsight \n \n \n \n Tip: Review both insights periodically to understand the scope of spoofing and impersonation that occur in your organization, and to take the appropriate actions timely. This will help you to prevent spoofing and impersonation in your organization, as well as to improve delivery of messages in case of false positive or false negative adjustments you need to make based on your tenant’s email activity. \n \n Help your users with visual cues and insights for self-detection \n Your defense-in-depth strategy wouldn’t be complete if you do not consider how users in your organization interact with email. In part two of this blog series, we’ve covered how to identify and train vulnerable users with attack simulation training, and recommended reporting false positives and false negatives to Microsoft. If your employees are your last line of defense against email-based threats, displaying visual cues with relevant message and sender insights are essential to the overall security posture of your organization. \n \n Safety tips and indicators \n Safety tips related settings are available within anti-phishing policies and are highly recommended. They help users self-detect and understand if there is something unusual about the sender. \n \n \n \n \n \n Note: User and domain impersonation safety tips are only available to users of Microsoft Defender of Office 365. \n \n Enable external sender callouts in Outlook \n Many organizations have configured a mail flow (transport) rule to add a banner to an email to tell the recipient that the email has been sent by an external sender. This was a visual indication of caution for your employees before they interacted with senders outside of your organization. You can now configure this rule natively in Outlook. Learn more about native external sender callouts on email in Outlook, and enable external sender identification with the PowerShell cmdlet, Set-ExternalInOutlook. \n \n \n \n We hope this article helped you understand how spoofing and impersonation protections work in Microsoft 365, which policies and settings control them, what safe overrides to use if you trust senders or disagree with original Microsoft verdicts, and how to help your users differentiate between good senders from impersonators with visual cues. \n \n Note: For additional information about Business Email Compromise (BEC), read the three-part blog series, Business Email: Uncompromised. It details how spoofing and impersonation techniques are used in single-stage and multi-stage BEC attacks, and how Microsoft Defender for Office 365 in partnership with the Microsoft Digital Crimes Unit disrupt them to protect your organization. Important resources \n \n Anti-phishing policies \n Anti-spam message headers \n How EOP validates the From address to prevent phishing \n Impersonation insight \n Manage your allows and blocks in the Tenant Allow/Block List \n Order and precedence of email protection \n Recommended settings for anti-phishing policies \n Spoof intelligence insight \n Step-by-step threat protection stack in Microsoft Defender for Office 365 \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"21184","kudosSumWeight":9,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQxMDMwNWkzMTlDMDg0RDIwMzNENTNG?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2N2kyQzZDMUNEQzMyQzVDRkNG?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDM","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2Nmk5RkNBMjc2RDEyM0QwREEz?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDQ","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2OGk2QTFGNUE1M0U3QzExMEFE?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDU","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY2OWk5MjBBNEY0QjMyMzg0Nzkz?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDY","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3MGlCMjFCQjc1Q0REQ0I0Rjcy?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDc","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3MWkzOUVFRjlEMUY3M0NBNjcy?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDg","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3MmkxMkFFNjk0N0U2REY5MUVC?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDk","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3M2k0MDZBNjFFRTNBMDg3QUEz?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDEw","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3NGk1MjVDMjJEQTUzQTcxNkVC?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDEx","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3NWlFRUZCOTFGMzExN0VEREEy?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDEy","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3OGk0RjJFQUI2ODFFQTdGODJB?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDEz","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3NmlEQTQ5QUFCNjE2MkM1NEE5?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE0","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY3OWk0MUVEREIzRDZGNEFDNDM0?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE1","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY4MWk3NkE5RkRBOEJDMDlFM0VB?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE2","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY4MGlBMEMzMzRCMzlFRTAxNDEx?revision=19\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE3","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zNTYyOTM4LTQwNjY4MmlERTRDRDdEQzA2QzA4OEJC?revision=19\"}"}}],"totalCount":17,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3354687":{"__typename":"Conversation","id":"conversation:3354687","topic":{"__typename":"BlogTopicMessage","uid":3354687},"lastPostingActivityTime":"2023-08-02T07:32:09.339-07:00","solved":false},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMzU0Njg3LTQzMTYxNWkwODQwNjU5NTk4QUNENkYy?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMzU0Njg3LTQzMTYxNWkwODQwNjU5NTk4QUNENkYy?revision=7","title":"FaithEbenezer_Oquong_1-1673380430757.png","associationType":"BODY","width":1250,"height":313,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMzU0Njg3LTM3MDYzNGkyQkJFRjQ5OUU1REVFODI5?revision=7\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMzU0Njg3LTM3MDYzNGkyQkJFRjQ5OUU1REVFODI5?revision=7","title":"FaithEbenezer_Oquong_1-1652231981940.png","associationType":"BODY","width":777,"height":883,"altText":null},"BlogTopicMessage:message:3354687":{"__typename":"BlogTopicMessage","subject":"Simplifying the Quarantine Experience - Part Two","conversation":{"__ref":"Conversation:conversation:3354687"},"id":"message:3354687","revisionNum":7,"uid":3354687,"depth":0,"board":{"__ref":"Blog:board:MicrosoftDefenderforOffice365Blog"},"author":{"__ref":"User:user:677430"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Announcing additional updates to the quarantine experience in Microsoft Defender for Office 365 ","introduction":"","metrics":{"__typename":"MessageMetrics","views":29309},"postTime":"2022-05-12T09:00:00.050-07:00","lastPublishTime":"2023-03-08T14:25:43.779-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Managing false positives should be easy \n In the previous blog we talked about some of the key steps we took to make the quarantined experience simpler for our end users and admins. Here in part two, we will be highlighting additional features we’re introducing to make the quarantine experience even more easy to use. \n \n Exciting new updates are coming soon! \n Microsoft Defender for Office 365 is rolling out key quarantine management features that will help empower SecOps professionals and end user when triaging emails: \n \n \"Within 4 hours\" option for notifications \n Password protected download of quarantined messages \n Asynchronous quarantine experience – database migration. \n \n \n \"Within 4 hours\" option for notifications \n We have heard from customers that they desire granular options when it comes to end user email notifications. We’re adding a new \"within 4 hours\" option to end user notifications, allowing users to be able to rely on prompt notification about quarantined items when appropriate. With this feature users can be rest assured that they will be updated frequently once new items lands on their quarantine folder. \n \n \n \n \n Password protected download of quarantined messages \n With this change we’re giving the ability to password protects items they download from quarantine. We want users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools. \n \n \n \n \n Additional updates to support search and larger bulk operations \n \n Microsoft Defender for Office 365 is working to enable additional quarantine enhancements, like partial string search functionality and 1,000 message bulk operation support in quarantine. As a result, we'll be making adjustments to the release process through an asynchronous approach. \n \n What does an asynchronous approach mean for me? \n With the asynchronous approach, we're able to support bulk operations up to 1,000 messages, and these larger requests may take longer to process. As a result, we'll be introducing additional statuses for quarantined messages, like “Preparing to release” and “Error”. The “Preparing to release” status will indicate that the messages is in the process of being released while the “Error” status will indicate that a message release has failed, and the user needs to retry. \n \n Let us know what you think! \n Test out these new capabilities when they begin rolling out in the next couple months and let us know any feedback you may have. We’re always looking for ways to improve the quarantine experience for users and admins. \n \n \n Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. \n \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"3015","kudosSumWeight":10,"repliesCount":68,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMzU0Njg3LTQzMTYxNWkwODQwNjU5NTk4QUNENkYy?revision=7\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjUuMXwyLjF8b3wyNXxfTlZffDI","node":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0zMzU0Njg3LTM3MDYzNGkyQkJFRjQ5OUU1REVFODI5?revision=7\"}"}}],"totalCount":2,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""}},"Conversation:conversation:3776426":{"__typename":"Conversation","id":"conversation:3776426","topic":{"__typename":"ForumTopicMessage","uid":3776426},"lastPostingActivityTime":"2023-07-21T08:58:24.365-07:00","solved":false},"ForumTopicMessage:message:3776426":{"__typename":"ForumTopicMessage","subject":"How to classify E-Mails with *.html or *.htm attachments as spam?","conversation":{"__ref":"Conversation:conversation:3776426"},"id":"message:3776426","revisionNum":1,"uid":3776426,"depth":0,"board":{"__ref":"Forum:board:MicrosoftDefenderforOffice365"},"author":{"__ref":"User:user:134787"},"metrics":{"__typename":"MessageMetrics","views":6109},"postTime":"2023-03-23T05:58:48.667-07:00","lastPublishTime":"2023-03-23T05:58:48.667-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" A tenant is receiving currently an enormous amount of phishing emails with *.html or *.htm attachments. 99% of the e-mail which contain such an attachment are phishing e-mails. What's the best approach to filter out those e-mails? They are using the standard protection threat policies. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"298","kudosSumWeight":1,"repliesCount":9,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/Navbar-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1745505309992","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","gxcuf89792":"Tech Community","external-1":"Events","s-m-b":"Nonprofit Community","windows-server":"Windows Server","education-sector":"Education Sector","driving-adoption":"Driving Adoption","Common-content_management-link":"Content Management","microsoft-learn":"Microsoft Learn","s-q-l-server":"Content Management","partner-community":"Microsoft Partner Community","microsoft365":"Microsoft 365","external-9":".NET","external-8":"Teams","external-7":"Github","products-services":"Products","external-6":"Power Platform","communities-1":"Topics","external-5":"Microsoft Security","planner":"Outlook","external-4":"Microsoft 365","external-3":"Dynamics 365","azure":"Azure","healthcare-and-life-sciences":"Healthcare and Life Sciences","external-2":"Azure","microsoft-mechanics":"Microsoft Mechanics","microsoft-learn-1":"Community","external-10":"Learning Room Directory","microsoft-learn-blog":"Blog","windows":"Windows","i-t-ops-talk":"ITOps Talk","external-link-1":"View All","microsoft-securityand-compliance":"Microsoft Security","public-sector":"Public Sector","community-info-center":"Lounge","external-link-2":"View All","microsoft-teams":"Microsoft Teams","external":"Blogs","microsoft-endpoint-manager":"Microsoft Intune","startupsat-microsoft":"Startups at Microsoft","exchange":"Exchange","a-i":"AI and Machine Learning","io-t":"Internet of Things (IoT)","Common-microsoft365-copilot-link":"Microsoft 365 Copilot","outlook":"Microsoft 365 Copilot","external-link":"Community Hubs","communities":"Products"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1745505309992","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1745505309992","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1745505309992","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1745505309992","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1745505309992","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1745505309992","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the community","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1745505309992","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1745505309992","value":{"title":"Query Handler"},"localOverride":false},"Category:category:top":{"__typename":"Category","id":"category:top","nodeType":"category"},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1745505309992","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1745505309992","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1745505309992","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745505309992","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1745505309992","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1745505309992","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1745505309992","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1745505309992","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1745505309992","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1745505309992","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1745505309992","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1745505309992","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1745505309992","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSolvedBadge-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSolvedBadge-1745505309992","value":{"solved":"Solved"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745505309992":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1745505309992","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"tagName":"prevention"},"buildId":"HEhyUrv5OXNBIbfCLaOrw","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"o365","openTelemetryServiceVersion":"25.1.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/customComponent/CustomComponent/CustomComponent.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","./components/external/components/ExternalComponent.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx"],"appGip":true,"scriptLoader":[{"id":"analytics","src":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/pagescripts/1730819800000/analytics.js?page.id=TagPage","strategy":"afterInteractive"}]}